Symantec Security Information Manager Version 4.7

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Symantec Security Information Manager Version 4.7"

Transcription

1 Version 4.7

2 Agenda What are the challenges? What is Security Information Manager? How does Security Information Manager work? Why? 2

3 Security Management Challenges 3

4 Managing IT Security PREVENT INFORM COMPLY Monitor user access violations Prioritize attacks as they occur Reduce impact through quicker remediation Assist forensic investigations Establish metrics and trends Correlate to global threat activity Collect, query and analyze log data Meet long term log retention requirements Provide on demand audit information 4

5 What is Security Information Manager? Broad and customizable High volume processing Meaningful normalization Assured reliability Collection Storage Flexible capacity Archive segmentations Quick queries/searches Retention Policy Automation Security Information Manager Pattern based rules Global Intelligence Network integration Asset groupings Over 400 out of box queries Correlation Reporting Customizable consoles Web based portals Raw event data viewer Over 150 out of the box compliance reports 5

6 Why Symantec Security Information Manager? 6

7 All Inclusive Solution Collectors Syslog Windows Events Intrusion Prevention Infrastructure Components Correlation Manager Manager LiveUpdate Service Reports and Dashboards Optional Intelligence Feed (GIN) Firewall Other sources Console Pre-built Queries Log Archiving 150+ Universal Collector Pre-defined Reports Only 1 optional component No excessive add-on costs Single deployment supports evolving needs 7

8 Key Advantages Lower acquisition and maintenance costs Rapid Deployment = Faster time to value Lower maintenance overhead Dynamic correlation with updated external intelligence content (GIN) Expands external attack information for bots, worms and IP addresses Improves posture for proactive protection Flat file data structure Faster querying More economical archiving and storage Automated updates to remediation and workflow guidance Attack descriptions Optimal safeguard details and mitigation steps Single solution for log and event management Does not require two separate infrastructures Same infrastructure can expand with requirements 8

9 What to ask yourself What is the required deployment timeframe for your SIM? What staff resources and expertise will be available to maintain database tuning and correlation rule development? What are your requirements for true real time processing of events? Can your SIM detect malicious IPs coming in or targeting your network? Can your SIM detect malicious traffic coming from your network to a malicious IP source? Can your SIM determine when malicious IP traffic is actually coming from an internal address in your own network? Can your SIM make recommendations for best safeguards and mitigation steps and provide current attack descriptions? 9

10 Typical SIM s focus ONLY on INTERNAL activities OS Firewall breaches Infected systems Virus outbreaks Privileged user activities Other internal events Antivirus Mail and Groupware Corporate Network Syslogs Databases Firewalls IDS/IPS Other sources Vulnerability Scanners 10

11 EXTERNAL activities are becoming increasingly important. OS Additional Intelligence on: Malicious IPs Botnet IPs Firewall breaches Infected systems Virus outbreaks Privileged user activities Antivirus Mail and Groupware Corporate Network Database Firewalls Worm IPs Other internal events Syslogs Comprehensive Visibility Other sources Vulnerability Scanners IDS/IPS 11

12 Malicious Traffic Why Is This Important? Coming to or targeting your network Incoming Botnet commands and controls from a malicious host Port scans against the network Coming from your network to a malicious source Bot communicating information back to a malicious host Proprietary data leaks Originating malicious IP is an internal address Network used as a proxy by hackers to conduct their business Network bandwidth compromised 12

13 How Does It Work? 13

14 True Integration Integrated Global Intelligence console information: Latest global threat trends and statistics Current vulnerability and attack pattern details Up to date threat resolution details and recommended safeguards Dedicated Global Intelligence rules: IP Watchlist Source IP Watchlist Destination Organization IP in Watchlist Global Intelligence integration into multi-conditional rules Combines internal activities with external intelligence to conclude incidents 14

15 Intelligence Console 15

16 IP Watchlist Source Rule 16

17 Indicating Source IP Activity Red indicates Malicious IP 17

18 IP Watchlist Destination Rule 18

19 Indicating Target IP Activity Red indicates Malicious IP 19

20 Organization IP in Watchlist Activity 20

21 Indicating IP Watchlist Activity from Inside the Network Red indicates Malicious IP 21

22 Making a Good Thing Better Advanced Capabilities Symantec Security Information Manager Every Other SIM Do you know if there s malicious traffic being sourced from your network? Yes? Can you identify known Worm IPs communicating with your network? Yes? Can you identify resources in your network communicating information back to a known malicious host? Yes? Can you detect when your network is being used as a proxy by hackers to conduct their business? Yes? Can you preemptively correlate external malicious activities to internal incidents? Yes? Can you integrate global intelligence into rules for combining internal events with external data? Yes? 22

