End-to-end Solutions to Enable Log Management Best Practices

Size: px
Start display at page:

Download "End-to-end Solutions to Enable Log Management Best Practices"

Transcription

1 White paper End-to-end Solutions to Enable Log Management Best Practices Deploying a Comprehensive Security Information and Event Management Platform

2 Executive Summary More and more organizations today are recognizing that log and event data can provide a wealth of intelligence information about the entire enterprise IT environment. Especially as regulations continue to get more complex and organizations face increasingly sophisticated and targeted attacks, the need to know what is happening on your network, and within your systems and applications, is essential. To meet this challenge, organizations must build an enterprise competency in log (event) management, including developing best practices, establishing an infrastructure and deploying technology solutions. To help meet this challenge, RSA has developed a series of white papers. The first paper in the series provides a set of 40 recommended best practices. The second takes the next logical step by guiding organizations in establishing the criteria for an infrastructure to help realize best practices. This third paper describes end-to-end solutions that combine security information and event management (SIEM) and tiered storage technologies based on the RSA envision platform and EMC networked storage solutions. The volume of log data organizations must analyze and retain is constantly increasing and retention periods are becoming longer. Therefore, solutions for log management must incorporate an information lifecycle management (ILM) strategy; which ensures that the data will be managed efficiently and effectively from creation to deletion. The RSA envision platform aggregates logs from across the enterprise and turns this information into actionable intelligence for compliance and security. By combining the RSA envision platform with EMC storage systems, organizations can incorporate an ILM strategy for log data and deploy end-to-end solutions that enable best practices in log management. This paper details how RSA s solutions meet the complete set of requirements for a log management infrastructure, including general requirements and specific requirements in log generation and capture; log retention and storage; log analysis; and log security and protection. It is intended to help organizations deploy a comprehensive security information and event management platform in order to reap extensive benefits including improved security operations and sustainable compliance programs. Contents Definition of Log (Event) Management page 1 Developing a Log Management Capability page 1 RSA End-to-end Solutions for Log (Event) Management page 2 Meeting the Requirements of an Infrastructure for Log Management page 2 I. General Requirements page 2 II. Log Generation and Capture page 6 III. Log Retention and Storage page 7 IV. Log Analysis page 8 V. Log Security and Protection page 9 Conclusion page 10

3 Definition of Log (Event) Management Developing a Log Management Capability This white paper is the third in a series of three white papers on log management. In each paper, the definition of log (event) management is provided in order to clarify the meanings of terms used throughout the series. A log is a record of an event or activity occurring within an organization s systems or networks. Examples of these events include a firewall allowing or denying access to a network resource, a change to the configuration of the operating system performed by an administrator, a system shut down or start up, a user logging-in to an application or an application allowing or denying access to a file. For more examples of events or activities, please see the companion white paper Log Management Best Practices: The Foundation for Comprehensive Security Information and Event Management, Appendix 1, Sources and contents of logs. Log (event) management is the collection, analysis (realtime or historical), management and storage of logs from a range of sources across the enterprise including security systems, networking devices, storage systems, operating systems and applications. Log management is the foundation for comprehensive security information and event management (SIEM) including the following use cases: Real-time threat detection and mitigation Incident investigation and forensics Compliance to regulations and standards Capacity planning, performance and uptime Evidence for legal and human resources cases Detecting and preventing IP theft Auditing and enforcing employee productivity Troubleshooting system and network problems Auditing and enforcing IT security policy Well informed organizations have recognized that log and event data can provide a wealth of intelligence information about the entire enterprise IT environment. Especially as regulations continue to get more complex and organizations face increasingly sophisticated and targeted attacks, the need to know what is happening on your network and within your systems and applications, is essential. But the volume of log data can be staggering and the retention requirements seem unmanageable. How do you get through the mountains of data to track the right events? Can you detect problems fast enough? Will you have the right information on hand for your next audit or forensic investigation? And all of this must be done efficiently and cost-effectively. To meet this challenge, organizations must build an enterprise competency in log (event) management, which includes developing best practices, establishing an infrastructure and deploying a technology solution. To help meet this challenge, RSA has developed a series of white papers: 1. Log Management Best Practices: The Foundation for Comprehensive Security Information and Event Management 2. Building an Infrastructure that Enables Log Management Best Practices: A Technology Strategy for Comprehensive Security Information and Event Management 3. End-to-end Solutions to Enable Log Management Best Practices: Deploying a Comprehensive Security Information and Event Management Platform The first paper in the series provides the rationale and methodology for developing best practices as well as puts forth RSA s set of 40 recommended best practices. The best practices address the requirements of regulations and standards, the evolving threat landscape and business objectives. The second paper takes the next logical step by guiding organizations in establishing the criteria for an infrastructure to help realize best practices and build a technology strategy for comprehensive security information and event management. It also lays out a list of infrastructure requirements in several categories of log management. RSA White Paper 1

4 This third paper describes end-to-end solutions that combine security information and event management (SIEM) and tiered storage technologies based on the RSA envision platform and EMC networked storage solutions. It details how the RSA solutions meet the complete list of infrastructure requirements. Each paper can be read individually, but the three-part series offers a complete resource for developing a log management capability. The RSA envision platform works seamlessly with EMC storage solutions for end-to-end solutions in log (event) management that incorporate an ILM strategy. By combining RSA envision with EMC Symmetrix, Clariion, Celerra, Centera and/or the EMC Disk Library storage systems, organizations can manage the huge volumes of logged data from creation to deletion in order to meet regulatory compliance, security operations and business requirements. RSA End-to-end Solutions for Log (Event) Management The volume of log data organizations must analyze and retain is constantly increasing and retention periods are becoming longer. Therefore, solutions for log management must incorporate an information lifecycle management (ILM) strategy; which ensures that the data will be managed efficiently and effectively from creation to deletion. RSA provides solutions for building centrally-managed dedicated infrastructures for log (event) management which combine the RSA envision security information and event management (SIEM) platform and EMC networked storage systems. Organizations also have the option of using storage systems from other leading vendors, including integrating the RSA envision platform with existing storage systems, whether from EMC or other vendors. The RSA envision platform captures, manages and analyzes logs from across the enterprise and turns this information into actionable intelligence for compliance and security. By combining RSA envision technology and networked storage solutions, organizations can manage the entire lifecycle of log data using a tiered storage approach, whereby logs are kept on different storage resources based on the age of and need for the data. With tiered storage, log data that requires frequent or ready access, such as production data (actively used for real-time analysis, on-going review and periodic audits and assessments) may be stored on-line. Log data not requiring as frequent or ready access, such as backup data (mirror image of production data needed in case of compromise or damage) may be stored near-line or off-line. Active archive data (subset of production data stored longer-term for record-keeping purposes) is also not needed as frequently and may be stored near-line. At some point, depending upon the organization s data retention and access policies, subsets of the archived data may be moved off-line. Meeting the Requirements of an Infrastructure for Log Management To build an infrastructure for log management that will lay the foundation for comprehensive security information and event management, an organization should consider the following categories of requirements: General requirements Log generation and capture Log retention and storage Log analysis Log security and protection A detailed discussion of the requirements in each of these categories can be found in the companion paper, Building an Infrastructure that Enables Log Management Best Practices: A Technology Strategy for Comprehensive Security Information and Event Management. The following describes how RSA solutions meet the requirements in each of the categories. I. General Requirements 1. Provides high and consistent performance The RSA envision platform was designed to deliver high and consistent performance and match the demands of organizations from small businesses to large enterprises. It collects, manages and analyzes All the Data from sources across the entire organization, including network devices, operating systems, back-office applications and e- commerce environments. Its ability to achieve extremely high performance levels is based on a unique database and a flexible, open architecture. The database is an innovative approach called the LogSmart Internet Protocol database (IPDB). It was purpose-built for gathering and storing security events as 2 RSA White Paper

