Juniper Security Threat Response Manager (STRM) Mikko Kuljukka COMPUTERLINKS Oy

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Juniper Security Threat Response Manager (STRM) Mikko Kuljukka COMPUTERLINKS Oy"

Transcription

1 Juniper Security Threat Response Manager (STRM) Mikko Kuljukka COMPUTERLINKS Oy

2 Customer Challenges Dispersed Threats IT Overload IT information overload Flood of logged events from many point network and security devices Lack of expertise to manage disparate data silos & tools Compliance mandates Industry specific regulations mandating security best practices Internal IT risk assessment programs Evolving internal and external threats Insider abuse, theft of intellectual property Complex integrated attacks Industry Regulations 2 Copyright 2009 Juniper Networks, Inc.

3 Junipers SIEM/NBAD Solution STRM Security Threat Response Manager STRM Key application features Log Management Provides long term collection, archival, search and reporting of event logs, flow logs and application data Security Information and Event Management (SIEM) Centralizes heterogeneous event monitoring, correlation and management Network Behavior Anomaly Detection (NBAD) Discovers aberrant network activities using network and application flow data Log Management Network Behavior Analysis Security Information & Event Management 3 Copyright 2009 Juniper Networks, Inc.

4 STRM s Key Value Proposition Threat Detection: Detect New Threats That Others Miss Log Management: Right Threats at the Right Time 4 Copyright 2009 Juniper Networks, Inc. Enterprise Value Compliance: Compliance and Policy Safety Net Complements Juniper s Enterprise Mgmt Portfolio

5 STRM Architecture 5 Copyright 2009 Juniper Networks, Inc.

6 Log Management Challenges include Log overload for administrators STRM enables Highly scalable log aggregation; Consistent logging taxonomy Multi-vendor network; Constant change of formats Demanding operational requirements Broad vendor coverage and extensible APIs for less common formats Advanced log management capabilities including tamper proof log archives 6 Copyright 2009 Juniper Networks, Inc.

7 Unrivalled Data & log Management Networking events Switches & routers, including flow data Compliance from Jflow, Netflow, Forensics Sflow, Packeteer, qflow Security logs Firewalls, IDS, IPS, VPNs, Vulnerability Scanners, Gateway AV, Desktop AV, & UTM devices Operating Systems/Host logs Microsoft, Unix and Linux, OSX Applications Database, mail & web Support for leading vendors including: Networking: Juniper,Cisco, Extreme, Nokia, F5, 3Com, TopLayer and others Security: Juniper, Bluecoat, Checkpoint, Fortinet, ISS, McAfee,Snort, SonicWall, Sourcefire, Secure Computing, Symantec, and others Network flow: NetFlow, JFlow, Packeteer FDR, & SFlow Operating systems: Microsoft, AIX, HP-UX, Linux (RedHat, SuSe), SunOS, and others Applications: Oracle, MS SQL, MS IIS, MS AD, MS Exchange, and others Security map utilities: Maxmine (provides geographies) Shadownet Botnet Templates Customization logs through generic Device Support Module (DSM) Adaptive Logging Exporter (ALE) Integrate proprietary applications and legacy systems Search Policy Reporting 7 Copyright 2009 Juniper Networks, Inc.

8 Security Event correlation & threat Management How to make sense of the collected data Challenges include Correlation rules complex to manage Vendor log formats are a moving target Constant change on the network STRM provides Simplified out-of-the-box building blocks & rules simplify rule management QID map provides intelligent mapping of vendor events Extensive use of historical profiling for improved accuracy of results 8 Copyright 2009 Juniper Networks, Inc.

9 Event rule example 9 Copyright 2009 Juniper Networks, Inc.

10 Asset Profiles Active and Passive Asset Profiles Combination of Active and Passive Profiles for correlation Host existence Port Open/Close Host vulnerable to this attack/any attack Nessus, nmap, Qualys, Lumension etc. etc. History of Identity (user, host, MAC, etc ) Ability to control timing and type of scanning activity Cross correlation with other events 10 Copyright 2009 Juniper Networks, Inc.

11 The Value of FLOW Passive flow monitoring creates asset profiles and helps classify hosts Detection of day-zero attacks Policy monitoring and rogue server detection Visibility into all communication Network awareness, visibility and problem solving 11 Copyright 2009 Juniper Networks, Inc.

12 Flow Data For Policy Monitoring Detection of applications and protocols that are not trusted P2P Chat Unencrypted traffic in secure areas of network Applications or Protocols running on non standard ports Establishing Policies for trusted network communications 12 Copyright 2009 Juniper Networks, Inc.