23 Summary Unified log Management and Correlation Advanced Intelligence Comprehensive Analysis Broad and Customizable Data Collection Flexible Storage Options and Automated Archiving Easy and Scalable Implementation 23

24 Appendix

25 Event Collectors - Over 220 Supported Products Intrusion Detection/Prevention Symantec Network Security (SNS) Symantec HIDS Symantec ITA Snort Symantec Sygate Symantec Critical System Protection Cisco IDS Cisco Security Agents TippingPoint NIPS Enterasys Network Dragon eeye Retina JuniperIDP ISS Siteprotector McAfee Intrushield SourceFire Web servers, Filters and Proxies Apache Web Server IBM Websphere Bluecoat Proxy Microsoft ISA Microsoft IIS Sun One WebServer Vulnerability/Policy/Config Scanners Symantec ESM Symantec CCS Nessus ncircle Qualys QualysGuard StillSecure VAM Tripwire Ecora Databases Oracle Security Logs (9i & 10g) MS SQL Server Logs Firewalls Symantec Gateway Security Cisco PIX Cisco FWSM Nokia FW Juniper NetScreen Firewall Checkpoint Firewall-1 Nortel Contivity Fortinet Fortigate SunScreen Microsoft Windows Firewall Microsoft ISA SideWinder G2 StoneSoft Stonegate Operating systems Microsoft Windows Event Log Solaris OS Collector Sun BSM SUSE Linux Debian Linux RedHat Linux IBM AIX HP/UX Tandem RACF SMF SELinux IPTables Novell Netware IBM System i (AS/400) Snare for Windows Identity Management Microsoft Windows DHCP Microsoft Operations Manager Microsoft Active Directory RSA SecurID Cisco ACS Routers, Switches and VPN Cisco IOS Juniper VPN CyberGuard Cisco VPN 3000 Concentrator Air Defense Enterprise AV Solutions Symantec AntiVirus 8, 9, 10 Symantec Endpoint Security 11 Symantec Mail Security for Exchange Symantec Mail Security for Lotus Domino Symantec Mail Security for SMTP Symantec Mail Security Cisco IronPort McAfee EPO McAfee GroupShield McAfee VirusScan Kaspersky AV F-Secure AV Sophos AV CA AntiVirus Trend Micro Control Manager (TMCM) Trend Server Protect Information Server Trend Interscan Messaging Security Suite Trend Scanmail Trend Interscan Viruswall Trend Interscan Web Security Suite Other Cisco Netflow Fox Server Control Blue Lance LT Auditor PassGo UPM Kiwi Syslog Generic Syslog Symantec Cyberwolf Mazu Profiler 25

26 Data Collection Key Benefits Access valuable data from both existing and new security investments Minimize overhead in data collection process Create meaningful associations to enrich data value Maintain ongoing process reliability 26

27 Data Storage Key Benefits Maintain efficient and adaptable capacity for changing volume requirements Optimize data organization for quick and easy access Reduce overhead associated with managing varying retention period requirements Assure integrity of stored data 27

28 Data Correlation Key Benefits Maintain consistent data analysis standards without compromising staff resources and productivity Leverage intelligence from distributed sources and investments Utilize data for proactive prevention instead of just reactive response Draw immediate conclusions based on business impact Conduct real time inquiries and research 28

29 Data Presentation Key Benefits Provide self service to key stakeholders reducing IT staff disruptions Easily fulfill forensic reporting requirements Automate report distributions Validate security investments 29

30 NEW! Built in Compliance Reports 30

CiscoWorks SIMS(Netforensics)

CiscoWorks SIMS(Netforensics) Managing Logs and Security Events CiscoWorks SIMS(Netforensics) Georg Bommer, Inter-Networking AG (Switzerland) Table of Content Challenges/Problems Main Functionality Product Tour Report Examples Architecture

More information

ArcSight Supports a Wide Range of Security Relevant Products

ArcSight Supports a Wide Range of Security Relevant Products ArcSight Supports a Wide Range of Security Relevant Products ArcSight s data collection capabilities are the most versatile in the industry and run the gamut from a centralized collection point on the

More information

RSA envision. Supported Event Sources. Vendor Device Collection Method. Vendor Device Collection Method. Vendor Device Collection Method

RSA envision. Supported Event Sources. Vendor Device Collection Method. Vendor Device Collection Method. Vendor Device Collection Method RSA envision Supported Event Sources A Actividentity 4TRESS AAA Server - version 6.4.1 AirDefense AirDefense Enterprise Server - version 7.2 Airmagnet Airmagnet Enterprise - version 7.5.0 Apache HTTP Server

More information

Tripwire Log Center PRODUCT BRIEF HIGH PERFORMANCE LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