5 quickly as possible and designed specifically to address the major limitations of SIEM technology based on relational databases. Unlike traditional relational database systems (RDBS), the LogSmart IPDB is designed to work efficiently with unstructured log (event) data in its native format and does not require pre-processing of the data upon input. With a traditional RDBS, the data must be put into structured columns; the construction of tables and other overhead slows things down. In contrast, the LogSmart IPDB uses the raw event logs themselves to form the database with no overhead required. With the RSA envision platform, information is parsed on the way out of the database when requested instead of being parsed on the way in. This saves precious time and machine resources and allows all the data to be collected unaltered. As well, the LogSmart IPDB is highly writeoptimized. Even though the number of reads will far outweigh the number of writes, by optimizing the writes, any subsequent reads will become far more efficient and save overall I/O load on the host system. With the capability to stream log (event) data to storage and, in parallel, conduct real-time analysis, the RSA envision platform can provide the high performance necessary to satisfy even the most demanding corporate requirements. The RSA envision platform is an appliance-based solution that provides a range of performance levels to fit with any size organization or application. The ES series of powerful stand-alone appliances are designed to sustain collection speeds of up to 7,500 events per second (EPS) and support up to 1250 devices and 14 simultaneous users using a single appliance. The LS series of appliances takes a distributed architecture approach with collectors, database servers and application servers. By implementing appliances at the collection, data management and analysis levels, an organization can use the building blocks to scale at each level and exactly meet their performance needs. The appliances can be scaled to achieve in excess of 500,000 EPS, collecting from over 100,000 devices. Since every application server can support up to 16 simultaneous users, the number of concurrent users can be scaled to meet even the largest organization s requirements. The distributed architecture approach enables very high levels of performance while minimizing the use of network bandwidth; data is collected and stored close to the source, rapidly retrieved by the data management level and quickly processed for analysis and reporting at the application layer. 2. Enables a distributed deployment With RSA envision technology, multiple components including the collectors, database servers and application servers can be distributed across an organization s networks, even across the globe. Log and event data flows from the devices, systems and applications to the local data collectors, where the raw data (packaged and secured) resides permanently. Metadata (information about the data s location) is derived and stored on the database servers at the data management level for use in locating the data. Historical and trend analysis take place at the application server level. Queries are initiated by the application servers and prompt the data management level to do efficient data retrieval from the local collectors. The RSA envision platform performs local collection, yet provides a global view of the data for analysis. Analysis can be done from anywhere in the world, regardless of where the data has been collected. Users can access the entire enterprise-wide log data set no matter where they are located. Fine-grained, role-based access control ensures that only the right people have access to the right data. Security operations can access enterprise-wide log data for real-time correlation. Multiple modes of event alerting are supported. The high-speed deep forensic analysis enables drill-down from a high level aggregated alert to the associated individual raw events. Compliance teams can leverage multiple years of historical event information and automatically computed baselines. Reporting pertaining to conformance to policy can be done as pre-scheduled or runtime ad hoc reports. Organizations can also implement a federated strategy, whereby divisional data is collected, managed and analyzed by the individual divisions, while headquarters performs analysis of the enterprise-wide data for oversight purposes. In fact, the oversight capabilities enabled by RSA envision platform can be integrated with existing deployments of RSA envision appliances or even other SIEM technology that has been deployed in a siloed approach by individual divisions. A distributed deployment has the flexibility to meet the needs of today s large, geographically dispersed and/or dynamic organizations. The infrastructure can be mapped to any kind of organizational structure and quickly adapted to changes as systems or groups of users are added or moved. Another benefit of RSA envision architecture is that data collection and storage is localized, so it is fast and reliable. This helps to ensure that no data is lost or corrupted and RSA White Paper 3

6 makes regulatory compliance easier for laws that prohibit data from being physically moved to another country for processing. Data is stored locally and specific records can be selectively accessed by authorized users based on content and context. In a distributed deployment, RSA envision technology works in conjunction with EMC networked storage systems to provide for retention and retrieval of log data over a network, allowing users across the organization to have secure, role-based access to the shared storage devices containing the log data. 3. Easily integrates with existing infrastructure The RSA envision solution was designed to be easily integrated with any organization s IT infrastructure and manageable within the context of its existing operations. Many features of the RSA envision platform make it easy to integrate. For collection, the platform provides built-in support for hundreds of source devices and tools to add any new sources on-the-fly. Because it is an agentless solution, organizations will not have to install and configure agents in order to collect data from log sources. The RSA envision platform also supports a wide range of EMC and other storage solutions and can easily be used with existing storage systems. RSA envision Platform Scalability Scenario 1. Single appliance Supported devices Because it is easy to use and manage, the RSA envision platform does not require the organization to hire specialized staff such as database or network administrators. It also does not require specialized enterprise application management or maintenance and backup tools, but instead is designed specifically to work with existing third-party tools. For incident management, it can easily integrate with current procedures and even streamline these with a built-in triage process and incident response workflow. The RSA envision platform was engineered to live within IPbased networks and is optimized for file system storage. Its distributed and flexible architecture ensures that its deployment will not negatively impact the performance of other systems or create major disruptions to operations. As well, organizations can easily implement a phased or staged rollout. 4. Ensures parallel analysis and storage The high performance characteristics of the RSA envision platform (and specifically the RSA envision LogSmart IPDB) enables it to deliver in-line analysis real-time analysis, which is independent of incoming EPS. It supports real-time alerts and at the same time, is reliably retaining all of the log data as it is collected so that the data will be available later for compliance reporting, audits or forensic analysis. 5. Offers scalability to meet not only current needs but also future needs Because the RSA envision platform was built specifically for high performance capture and analysis of log data, it can easily handle the peak loads that organizations will Windows server Netscreen firewall Cisco IPS Analyze Report Correlated alerts Baseline Juniper IDP Microsoft ISS Trend Micro anti-virus Collect Event Explorer Real-time analysis Forensics Interactive query Integrated incident mgmt. Legacy device Legacy device Manage 4 RSA White Paper

