Rimici Security Operations Center Architecture

RIMICI “ONE Source” Security Operations Center deployment consists of 4 elements:

  1. Sensors 
    Management Server
  2. Database
    Frontend
  3. Continuous Monitoring and alerts
  4. Security hardening of secure data center

As shown in the following figure:

A 0 level is sometimes used installing agents in monitored hosts, as shown in the figure.

A very important issue is that OSSIM can also receive events from commercial devices or

customized applications thanks to specific and generically configurable plugins.

Advanced configurations allow hierarchically distributed.

It is possible to install correlation engines in Sensors, allowing low level correlation and filtering and implementing Consolidation policies (to decrease the bandwidth used).

Let’s look at how software is typically installed in each element:

 

Sensor

Sensors are deployed in the networks to monitor network activity.

They usually host:

  • The low level detectors and monitors that passively (they don’t affect the traffic) collect data looking for patterns. 
  • They usually also host Scanners which can actively (they make connections) look for vulnerabilities in the network.
  • They also include the RIMICI “ONE Source” Security Operations Center Agent which receive 
  • data from hosts of this   network as for example a router or firewall, and communicate and send their events to the parent Management Server.

 

A typical RIMICI “ONE Source” Security Operations Center Sensor configuration would do the following functions:

  • IDS/IPS
  • Vulnerability Scanner 
  • Anomaly Detection  
  • Network Monitoring and Profiling  
  • Collecting from local routers, firewalls, IDS’s, etc.
  • It even act as a Firewall

 

Management Server

The Management Server (or Server) usually includes the following components:

  • A control daemon that ties some parts together.
  • RIMICI “ONE Source” Security Operations Center Server. It centralizes the information received from the sensors.

 

They do at least the following functions:

  • The main Server tasks as Normalizing, Prioritizing, Collecting, Risk Assessment and Correlating engines
  • The maintenance and external tasks, as backups, scheduled backups, online inventory or scanning launching   

 

RIMICI “ONE Source” Security Operations Database

The Database stores events and useful information for the management of the system.

 

RIMICI “ONE Source” Security Operations Center Frontend

The Frontend or Console is the visualization application in this case a web frontend.

 

 

 Be The first to know Programs Releases  
And Important Rimici News  
 
 Rimici  
         
 Powered By  
 Rimici "One Source"