13 Flow Data For Anomaly Detection Detects changes in traffic based on New protocol or application on the network Abnormal use of a protocol or service (SSH) Loss of a service such as web server 13 Copyright 2009 Juniper Networks, Inc.

14 Flow Data For Behavior Profiling Learn normal traffic patters for hosts, protocols and networks Predicts behavior and identifies abnormal conditions Abnormal traffic patterns to country X 14 Copyright 2009 Juniper Networks, Inc.

15 Reduction and Prioritization Threat Management STRM Previous 24hr period of network and security activity (1.3 M logs)! STRM correlation of data sources creates offenses (129)! Data reduction:! 10633:1! 15 Copyright 2009 Juniper Networks, Inc.

16 STRM Offense Management Tracks significant security incidents & threats Leverages building blocks & rules Builds history of supporting & relevant information for significant security incidents Provides point-in-time reference of offending users and vulnerability state Provides record of first and last occurrence of security incidents Incorporates network behavior analysis to validate/discredit incidents & detect unknown traffic patterns Provides prioritization based on: credibility, relevance & severity 16 Copyright 2009 Juniper Networks, Inc.

17 Offense Management Intelligent Workflow for Operators Who Is attacking? What is being attacked? What is the impact? Where do I investigate? 17 Copyright 2009 Juniper Networks, Inc.

18 STRM System features Centralized browser based UI Role based access to information Customizable dashboards Real-time & historical visibility Advanced data mining & drill down Easy to use rule engine Hierarchical distribution for scale 18 Copyright 2009 Juniper Networks, Inc.

19 About Reports Reports interface allows you to create, distribute, and manage reports Use the Report Template Wizard to create operational and executive level reports that combine any network traffic and security event data in a single report Reports also allows you to brand your documents with your customized logos enabling you to support various unique logos for each report 19 Copyright 2009 Juniper Networks, Inc.

20 Reporting Out of the box report templates Fully customizable reporting engine: creating, branding and scheduling delivery of reports Events and Time Series Reports Compliance reporting packages for PCI, SOX, FISMA, GLBA, and HIPAA Reports based on control frameworks: NIST, ISO and CoBIT Executive Reports Vendor Specific Reports Routers/Switches VPN/SSL Firewalls/IDP UTM Application Database Access 20 Copyright 2009 Juniper Networks, Inc.

21 STRM Products Distributed STRM 2500 EP/ FP Combo Large enterprises &Service Providers STRM5000 STRM 500 QFC STRM 5000 STRM 2500 FP STRM5000 STRM 5000 STRM 2500 EP STRM 500 QFC Small Medium Enterprise STRM2500 STRM 500 QFC Small Enterprise STRM500 STRM 500 QFC 250EPS 500EPS 1000EPS 2500EPS 5000EPS EPS 15K flows 25K 50K flows 21 Copyright 2009 Juniper Networks, Inc. (50 MB 200MB QFlow collection) 100K 200K flows 200K 400K flows

22 Hardware Summary Market Segments STRM Models CPU Memory Storage Small STRM 500 Intel Core 2 Dual 8GB 2x 500GB HDD RAID 1 Medium STRM 2500 Intel Core 2 Quad 8GB 6x 250GB HDD RAID 5 array Large STRM 5000 Intel Core 2 Quad 8GB 6x 500GB HDD RAID 10 array 22 Copyright 2009 Juniper Networks, Inc.

23 SMALL/MEDIUM ENTERPRISE ALL-IN-ONE Company Requirement Less than 200 eps Less than 10K flows STRM Web Console STRM Solution All in one STRM eps and 15K Flow license Correlation Reporting Log Management Flow Management Embedded Qflow Collection Network Devices Exporting Flow Data Security Devices Exporting Logs 23 Copyright 2009 Juniper Networks, Inc.

24 SMALL/MEDIUM ENTERPRISE LOG MANAGEMENT ONLY Company Requirement Less than 200 eps No need for Flows No need for Correlation STRM LM Web Console STRM Solution STRM 500 LM (Log Manager) 500 eps LM license Reporting Log Management 24 Copyright 2009 Juniper Networks, Inc. Security Devices Exporting Logs

25 Medium to Large Enterprise All-in-One Company Requirements 100K Flows 2000 EPS Up to devices STRM Web Console STRM Solution STRM 2500 Correlation Reporting Log Management Flow Management Embedded Qflow Collection Network Devices Exporting Flow Data Security Devices Exporting Logs 25 Copyright 2009 Juniper Networks, Inc.

26 Large Enterprise/SP All-in-One Company Requirements 200K Flows 5000 EPS Up to devices STRM Web Console STRM Solution STRM 5000 Correlation Reporting Log Management Flow Management Network Devices Exporting Flow Data Security Devices Exporting Logs 26 Copyright 2009 Juniper Networks, Inc.

