End-to-end Solutions to Enable Log Management Best Practices
|
|
- Beverly Powell
- 8 years ago
- Views:
Transcription
1 White paper End-to-end Solutions to Enable Log Management Best Practices Deploying a Comprehensive Security Information and Event Management Platform
2 Executive Summary More and more organizations today are recognizing that log and event data can provide a wealth of intelligence information about the entire enterprise IT environment. Especially as regulations continue to get more complex and organizations face increasingly sophisticated and targeted attacks, the need to know what is happening on your network, and within your systems and applications, is essential. To meet this challenge, organizations must build an enterprise competency in log (event) management, including developing best practices, establishing an infrastructure and deploying technology solutions. To help meet this challenge, RSA has developed a series of white papers. The first paper in the series provides a set of 40 recommended best practices. The second takes the next logical step by guiding organizations in establishing the criteria for an infrastructure to help realize best practices. This third paper describes end-to-end solutions that combine security information and event management (SIEM) and tiered storage technologies based on the RSA envision platform and EMC networked storage solutions. The volume of log data organizations must analyze and retain is constantly increasing and retention periods are becoming longer. Therefore, solutions for log management must incorporate an information lifecycle management (ILM) strategy; which ensures that the data will be managed efficiently and effectively from creation to deletion. The RSA envision platform aggregates logs from across the enterprise and turns this information into actionable intelligence for compliance and security. By combining the RSA envision platform with EMC storage systems, organizations can incorporate an ILM strategy for log data and deploy end-to-end solutions that enable best practices in log management. This paper details how RSA s solutions meet the complete set of requirements for a log management infrastructure, including general requirements and specific requirements in log generation and capture; log retention and storage; log analysis; and log security and protection. It is intended to help organizations deploy a comprehensive security information and event management platform in order to reap extensive benefits including improved security operations and sustainable compliance programs. Contents Definition of Log (Event) Management page 1 Developing a Log Management Capability page 1 RSA End-to-end Solutions for Log (Event) Management page 2 Meeting the Requirements of an Infrastructure for Log Management page 2 I. General Requirements page 2 II. Log Generation and Capture page 6 III. Log Retention and Storage page 7 IV. Log Analysis page 8 V. Log Security and Protection page 9 Conclusion page 10
3 Definition of Log (Event) Management Developing a Log Management Capability This white paper is the third in a series of three white papers on log management. In each paper, the definition of log (event) management is provided in order to clarify the meanings of terms used throughout the series. A log is a record of an event or activity occurring within an organization s systems or networks. Examples of these events include a firewall allowing or denying access to a network resource, a change to the configuration of the operating system performed by an administrator, a system shut down or start up, a user logging-in to an application or an application allowing or denying access to a file. For more examples of events or activities, please see the companion white paper Log Management Best Practices: The Foundation for Comprehensive Security Information and Event Management, Appendix 1, Sources and contents of logs. Log (event) management is the collection, analysis (realtime or historical), management and storage of logs from a range of sources across the enterprise including security systems, networking devices, storage systems, operating systems and applications. Log management is the foundation for comprehensive security information and event management (SIEM) including the following use cases: Real-time threat detection and mitigation Incident investigation and forensics Compliance to regulations and standards Capacity planning, performance and uptime Evidence for legal and human resources cases Detecting and preventing IP theft Auditing and enforcing employee productivity Troubleshooting system and network problems Auditing and enforcing IT security policy Well informed organizations have recognized that log and event data can provide a wealth of intelligence information about the entire enterprise IT environment. Especially as regulations continue to get more complex and organizations face increasingly sophisticated and targeted attacks, the need to know what is happening on your network and within your systems and applications, is essential. But the volume of log data can be staggering and the retention requirements seem unmanageable. How do you get through the mountains of data to track the right events? Can you detect problems fast enough? Will you have the right information on hand for your next audit or forensic investigation? And all of this must be done efficiently and cost-effectively. To meet this challenge, organizations must build an enterprise competency in log (event) management, which includes developing best practices, establishing an infrastructure and deploying a technology solution. To help meet this challenge, RSA has developed a series of white papers: 1. Log Management Best Practices: The Foundation for Comprehensive Security Information and Event Management 2. Building an Infrastructure that Enables Log Management Best Practices: A Technology Strategy for Comprehensive Security Information and Event Management 3. End-to-end Solutions to Enable Log Management Best Practices: Deploying a Comprehensive Security Information and Event Management Platform The first paper in the series provides the rationale and methodology for developing best practices as well as puts forth RSA s set of 40 recommended best practices. The best practices address the requirements of regulations and standards, the evolving threat landscape and business objectives. The second paper takes the next logical step by guiding organizations in establishing the criteria for an infrastructure to help realize best practices and build a technology strategy for comprehensive security information and event management. It also lays out a list of infrastructure requirements in several categories of log management. RSA White Paper 1