Tripwire Log Center PRODUCT BRIEF HIGH PERFORMANCE LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE PRODUCT BRIEF Tripwire Log Center HIGH PERFORMANCE LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE Enterprise organizations of all sizes need to achieve compliance with regulations and standards and

More information

REQUEST FOR PROPOSAL ACQUISITION & IMPLEMENTATION OF CENTRALIZED LOG MANAGEMENT SYSTEM

REQUEST FOR PROPOSAL ACQUISITION & IMPLEMENTATION OF CENTRALIZED LOG MANAGEMENT SYSTEM REQUEST FOR PROPOSAL ACQUISITION & IMPLEMENTATION OF CENTRALIZED LOG MANAGEMENT SYSTEM Proposal Release Date: AUGUST 20 th 2008 Proposal Due Date: SEPTEMBER 16 th 2008 TABLE OF CONTENTS 1 - INTRODUCTION...

More information

Juniper Security Threat Response Manager (STRM) Mikko Kuljukka COMPUTERLINKS Oy

Juniper Security Threat Response Manager (STRM) Mikko Kuljukka COMPUTERLINKS Oy Juniper Security Threat Response Manager (STRM) Mikko Kuljukka COMPUTERLINKS Oy Customer Challenges Dispersed Threats IT Overload IT information overload Flood of logged events from many point network

More information

LogLogic Release Notes for Security Event Viewer and Security Event Manager, v3.5.0

LogLogic Release Notes for Security Event Viewer and Security Event Manager, v3.5.0 LogLogic Release Notes for Security Event Viewer and Security Event Manager, v3.5.0 LogLogic Security Event Viewer and Security Event Manager offer scalable and comprehensive data security assistance monitoring

More information

Plugin Name. X N/A sudo X Antivirus Avast avast X GFI Security gfi X McAfee mcafee X mcafee-epo

Plugin Name. X N/A sudo X Antivirus Avast avast X GFI Security gfi X McAfee mcafee X mcafee-epo Functionality Vendor Plugin Name AlienVault Supported Plugin Community Supported Plugin Access Control Cisco Systems cisco-acs cisco-acs-idm cisco-asa N/A sudo Antivirus Avast avast GFI Security gfi McAfee

More information

Modular Network Security. Tyler Carter, McAfee Network Security

Modular Network Security. Tyler Carter, McAfee Network Security Modular Network Security Tyler Carter, McAfee Network Security Surviving Today s IT Challenges DDos BOTS PCI SOX / J-SOX Data Exfiltration Shady RAT Malware Microsoft Patches Web Attacks No Single Solution

More information

Secure Your Operations through NOC/SOC Integration

Secure Your Operations through NOC/SOC Integration IBM Software Group Secure Your Operations through NOC/SOC Integration David Jenkins Security Consultant davidjen@de.ibm.com IBM Corporation IBM Business/Service Assurance Offering Only Tivoli s suite offers

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

TIBCO LogLogic. SOX and COBIT Compliance Suite Quick Start Guide. Software Release: 3.5.0. December 2012. Two-Second Advantage

TIBCO LogLogic. SOX and COBIT Compliance Suite Quick Start Guide. Software Release: 3.5.0. December 2012. Two-Second Advantage TIBCO LogLogic SOX and COBIT Compliance Suite Quick Start Guide Software Release: 3.5.0 December 2012 Two-Second Advantage Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE.

More information

Detecting a Hacking Attempt

Detecting a Hacking Attempt Detecting a Hacking Attempt Speaker: Isaac Thompson Director of Sales Engineering and Training About Prism Microsystems Founded in 1999, headquartered Columbia, Maryland Current Version EventTracker 6

More information

Find the needle in the security haystack

Find the needle in the security haystack Find the needle in the security haystack Gunnar Kristian Kopperud Principal Presales Consultant Security & Endpoint Management Technology Day Oslo 1 Find the needle in the security haystack Manually deep

More information

List of Supported Systems & Devices

List of Supported Systems & Devices List of Supported Systems & Devices February 2012 Cyber-Ark's Privileged Identity Management (PIM) Suite is an enterprise-class, unified policy-based solution that secures, manages and monitors all privileged

More information

TECHNOLOGY INTEGRATION GUIDE

TECHNOLOGY INTEGRATION GUIDE TECHNOLOGY INTEGRATION GUIDE INTRODUCTION RedSeal s cybersecurity analytics platform integrates data from your network devices and security solutions to provide a comprehensive model of your network and

More information

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

Effective Threat Management. Building a complete lifecycle to manage enterprise threats. Effective Threat Management Building a complete lifecycle to manage enterprise threats. Threat Management Lifecycle Assimilation of Operational Security Disciplines into an Interdependent System of Proactive

More information

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.