27 Distributed Deployment Typical STRM Web Console Company Requirements Distributed deployment 200K Flows 2500 EPS Up to devices STRM Solution STRM 5000 CON STRM 2500 EP STRM 2500 FP STRM 5000 Console STRM 2500 EP STRM 2500 FP STRM QFC (Optional) STRM 500 Qflow Network Devices Exporting Flow Data Security Devices Exporting Logs 27 Copyright 2009 Juniper Networks, Inc.

28 STRM 50K EPS Deployment Scenario True Distribution Large Scale deployment One Central Console Normalization on EPs STRM Web Console STRM 5000 Console 10K EPS 10K EPS 10K EPS 10K EPS 10K EPS Security Devices Exporting Logs Security Devices Exporting Logs Security Devices Exporting Logs Security Devices Exporting Logs Security Devices Exporting Logs 28 Copyright 2009 Juniper Networks, Inc.

29 ISCSI (IP-SAN) Deployment Scenario STRM Event Processors Collection, Analysis Storage of Events from Security and Infrastructure Devices (Up to 10,000 EPS each) STRM Console Correlation, Reporting Storage &, Analysis LAN Network STRM Flow Processor Flow Processing and Storage (Up to 600,000 flows) STRM EP STRM EP STRM FC STRM FC STRM Netflow/J Flow Collectors Collection from routers, switches with optional L7 flow collection from a span port or tap 29 Copyright 2009 Juniper Networks, Inc. IP-SAN Appliance

30 Deploying STRM with Existing SIM solutions ArcSight, RSA etc Correlation 3 rd Party SEM Solution Syslog Forwarding 3 rd Party Syslog Servers STRM (LM) Log Consolidation Flexibility in deployment Coexist with competitors Log Management No Correlation needed Consolidation of Logs Security Devices Exporting Logs Security Devices Exporting Logs 30 Copyright 2009 Juniper Networks, Inc.

31 ..so what is STRM Visibility to the environment Support wide vendor spread to gather information Combine flow information with log data Both passive and active asset mapping Network, security, application, & identity awareness Unrivaled data management greatly improves ability to meet IT security control objectives Advanced analytics & threat detection Detects threats that other solutions miss Intuitive and easy to get the information Data reduction and priorization Scalable distributed log collection and archival Network security management scales to any sized organization 31 Copyright 2009 Juniper Networks, Inc.

32 Thank You

QRadar SIEM 6.3 Datasheet

QRadar SIEM 6.3 Datasheet QRadar SIEM 6.3 Datasheet Overview Q1 Labs flagship solution QRadar SIEM is unrivaled in its ability to provide an organization centralized IT security command and control. The unique capabilities of QRadar

More information

QRadar Security Management Appliances

QRadar Security Management Appliances QRadar Security Management Appliances Q1 Labs QRadar network security management appliances and related software provide enterprises with an integrated framework that combines typically disparate network

More information

QRadar Security Intelligence Platform Appliances

QRadar Security Intelligence Platform Appliances DATASHEET Total Security Intelligence An IBM Company QRadar Security Intelligence Platform Appliances QRadar Security Intelligence Platform appliances combine typically disparate network and security management

More information

Security Information & Event Manager (SIEM)

Security Information & Event Manager (SIEM) DATA SHEET Security Information & Event Manager (SIEM) Compliance through Security Information and Event Management, Log Management, and Network Behavioral Analysis Benefits Enables NOC and SOC staff to

More information

IBM QRadar Security Intelligence Platform appliances

IBM QRadar Security Intelligence Platform appliances IBM QRadar Security Intelligence Platform Comprehensive, state-of-the-art solutions providing next-generation security intelligence Highlights Get integrated log management, security information and event

More information

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET DATASHEET Security Information & Event Manager (SIEM) Compliance through Security Information and Event Management, Log Management, and Network Behavioral Analysis Product Overview Delivers fast, accurate

More information

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET DATASHEET Security Information & Event Manager (SIEM) Compliance through Security Information and Event Management, Log Management, and Network Behavioral Analysis Product Overview Delivers fast, accurate

More information

Security Information & Event Manager (SIEM)

Security Information & Event Manager (SIEM) DATA SHEET Security Information & Event Manager (SIEM) Compliance through Security Information and Event Management, Log Management, and Network Behavioral Analysis Benefits Enables NOC and SOC staff to

More information

Delivers fast, accurate data about security threats:

Delivers fast, accurate data about security threats: DATASHEET Security Information & Event Manager (SIEM) Compliance through Security Information and Event Management, Log Management, and Network Behavioral Analysis Product Overview Delivers fast, accurate