7 RSA envision Platform Scalability Scenario 2. Local collection with global analysis in a distributed enterprise-wide architecture Storage device New York Oracle financial Windows server Collect Analyze Event Explorer Real-time correlation Netscreen firewall Manage Windows work station Real-time alerting Boston Cisco IPS Trend Micro anti-virus Collect Manage alerts Paris London Cisco IPS Storage device Oracle financial Collect remotely Collect Manage Analyze Event Explorer Ad-hoc reports Scheduled reports experience, such as sudden increased activity surges in the volume of log or event data. With its flexible architecture, the infrastructure can be scaled to meet higher performance requirements over time; for example, if regulatory demands increase or the whole IT environment grows, resulting in an increase in the overall volume of log data. The RSA envision platform provides uninterrupted scalability from a single appliance to multiple appliance deployments, supporting from 500 EPS up to over 500,000 EPS. It also provides the ability to add additional storage capacity on-the-fly from gigabytes to terabytes to petabytes. EMC storage solutions enable organizations to cost-effectively expand capacity to petabytes of storage and to non-disruptively and automatically discover and reconfigure new drives. 6. Provides a low total cost of ownership The RSA envision platform delivers a low total cost of ownership by minimizing the costs of deployment and the impact on IT systems and staff. It can also reduce the ongoing costs of security operations and compliance. By providing out-of-the-box support for hundreds of devices, the RSA envision platform saves the organization from having to do a lot of custom work. Since it is an agent-less solution, it does not require installation, configuration and on-going maintenance of agents and will not cause a drain on host devices. As an appliance-based solution, the RSA envision platform provides a standardized and controlled combination of hardware, OS and software. Because an appliance is a controlled, secure environment with a locked down operating system running just one application, it is immune to third-party driver conflicts, bugs, viruses and other issues that might plague a software-based solution. All of this adds up to lower costs for installation, maintenance and management. It is possible to plug the RSA envision appliance into a power source, attach it to the network and be up and running in an hour. With software-based solutions, this may take a day, a week or a month. Storage is minimized by the LogSmart IPDB since it does not generate extraneous overhead data and provides extremely RSA White Paper 5

8 efficient compression. By enabling a tiered storage approach, RSA solutions optimize the use of storage resources. Using primary tiers (on-line storage) for production data and secondary tiers (near-line and off-line) for backup and active archive data is a cost-effective use of storage. It reduces the overall cost per MB and puts off the need to acquire additional primary storage systems. As well, the RSA envision platform can use existing storage systems, saving the cost of new systems. Since the platform was specifically designed to be easy to deploy, manage and maintain, it will save the costs of hiring specialized staff such as database or network administrators. Organizations will also be able to forgo the purchase of specialized enterprise application management or maintenance and backup tools; and simply use existing tools. With features such as a built-in triage process and incident response workflow, it can actually reduce the costs of security operations by increasing efficiency. By automating analysis, the RSA envision platform makes it more effective and reduces real-time monitoring expenses such as personnel costs. It frees up personnel to do more productive tasks. More effective monitoring through correlation tools also reduces false positives, which can ultimately reduce downtime and increase efficiencies by enabling personnel to focus on the right threats. Another way that this solution helps reduce costs over the long term is by helping to minimize the costs of compliance by automating reporting and reducing the time it takes to perform audits. Many out-of-the-box reports are provided for a complete range of regulations and standards so organizations can save the costs of building these reports manually. The RSA envision platform helps organizations to have the right data and reports readily available for auditors and to be able to quickly prove that requirements are met. This helps build a sustainable compliance program. 7. Supports the retention and retrieval of evidence-grade log data Organizations may be required to produce log records to be used as legal evidence or to meet regulatory requests for information. To be used as evidence, logs should be in the original, unaltered form. In fact, both NIST and ISO standards indicate that the organization should preserve the original log data for it to be used as evidence. As discussed earlier, the LogSmart IPDB design does not filter or otherwise transform log messages on input. This preserves the native structure of the incoming data and 6 RSA White Paper ensures original logs are retained in their original form. The RSA envision platform s unique process provides a nonrefutable warehouse of compressed, encrypted and authenticated event log data. Each event receives a digital fingerprint to prove the chain of custody. With a Write Once Read Many (WORM) approach, once data is committed to the database, it can never be altered. II. Log Generation and Capture 1. Enables collection of logs from any source and the addition of new sources The RSA envision platform has built-in support for the hundreds of devices across an enterprise and from all points within the infrastructure network, security, host, applications and storage. Out-of-the box supported devices include products by Cisco, Microsoft, EMC, Juniper, Check Point, IBM, Oracle, Symantec and many others. In addition, RSA envision open architecture provides universal device support (UDS), an easy to use tool for adding new source devices, systems and applications in real-time. Ideal for in-house auditing applications and for second-tier devices, UDS offers: A graphical user interface to add new messages, Control over device and message classification, Simple definition of message IDs and payload data and Support for multiple applications running on the same host. 2. Supports collection of large volumes of data The ability of RSA envision technology to collect large volumes of data is primarily based on the design of the LogSmart IPDB. SIEM technology most often uses a generalpurpose, traditional relational database engine, which is typically designed for structured data. For a relational database system (RDBS) to perform well in collecting log messages and event data, the information sent to the system must be structured. However, log messages and event data are not structured; therefore relational databases are relatively slow at log data collection. With RDBS, the query speed is also slowed because it has a more restricted write-and-read engine so that data is locked during either writes or reads. The LogSmart IPDB does not parse log messages on input, but retains all of them in original unstructured form and retrieves and parses them only as needed on output for reporting. Taking this approach, the system can easily handle extremely high data input rates.

9 3. Performs accurate data collection Accurate data collection can also be attributed to the LogSmart IPDB. SIEM technology based on a traditional RDBS parses the log messages in order to put the data into structured tables. With this method, it is very possible that data will be incorrectly written to the database or even be lost. The LogSmart IPDB, on the other hand, is not a RDBS and therefore will not mix-up or drop log data upon input or arbitrarily discard information to fit a limited RDBMS schema. The collection layer of the LogSmart IPDB easily handles both the push methodology of UDP-based logging protocols like syslog, syslog-ng and SNMP and the pull methodology found in TCP/IP-based logging protocols, delivering 100% data capture even when capturing many tens of thousands of events per second. It uses a distributed architecture that, among other benefits, allows local log collection to continue normally even during wide area network outages. Through RSA envision universal taxonomy, it is easy to verify that specific events have been logged. All events collected by the RSA envision platform are classified into easy to understand categories. The categories can be used for creating reports, alerts and correlation rules. III. Log Retention and Storage 1. Supports an ILM strategy whereby data is stored relative to the need for the data using tiered storage The RSA envision platform supports an information lifecycle management strategy. The platform can be combined with networked storage solutions to manage the entire lifecycle of log data using a tiered storage approach. EMC has a continuum of scalable storage solutions to address every phase of the security information lifecycle. Combine the RSA envision platform with EMC Symmetrix, Clariion or Celerra storage systems for on-line storage of production data. EMC Centera content-addressable storage system provides for near-line storage of active archive data or backup data. The EMC Disk Library storage system provides for off-line storage of archive or backup data. 2. Enables a cradle to grave security information lifecycle management strategy The combination of the RSA envision platform with EMC storage systems is a powerful solution for managing log (event) data from collection to storage on different tiers, and eventually deletion. Organization-defined policies for retention and disposal periods can be automatically enforced. The platform supports varying retention periods ranging from months to years and allows selective retention of logs from different applications for different time periods. Administrators can migrate logs from one storage mechanism to another such as moving from on-line to near-line storage and can delete logs meeting certain criteria. The RSA envision platform provides access to all of the data regardless of the particular (qualified) storage resource (EMC as well as other leading storage vendors). Administrators and reviewers can quickly access data of interest in on-line and near-line storage; and even restore data of interest, found in near-line or off-line storage, for analysis. With EMC technology, even after data is moved from primary storage to a digital archive, it is still active and available online. Users and applications can still access it as they always would and promote the file back to the primary storage system if needed. 3. Enables fast and fine-grained retrieval of log data regardless of where it is stored (on-line, near-line, off-line) The RSA envision platform enables fast and fine-grained retrieval of stored data logs by: Integrating with networked storage systems, which enable fast access to log data (rather than loading archived logs from tape) Using centrally managed shared storage resources so that the entire pool of log data from across the enterprise is searchable at once (rather than having to search through multiple storage systems individually) Not using a relational database, which is too slow to search up to petabytes of data and, because RDBS technologies merge multiple data elements together into rows or tables, cannot provide fine-grained access to the data elements Taking a tiered storage approach and removing infrequently accessed data from primary storage systems, helping users to find relevant data quicker 4. Allows organizations to easily manage log data disposal The RSA envision platform can be used with EMC storage to define and automatically enforce disposal policies. As well, EMC storage solutions can be configured to use EMC s Certified Data Erasure Service to overwrite and digitally shred information in a manner that conforms to the US Department of Defense M (i.e., DoD ) standard for permanently deleting digital information. RSA White Paper 7