4 This third paper describes end-to-end solutions that combine security information and event management (SIEM) and tiered storage technologies based on the RSA envision platform and EMC networked storage solutions. It details how the RSA solutions meet the complete list of infrastructure requirements. Each paper can be read individually, but the three-part series offers a complete resource for developing a log management capability. The RSA envision platform works seamlessly with EMC storage solutions for end-to-end solutions in log (event) management that incorporate an ILM strategy. By combining RSA envision with EMC Symmetrix, Clariion, Celerra, Centera and/or the EMC Disk Library storage systems, organizations can manage the huge volumes of logged data from creation to deletion in order to meet regulatory compliance, security operations and business requirements. RSA End-to-end Solutions for Log (Event) Management The volume of log data organizations must analyze and retain is constantly increasing and retention periods are becoming longer. Therefore, solutions for log management must incorporate an information lifecycle management (ILM) strategy; which ensures that the data will be managed efficiently and effectively from creation to deletion. RSA provides solutions for building centrally-managed dedicated infrastructures for log (event) management which combine the RSA envision security information and event management (SIEM) platform and EMC networked storage systems. Organizations also have the option of using storage systems from other leading vendors, including integrating the RSA envision platform with existing storage systems, whether from EMC or other vendors. The RSA envision platform captures, manages and analyzes logs from across the enterprise and turns this information into actionable intelligence for compliance and security. By combining RSA envision technology and networked storage solutions, organizations can manage the entire lifecycle of log data using a tiered storage approach, whereby logs are kept on different storage resources based on the age of and need for the data. With tiered storage, log data that requires frequent or ready access, such as production data (actively used for real-time analysis, on-going review and periodic audits and assessments) may be stored on-line. Log data not requiring as frequent or ready access, such as backup data (mirror image of production data needed in case of compromise or damage) may be stored near-line or off-line. Active archive data (subset of production data stored longer-term for record-keeping purposes) is also not needed as frequently and may be stored near-line. At some point, depending upon the organization s data retention and access policies, subsets of the archived data may be moved off-line. Meeting the Requirements of an Infrastructure for Log Management To build an infrastructure for log management that will lay the foundation for comprehensive security information and event management, an organization should consider the following categories of requirements: General requirements Log generation and capture Log retention and storage Log analysis Log security and protection A detailed discussion of the requirements in each of these categories can be found in the companion paper, Building an Infrastructure that Enables Log Management Best Practices: A Technology Strategy for Comprehensive Security Information and Event Management. The following describes how RSA solutions meet the requirements in each of the categories. I. General Requirements 1. Provides high and consistent performance The RSA envision platform was designed to deliver high and consistent performance and match the demands of organizations from small businesses to large enterprises. It collects, manages and analyzes All the Data from sources across the entire organization, including network devices, operating systems, back-office applications and e- commerce environments. Its ability to achieve extremely high performance levels is based on a unique database and a flexible, open architecture. The database is an innovative approach called the LogSmart Internet Protocol database (IPDB). It was purpose-built for gathering and storing security events as 2 RSA White Paper
5 quickly as possible and designed specifically to address the major limitations of SIEM technology based on relational databases. Unlike traditional relational database systems (RDBS), the LogSmart IPDB is designed to work efficiently with unstructured log (event) data in its native format and does not require pre-processing of the data upon input. With a traditional RDBS, the data must be put into structured columns; the construction of tables and other overhead slows things down. In contrast, the LogSmart IPDB uses the raw event logs themselves to form the database with no overhead required. With the RSA envision platform, information is parsed on the way out of the database when requested instead of being parsed on the way in. This saves precious time and machine resources and allows all the data to be collected unaltered. As well, the LogSmart IPDB is highly writeoptimized. Even though the number of reads will far outweigh the number of writes, by optimizing the writes, any subsequent reads will become far more efficient and save overall I/O load on the host system. With the capability to stream log (event) data to storage and, in parallel, conduct real-time analysis, the RSA envision platform can provide the high performance necessary to satisfy even the most demanding corporate requirements. The RSA envision platform is an appliance-based solution that provides a range of performance levels to fit with any size organization or application. The ES series of powerful stand-alone appliances are designed to sustain collection speeds of up to 7,500 events per second (EPS) and support up to 1250 devices and 14 simultaneous users using a single appliance. The LS series of appliances takes a distributed architecture approach with collectors, database servers and application servers. By implementing appliances at the collection, data management and analysis levels, an organization can use the building blocks to scale at each level and exactly meet their performance needs. The appliances can be scaled to achieve in excess of 500,000 EPS, collecting from over 100,000 devices. Since every application server can support up to 16 simultaneous users, the number of concurrent users can be scaled to meet even the largest organization s requirements. The distributed architecture approach enables very high levels of performance while minimizing the use of network bandwidth; data is collected and stored close to the source, rapidly retrieved by the data management level and quickly processed for analysis and reporting at the application layer. 2. Enables a distributed deployment With RSA envision technology, multiple components including the collectors, database servers and application servers can be distributed across an organization s networks, even across the globe. Log and event data flows from the devices, systems and applications to the local data collectors, where the raw data (packaged and secured) resides permanently. Metadata (information about the data s location) is derived and stored on the database servers at the data management level for use in locating the data. Historical and trend analysis take place at the application server level. Queries are initiated by the application servers and prompt the data management level to do efficient data retrieval from the local collectors. The RSA envision platform performs local collection, yet provides a global view of the data for analysis. Analysis can be done from anywhere in the world, regardless of where the data has been collected. Users can access the entire enterprise-wide log data set no matter where they are located. Fine-grained, role-based access control ensures that only the right people have access to the right data. Security operations can access enterprise-wide log data for real-time correlation. Multiple modes of event alerting are supported. The high-speed deep forensic analysis enables drill-down from a high level aggregated alert to the associated individual raw events. Compliance teams can leverage multiple years of historical event information and automatically computed baselines. Reporting pertaining to conformance to policy can be done as pre-scheduled or runtime ad hoc reports. Organizations can also implement a federated strategy, whereby divisional data is collected, managed and analyzed by the individual divisions, while headquarters performs analysis of the enterprise-wide data for oversight purposes. In fact, the oversight capabilities enabled by RSA envision platform can be integrated with existing deployments of RSA envision appliances or even other SIEM technology that has been deployed in a siloed approach by individual divisions. A distributed deployment has the flexibility to meet the needs of today s large, geographically dispersed and/or dynamic organizations. The infrastructure can be mapped to any kind of organizational structure and quickly adapted to changes as systems or groups of users are added or moved. Another benefit of RSA envision architecture is that data collection and storage is localized, so it is fast and reliable. This helps to ensure that no data is lost or corrupted and RSA White Paper 3