More information

Intrusion Detection and Intrusion Prevention. Ed Sale VP of Security Pivot Group, LLC

Intrusion Detection and Intrusion Prevention. Ed Sale VP of Security Pivot Group, LLC Intrusion Detection and Intrusion Prevention Ed Sale VP of Security Pivot Group, LLC Presentation Goals Describe IDS and IPS Why They Are Important Deployment and Use Major Players The IT Security Camera

More information

Supported Devices. Application Servers Microsoft ASP.NET Oracle WebLogic IBM WebSphere Red Hat JBoss Sun GlassFish Apache Tomcat

Supported Devices. Application Servers Microsoft ASP.NET Oracle WebLogic IBM WebSphere Red Hat JBoss Sun GlassFish Apache Tomcat Supported Devices The following is a list of infrastructure sources that AccelOps supports. This page is frequently updated. If you don t find a source located on the list, please contact info@accelops.com.

More information

HawkEye AP Log Adapter List Updated January 2014

HawkEye AP Log Adapter List Updated January 2014 HawkEye AP Log Adapter List Updated January 2014 Firewalls / VPN Aventail SSL VPN * Check Point Firewall-1 fwexport * Check Point Firewall-1 LEA Check Point VPN-1 * Cisco ASA (via SyslogNG) Cisco FWSM

More information

Virtualization Journey Stages

Virtualization Journey Stages Deep Security 7.5 Todd Thiemann Sr. Dir. of Datacenter Security Marketing Trend Micro Harish Agastya Director of Datacenter Security Marketing Trend Micro Classification 11/12/2010 1 Virtualization Journey

More information

IBM Internet Security Systems

IBM Internet Security Systems IBM Global Services IBM Internet Security Systems Norberto Gazzoni Italy Channel Manager norberto_gazzoni@it.ibm.com +39 347 3499617 IBM Internet Security Systems Ahead of the threat. 2006 IBM Corporation

More information

QRadar SIEM 6.3 Datasheet

QRadar SIEM 6.3 Datasheet QRadar SIEM 6.3 Datasheet Overview Q1 Labs flagship solution QRadar SIEM is unrivaled in its ability to provide an organization centralized IT security command and control. The unique capabilities of QRadar

More information

INTEGRATION GUIDE TECHNOLOGY INTRODUCTION NETWORK DEVICES AND INFRASTRUCTURE

INTEGRATION GUIDE TECHNOLOGY INTRODUCTION NETWORK DEVICES AND INFRASTRUCTURE TECHNOLOGY INTEGRATION GUIDE INTRODUCTION RedSeal s cybersecurity analytics platform integrates data from your network devices and security solutions to provide a comprehensive model of your network and

More information

TECHNOLOGY INTEGRATION GUIDE

TECHNOLOGY INTEGRATION GUIDE TECHNOLOGY INTEGRATION GUIDE INTRODUCTION RedSeal s cybersecurity analytics platform integrates data from your network devices and security solutions to provide a comprehensive model of your network and

More information

Supported Devices (Event Log Sources)

Supported Devices (Event Log Sources) Operating Systems HP Insight Manager Windows Time service CISCO CatOS IBM DB2 UDB Websense WSG CISCO IOS Imperva Cisco NX OS LogBinder SP Astaro Citrix NetScaler OS MacAfee Intrushield IPS Security 110

More information

YOUR NETWORK SECURITY WITH PROACTIVE SECURITY INTELLIGENCE

YOUR NETWORK SECURITY WITH PROACTIVE SECURITY INTELLIGENCE FAST FORWARD YOUR NETWORK SECURITY WITH PROACTIVE SECURITY INTELLIGENCE VISUALIZE COMPLY PROTECT RedSeal Networks, Inc. 3965 Freedom Circle, 8th Floor, Santa Clara, 95054 Tel (408) 641-2200 Toll Free (888)

More information

The self-defending network a resilient network. By Steen Pedersen Ementor, Denmark

The self-defending network a resilient network. By Steen Pedersen Ementor, Denmark The self-defending network a resilient network By Steen Pedersen Ementor, Denmark The self-defending network - a resilient network What is required of our internal networks? Available, robust, fast and

More information

National Information Assurance Partnership

National Information Assurance Partnership National Information Assurance Partnership TM Common Criteria Evaluation and Validation Scheme Validation Report NetIQ Security Manager Version 5.5 Report Number: CCEVS-VR-07-0058 Dated: 9 August 2007

More information

What is Security Intelligence?

