Rimici Security Operations Center Architecture
RIMICI “ONE Source” Security Operations Center deployment consists of 4 elements:
- Continuous Monitoring and alerts
- Security hardening of secure data center
As shown in the following figure:
A 0 level is sometimes used installing agents in monitored hosts, as shown in the figure.
A very important issue is that OSSIM can also receive events from commercial devices or
customized applications thanks to specific and generically configurable plugins.
Advanced configurations allow hierarchically distributed.
It is possible to install correlation engines in Sensors, allowing low level correlation and filtering and implementing Consolidation policies (to decrease the bandwidth used).
Let’s look at how software is typically installed in each element:
Sensors are deployed in the networks to monitor network activity.
They usually host:
- The low level detectors and monitors that passively (they don’t affect the traffic) collect data looking for patterns.
- They usually also host Scanners which can actively (they make connections) look for vulnerabilities in the network.
- They also include the RIMICI “ONE Source” Security Operations Center Agent which receive
- data from hosts of this network as for example a router or firewall, and communicate and send their events to the parent Management Server.
A typical RIMICI “ONE Source” Security Operations Center Sensor configuration would do the following functions:
- Vulnerability Scanner
- Anomaly Detection
- Network Monitoring and Profiling
- Collecting from local routers, firewalls, IDS’s, etc.
- It even act as a Firewall
The Management Server (or Server) usually includes the following components:
- A control daemon that ties some parts together.
- RIMICI “ONE Source” Security Operations Center Server. It centralizes the information received from the sensors.
They do at least the following functions:
- The main Server tasks as Normalizing, Prioritizing, Collecting, Risk Assessment and Correlating engines
- The maintenance and external tasks, as backups, scheduled backups, online inventory or scanning launching
RIMICI “ONE Source” Security Operations Database
The Database stores events and useful information for the management of the system.
RIMICI “ONE Source” Security Operations Center Frontend
The Frontend or Console is the visualization application in this case a web frontend.