10 IV. Log Analysis 1. Provides unified and comprehensive visibility of log information from across the organization The RSA envision platform provides a single global view. Users can access and analyze All the Data aggregated from devices, systems and applications from across the entire enterprise, including all sites and geographies. This delivers a complete picture of an organization s security posture and compliance status and allows organizations to respond faster to external threats and discern internal ones. Powerful real-time or historical analysis is displayed via an easy-to-use graphical user interface (GUI). Users can dynamically view All the Data and zoom into selected perspectives. The GUI enables a wide range of issues to be investigated simultaneously. Analysts can quickly identify problems, detect anomalous events and find and review all available related data. The GUI uses a speedometer and gauge metaphor to display important information at a glance, with more detailed data only a click away. Much of the background information is displayed as charts and graphs in the well-organized and well-designed interface. As well, the analysis and visualization tools are customizable to fit an organization s particular needs. 2. Detects significant events through correlation The RSA envision platform provides advanced event correlation and alerting with consistent performance independent of incoming EPS. It correlates multiple events from multiple assets (devices, systems and applications) across the entire enterprise. The correlation capabilities allow an organization to: Reduce false positives by correlating events from multiple devices, systems and applications Rank security devices and threats, allowing personnel to focus on the most critical issues correlation of threats from the most critical assets are brought to immediate attention Display all security alerts from all locations on a single screen Incorporate vulnerability data from vulnerability assessment (VA) products. VA data adds another dimension to correlation and greatly reduces false positives It supports rule-based correlation whereby advanced Boolean logic-driven correlation enables real-time evaluation against corporate policies. Anomaly-based correlation is also supported; it detects and alerts on variations from automatically computed baselines of both events and alerts. The analysis and correlation capabilities also include asset awareness and asset prioritization. The asset database integrates with security systems such as Qualys, ISS, McAfee, ncircle and Nessus. 3. Generates alerts for all types of attacks and violations With the RSA envision platform, events can be stored for extended periods of time. Therefore security events that happen only occasionally, such as an incorrect user or password entry from a single IP address outside the network, can be monitored and detected to ensure they are not indications of an under-the-radar break-in attempt. Along with the platform s powerful base-lining, trending and watch list capabilities, the ability to monitor events over extended periods gives organizations the intelligence to detect even low and slow attacks that happen over long stretches of time. The platform includes watch list alerting and reporting for efficient surveillance of specific high-risk scenarios or anticipated events. For example, the system will notify personnel when specific events occur, when sequences of events occur or when the rate of events exceeds a certain condition. Time is saved by targeting monitoring to look for discrete and/or correlated anomalies. Other use cases include watching for a particular IP address that matches a list of top attacking IP addresses or watching for a particular name on a money laundering watch list. Organizations can use the watch list capability to create alerts for potential compliance violations as they occur in real-time, such as events contrary to security policy or regulations and standards. Examples are when a user is attempting an unauthorized access of protected information or when an administrator initiates an unauthorized configuration change. When compliance violations can be detected in real-time, it can greatly reduce the risk of failed audits or penalties. The alerting system also helps to make personnel more productive and efficient by prioritizing and ranking events that represent significant attacks or violations. 4. Provides automated baselines The RSA envision platform creates baselines from All the Data, providing comprehensive trends of activity and events from the organization s entire environment. Baselines are built automatically from the moment the RSA envision 8 RSA White Paper

11 appliance is connected to the network. Organizations can establish baselines of network behavior in order to perform trend analysis or trigger alerts to traffic patterns that are out of the norm. When a deviation occurs, organizations can quickly and effectively troubleshoot the issue. As baselines are established, network assets can be configured by business impact, function, importance to the organization and geographical locations. Assets can be imported from network and vulnerability systems, so not only can the platform baseline that information, it can provide detailed asset reports and correlated alerts. 5. Provides automated and customized reporting With more than 1100 pre-built reports and custom reporting, the RSA envision platform can easily be configured to provide extensive information on a wide variety of issues, providing reports for specific regulations and standards or on specific activities. Sample reports include: Privileged User Monitoring: Super User Activity Report Sarbanes Oxley: Reports on Changes to Access Controls or Configuration Controls HIPAA: ephi Access Report PCI: Invalid Logical Access Attempts Report 5. Facilitates incident management Organizations worldwide are experiencing an increasing rate of incidents, therefore the amount of time available to analyze and respond to each incident decreases. The platform helps manage these incidents, including evaluating their significance and formulating a response plan. The task triage and ticketing system provides a complete incident response workflow, including flexible management and reporting of incidents, attributes and queues; as well as automated task generation and integration with major enterprise ticketing systems. With integrated incident response workflow, operations can be simplified, staff and resources can be utilized more efficiently and resolution of issues will be faster with fewer errors. RSA envision platform provides the only vulnerability and asset management (VAM) solution in the industry that automatically maps event information from intrusion detection/prevention system (IDS/IPS) alerts to vulnerability intelligence through an enterprise-class platform that collects, manages and analyzes all the event and asset data. The platform incorporates vulnerability data from the national vulnerability database (NVD), which is regularly updated. Benefits of VAM include accurate and automatic identification of real vulnerabilities, false positive reduction, improved effectiveness of security personnel, improved security posture and reduced cost of incident management. 6. Provides extensive querying and filtering The RSA envision platform provides a detailed view of the events that trigger security threats thanks to extensive drilldown capabilities. Security administrators can see exactly what patterns are forming on their networks and the specific IP addresses, ports, hosts, users and protocols involved in these patterns. Extensive querying and filtering capabilities and robust user interface tools all help users to search for data by any user-defined attribute. V. Log Security and Protection 1. Protects data integrity throughout the security information lifecycle With the RSA envision platform, log messages pass through three steps that guard them permanently against tampering: authentication, lossless compression and encryption. As well, the IPDB utilizes a Write Once Read Many (WORM) approach to the data itself, which assures that once data is committed to the database, it can never be altered. EMC storage solutions also provide WORM protection for files. This capability is designed to protect files and directories from deletion, alteration, renaming or overwriting during a designated retention period. To meet the unique requirements of storing and managing fixed content that is, unchanging digital assets into an active archive storage solution, EMC Centera uses Content Addressable Storage technology, whereby classes of security information can be marked as un-erasable over a given retention period to comply with corporate and government data retention policies or be put on litigation hold if ordered. Corporate auditors can be assured that the data retrieved from storage exactly matches what was securely written several years prior. This capability is ideal for long-retention regulatory requirements. Many EMC storage systems have successfully completed the evaluation for Common Criteria Certification to an EAL 2 assurance level. RSA White Paper 9