6 makes regulatory compliance easier for laws that prohibit data from being physically moved to another country for processing. Data is stored locally and specific records can be selectively accessed by authorized users based on content and context. In a distributed deployment, RSA envision technology works in conjunction with EMC networked storage systems to provide for retention and retrieval of log data over a network, allowing users across the organization to have secure, role-based access to the shared storage devices containing the log data. 3. Easily integrates with existing infrastructure The RSA envision solution was designed to be easily integrated with any organization s IT infrastructure and manageable within the context of its existing operations. Many features of the RSA envision platform make it easy to integrate. For collection, the platform provides built-in support for hundreds of source devices and tools to add any new sources on-the-fly. Because it is an agentless solution, organizations will not have to install and configure agents in order to collect data from log sources. The RSA envision platform also supports a wide range of EMC and other storage solutions and can easily be used with existing storage systems. RSA envision Platform Scalability Scenario 1. Single appliance Supported devices Because it is easy to use and manage, the RSA envision platform does not require the organization to hire specialized staff such as database or network administrators. It also does not require specialized enterprise application management or maintenance and backup tools, but instead is designed specifically to work with existing third-party tools. For incident management, it can easily integrate with current procedures and even streamline these with a built-in triage process and incident response workflow. The RSA envision platform was engineered to live within IPbased networks and is optimized for file system storage. Its distributed and flexible architecture ensures that its deployment will not negatively impact the performance of other systems or create major disruptions to operations. As well, organizations can easily implement a phased or staged rollout. 4. Ensures parallel analysis and storage The high performance characteristics of the RSA envision platform (and specifically the RSA envision LogSmart IPDB) enables it to deliver in-line analysis real-time analysis, which is independent of incoming EPS. It supports real-time alerts and at the same time, is reliably retaining all of the log data as it is collected so that the data will be available later for compliance reporting, audits or forensic analysis. 5. Offers scalability to meet not only current needs but also future needs Because the RSA envision platform was built specifically for high performance capture and analysis of log data, it can easily handle the peak loads that organizations will Windows server Netscreen firewall Cisco IPS Analyze Report Correlated alerts Baseline Juniper IDP Microsoft ISS Trend Micro anti-virus Collect Event Explorer Real-time analysis Forensics Interactive query Integrated incident mgmt. Legacy device Legacy device Manage 4 RSA White Paper
7 RSA envision Platform Scalability Scenario 2. Local collection with global analysis in a distributed enterprise-wide architecture Storage device New York Oracle financial Windows server Collect Analyze Event Explorer Real-time correlation Netscreen firewall Manage Windows work station Real-time alerting Boston Cisco IPS Trend Micro anti-virus Collect Manage alerts Paris London Cisco IPS Storage device Oracle financial Collect remotely Collect Manage Analyze Event Explorer Ad-hoc reports Scheduled reports experience, such as sudden increased activity surges in the volume of log or event data. With its flexible architecture, the infrastructure can be scaled to meet higher performance requirements over time; for example, if regulatory demands increase or the whole IT environment grows, resulting in an increase in the overall volume of log data. The RSA envision platform provides uninterrupted scalability from a single appliance to multiple appliance deployments, supporting from 500 EPS up to over 500,000 EPS. It also provides the ability to add additional storage capacity on-the-fly from gigabytes to terabytes to petabytes. EMC storage solutions enable organizations to cost-effectively expand capacity to petabytes of storage and to non-disruptively and automatically discover and reconfigure new drives. 6. Provides a low total cost of ownership The RSA envision platform delivers a low total cost of ownership by minimizing the costs of deployment and the impact on IT systems and staff. It can also reduce the ongoing costs of security operations and compliance. By providing out-of-the-box support for hundreds of devices, the RSA envision platform saves the organization from having to do a lot of custom work. Since it is an agent-less solution, it does not require installation, configuration and on-going maintenance of agents and will not cause a drain on host devices. As an appliance-based solution, the RSA envision platform provides a standardized and controlled combination of hardware, OS and software. Because an appliance is a controlled, secure environment with a locked down operating system running just one application, it is immune to third-party driver conflicts, bugs, viruses and other issues that might plague a software-based solution. All of this adds up to lower costs for installation, maintenance and management. It is possible to plug the RSA envision appliance into a power source, attach it to the network and be up and running in an hour. With software-based solutions, this may take a day, a week or a month. Storage is minimized by the LogSmart IPDB since it does not generate extraneous overhead data and provides extremely RSA White Paper 5