What is Security Intelligence? 2 What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

Managed Security Services Portfolio

Managed Security Services Portfolio Managed Security Services Portfolio Managed Security Services Professional Services Security Hardware and Software What is on the truck IBM ISS Agenda An introduction and statement of capability Virtual

More information

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4) Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware

More information

Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices

Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices The Payment Card Industry (PCI) Data Security Standard (DSS) provides an actionable framework for developing a robust payment card data security process. The Payment Application Data Security Standard

More information

HawkEye AP Log Adapter List Updated January 2016

HawkEye AP Log Adapter List Updated January 2016 HawkEye AP Log Adapter List Updated January 2016 Firewalls / VPN Aventail SSL VPN * Check Point Firewall-1 fwexport * Check Point Firewall-1 LEA Check Point VPN-1 * Cisco ASA (via SyslogNG) Cisco FWSM

More information

Technology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications

Technology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security

More information

JUNIPER NETWORKS STRM TECHNICAL NOTE

JUNIPER NETWORKS STRM TECHNICAL NOTE JUNIPER NETWORKS STRM TECHNICAL NOTE USING EXTENSION DOCUMENTS JUNE 2008 Device extensions allow you to modify how a DSM parses logs, which is useful for resolving parsing issues. However, before you define

More information

Joshua Beeman University Information Security Officer October 17, 2011

Joshua Beeman University Information Security Officer October 17, 2011 Joshua Beeman University Information Security Officer October 17, 2011 1 June, 2011- NPTF Security Presentation on FY 12 InfoSec goals: Two Factor Authentication Levels of Assurance Shibboleth InCommon

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

More information

Measurably reducing risk through collaboration, consensus & practical security management. 2013 CIS Security Benchmarks 1

Measurably reducing risk through collaboration, consensus & practical security management. 2013 CIS Security Benchmarks 1 Measurably reducing risk through collaboration, consensus & practical security management 2013 CIS Security Benchmarks 1 Background City University of New York s Rights and Benefits as a CIS Security Benchmarks

More information

TIBCO LogLogic. HIPAA Compliance Suite Quick Start Guide. Software Release: 3.5.0. December 2012. Two-Second Advantage

TIBCO LogLogic. HIPAA Compliance Suite Quick Start Guide. Software Release: 3.5.0. December 2012. Two-Second Advantage TIBCO LogLogic HIPAA Compliance Suite Quick Start Guide Software Release: 3.5.0 December 2012 Two-Second Advantage Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE

More information

Industrial Security for Process Automation

Industrial Security for Process Automation Industrial Security for Process Automation SPACe 2012 Siemens Process Automation Conference Why is Industrial Security so important? Industrial security is all about protecting automation systems and critical

More information

PCI DSS. Get Compliant, Stay Compliant Seminar

PCI DSS. Get Compliant, Stay Compliant Seminar PCI DSS Get Compliant, Stay Compliant Seminar ValueSYS Solutions & Services Wael Hosny CEO ValueSYS Wael.hosny@valuesys.net Solutions you Need, with Quality you Deserve Seminar Agenda Time 09:00 10:00

More information

VMware Integrated Partner Solutions for Networking and Security

VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Security and Compliance VMware vcloud Networking and Security is the leading networking and security

More information

REV: 0.1.1 (July 2011) McAfee Security: Intrusion Prevention System

REV: 0.1.1 (July 2011) McAfee Security: Intrusion Prevention System McAfee Security: Intrusion Prevention System REV: 0.1.1 (July 2011) 1 Contents 1. McAfee Network Security Platform...3 2. McAfee Host Intrusion Prevention for Server...4 2.1 Network IPS...4 2.2 Workload

More information

Kevin Hayes, CISSP, CISM MULTIPLY SECURITY EFFECTIVENESS WITH SIEM

Kevin Hayes, CISSP, CISM MULTIPLY SECURITY EFFECTIVENESS WITH SIEM Kevin Hayes, CISSP, CISM MULTIPLY SECURITY EFFECTIVENESS WITH SIEM TODAY S AGENDA Describe the need for SIEM Explore different options available for SIEM Demonstrate a few Use Cases Cover some caveats

More information

A progressive and integrated approach to protecting corporate networks

A progressive and integrated approach to protecting corporate networks A progressive and integrated approach to protecting corporate networks Kaspersky Open Space Security is a suite of products that offers security coverage for all types of network endpoints, from mobile

More information

Cisco Remote Management Services for Security

Cisco Remote Management Services for Security Cisco Remote Management Services for Security Innovation: Many Take Advantage of It, Some Strive for It, Cisco Delivers It. Cisco Remote Management Services (RMS) for Security provide around the clock

More information

McAfee Acquires NitroSecurity

McAfee Acquires NitroSecurity McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security