12 2. Controls access to log data The RSA envision platform provides fine-grained, role-based access control to ensure that only authorized users have access to the particular data they need to do their job. For example, each device s data is stored separately within the IPDB. Access can be granted on a per device and per analysis tool basis to individuals or groups. 3. Provides for high availability including for log collection, analysis and storage Several features of the RSA envision platform help provide high availability for log collection, analysis and storage. Planned or unplanned downtime of collection services can lead to the loss of critical event log information. The platform provides a high availability feature set for collection services which includes support for automatic failure detection, quick fail-over, transparent recovery, active/standby operation support with optional high availability configurations. These features help to significantly reduce the risk of data loss and negative business impact with uninterrupted data collection and provide greater flexibility and less impact on operations of scheduled system downtime. High availability has been built into the architecture of the RSA envision LS series of appliances; users can setup and receive alerts as well as run reports from any site in the distributed domain. As well, through features such as redundant switch architecture and network interface teaming, the LS series of appliances supports high availability networking. All ES and LS appliances have been hardened according to the NSA Gold Disk standard, meeting the security technical implementation guideline (STIG) for secure servers. As well, the appliances have redundancy built into the hardware such as redundant power supplies. EMC storage solutions provide capabilities designed to support disaster recovery and business continuance operations, including: Redundant hardware components. To help protect against the loss of data and system downtime, EMC storage solutions provide redundancy for many key hardware components, including power supplies, connection to storage systems and network connections. Backup. The systems support sophisticated data backup techniques that, among other things, allow information to be archived to tape and other media in a manner that minimizes the impact on system performance. Notifications. The solutions can be configured to automatically provide a variety of detailed notification to system administrators when components are failing or when the system otherwise requires the administrator s attention in order to prevent potential system downtime and/or data loss. Conclusion Developing a log (event) management capability has reached the top of the agenda for many organizations around the globe from small businesses to large enterprises. As organizations strive to develop log management best practices, establish infrastructure requirements and deploy solutions, RSA is helping organizations around the world to meet the challenges. As detailed in this paper, the features of RSA solutions map to the complete range of requirements for a centrallymanaged dedicated infrastructure for log management from high performance and scalability to accurate collection and advanced analytics. One of the most important aspects of an infrastructure is that it incorporates an information lifecycle management (ILM) strategy for log data. With the combination of the RSA envision platform and EMC networked storage solutions, organizations can manage the huge volumes of logged data from creation to deletion in order to meet regulatory compliance, security operations and business requirements. About RSA RSA, The Security Division of EMC, is the expert in information-centric security, enabling the protection of information throughout its lifecycle. RSA enables customers to cost-effectively secure critical information assets and online identities wherever they live and at every step of the way, and manage security information and events to ease the burden of compliance. For more information, please visit and RSA, envision, LogSmart, All the Data and the RSA logo are registered trademarks or trademarks of RSA Security Inc. in the United States and/or other countries. EMC, Symmetrix, Clariion, Celerra and Centera are registered trademarks or trademarks of EMC Corporation. All other products or services mentioned are trademarks of their respective owners RSA Security Inc. All rights reserved. 10 RSA White Paper LMBP3 WP 1007

Security Information and Event Management Introduction to envision: The Information Management Platform for Security and Compliance Operations Success

Security Information and Event Management Introduction to envision: The Information Management Platform for Security and Compliance Operations Success Security Information and Event Management Introduction to envision: The Information Management Platform for Security and Compliance Operations Success Copyright 2008 EMC Corporation. All rights reserved.

More information

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief RSA Solution Brief RSA envision Platform Real-time Actionable Information, Streamlined Incident Handling, Effective Measures RSA Solution Brief The job of Operations, whether a large organization with

More information

Building an Infrastructure That Enables Log Management Best Practices

Building an Infrastructure That Enables Log Management Best Practices White paper Building an Infrastructure That Enables Log Management Best Practices A Technology Strategy for Comprehensive Security Information and Event Management Executive Summary The current regulatory

More information

An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011

An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011 An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011 Brian McLean, CISSP Sr Technology Consultant, RSA Changing Threats and More Demanding Regulations External

More information

RSA Solution Brief. RSA envision. Platform. Compliance and Security Information Management. RSA Solution Brief

RSA Solution Brief. RSA envision. Platform. Compliance and Security Information Management. RSA Solution Brief RSA Solution Brief RSA envision Compliance and Security Information Management Platform RSA Solution Brief Actionable Compliance and Security Intelligence RSA envision technology is an information management

More information

Compliance and Security Information Management for PCI DSS Requirement 10 and Beyond

Compliance and Security Information Management for PCI DSS Requirement 10 and Beyond RSA Solution Brief Compliance and Security Information Management for PCI DSS Requirement 10 and Beyond Through Requirement 10, PCI DSS specifically requires that merchants, banks and payment processors

More information

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking

More information

Eoin Thornton Senior Security Architect Zinopy Security Ltd.

Eoin Thornton Senior Security Architect Zinopy Security Ltd. RSA envision: Transform your Security Operations A Technical overview & demo of RSA envision The Information Log Management Platform for Security and Compliance Success Eoin Thornton Senior Security Architect

More information

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE PRODUCT BRIEF LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE The Tripwire VIA platform delivers system state intelligence, a continuous approach to security that provides leading indicators of breach

More information

RSA Solution Brief. Platform. The RSA envision. A Single, Integrated 3-in-1 Log Management Solution. RSA Solution Brief

RSA Solution Brief. Platform. The RSA envision. A Single, Integrated 3-in-1 Log Management Solution. RSA Solution Brief RSA Solution Brief The RSA envision Platform A Single, Integrated 3-in-1 Log Management Solution RSA Solution Brief The RSA envision Platform at a Glance The RSA envision platform gives organizations a

More information

Enabling Security Operations with RSA envision. August, 2009

Enabling Security Operations with RSA envision. August, 2009 Enabling Security Operations with RSA envision August, 2009 Agenda What is security operations? How does RSA envision help with security operations? How does RSA envision fit with other EMC products? If