8 efficient compression. By enabling a tiered storage approach, RSA solutions optimize the use of storage resources. Using primary tiers (on-line storage) for production data and secondary tiers (near-line and off-line) for backup and active archive data is a cost-effective use of storage. It reduces the overall cost per MB and puts off the need to acquire additional primary storage systems. As well, the RSA envision platform can use existing storage systems, saving the cost of new systems. Since the platform was specifically designed to be easy to deploy, manage and maintain, it will save the costs of hiring specialized staff such as database or network administrators. Organizations will also be able to forgo the purchase of specialized enterprise application management or maintenance and backup tools; and simply use existing tools. With features such as a built-in triage process and incident response workflow, it can actually reduce the costs of security operations by increasing efficiency. By automating analysis, the RSA envision platform makes it more effective and reduces real-time monitoring expenses such as personnel costs. It frees up personnel to do more productive tasks. More effective monitoring through correlation tools also reduces false positives, which can ultimately reduce downtime and increase efficiencies by enabling personnel to focus on the right threats. Another way that this solution helps reduce costs over the long term is by helping to minimize the costs of compliance by automating reporting and reducing the time it takes to perform audits. Many out-of-the-box reports are provided for a complete range of regulations and standards so organizations can save the costs of building these reports manually. The RSA envision platform helps organizations to have the right data and reports readily available for auditors and to be able to quickly prove that requirements are met. This helps build a sustainable compliance program. 7. Supports the retention and retrieval of evidence-grade log data Organizations may be required to produce log records to be used as legal evidence or to meet regulatory requests for information. To be used as evidence, logs should be in the original, unaltered form. In fact, both NIST and ISO standards indicate that the organization should preserve the original log data for it to be used as evidence. As discussed earlier, the LogSmart IPDB design does not filter or otherwise transform log messages on input. This preserves the native structure of the incoming data and 6 RSA White Paper ensures original logs are retained in their original form. The RSA envision platform s unique process provides a nonrefutable warehouse of compressed, encrypted and authenticated event log data. Each event receives a digital fingerprint to prove the chain of custody. With a Write Once Read Many (WORM) approach, once data is committed to the database, it can never be altered. II. Log Generation and Capture 1. Enables collection of logs from any source and the addition of new sources The RSA envision platform has built-in support for the hundreds of devices across an enterprise and from all points within the infrastructure network, security, host, applications and storage. Out-of-the box supported devices include products by Cisco, Microsoft, EMC, Juniper, Check Point, IBM, Oracle, Symantec and many others. In addition, RSA envision open architecture provides universal device support (UDS), an easy to use tool for adding new source devices, systems and applications in real-time. Ideal for in-house auditing applications and for second-tier devices, UDS offers: A graphical user interface to add new messages, Control over device and message classification, Simple definition of message IDs and payload data and Support for multiple applications running on the same host. 2. Supports collection of large volumes of data The ability of RSA envision technology to collect large volumes of data is primarily based on the design of the LogSmart IPDB. SIEM technology most often uses a generalpurpose, traditional relational database engine, which is typically designed for structured data. For a relational database system (RDBS) to perform well in collecting log messages and event data, the information sent to the system must be structured. However, log messages and event data are not structured; therefore relational databases are relatively slow at log data collection. With RDBS, the query speed is also slowed because it has a more restricted write-and-read engine so that data is locked during either writes or reads. The LogSmart IPDB does not parse log messages on input, but retains all of them in original unstructured form and retrieves and parses them only as needed on output for reporting. Taking this approach, the system can easily handle extremely high data input rates.
9 3. Performs accurate data collection Accurate data collection can also be attributed to the LogSmart IPDB. SIEM technology based on a traditional RDBS parses the log messages in order to put the data into structured tables. With this method, it is very possible that data will be incorrectly written to the database or even be lost. The LogSmart IPDB, on the other hand, is not a RDBS and therefore will not mix-up or drop log data upon input or arbitrarily discard information to fit a limited RDBMS schema. The collection layer of the LogSmart IPDB easily handles both the push methodology of UDP-based logging protocols like syslog, syslog-ng and SNMP and the pull methodology found in TCP/IP-based logging protocols, delivering 100% data capture even when capturing many tens of thousands of events per second. It uses a distributed architecture that, among other benefits, allows local log collection to continue normally even during wide area network outages. Through RSA envision universal taxonomy, it is easy to verify that specific events have been logged. All events collected by the RSA envision platform are classified into easy to understand categories. The categories can be used for creating reports, alerts and correlation rules. III. Log Retention and Storage 1. Supports an ILM strategy whereby data is stored relative to the need for the data using tiered storage The RSA envision platform supports an information lifecycle management strategy. The platform can be combined with networked storage solutions to manage the entire lifecycle of log data using a tiered storage approach. EMC has a continuum of scalable storage solutions to address every phase of the security information lifecycle. Combine the RSA envision platform with EMC Symmetrix, Clariion or Celerra storage systems for on-line storage of production data. EMC Centera content-addressable storage system provides for near-line storage of active archive data or backup data. The EMC Disk Library storage system provides for off-line storage of archive or backup data. 2. Enables a cradle to grave security information lifecycle management strategy The combination of the RSA envision platform with EMC storage systems is a powerful solution for managing log (event) data from collection to storage on different tiers, and eventually deletion. Organization-defined policies for retention and disposal periods can be automatically enforced. The platform supports varying retention periods ranging from months to years and allows selective retention of logs from different applications for different time periods. Administrators can migrate logs from one storage mechanism to another such as moving from on-line to near-line storage and can delete logs meeting certain criteria. The RSA envision platform provides access to all of the data regardless of the particular (qualified) storage resource (EMC as well as other leading storage vendors). Administrators and reviewers can quickly access data of interest in on-line and near-line storage; and even restore data of interest, found in near-line or off-line storage, for analysis. With EMC technology, even after data is moved from primary storage to a digital archive, it is still active and available online. Users and applications can still access it as they always would and promote the file back to the primary storage system if needed. 