More information

Redefining Endpoint Security: Symantec Endpoint Protection Russ Jensen

Redefining Endpoint Security: Symantec Endpoint Protection Russ Jensen Redefining Endpoint Security: Symantec Endpoint Protection Russ Jensen Sr. Presales Engineer, CISSP, MCSE Key Ingredients for Endpoint Protection Antivirus World s leading AV solution Most (44) consecutive

More information

Q1 Labs Corporate Overview

Q1 Labs Corporate Overview Q1 Labs Corporate Overview The Security Intelligence Leader Who we are: Innovative Security Intelligence software company One of the largest and most successful SIEM vendors Leader in Gartner 2011, 2010,

More information

Current IBAT Endorsed Services

Current IBAT Endorsed Services Current IBAT Endorsed Services Managed Network Intrusion Prevention and Detection Service SecureWorks provides proactive management and real-time security event monitoring and analysis across your network

More information

Sygate Secure Enterprise and Alcatel

Sygate Secure Enterprise and Alcatel Sygate Secure Enterprise and Alcatel Sygate Secure Enterprise eliminates the damage or loss of information, cost of recovery, and regulatory violation due to rogue corporate computers, applications, and

More information

Enabling Security Operations with RSA envision. August, 2009

Enabling Security Operations with RSA envision. August, 2009 Enabling Security Operations with RSA envision August, 2009 Agenda What is security operations? How does RSA envision help with security operations? How does RSA envision fit with other EMC products? If

More information

An Open Source IPS. IIT Network Security Project Project Team: Mike Smith, Sean Durkin, Kaebin Tan

An Open Source IPS. IIT Network Security Project Project Team: Mike Smith, Sean Durkin, Kaebin Tan An Open Source IPS IIT Network Security Project Project Team: Mike Smith, Sean Durkin, Kaebin Tan Introduction IPS or Intrusion Prevention System Uses a NIDS or Network Intrusion Detection System Includes

More information

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security SIEM Optimization 101 ReliaQuest E-Book Fully Integrated and Optimized IT Security Introduction SIEM solutions are effective security measures that mitigate security breaches and increase the awareness

More information

VMware Integrated Partner Solutions for Networking and Security

VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Networking and Security Networking and Security are complex, dynamic areas, and VMware recognizes

More information

Organizational Return on Investment Using Tenable Products. April 2005 (Updated January 2009)

Organizational Return on Investment Using Tenable Products. April 2005 (Updated January 2009) Organizational Return on Investment Using Tenable Products April 2005 (Updated January 2009) Table of Contents TABLE OF CONTENTS... 2 INTRODUCTION... 3 RETURN ON INVESTMENT SUMMARY... 3 ADVANTAGES... 3

More information

Eoin Thornton Senior Security Architect Zinopy Security Ltd.

Eoin Thornton Senior Security Architect Zinopy Security Ltd. RSA envision: Transform your Security Operations A Technical overview & demo of RSA envision The Information Log Management Platform for Security and Compliance Success Eoin Thornton Senior Security Architect

More information

Security Information & Event Management (SIEM)

Security Information & Event Management (SIEM) Security Information & Event Management (SIEM) Peter Helms, Senior Sales Engineer, CISA, CISSP September 6, 2012 1 McAfee Security Connected 2 September 6, 2012 Enterprise Security How? CAN? 3 Getting

More information

Unified Threat Management, Managed Security, and the Cloud Services Model

Unified Threat Management, Managed Security, and the Cloud Services Model Unified Threat Management, Managed Security, and the Cloud Services Model Kurtis E. Minder CISSP Global Account Manager - Service Provider Group Fortinet, Inc. Introduction Kurtis E. Minder, Technical

More information

SENTINEL MANAGEMENT & MONITORING

SENTINEL MANAGEMENT & MONITORING MANAGEMENT & MONITORING Network Monitoring Server Monitoring Database Monitoring Application Monitoring End User Response Time Monitoring Virtualisation Monitoring VOIP Monitoring SLA Monitoring Knowing

More information

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation Threat Center Real-time multi-level threat detection, analysis, and automated remediation Description Advanced targeted and persistent threats can easily evade standard security, software vulnerabilities

More information

Getting Started with the iscan Online Data Breach Risk Intelligence Platform

Getting Started with the iscan Online Data Breach Risk Intelligence Platform Getting Started with the iscan Online Data Breach Risk Intelligence Platform 2 Table of Contents Overview... 3 Data Breach Risk Intelligence... 3 Data Breach Prevention Lifecycle Defined... 3 Choosing

More information

Log Correlation Engine 4.2 Architecture Guide. October 3, 2013 (Revision 2)

Log Correlation Engine 4.2 Architecture Guide. October 3, 2013 (Revision 2) Log Correlation Engine 4.2 Architecture Guide October 3, 2013 (Revision 2) Table of Contents Introduction... 3 Standards and Conventions... 3 Architecture... 3 Components of the Log Correlation Engine...