More information

RSA Solution Brief. RSA envision LogSmart Internet Protocol Database. RSA Solution Brief

RSA Solution Brief. RSA envision LogSmart Internet Protocol Database. RSA Solution Brief RSA Solution Brief RSA envision LogSmart Internet Protocol Database RSA Solution Brief The global enterprise puts tough demands on a security information & event management (SIEM) system. It must capture

More information

Scalability in Log Management

Scalability in Log Management Whitepaper Scalability in Log Management Research 010-021609-02 ArcSight, Inc. 5 Results Way, Cupertino, CA 95014, USA www.arcsight.com info@arcsight.com Corporate Headquarters: 1-888-415-ARST EMEA Headquarters:

More information

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE PRODUCT BRIEF LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE As part of the Tripwire VIA platform, Tripwire Log Center offers out-of-the-box integration with Tripwire Enterprise to offer visibility

More information

An Introduction to RSA envision The Information Log Management Platform for Security and Compliance Success. September, 2009

An Introduction to RSA envision The Information Log Management Platform for Security and Compliance Success. September, 2009 An Introduction to RSA envision The Information Log Management Platform for Security and Compliance Success September, 2009 Changing Threats and More Demanding Regulations External attacks Malicious insiders

More information

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE PRODUCT BRIEF uugiven today s environment of sophisticated security threats, big data security intelligence solutions and regulatory compliance demands, the need for a log intelligence solution has become

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

More information

White paper. Storing More Intelligently: Tiered Storage Solutions for Security Data

White paper. Storing More Intelligently: Tiered Storage Solutions for Security Data White paper Storing More Intelligently: Tiered Storage Solutions for Security Data Until recently, storage management has been the purview of IT staff, not compliance or security professionals. But as

More information

QRadar SIEM 6.3 Datasheet

QRadar SIEM 6.3 Datasheet QRadar SIEM 6.3 Datasheet Overview Q1 Labs flagship solution QRadar SIEM is unrivaled in its ability to provide an organization centralized IT security command and control. The unique capabilities of QRadar

More information

Clavister InSight TM. Protecting Values

Clavister InSight TM. Protecting Values Clavister InSight TM Clavister SSP Security Services Platform firewall VPN termination intrusion prevention anti-virus anti-spam content filtering traffic shaping authentication Protecting Values & Enterprise-wide

More information

Configuring Celerra for Security Information Management with Network Intelligence s envision

Configuring Celerra for Security Information Management with Network Intelligence s envision Configuring Celerra for Security Information Management with Best Practices Planning Abstract appliance is used to monitor log information from any device on the network to determine how that device is

More information

Preemptive security solutions for healthcare

Preemptive security solutions for healthcare Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare

More information

Tech Brief. Choosing the Right Log Management Product. By Michael Pastore

Tech Brief. Choosing the Right Log Management Product. By Michael Pastore Choosing the Right Log Management Product By Michael Pastore Tech Brief an Log management is IT s version of the good old fashioned detective work that authorities credit for solving a lot of crimes. It

More information

Sourcefire Defense Center TM

Sourcefire Defense Center TM Sourcefire TM Sourcefire Capabilities Store up to 100,000,000 security & host events, including packet data Centralized policy & sensor management Centralized audit logging of configuration & security

More information

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring NitroView Unified Security and Compliance Unmatched Speed and Scale Application Data Monitoring Database Monitoring Log Management Content Aware SIEM TM IPS Today s security challenges demand a new approach

More information

Using EMC SourceOne Email Management in IBM Lotus Notes/Domino Environments

Using EMC SourceOne Email Management in IBM Lotus Notes/Domino Environments Using EMC SourceOne Email Management in IBM Lotus Notes/Domino Environments Technology Concepts and Business Considerations Abstract EMC SourceOne Email Management enables customers to mitigate risk, reduce

More information

Boosting enterprise security with integrated log management

Boosting enterprise security with integrated log management IBM Software Thought Leadership White Paper May 2013 Boosting enterprise security with integrated log management Reduce security risks and improve compliance across diverse IT environments 2 Boosting enterprise

More information

Informatica Application Information Lifecycle Management

Informatica Application Information Lifecycle Management Informatica Application Information Lifecycle Management Cost-Effectively Manage Every Phase of the Information Lifecycle brochure Controlling Explosive Data Growth The era of big data presents today s

More information

Information Technology Policy

Information Technology Policy Information Technology Policy Security Information and Event Management Policy ITP Number Effective Date ITP-SEC021 October 10, 2006 Category Supersedes Recommended Policy Contact Scheduled Review RA-ITCentral@pa.gov

More information

Detect & Investigate Threats. OVERVIEW

Detect & Investigate Threats. OVERVIEW Detect & Investigate Threats. OVERVIEW HIGHLIGHTS Introducing RSA Security Analytics, Providing: Security monitoring Incident investigation Compliance reporting Providing Big Data Security Analytics Enterprise-wide

More information

Server Monitoring: Centralize and Win

Server Monitoring: Centralize and Win Server Monitoring: Centralize and Win Table of Contents Introduction 2 Event & Performance Management 2 Troubleshooting 3 Health Reporting & Notification 3 Security Posture & Compliance Fulfillment 4 TNT

More information

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

WHITE PAPER SPLUNK SOFTWARE AS A SIEM SPLUNK SOFTWARE AS A SIEM Improve your security posture by using Splunk as your SIEM HIGHLIGHTS Splunk software can be used to operate security operations centers (SOC) of any size (large, med, small)

More information

Cisco Security Services

Cisco Security Services Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your

More information

SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements

SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements SolarWinds Security Information Management in the Payment Card

More information

Product white paper. ROI and SIEM. How the RSA envision platform delivers an Industry-leading ROI

Product white paper. ROI and SIEM. How the RSA envision platform delivers an Industry-leading ROI Product white paper ROI and SIEM How the RSA envision platform delivers an Industry-leading ROI This paper examines the Return on Investment (ROI) that a quality security information & event management

More information

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs IBM Global Technology Services Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs Achieving a secure government

More information

Security Event and Log Management Service:

Security Event and Log Management Service: IBM Global Technology Services December 2007 Security Event and Log Management Service: Comprehensive, Cost-effective Approach to Enhance Network Security and Security Data Management Page 2 Contents 2

More information

EMC Data Protection Advisor 6.0

EMC Data Protection Advisor 6.0 White Paper EMC Data Protection Advisor 6.0 Abstract EMC Data Protection Advisor provides a comprehensive set of features to reduce the complexity of managing data protection environments, improve compliance

More information

IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems

IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems Proactively address regulatory compliance requirements and protect sensitive data in real time Highlights Monitor and audit data activity

More information

NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers

NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers The World's Fastest and Most Scalable SIEM Finally an enterprise-class security information and event management system

More information

Meeting the Challenges of Virtualization Security

Meeting the Challenges of Virtualization Security Meeting the Challenges of Virtualization Security Coordinate Security. Server Defense for Virtual Machines A Trend Micro White Paper August 2009 I. INTRODUCTION Virtualization enables your organization

More information

Vulnerability Management

Vulnerability Management Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other