3. Enables fast and fine-grained retrieval of log data regardless of where it is stored (on-line, near-line, off-line) The RSA envision platform enables fast and fine-grained retrieval of stored data logs by: Integrating with networked storage systems, which enable fast access to log data (rather than loading archived logs from tape) Using centrally managed shared storage resources so that the entire pool of log data from across the enterprise is searchable at once (rather than having to search through multiple storage systems individually) Not using a relational database, which is too slow to search up to petabytes of data and, because RDBS technologies merge multiple data elements together into rows or tables, cannot provide fine-grained access to the data elements Taking a tiered storage approach and removing infrequently accessed data from primary storage systems, helping users to find relevant data quicker 4. Allows organizations to easily manage log data disposal The RSA envision platform can be used with EMC storage to define and automatically enforce disposal policies. As well, EMC storage solutions can be configured to use EMC s Certified Data Erasure Service to overwrite and digitally shred information in a manner that conforms to the US Department of Defense M (i.e., DoD ) standard for permanently deleting digital information. RSA White Paper 7
10 IV. Log Analysis 1. Provides unified and comprehensive visibility of log information from across the organization The RSA envision platform provides a single global view. Users can access and analyze All the Data aggregated from devices, systems and applications from across the entire enterprise, including all sites and geographies. This delivers a complete picture of an organization s security posture and compliance status and allows organizations to respond faster to external threats and discern internal ones. Powerful real-time or historical analysis is displayed via an easy-to-use graphical user interface (GUI). Users can dynamically view All the Data and zoom into selected perspectives. The GUI enables a wide range of issues to be investigated simultaneously. Analysts can quickly identify problems, detect anomalous events and find and review all available related data. The GUI uses a speedometer and gauge metaphor to display important information at a glance, with more detailed data only a click away. Much of the background information is displayed as charts and graphs in the well-organized and well-designed interface. As well, the analysis and visualization tools are customizable to fit an organization s particular needs. 2. Detects significant events through correlation The RSA envision platform provides advanced event correlation and alerting with consistent performance independent of incoming EPS. It correlates multiple events from multiple assets (devices, systems and applications) across the entire enterprise. The correlation capabilities allow an organization to: Reduce false positives by correlating events from multiple devices, systems and applications Rank security devices and threats, allowing personnel to focus on the most critical issues correlation of threats from the most critical assets are brought to immediate attention Display all security alerts from all locations on a single screen Incorporate vulnerability data from vulnerability assessment (VA) products. VA data adds another dimension to correlation and greatly reduces false positives It supports rule-based correlation whereby advanced Boolean logic-driven correlation enables real-time evaluation against corporate policies. Anomaly-based correlation is also supported; it detects and alerts on variations from automatically computed baselines of both events and alerts. The analysis and correlation capabilities also include asset awareness and asset prioritization. The asset database integrates with security systems such as Qualys, ISS, McAfee, ncircle and Nessus. 3. Generates alerts for all types of attacks and violations With the RSA envision platform, events can be stored for extended periods of time. Therefore security events that happen only occasionally, such as an incorrect user or password entry from a single IP address outside the network, can be monitored and detected to ensure they are not indications of an under-the-radar break-in attempt. Along with the platform s powerful base-lining, trending and watch list capabilities, the ability to monitor events over extended periods gives organizations the intelligence to detect even low and slow attacks that happen over long stretches of time. The platform includes watch list alerting and reporting for efficient surveillance of specific high-risk scenarios or anticipated events. For example, the system will notify personnel when specific events occur, when sequences of events occur or when the rate of events exceeds a certain condition. Time is saved by targeting monitoring to look for discrete and/or correlated anomalies. Other use cases include watching for a particular IP address that matches a list of top attacking IP addresses or watching for a particular name on a money laundering watch list. Organizations can use the watch list capability to create alerts for potential compliance violations as they occur in real-time, such as events contrary to security policy or regulations and standards. Examples are when a user is attempting an unauthorized access of protected information or when an administrator initiates an unauthorized configuration change. When compliance violations can be detected in real-time, it can greatly reduce the risk of failed audits or penalties. The alerting system also helps to make personnel more productive and efficient by prioritizing and ranking events that represent significant attacks or violations. 4. Provides automated baselines The RSA envision platform creates baselines from All the Data, providing comprehensive trends of activity and events from the organization s entire environment. Baselines are built automatically from the moment the RSA envision 8 RSA White Paper
11 appliance is connected to the network. Organizations can establish baselines of network behavior in order to perform trend analysis or trigger alerts to traffic patterns that are out of the norm. When a deviation occurs, organizations can quickly and effectively troubleshoot the issue. As baselines are established, network assets can be configured by business impact, function, importance to the organization and geographical locations. Assets can be imported from network and vulnerability systems, so not only can the platform baseline that information, it can provide detailed asset reports and correlated alerts. 5. Provides automated and customized reporting With more than 1100 pre-built reports and custom reporting, the RSA envision platform can easily be configured to provide extensive information on a wide variety of issues, providing reports for specific regulations and standards or on specific activities. Sample reports include: Privileged User Monitoring: Super User Activity Report Sarbanes Oxley: Reports on Changes to Access Controls or Configuration Controls HIPAA: ephi Access Report PCI: Invalid Logical Access Attempts Report 5. Facilitates incident management Organizations worldwide are experiencing an increasing rate of incidents, therefore the amount of time available to analyze and respond to each incident decreases. The platform helps manage these incidents, including evaluating their significance and formulating a response plan. The task triage and ticketing system provides a complete incident response workflow, including flexible management and reporting of incidents, attributes and queues; as well as automated task generation and integration with major enterprise ticketing systems. With integrated incident response workflow, operations can be simplified, staff and resources can be utilized more efficiently and resolution of issues will be faster with fewer errors. RSA envision platform provides the only vulnerability and asset management (VAM) solution in the industry that automatically maps event information from intrusion detection/prevention system (IDS/IPS) alerts to vulnerability intelligence through an enterprise-class platform that collects, manages and analyzes all the event and asset data. The platform incorporates vulnerability data from the national vulnerability database (NVD), which is regularly updated. Benefits of VAM include accurate and automatic identification of real vulnerabilities, false positive reduction, improved effectiveness of security personnel, improved security posture and reduced cost of incident management. 