The IT infrastructures of companies are exposed to a variety of different threats – ranging from ransomware attacks to phishing waves, or bot attacks aimed at firewalls. To avoid becoming a victim of cyber attacks, complex defense mechanisms must be installed. SIEM services are an important component of this process. SIEM services bundle and analyze all security-relevant data at a central location, which allows suspicious activities to be detected early.
With the new Hornetsecurity SIEM Connector, Hornetsecurity now also offers an interface for SIEM services for its 365 Total Protection and Spam Filter Service products. The Connector automatically receives and imports e-mail log entries from the Hornetsecurity Cloud.
Data relating to IT security can be found in many different places in an organization – on end devices, servers, network devices, and special security infrastructure such as firewalls, antivirus or mail security systems. Information and Event Management Services (SIEM) are software products that collect and analyze this information in real-time at a central location. The programs derive patterns and trends based on this information so that targeted cyber attacks with multiple attack vectors can be detected more quickly. Among the best-known SIEM services are IBM QRadar and Splunk.
The Hornetsecurity SIEM Connector
With the new Hornetsecurity SIEM Connector, users of SIEM services can have email log entries automatically read from the Hornetsecurity Cloud. The new product can be booked if the Hornetsecurity Spam Filter Service or 365 Total Protection (Business or Enterprise) is already in use.
The Hornetsecurity SIEM Connector sends detailed information by means of syslog packets containing the following details:
• General email information: Email subject, attachment file names, message ID from the header, encryption method used and size of the email.
• Processing information: date and time of first processing, classification and reason for classification and number of log entries for this email.
• Sender information: Source address from the SMTP dialog and sender as specified in the email header.
• Information about the recipient: Mailbox to which this email has been assigned by the Hornetsecurity Spamfilter service and recipient, as specified in the e-mail header.
Thanks to the connector, Hornetsecurity services can provide critical log data to SIEM services to provide comprehensive protection for the IT infrastructure.