More information

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security

More information

World-class security solutions for your business. Business Products. C a t a l o g u e

World-class security solutions for your business. Business Products. C a t a l o g u e World-class security solutions for your business Business Products C a t a l o g u e About Kaspersky Lab Kaspersky Lab is the largest developer of secure content management systems in Europe and is among

More information

RSA Security Analytics

RSA Security Analytics RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Compliance yes, but security? Analyze & prioritize alerts across various sources

More information

Vendor/Product Log Format Analyzer Standard. Analyzer Premium & Analyzer Giga

Vendor/Product Log Format Analyzer Standard. Analyzer Premium & Analyzer Giga Vendor/Product Log Format Analyzer Standard Analyzer Premium & Analyzer Giga Vantage & Vantage Giga 3Com 3Com Firewall Yes Yes Yes Yes 8e6 R2000 Yes Yes Yes Yes 8e6 R3000 Yes Yes Yes Yes Aladin Esafe Blocked

More information

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief RSA Solution Brief RSA envision Platform Real-time Actionable Information, Streamlined Incident Handling, Effective Measures RSA Solution Brief The job of Operations, whether a large organization with

More information

Introduction to Network Discovery and Identity

Introduction to Network Discovery and Identity The following topics provide an introduction to network discovery and identity policies and data: Host, Application, and User Detection, page 1 Uses for Host, Application, and User Discovery and Identity

More information

ALERT LOGIC ACTIVEWATCH FOR LOG MANAGER

ALERT LOGIC ACTIVEWATCH FOR LOG MANAGER QUICKSTART GUIDE: ALERT LOGIC ACTIVEWATCH FOR LOG MANAGER TABLE OF CONTENTS Introduction...2 Getting Started...4 Configuring Log Sources...4 Common Log Sources...5 INTRODUCTION A FRESH APPROACH TO IDENTIFYING

More information

Measurably reducing risk through collaboration, consensus & practical security management. 2015 CIS Security Benchmarks 1

Measurably reducing risk through collaboration, consensus & practical security management. 2015 CIS Security Benchmarks 1 Measurably reducing risk through collaboration, consensus & practical security management 2015 CIS Security Benchmarks 1 Background State of Idaho s Rights and Benefits as a CIS Security Benchmarks Member

More information

IBM Internet Security Systems products and services

IBM Internet Security Systems products and services Delivering preemptive security products and services IBM Internet Security Systems products and services Highlights Helps protect critical assets and reduce costs by preempting online threats Helps secure

More information

Secospace elog. Secospace elog

Secospace elog. Secospace elog Secospace elog Product Overview With the development of networks, security events continually occur on hosts, databases, and Web servers. These range from Trojans, worms, and SQL injections, to Web page

More information

Sourcefire Defense Center TM

Sourcefire Defense Center TM Sourcefire TM Sourcefire Capabilities Store up to 100,000,000 security & host events, including packet data Centralized policy & sensor management Centralized audit logging of configuration & security

More information

IBM ISS Optimizacija Sigurnosti

IBM ISS Optimizacija Sigurnosti IBM ISS Optimizacija Sigurnosti Slaven Novak IBM ISS Technical Sales Specialist slaven.novak@hr.ibm.com 1 The Business Challenge: New Methods and Motives: Adding to the complexity and sheer number of risks

More information

Response to Questions CML 15-018 Managed Information Security

Response to Questions CML 15-018 Managed Information Security Response to Questions CML 15-018 Managed Information Security 1. What are the most critical aspects that need to be provided for this RFP, in light of the comment that multiple awards might be provided?

More information

Information Technology Policy

Information Technology Policy Information Technology Policy Security Information and Event Management Policy ITP Number Effective Date ITP-SEC021 October 10, 2006 Category Supersedes Recommended Policy Contact Scheduled Review RA-ITCentral@pa.gov

More information

IBM Global Technology Services Preemptive security products and services

IBM Global Technology Services Preemptive security products and services IBM Global Technology Services Preemptive security products and services Providing protection ahead of the threat Today, security threats to your organization leave little margin for error. To consistently

More information

Select the right security information and event management solution to automate security and compliance operations.

Select the right security information and event management solution to automate security and compliance operations. Security information and event management solutions Buyer s guide: purchasing criteria Select the right security information and event management solution to automate security and compliance operations.