6. Provides extensive querying and filtering The RSA envision platform provides a detailed view of the events that trigger security threats thanks to extensive drilldown capabilities. Security administrators can see exactly what patterns are forming on their networks and the specific IP addresses, ports, hosts, users and protocols involved in these patterns. Extensive querying and filtering capabilities and robust user interface tools all help users to search for data by any user-defined attribute. V. Log Security and Protection 1. Protects data integrity throughout the security information lifecycle With the RSA envision platform, log messages pass through three steps that guard them permanently against tampering: authentication, lossless compression and encryption. As well, the IPDB utilizes a Write Once Read Many (WORM) approach to the data itself, which assures that once data is committed to the database, it can never be altered. EMC storage solutions also provide WORM protection for files. This capability is designed to protect files and directories from deletion, alteration, renaming or overwriting during a designated retention period. To meet the unique requirements of storing and managing fixed content that is, unchanging digital assets into an active archive storage solution, EMC Centera uses Content Addressable Storage technology, whereby classes of security information can be marked as un-erasable over a given retention period to comply with corporate and government data retention policies or be put on litigation hold if ordered. Corporate auditors can be assured that the data retrieved from storage exactly matches what was securely written several years prior. This capability is ideal for long-retention regulatory requirements. Many EMC storage systems have successfully completed the evaluation for Common Criteria Certification to an EAL 2 assurance level. RSA White Paper 9
12 2. Controls access to log data The RSA envision platform provides fine-grained, role-based access control to ensure that only authorized users have access to the particular data they need to do their job. For example, each device s data is stored separately within the IPDB. Access can be granted on a per device and per analysis tool basis to individuals or groups. 3. Provides for high availability including for log collection, analysis and storage Several features of the RSA envision platform help provide high availability for log collection, analysis and storage. Planned or unplanned downtime of collection services can lead to the loss of critical event log information. The platform provides a high availability feature set for collection services which includes support for automatic failure detection, quick fail-over, transparent recovery, active/standby operation support with optional high availability configurations. These features help to significantly reduce the risk of data loss and negative business impact with uninterrupted data collection and provide greater flexibility and less impact on operations of scheduled system downtime. High availability has been built into the architecture of the RSA envision LS series of appliances; users can setup and receive alerts as well as run reports from any site in the distributed domain. As well, through features such as redundant switch architecture and network interface teaming, the LS series of appliances supports high availability networking. All ES and LS appliances have been hardened according to the NSA Gold Disk standard, meeting the security technical implementation guideline (STIG) for secure servers. As well, the appliances have redundancy built into the hardware such as redundant power supplies. EMC storage solutions provide capabilities designed to support disaster recovery and business continuance operations, including: Redundant hardware components. To help protect against the loss of data and system downtime, EMC storage solutions provide redundancy for many key hardware components, including power supplies, connection to storage systems and network connections. Backup. The systems support sophisticated data backup techniques that, among other things, allow information to be archived to tape and other media in a manner that minimizes the impact on system performance. Notifications. The solutions can be configured to automatically provide a variety of detailed notification to system administrators when components are failing or when the system otherwise requires the administrator s attention in order to prevent potential system downtime and/or data loss. Conclusion Developing a log (event) management capability has reached the top of the agenda for many organizations around the globe from small businesses to large enterprises. As organizations strive to develop log management best practices, establish infrastructure requirements and deploy solutions, RSA is helping organizations around the world to meet the challenges. As detailed in this paper, the features of RSA solutions map to the complete range of requirements for a centrallymanaged dedicated infrastructure for log management from high performance and scalability to accurate collection and advanced analytics. One of the most important aspects of an infrastructure is that it incorporates an information lifecycle management (ILM) strategy for log data. With the combination of the RSA envision platform and EMC networked storage solutions, organizations can manage the huge volumes of logged data from creation to deletion in order to meet regulatory compliance, security operations and business requirements. About RSA RSA, The Security Division of EMC, is the expert in information-centric security, enabling the protection of information throughout its lifecycle. RSA enables customers to cost-effectively secure critical information assets and online identities wherever they live and at every step of the way, and manage security information and events to ease the burden of compliance. For more information, please visit and RSA, envision, LogSmart, All the Data and the RSA logo are registered trademarks or trademarks of RSA Security Inc. in the United States and/or other countries. EMC, Symmetrix, Clariion, Celerra and Centera are registered trademarks or trademarks of EMC Corporation. All other products or services mentioned are trademarks of their respective owners RSA Security Inc. All rights reserved. 10 RSA White Paper LMBP3 WP 1007
Security Information and Event Management Introduction to envision: The Information Management Platform for Security and Compliance Operations Success
Security Information and Event Management Introduction to envision: The Information Management Platform for Security and Compliance Operations Success Copyright 2008 EMC Corporation. All rights reserved.