More information

North American Electric Reliability Corporation (NERC) Cyber Security Standard

North American Electric Reliability Corporation (NERC) Cyber Security Standard North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation

More information

When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs

When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs White Paper Meeting PCI Data Security Standards with Juniper Networks SECURE ANALYTICS When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs Copyright 2013, Juniper Networks,

More information

Vistara Lifecycle Management

Vistara Lifecycle Management Vistara Lifecycle Management Solution Brief Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid

More information

Archive Data Retention & Compliance. Solutions Integrated Storage Appliances. Management Optimized Storage & Migration

Archive Data Retention & Compliance. Solutions Integrated Storage Appliances. Management Optimized Storage & Migration Solutions Integrated Storage Appliances Management Optimized Storage & Migration Archive Data Retention & Compliance Services Global Installation & Support SECURING THE FUTURE OF YOUR DATA w w w.q sta

More information

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such

More information

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) CONTENT Introduction 2 Overview of Continuous Diagnostics & Mitigation (CDM) 2 CDM Requirements 2 1. Hardware Asset Management 3 2. Software

More information

LogInspect 5 Product Features Robust. Dynamic. Unparalleled.

LogInspect 5 Product Features Robust. Dynamic. Unparalleled. LogInspect 5 Product Features Robust. Dynamic. Unparalleled. Enjoy ultra fast search capabilities in simple and complex modes optimized for Big Data Easily filter and display relevant topics, eg: Top 10

More information

FISMA / NIST 800-53 REVISION 3 COMPLIANCE

FISMA / NIST 800-53 REVISION 3 COMPLIANCE Mandated by the Federal Information Security Management Act (FISMA) of 2002, the National Institute of Standards and Technology (NIST) created special publication 800-53 to provide guidelines on security

More information

Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.

Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds. ENTERPRISE MONITORING & LIFECYCLE MANAGEMENT Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid

More information

Informatica Application Information Lifecycle Management

Informatica Application Information Lifecycle Management Brochure Informatica Application Information Lifecycle Management Cost-Effectively Manage Every Phase of the Information Lifecycle Controlling Explosive Data Growth Informatica Application Information

More information

RSA SIEM and DLP Infrastructure and Information Monitoring in One Solution

RSA SIEM and DLP Infrastructure and Information Monitoring in One Solution RSA SIEM and DLP Infrastructure and Information Monitoring in One Solution David Mateju RSA Sales Consultant, RSA CSE david.mateju@rsa.com Adding an information-centric view Infrastructure Information

More information

IBM Software Enabling business agility through real-time process visibility

IBM Software Enabling business agility through real-time process visibility IBM Software Enabling business agility through real-time process visibility IBM Business Monitor 2 Enabling business agility through real-time process visibility Highlights Understand the big picture of

More information

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption THE DATA PROTECTIO TIO N COMPANY Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption whitepaper Executive Summary Long an important security measure, encryption has

More information

Cisco and EMC Solutions for Application Acceleration and Branch Office Infrastructure Consolidation

Cisco and EMC Solutions for Application Acceleration and Branch Office Infrastructure Consolidation Solution Overview Cisco and EMC Solutions for Application Acceleration and Branch Office Infrastructure Consolidation IT organizations face challenges in consolidating costly and difficult-to-manage branch-office

More information

The Advantages of Enterprise Historians vs. Relational Databases

The Advantages of Enterprise Historians vs. Relational Databases GE Intelligent Platforms The Advantages of Enterprise Historians vs. Relational Databases Comparing Two Approaches for Data Collection and Optimized Process Operations The Advantages of Enterprise Historians

More information

LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled.

LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled. LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled. LOGPOINT Enjoy ultra fast search capabilities in simple and complex modes optimized for Big Data Easily filter and display relevant topics,

More information

Fight the Noise with SIEM

Fight the Noise with SIEM Fight the Noise with SIEM An Incident Response System Classified: Public An Indiana Bankers Association Preferred Service Provider! elmdemo.infotex.com Managed Security Services by infotex! Page 2 Incident

More information

Discover & Investigate Advanced Threats. OVERVIEW

Discover & Investigate Advanced Threats. OVERVIEW Discover & Investigate Advanced Threats. OVERVIEW HIGHLIGHTS Introducing RSA Security Analytics, Providing: Security monitoring Incident investigation Compliance reporting Providing Big Data Security Analytics

More information

QRadar Security Management Appliances

QRadar Security Management Appliances QRadar Security Management Appliances Q1 Labs QRadar network security management appliances and related software provide enterprises with an integrated framework that combines typically disparate network

More information

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief RSA SecurID Authentication in Action: Securing Privileged User Access RSA SecurID solutions not only protect enterprises against access by outsiders, but also secure resources from internal threats The

More information

Online Transaction Processing in SQL Server 2008

Online Transaction Processing in SQL Server 2008 Online Transaction Processing in SQL Server 2008 White Paper Published: August 2007 Updated: July 2008 Summary: Microsoft SQL Server 2008 provides a database platform that is optimized for today s applications,

More information

IBM QRadar Security Intelligence April 2013

IBM QRadar Security Intelligence April 2013 IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence

More information

Injazat s Managed Services Portfolio

Injazat s Managed Services Portfolio Injazat s Managed Services Portfolio Overview Premium Managed Services to Transform Your IT Environment Injazat s Premier Tier IV Data Center is built to offer the highest level of security and reliability.

More information

Log Management How to Develop the Right Strategy for Business and Compliance. Log Management

Log Management How to Develop the Right Strategy for Business and Compliance. Log Management Log Management How to Develop the Right Strategy for Business and Compliance An Allstream / Dell SecureWorks White Paper 1 Table of contents Executive Summary 1 Current State of Log Monitoring 2 Five Steps

More information

Best Practices for Building a Security Operations Center

Best Practices for Building a Security Operations Center OPERATIONS SECURITY Best Practices for Building a Security Operations Center Diana Kelley and Ron Moritz If one cannot effectively manage the growing volume of security events flooding the enterprise,

More information

August 2011. Investigating an Insider Threat. A Sensage TechNote highlighting the essential workflow involved in a potential insider breach

August 2011. Investigating an Insider Threat. A Sensage TechNote highlighting the essential workflow involved in a potential insider breach August 2011 A Sensage TechNote highlighting the essential workflow involved in a potential insider breach Table of Contents Executive Summary... 1... 1 What Just Happened?... 2 What did that user account

More information

White paper. Log Management Best Practices. The Foundation for Comprehensive Security Information and Event Management

White paper. Log Management Best Practices. The Foundation for Comprehensive Security Information and Event Management White paper Log Management Best Practices The Foundation for Comprehensive Security Information and Event Management Executive Summary Log (event) management is the collection, analysis (real-time or historical),

More information

EMC DATA DOMAIN OPERATING SYSTEM

EMC DATA DOMAIN OPERATING SYSTEM ESSENTIALS HIGH-SPEED, SCALABLE DEDUPLICATION Up to 58.7 TB/hr performance Reduces protection storage requirements by 10 to 30x CPU-centric scalability DATA INVULNERABILITY ARCHITECTURE Inline write/read