More information

IBM Security QRadar SIEM Product Overview

IBM Security QRadar SIEM Product Overview IBM Security QRadar SIEM Product Overview Alex Kioni IBM Security Systems Technical Consultant 1 2012 IBM Corporation The importance of integrated, all source analysis cannot be overstated. Without it,

More information

When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs

When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs White Paper Meeting PCI Data Security Standards with Juniper Networks SECURE ANALYTICS When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs Copyright 2013, Juniper Networks,

More information

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET DATASHEET Security Information & Event Manager (SIEM) Compliance through Security Information and Event Management, Log Management, and Network Behavioral Analysis Product Overview Delivers fast, accurate

More information

STRM SERIES SECURITY THREAT RESPONSE MANAGERS

STRM SERIES SECURITY THREAT RESPONSE MANAGERS DATASHEET STRM SERIES SECURITY THREAT RESPONSE MANAGERS Product Overview The integrated approach of the STRM Series used in conjunction with unparalleled data collection, analysis, correlation and auditing

More information

Juniper Networks Security Threat Response Manager (STRM)

Juniper Networks Security Threat Response Manager (STRM) Datasheet Juniper Networks Security Threat Response Manager () The integrated approach of appliances used in conjunction with unparalleled data collection, analysis, correlation and auditing capabilities,

More information

Meeting PCI Data Security Standards with

Meeting PCI Data Security Standards with WHITE PAPER Meeting PCI Data Security Standards with Juniper Networks STRM Series Security Threat Response Managers When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs Copyright

More information

Clavister InSight TM. Protecting Values

Clavister InSight TM. Protecting Values Clavister InSight TM Clavister SSP Security Services Platform firewall VPN termination intrusion prevention anti-virus anti-spam content filtering traffic shaping authentication Protecting Values & Enterprise-wide

More information

Boosting enterprise security with integrated log management

Boosting enterprise security with integrated log management IBM Software Thought Leadership White Paper May 2013 Boosting enterprise security with integrated log management Reduce security risks and improve compliance across diverse IT environments 2 Boosting enterprise

More information

Meeting PCI Data Security Standards with Juniper Networks Security Threat Response Manager (STRM)

Meeting PCI Data Security Standards with Juniper Networks Security Threat Response Manager (STRM) White Paper Meeting PCI Data Security Standards with Juniper Networks Security Threat Response Manager (STRM) When It Comes To Monitoring and Validation It Takes More Than Just Collecting Logs Juniper

More information

Symantec Security Information Manager Version 4.7

Symantec Security Information Manager Version 4.7 Version 4.7 Agenda What are the challenges? What is Security Information Manager? How does Security Information Manager work? Why? 2 Security Management Challenges 3 Managing IT Security PREVENT INFORM

More information

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.

More information

What is Security Intelligence?

What is Security Intelligence? 2 What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the

More information

IBM Security. 2013 IBM Corporation. 2013 IBM Corporation

IBM Security. 2013 IBM Corporation. 2013 IBM Corporation IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure

More information

Extreme Networks Security Analytics G2 Risk Manager

Extreme Networks Security Analytics G2 Risk Manager DATA SHEET Extreme Networks Security Analytics G2 Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance HIGHLIGHTS Visualize current and potential

More information

Extreme Networks Security Analytics G2 SIEM

Extreme Networks Security Analytics G2 SIEM DATA SHEET Security Analytics G2 SIEM Boost compliance & threat protection through integrated Security Information and Event Management, Log Management, and Network Behavioral Analysis HIGHLIGHTS Integrate

More information

Network Configuration Manager

Network Configuration Manager Network Configuration Manager AUTOMATED NETWORK CONFIGURATION & CHANGE MANAGEMENT Download a free product trial and start in minutes. SolarWinds Network Configuration Manager (NCM) simplifies managing

More information

The SIEM Evaluator s Guide

The SIEM Evaluator s Guide Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,

More information

IBM QRadar Security Intelligence April 2013

IBM QRadar Security Intelligence April 2013 IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence

More information

Eoin Thornton Senior Security Architect Zinopy Security Ltd.