More informationBuilding an Infrastructure That Enables Log Management Best Practices
White paper Building an Infrastructure That Enables Log Management Best Practices A Technology Strategy for Comprehensive Security Information and Event Management Executive Summary The current regulatory
More informationRSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief
RSA Solution Brief RSA envision Platform Real-time Actionable Information, Streamlined Incident Handling, Effective Measures RSA Solution Brief The job of Operations, whether a large organization with
More informationAn Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011
An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011 Brian McLean, CISSP Sr Technology Consultant, RSA Changing Threats and More Demanding Regulations External
More informationRSA Solution Brief. RSA envision. Platform. Compliance and Security Information Management. RSA Solution Brief
RSA Solution Brief RSA envision Compliance and Security Information Management Platform RSA Solution Brief Actionable Compliance and Security Intelligence RSA envision technology is an information management
More informationCompliance and Security Information Management for PCI DSS Requirement 10 and Beyond
RSA Solution Brief Compliance and Security Information Management for PCI DSS Requirement 10 and Beyond Through Requirement 10, PCI DSS specifically requires that merchants, banks and payment processors
More informationEoin Thornton Senior Security Architect Zinopy Security Ltd.
RSA envision: Transform your Security Operations A Technical overview & demo of RSA envision The Information Log Management Platform for Security and Compliance Success Eoin Thornton Senior Security Architect
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationRSA Solution Brief. Platform. The RSA envision. A Single, Integrated 3-in-1 Log Management Solution. RSA Solution Brief
RSA Solution Brief The RSA envision Platform A Single, Integrated 3-in-1 Log Management Solution RSA Solution Brief The RSA envision Platform at a Glance The RSA envision platform gives organizations a
More informationLOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE The Tripwire VIA platform delivers system state intelligence, a continuous approach to security that provides leading indicators of breach
More informationEnabling Security Operations with RSA envision. August, 2009
Enabling Security Operations with RSA envision August, 2009 Agenda What is security operations? How does RSA envision help with security operations? How does RSA envision fit with other EMC products? If
More informationRSA Solution Brief. RSA envision LogSmart Internet Protocol Database. RSA Solution Brief
RSA Solution Brief RSA envision LogSmart Internet Protocol Database RSA Solution Brief The global enterprise puts tough demands on a security information & event management (SIEM) system. It must capture
More informationScalability in Log Management
Whitepaper Scalability in Log Management Research 010-021609-02 ArcSight, Inc. 5 Results Way, Cupertino, CA 95014, USA www.arcsight.com info@arcsight.com Corporate Headquarters: 1-888-415-ARST EMEA Headquarters:
More informationAn Introduction to RSA envision The Information Log Management Platform for Security and Compliance Success. September, 2009
An Introduction to RSA envision The Information Log Management Platform for Security and Compliance Success September, 2009 Changing Threats and More Demanding Regulations External attacks Malicious insiders
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationLOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE As part of the Tripwire VIA platform, Tripwire Log Center offers out-of-the-box integration with Tripwire Enterprise to offer visibility
More informationLOG INTELLIGENCE FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF uugiven today s environment of sophisticated security threats, big data security intelligence solutions and regulatory compliance demands, the need for a log intelligence solution has become
More informationWhite paper. Storing More Intelligently: Tiered Storage Solutions for Security Data
White paper Storing More Intelligently: Tiered Storage Solutions for Security Data Until recently, storage management has been the purview of IT staff, not compliance or security professionals. But as
More informationQRadar SIEM 6.3 Datasheet
QRadar SIEM 6.3 Datasheet Overview Q1 Labs flagship solution QRadar SIEM is unrivaled in its ability to provide an organization centralized IT security command and control. The unique capabilities of QRadar
More informationClavister InSight TM. Protecting Values
Clavister InSight TM Clavister SSP Security Services Platform firewall VPN termination intrusion prevention anti-virus anti-spam content filtering traffic shaping authentication Protecting Values & Enterprise-wide
More informationConfiguring Celerra for Security Information Management with Network Intelligence s envision
Configuring Celerra for Security Information Management with Best Practices Planning Abstract appliance is used to monitor log information from any device on the network to determine how that device is
More informationPreemptive security solutions for healthcare
Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare
More informationTech Brief. Choosing the Right Log Management Product. By Michael Pastore
Choosing the Right Log Management Product By Michael Pastore Tech Brief an Log management is IT s version of the good old fashioned detective work that authorities credit for solving a lot of crimes. It
More informationBoosting enterprise security with integrated log management
IBM Software Thought Leadership White Paper May 2013 Boosting enterprise security with integrated log management Reduce security risks and improve compliance across diverse IT environments 2 Boosting enterprise
More informationNitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring
NitroView Unified Security and Compliance Unmatched Speed and Scale Application Data Monitoring Database Monitoring Log Management Content Aware SIEM TM IPS Today s security challenges demand a new approach
More informationUsing EMC SourceOne Email Management in IBM Lotus Notes/Domino Environments
Using EMC SourceOne Email Management in IBM Lotus Notes/Domino Environments Technology Concepts and Business Considerations Abstract EMC SourceOne Email Management enables customers to mitigate risk, reduce
More informationHow To Manage Sourcefire From A Command Console
Sourcefire TM Sourcefire Capabilities Store up to 100,000,000 security & host events, including packet data Centralized policy & sensor management Centralized audit logging of configuration & security
More informationDetect & Investigate Threats. OVERVIEW