More information

Symantec Security Information Manager 4.7.4 Administrator Guide

Symantec Security Information Manager 4.7.4 Administrator Guide Symantec Security Information Manager 4.7.4 Administrator Guide Symantec Security Information Manager 4.7.4 Administrator Guide The software described in this book is furnished under a license agreement

More information

Data Sheet: Archiving Symantec Enterprise Vault Store, Manage, and Discover Critical Business Information

Data Sheet: Archiving Symantec Enterprise Vault Store, Manage, and Discover Critical Business Information Store, Manage, and Discover Critical Business Information Managing millions of mailboxes for thousands of customers worldwide, Enterprise Vault, the industry leader in email and content archiving, enables

More information

CHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics

CHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics CHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics TRADITIONAL SIEMS ARE SHOWING THEIR AGE Security Information and Event Management (SIEM) tools have been a

More information

IBM SECURITY QRADAR INCIDENT FORENSICS

IBM SECURITY QRADAR INCIDENT FORENSICS IBM SECURITY QRADAR INCIDENT FORENSICS DELIVERING CLARITY TO CYBER SECURITY INVESTIGATIONS Gyenese Péter Channel Sales Leader, CEE IBM Security Systems 12014 IBM Corporation Harsh realities for many enterprise

More information

Automated Network Control for

Automated Network Control for Key Differentiators Application Layer Availability: Minimizes downtime and improves the user experience by determining health at the application layer for every user. Management Automation: Provides automated

More information

Netwrix Auditor. Сomplete visibility into who changed what, when and where and who has access to what across the entire IT infrastructure

Netwrix Auditor. Сomplete visibility into who changed what, when and where and who has access to what across the entire IT infrastructure Netwrix Auditor Сomplete visibility into who changed what, when and where and who has access to what across the entire IT infrastructure netwrix.com netwrix.com/social 01 Product Overview Netwrix Auditor

More information

A 15-Minute Guide to 15-MINUTE GUIDE

A 15-Minute Guide to 15-MINUTE GUIDE A 15-Minute Guide to Retention Management 15-MINUTE GUIDE Foreword For you as a business professional, time is a precious commodity. You spend much of your day distilling concepts, evaluating options,

More information

High End Information Security Services

High End Information Security Services High End Information Security Services Welcome Trion Logics Security Solutions was established after understanding the market's need for a high end - End to end security integration and consulting company.

More information

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT OVERVIEW The National Institute of Standards of Technology Framework for Improving Critical Infrastructure Cybersecurity (The NIST Framework) is a

More information

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture

More information

P u b l i c a t i o n N u m b e r : W P 0 0 0 0 0 0 0 4 R e v. A

P u b l i c a t i o n N u m b e r : W P 0 0 0 0 0 0 0 4 R e v. A P u b l i c a t i o n N u m b e r : W P 0 0 0 0 0 0 0 4 R e v. A FileTek, Inc. 9400 Key West Avenue Rockville, MD 20850 Phone: 301.251.0600 International Headquarters: FileTek Ltd 1 Northumberland Avenue

More information

EMC DATA DOMAIN OPERATING SYSTEM

EMC DATA DOMAIN OPERATING SYSTEM EMC DATA DOMAIN OPERATING SYSTEM Powering EMC Protection Storage ESSENTIALS High-Speed, Scalable Deduplication Up to 58.7 TB/hr performance Reduces requirements for backup storage by 10 to 30x and archive

More information

What is Security Intelligence?

What is Security Intelligence? 2 What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the

More information

Unified Security Management

Unified Security Management Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy

More information

IBM Tivoli Storage Manager

IBM Tivoli Storage Manager Help maintain business continuity through efficient and effective storage management IBM Tivoli Storage Manager Highlights Increase business continuity by shortening backup and recovery times and maximizing

More information

Successfully managing geographically distributed development

Successfully managing geographically distributed development IBM Rational SCM solutions for distributed development August 2004 Successfully managing geographically distributed development Karen Wade SCM Product Marketing Manager IBM Software Group Page 2 Contents

More information

McAfee Acquires NitroSecurity

McAfee Acquires NitroSecurity McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security

More information

Enhance visibility into and control over software projects IBM Rational change and release management software

Enhance visibility into and control over software projects IBM Rational change and release management software Enhance visibility into and control over software projects IBM Rational change and release management software Accelerating the software delivery lifecycle Faster delivery of high-quality software Software

More information

VERITAS Business Solutions. for DB2

VERITAS Business Solutions. for DB2 VERITAS Business Solutions for DB2 V E R I T A S W H I T E P A P E R Table of Contents............................................................. 1 VERITAS Database Edition for DB2............................................................

More information

The Value of Vulnerability Management*

The Value of Vulnerability Management* The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda

More information

Syslog Analyzer ABOUT US. Member of the TeleManagement Forum. info@ossera.com +1-916-290-9300 http://www.ossera.com

Syslog Analyzer ABOUT US. Member of the TeleManagement Forum. info@ossera.com +1-916-290-9300 http://www.ossera.com Syslog Analyzer ABOUT US OSSera, Inc. is a global provider of Operational Support System (OSS) solutions for IT organizations, service planning, service operations, and network operations. OSSera's multithreaded

More information

AUTOMATED DATA RETENTION WITH EMC ISILON SMARTLOCK

AUTOMATED DATA RETENTION WITH EMC ISILON SMARTLOCK White Paper AUTOMATED DATA RETENTION WITH EMC ISILON SMARTLOCK Abstract EMC Isilon SmartLock protects critical data against accidental, malicious or premature deletion or alteration. Whether you need to

More information

GE Measurement & Control. Cyber Security for NEI 08-09

GE Measurement & Control. Cyber Security for NEI 08-09 GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4

More information

Meeting PCI Data Security Standards with

Meeting PCI Data Security Standards with WHITE PAPER Meeting PCI Data Security Standards with Juniper Networks STRM Series Security Threat Response Managers When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs Copyright

More information

CA Service Desk Manager

CA Service Desk Manager PRODUCT BRIEF: CA SERVICE DESK MANAGER CA Service Desk Manager CA SERVICE DESK MANAGER IS A VERSATILE, COMPREHENSIVE IT SUPPORT SOLUTION THAT HELPS YOU BUILD SUPERIOR INCIDENT AND PROBLEM MANAGEMENT PROCESSES

More information

Security Information and Event Management (SIEM)

Security Information and Event Management (SIEM) NEbraskaCERT 2005: Security Information and Event Management (SIEM) Matt Stevens Chief Technology Officer Network Intelligence Corporation 8-10-05 Security Information/Events = Logs Logs are audit records

More information

IBM Tivoli Netcool Configuration Manager

IBM Tivoli Netcool Configuration Manager IBM Netcool Configuration Manager Improve organizational management and control of multivendor networks Highlights Automate time-consuming device configuration and change management tasks Effectively manage

More information

White Paper. Central Administration of Data Archiving

White Paper. Central Administration of Data Archiving White Paper Central Administration of Data Archiving Archiving and Securing Corporate Data... 1 The Growing Need for Data Archive Solutions... 1 Determining Data Archiving Policy... 2 Establishing the

More information