Eoin Thornton Senior Security Architect Zinopy Security Ltd. RSA envision: Transform your Security Operations A Technical overview & demo of RSA envision The Information Log Management Platform for Security and Compliance Success Eoin Thornton Senior Security Architect

More information

Information Technology Policy

Information Technology Policy Information Technology Policy Security Information and Event Management Policy ITP Number Effective Date ITP-SEC021 October 10, 2006 Category Supersedes Recommended Policy Contact Scheduled Review RA-ITCentral@pa.gov

More information

Intro to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Intro to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Intro to QualysGuard IT Compliance SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe QualysGuard ICT Security Management Integrated Suite of ICT Security

More information

Foglight NMS Overview

Foglight NMS Overview Page 1 of 5 Foglight NMS Overview Foglight Network Management System (NMS) is a robust and complete network monitoring solution that allows you to thoroughly and efficiently manage your network. It is

More information

Q1 Labs Corporate Overview

Q1 Labs Corporate Overview Q1 Labs Corporate Overview The Security Intelligence Leader Who we are: Innovative Security Intelligence software company One of the largest and most successful SIEM vendors Leader in Gartner 2011, 2010,

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

Netzwerkkonzept. Informationsveranstaltung am 03.07.2007 Im Bristol Hotel Mainz. Thema: Ideen zum Netzwerkdesign - Switching -WLAN - Security - VoIP

Netzwerkkonzept. Informationsveranstaltung am 03.07.2007 Im Bristol Hotel Mainz. Thema: Ideen zum Netzwerkdesign - Switching -WLAN - Security - VoIP Netzwerkkonzept Informationsveranstaltung am 03.07.2007 Im Bristol Hotel Mainz Thema: Ideen zum Netzwerkdesign - Switching -WLAN - Security - VoIP Datum: 03.07.2007, Seite: 1 Network Behaviour Analysis

More information

Extreme Networks Security Analytics G2 Vulnerability Manager

Extreme Networks Security Analytics G2 Vulnerability Manager DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering

More information

Security Event Management. February 7, 2007 (Revision 5)

Security Event Management. February 7, 2007 (Revision 5) Security Event Management February 7, 2007 (Revision 5) Table of Contents TABLE OF CONTENTS... 2 INTRODUCTION... 3 CRITICAL EVENT DETECTION... 3 LOG ANALYSIS, REPORTING AND STORAGE... 7 LOWER TOTAL COST

More information

Secospace elog. Secospace elog

Secospace elog. Secospace elog Secospace elog Product Overview With the development of networks, security events continually occur on hosts, databases, and Web servers. These range from Trojans, worms, and SQL injections, to Web page

More information

IBM SECURITY QRADAR INCIDENT FORENSICS

IBM SECURITY QRADAR INCIDENT FORENSICS IBM SECURITY QRADAR INCIDENT FORENSICS DELIVERING CLARITY TO CYBER SECURITY INVESTIGATIONS Gyenese Péter Channel Sales Leader, CEE IBM Security Systems 12014 IBM Corporation Harsh realities for many enterprise

More information

RAVEN, Network Security and Health for the Enterprise

RAVEN, Network Security and Health for the Enterprise RAVEN, Network Security and Health for the Enterprise The Promia RAVEN is a hardened Security Information and Event Management (SIEM) solution further providing network health, and interactive visualizations

More information

Introducing IBM s Advanced Threat Protection Platform

Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM

More information

JSA Series Secure Analytics

JSA Series Secure Analytics JSA Series Secure Analytics Product Overview The integrated approach of JSA Series Secure Analytics, used in conjunction with unparalleled data collection, analysis, correlation, and auditing capabilities,

More information

Scalability in Log Management

Scalability in Log Management Whitepaper Scalability in Log Management Research 010-021609-02 ArcSight, Inc. 5 Results Way, Cupertino, CA 95014, USA www.arcsight.com info@arcsight.com Corporate Headquarters: 1-888-415-ARST EMEA Headquarters:

More information

An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011

An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011 An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011 Brian McLean, CISSP Sr Technology Consultant, RSA Changing Threats and More Demanding Regulations External

More information

Log management & SIEM: QRadar Security Intelligence Platform

Log management & SIEM: QRadar Security Intelligence Platform Log management & SIEM: QRadar Security Intelligence Platform Tibor Bősze Security Architect for CEE+RCIS tibor.boesze@hu.ibm.com The Security Intelligence Leader Who is Q1Labs: Innovative Security Intelligence

More information

LogInspect 5 Product Features Robust. Dynamic. Unparalleled.

LogInspect 5 Product Features Robust. Dynamic. Unparalleled. LogInspect 5 Product Features Robust. Dynamic. Unparalleled. Enjoy ultra fast search capabilities in simple and complex modes optimized for Big Data Easily filter and display relevant topics, eg: Top 10

More information

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture

More information

McAfee Acquires NitroSecurity

McAfee Acquires NitroSecurity McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security

More information

LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled.

LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled. LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled. LOGPOINT Enjoy ultra fast search capabilities in simple and complex modes optimized for Big Data Easily filter and display relevant topics,

More information

QRadar SIEM 7.2 Flows Overview

QRadar SIEM 7.2 Flows Overview QRadar SIEM 7.2 Flows Overview Panelists Dwight Spencer Principal Solutions Architect & Co-founder of Q1 Labs Aaron Breen QRadar World-wide Support Leader Adam Frank Principal Solutions Architect Dale

More information

White Paper: Meeting and Exceeding GSI/GCSx Information Security Monitoring Requirements

White Paper: Meeting and Exceeding GSI/GCSx Information Security Monitoring Requirements White Paper: Meeting and Exceeding GSI/GCSx Information Security Monitoring Requirements The benefits of QRadar for protective monitoring of government systems as required by the UK Government Connect

More information

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred DETECT All changes across your IT environment With coverage for your servers, network devices, critical workstations, point of sale systems, and more, CimTrak has your infrastructure covered. CimTrak provides

More information

Environment. Attacks against physical integrity that can modify or destroy the information, Unauthorized use of information.

Environment. Attacks against physical integrity that can modify or destroy the information, Unauthorized use of information. Cyber Security. Environment, Solutions and Case study. Special Telecommunications Service David Gabriel, Buciu Adrian Contact: gdavid13@sts.ro adibuciu@sts.ro Environment Network/services can be damaged

More information

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE PRODUCT BRIEF uugiven today s environment of sophisticated security threats, big data security intelligence solutions and regulatory compliance demands, the need for a log intelligence solution has become

More information

Analyzing Logs For Security Information Event Management Whitepaper

Analyzing Logs For Security Information Event Management Whitepaper ADVENTNET INC. Analyzing Logs For Security Information Event Management Whitepaper Notice: AdventNet shall have no liability for errors, omissions or inadequacies in the information contained herein or

More information

Meeting and Exceeding GSI/GCSx Information Security Monitoring Requirements with Enterasys SIEM

Meeting and Exceeding GSI/GCSx Information Security Monitoring Requirements with Enterasys SIEM Meeting and Exceeding GSI/GCSx Information Security Monitoring Requirements with Enterasys SIEM The benefits of Enterasys SIEM for protective monitoring of government systems as required by the UK Government

More information

NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers

NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers The World's Fastest and Most Scalable SIEM Finally an enterprise-class security information and event management system

More information

Introduction to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Introduction to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Introduction to QualysGuard IT Compliance SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe A Unified and Continuous View of ICT Security, Risks and

More information

Sourcefire Defense Center TM

Sourcefire Defense Center TM Sourcefire TM Sourcefire Capabilities Store up to 100,000,000 security & host events, including packet data Centralized policy & sensor management Centralized audit logging of configuration & security

More information

Tripwire Log Center PRODUCT BRIEF HIGH PERFORMANCE LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

Tripwire Log Center PRODUCT BRIEF HIGH PERFORMANCE LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE PRODUCT BRIEF Tripwire Log Center HIGH PERFORMANCE LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE Enterprise organizations of all sizes need to achieve compliance with regulations and standards and

More information

IBM Security Intelligence Strategy

IBM Security Intelligence Strategy IBM Security Intelligence Strategy Delivering Insight with Agility October 17, 2014 Victor Margina Security Solutions Accent Electronic 12013 IBM Corporation We are in an era of continuous breaches Operational

More information

Tech Brief. Choosing the Right Log Management Product. By Michael Pastore

Tech Brief. Choosing the Right Log Management Product. By Michael Pastore Choosing the Right Log Management Product By Michael Pastore Tech Brief an Log management is IT s version of the good old fashioned detective work that authorities credit for solving a lot of crimes. It

More information

QRadar SIEM and Zscaler Nanolog Streaming Service

QRadar SIEM and Zscaler Nanolog Streaming Service QRadar SIEM and Zscaler Nanolog Streaming Service February 2014 1 QRadar SIEM: Security Intelligence Platform QRadar SIEM provides full visibility and actionable insight to protect networks and IT assets

More information

IBM Security QRadar Risk Manager

IBM Security QRadar Risk Manager IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Visualize current and potential network traffic patterns

More information

Analyzing Logs For Security Information Event Management Whitepaper

Analyzing Logs For Security Information Event Management Whitepaper ADVENTNET INC. Analyzing Logs For Security Information Event Management Whitepaper Notice: AdventNet shall have no liability for errors, omissions or inadequacies in the information contained herein or

More information

Secure Cloud-Ready Data Centers Juniper Networks

Secure Cloud-Ready Data Centers Juniper Networks Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security

More information

White Paper. Time for Integrated vs. Bolted-on IT Security. Cyphort Platform Architecture: Modular, Open and Flexible

White Paper. Time for Integrated vs. Bolted-on IT Security. Cyphort Platform Architecture: Modular, Open and Flexible White Paper Time for Integrated vs. Bolted-on IT Security Cyphort Platform Architecture: Modular, Open and Flexible Overview This paper discusses prevalent market approaches to designing and architecting

More information

Symantec's Continuous Monitoring Solution

Symantec's Continuous Monitoring Solution Preparing for FISMA 2.0 and Continuous Monitoring Requirements Symantec's Continuous Monitoring Solution White Paper: Preparing for FISMA 2.0 and Continuous Monitoring Requirements Contents Introduction............................................................................................