More information

Managed Security Services

Managed Security Services Managed Security Services 1 Table of Contents Possible Security Threats 3 ZSL s Security Services Model 4 Managed Security 4 Monitored Security 5 Self- Service Security 5 Professional Services 5 ZSL s

More information

Chapter 9 Firewalls and Intrusion Prevention Systems

Chapter 9 Firewalls and Intrusion Prevention Systems Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish

More information

Protecting productivity with Plant Security Services

Protecting productivity with Plant Security Services Protecting productivity with Plant Security Services Identify vulnerabilities and threats at an early stage. Take proactive measures. Achieve optimal long-term plant protection. siemens.com/plant-security-services

More information

BitDefender Client Security Workstation Security and Management

BitDefender Client Security Workstation Security and Management BitDefender Client Security Workstation Security and Management BitDefender Client Security is an easy to use business security and management solution, which delivers superior proactive protection from

More information

CALNET 3 Category 7 Network Based Management Security. Table of Contents

CALNET 3 Category 7 Network Based Management Security. Table of Contents State of California IFB STPD 12-001-B CALNET 3 Category 7 Network Based Security Table of Contents 7.2.1.4.a DDoS Detection and Mitigation Features... 1 7.2.2.3 Email Monitoring Service Features... 2 7.2.3.2

More information

Secure Cloud-Ready Data Centers Juniper Networks

Secure Cloud-Ready Data Centers Juniper Networks Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security

More information

Symantec Endpoint Protection Analyzer Report

Symantec Endpoint Protection Analyzer Report Symantec Endpoint Protection Analyzer Report For Symantec Customer Table of Contents Statement of Confidentiality... 3 1. Introduction... 4 2. Environmental Analysis Overview... 5 2.1 Findings Overview...

More information

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security 1 Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

More information

Symantec Security Information Manager 4.8 Release Notes

Symantec Security Information Manager 4.8 Release Notes Symantec Security Information Manager 4.8 Release Notes Symantec Security Information Manager 4.8 Release Notes The software described in this book is furnished under a license agreement and may be used

More information

Database Auditing & Security. Brian Flasck - IBM Louise Joosse - BPSolutions

Database Auditing & Security. Brian Flasck - IBM Louise Joosse - BPSolutions Database Auditing & Security Brian Flasck - IBM Louise Joosse - BPSolutions Agenda Introduction Drivers for Better DB Security InfoSphere Guardium Solution Summary Netherlands Case Study The need for additional

More information

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking

More information

Government of Canada Managed Security Service (GCMSS) Annex A-7: Statement of Work - Security Information and Event Management (SIEM)

Government of Canada Managed Security Service (GCMSS) Annex A-7: Statement of Work - Security Information and Event Management (SIEM) Government of Canada Managed Security Service (GCMSS) Annex A-7: Statement of Work - Security Information and Event Management (SIEM) Date: July 12, 2012 TABLE OF CONTENTS 1 SECURITY INFORMATION AND EVENT

More information

CA Anti-Virus r8.1. Benefits. Overview. CA Advantage

CA Anti-Virus r8.1. Benefits. Overview. CA Advantage PRODUCT BRIEF: CA ANTI-VIRUS CA Anti-Virus r8.1 CA ANTI-VIRUS IS THE NEXT GENERATION IN COMPREHENSIVE ANTI-VIRUS SECURITY FOR BUSINESS PCS, SERVERS AND PDAS. IT COMBINES PROACTIVE PROTECTION AGAINST MALWARE

More information

GUIDANCE SOFTWARE EnCase Cybersecurity Complement Guide. EnCase Cybersecurity. Complement Guide

GUIDANCE SOFTWARE EnCase Cybersecurity Complement Guide. EnCase Cybersecurity. Complement Guide GUIDANCE SOFTWARE EnCase Cybersecurity Complement Guide EnCase Cybersecurity Complement Guide GUIDANCE SOFTWARE EnCase Cybersecurity Complement Guide To truly secure an enterprise, a comprehensive approach

More information

An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011

An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011 An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011 Brian McLean, CISSP Sr Technology Consultant, RSA Changing Threats and More Demanding Regulations External

More information

AntiVirus Market Opportunities, Strategies, and Forecasts, 2004 to 2009. AntiVirus. Picture by Susie Eustis MOUNTAINS OF OPPORTUNITY

AntiVirus Market Opportunities, Strategies, and Forecasts, 2004 to 2009. AntiVirus. Picture by Susie Eustis MOUNTAINS OF OPPORTUNITY AntiVirus Market Opportunities, Strategies, and Forecasts, 2004 to 2009 AntiVirus Picture by Susie Eustis MOUNTAINS OF OPPORTUNITY WinterGreen Research, Inc. Lexington, Massachusetts www.wintergreenresearch.com

More information

IT Security Risk Management

IT Security Risk Management IT Security Risk Adding Insight to Security Gennaro Scalo April 2, 2014 1 Where is Security Today? Companies have built layer upon layer of security, but is it helping? Complexity Data Breaches Damage

More information