More information

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS WHITE PAPER INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS Network administrators and security teams can gain valuable insight into network health in real-time by

More information

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

WHITE PAPER SPLUNK SOFTWARE AS A SIEM SPLUNK SOFTWARE AS A SIEM Improve your security posture by using Splunk as your SIEM HIGHLIGHTS Splunk software can be used to operate security operations centers (SOC) of any size (large, med, small)

More information

ALERT LOGIC LOG MANAGER & LOGREVIEW

ALERT LOGIC LOG MANAGER & LOGREVIEW SOLUTION OVERVIEW: ALERT LOGIC LOG MANAGER & LOGREVIEW CLOUD-POWERED LOG MANAGEMENT AS A SERVICE Simplify Security and Compliance Across All Your IT Assets. Log management is an infrastructure management

More information

Continuous Network Monitoring

Continuous Network Monitoring Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment

More information

IBM QRadar as a Service

IBM QRadar as a Service Government Efficiency through Innovative Reform IBM QRadar as a Service Service Definition Copyright IBM Corporation 2014 Table of Contents IBM Cloud Overview... 2 IBM/Sentinel PaaS... 2 QRadar... 2 Major

More information

RSA Solution Brief. RSA envision. Platform. Compliance and Security Information Management. RSA Solution Brief

RSA Solution Brief. RSA envision. Platform. Compliance and Security Information Management. RSA Solution Brief RSA Solution Brief RSA envision Compliance and Security Information Management Platform RSA Solution Brief Actionable Compliance and Security Intelligence RSA envision technology is an information management

More information

QRadar SIEM and FireEye MPS Integration

QRadar SIEM and FireEye MPS Integration QRadar SIEM and FireEye MPS Integration March 2014 1 IBM QRadar Security Intelligence Platform Providing actionable intelligence INTELLIGENT Correlation, analysis and massive data reduction AUTOMATED Driving

More information

Kevin Hayes, CISSP, CISM MULTIPLY SECURITY EFFECTIVENESS WITH SIEM

Kevin Hayes, CISSP, CISM MULTIPLY SECURITY EFFECTIVENESS WITH SIEM Kevin Hayes, CISSP, CISM MULTIPLY SECURITY EFFECTIVENESS WITH SIEM TODAY S AGENDA Describe the need for SIEM Explore different options available for SIEM Demonstrate a few Use Cases Cover some caveats

More information

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide AlienVault Unified Security Management (USM) 4.x-5.x Deployment Planning Guide USM 4.x-5.x Deployment Planning Guide, rev. 1 Copyright AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,

More information

Network Monitoring Comparison

Network Monitoring Comparison Network Monitoring Comparison vs Network Monitoring is essential for every network administrator. It determines how effective your IT team is at solving problems or even completely eliminating them. Even

More information

IBM Security QRadar Risk Manager

IBM Security QRadar Risk Manager IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Collect network security device configuration data to

More information

Symantec Security Information Manager 4.7.4 Administrator Guide

Symantec Security Information Manager 4.7.4 Administrator Guide Symantec Security Information Manager 4.7.4 Administrator Guide Symantec Security Information Manager 4.7.4 Administrator Guide The software described in this book is furnished under a license agreement

More information

Symantec Security Information Manager 4.7.4 User Guide

Symantec Security Information Manager 4.7.4 User Guide Symantec Security Information Manager 4.7.4 User Guide Symantec Security Information Manager 4.7.4 User Guide The software described in this book is furnished under a license agreement and may be used

More information

Enabling Security Operations with RSA envision. August, 2009

Enabling Security Operations with RSA envision. August, 2009 Enabling Security Operations with RSA envision August, 2009 Agenda What is security operations? How does RSA envision help with security operations? How does RSA envision fit with other EMC products? If

More information

Redefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance

Redefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance White Paper Redefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance What You Will Learn Modern data centers power businesses through a new generation of applications,

More information

Find the needle in the security haystack

Find the needle in the security haystack Find the needle in the security haystack Gunnar Kristian Kopperud Principal Presales Consultant Security & Endpoint Management Technology Day Oslo 1 Find the needle in the security haystack Manually deep

More information

Network Performance Management Solutions Architecture

Network Performance Management Solutions Architecture Network Performance Management Solutions Architecture agility made possible Network Performance Management solutions from CA Technologies compliment your services to deliver easily implemented and maintained

More information

Symantec Control Compliance Suite Standards Manager

Symantec Control Compliance Suite Standards Manager Symantec Control Compliance Suite Standards Manager Automate Security Configuration Assessments. Discover Rogue Networks & Assets. Harden the Data Center. Data Sheet: Security Management Control Compliance

More information

Enforcive /Cross-Platform Audit

Enforcive /Cross-Platform Audit Enforcive /Cross-Platform Audit Enterprise-Wide Log Manager and Database Activity Monitor Real-time Monitoring Alert Center Before & After Change Image Custom Reports Enforcive's Cross-Platform Audit (CPA)

More information

State of SIEM Challenges, Myths & technology Landscape 4/21/2013 1

State of SIEM Challenges, Myths & technology Landscape 4/21/2013 1 State of SIEM Challenges, Myths & technology Landscape 4/21/2013 1 Introduction What s in a name? SIEM? SEM? SIM? Technology Drivers Challenges & Technology Overview Deciding what s right for you Worst

More information

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring NitroView Unified Security and Compliance Unmatched Speed and Scale Application Data Monitoring Database Monitoring Log Management Content Aware SIEM TM IPS Today s security challenges demand a new approach

More information

IBM. Vulnerability scanning and best practices

IBM. Vulnerability scanning and best practices IBM Vulnerability scanning and best practices ii Vulnerability scanning and best practices Contents Vulnerability scanning strategy and best practices.............. 1 Scan types............... 2 Scan duration

More information

Mucho Big Data y La Seguridad para cuándo?

Mucho Big Data y La Seguridad para cuándo? Mucho Big Data y La Seguridad para cuándo? Juan Carlos Vázquez Sales Systems Engineer, LTAM mayo 9, 2013 Agenda Business Drivers Big Security Data GTI Integration SIEM Architecture & Offering Why McAfee

More information

Cisco NetFlow Generation Appliance (NGA) 3140

Cisco NetFlow Generation Appliance (NGA) 3140 Q&A Cisco NetFlow Generation Appliance (NGA) 3140 General Overview Q. What is Cisco NetFlow Generation Appliance (NGA) 3140? A. Cisco NetFlow Generation Appliance 3140 is purpose-built, high-performance

More information

IBM Security QRadar SIEM Version 7.1.0 (MR1) Tuning Guide

IBM Security QRadar SIEM Version 7.1.0 (MR1) Tuning Guide IBM Security QRadar SIEM Version 7.1.0 (MR1) Tuning Guide Note: Before using this information and the product that it supports, read the information in Notices and Trademarks on page 35. Copyright IBM

More information

SolarWinds Network Performance Monitor

SolarWinds Network Performance Monitor SolarWinds Network Performance Monitor powerful network fault & availabilty management Fully Functional for 30 Days SolarWinds Network Performance Monitor (NPM) makes it easy to quickly detect, diagnose,

More information

Vulnerability Management for the Distributed Enterprise. The Integration Challenge

Vulnerability Management for the Distributed Enterprise. The Integration Challenge Vulnerability Management for the Distributed Enterprise The Integration Challenge Vulnerability Management and Distributed Enterprises All organizations face the threat of unpatched vulnerabilities on

More information

Peter Dulay, CISSP Senior Architect, Security BU

Peter Dulay, CISSP Senior Architect, Security BU CA Enterprise Log Manager 12.5 Peter Dulay, CISSP Senior Architect, Security BU Agenda ELM Overview ELM 12.5: What s new? ELM to CA Access Control/PUPM Integration CA CONFIDENTIAL - Internal Use Only Overview

More information

Monitoring Windows Workstations Seven Important Events

Monitoring Windows Workstations Seven Important Events Monitoring Windows Workstations Seven Important Events White Paper 8815 Centre Park Drive Publication Date: October 1, 2009 Columbia MD 21045 877.333.1433 ABSTRACT Monitoring event logs from workstations

More information

SecureVue Product Brochure

SecureVue Product Brochure SecureVue unifies next-generation SIEM, security configuration auditing, compliance automation and contextual forensic analysis into a single platform, delivering situational awareness, operational efficiency

More information

Introduction to Network Discovery and Identity

Introduction to Network Discovery and Identity The following topics provide an introduction to network discovery and identity policies and data: Host, Application, and User Detection, page 1 Uses for Host, Application, and User Discovery and Identity

More information

Secure Cloud Computing

Secure Cloud Computing Secure Cloud Computing Agenda Current Security Threat Landscape Over View: Cloud Security Overall Objective of Cloud Security Cloud Security Challenges/Concerns Cloud Security Requirements Strategy for

More information