Detect & Investigate Threats. OVERVIEW HIGHLIGHTS Introducing RSA Security Analytics, Providing: Security monitoring Incident investigation Compliance reporting Providing Big Data Security Analytics Enterprise-wide
More informationInformatica Application Information Lifecycle Management
Informatica Application Information Lifecycle Management Cost-Effectively Manage Every Phase of the Information Lifecycle brochure Controlling Explosive Data Growth The era of big data presents today s
More informationLeveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs
IBM Global Technology Services Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs Achieving a secure government
More informationHow To Protect Your Network From Attack From A Network Security Threat
Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your
More informationSolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements
SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements SolarWinds Security Information Management in the Payment Card
More informationInformation Technology Policy
Information Technology Policy Security Information and Event Management Policy ITP Number Effective Date ITP-SEC021 October 10, 2006 Category Supersedes Recommended Policy Contact Scheduled Review RA-ITCentral@pa.gov
More informationWHITE PAPER SPLUNK SOFTWARE AS A SIEM
SPLUNK SOFTWARE AS A SIEM Improve your security posture by using Splunk as your SIEM HIGHLIGHTS Splunk software can be used to operate security operations centers (SOC) of any size (large, med, small)
More informationServer Monitoring: Centralize and Win
Server Monitoring: Centralize and Win Table of Contents Introduction 2 Event & Performance Management 2 Troubleshooting 3 Health Reporting & Notification 3 Security Posture & Compliance Fulfillment 4 TNT
More informationProduct white paper. ROI and SIEM. How the RSA envision platform delivers an Industry-leading ROI
Product white paper ROI and SIEM How the RSA envision platform delivers an Industry-leading ROI This paper examines the Return on Investment (ROI) that a quality security information & event management
More informationSecurity Event and Log Management Service:
IBM Global Technology Services December 2007 Security Event and Log Management Service: Comprehensive, Cost-effective Approach to Enhance Network Security and Security Data Management Page 2 Contents 2
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationNitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers
NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers The World's Fastest and Most Scalable SIEM Finally an enterprise-class security information and event management system
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationIBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems
IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems Proactively address regulatory compliance requirements and protect sensitive data in real time Highlights Monitor and audit data activity
More informationEMC Data Protection Advisor 6.0
White Paper EMC Data Protection Advisor 6.0 Abstract EMC Data Protection Advisor provides a comprehensive set of features to reduce the complexity of managing data protection environments, improve compliance
More informationFISMA / NIST 800-53 REVISION 3 COMPLIANCE
Mandated by the Federal Information Security Management Act (FISMA) of 2002, the National Institute of Standards and Technology (NIST) created special publication 800-53 to provide guidelines on security
More informationWhen it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs
White Paper Meeting PCI Data Security Standards with Juniper Networks SECURE ANALYTICS When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs Copyright 2013, Juniper Networks,
More informationnwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.
CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such
More informationForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)
ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) CONTENT Introduction 2 Overview of Continuous Diagnostics & Mitigation (CDM) 2 CDM Requirements 2 1. Hardware Asset Management 3 2. Software
More informationArchive Data Retention & Compliance. Solutions Integrated Storage Appliances. Management Optimized Storage & Migration
Solutions Integrated Storage Appliances Management Optimized Storage & Migration Archive Data Retention & Compliance Services Global Installation & Support SECURING THE FUTURE OF YOUR DATA w w w.q sta
More informationRSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief
RSA SecurID Authentication in Action: Securing Privileged User Access RSA SecurID solutions not only protect enterprises against access by outsiders, but also secure resources from internal threats The
More informationOnline Transaction Processing in SQL Server 2008
Online Transaction Processing in SQL Server 2008 White Paper Published: August 2007 Updated: July 2008 Summary: Microsoft SQL Server 2008 provides a database platform that is optimized for today s applications,
More informationEnterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.
ENTERPRISE MONITORING & LIFECYCLE MANAGEMENT Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid
More informationMeeting the Challenges of Virtualization Security
Meeting the Challenges of Virtualization Security Coordinate Security. Server Defense for Virtual Machines A Trend Micro White Paper August 2009 I. INTRODUCTION Virtualization enables your organization
More informationLog Management How to Develop the Right Strategy for Business and Compliance. Log Management
Log Management How to Develop the Right Strategy for Business and Compliance An Allstream / Dell SecureWorks White Paper 1 Table of contents Executive Summary 1 Current State of Log Monitoring 2 Five Steps
More informationBest Practices for Building a Security Operations Center
OPERATIONS SECURITY Best Practices for Building a Security Operations Center Diana Kelley and Ron Moritz If one cannot effectively manage the growing volume of security events flooding the enterprise,
More informationWhite paper. Log Management Best Practices. The Foundation for Comprehensive Security Information and Event Management
White paper Log Management Best Practices The Foundation for Comprehensive Security Information and Event Management Executive Summary Log (event) management is the collection, analysis (real-time or historical),
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More informationVistara Lifecycle Management
Vistara Lifecycle Management Solution Brief Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid
More informationInjazat s Managed Services Portfolio
Injazat s Managed Services Portfolio Overview Premium Managed Services to Transform Your IT Environment Injazat s Premier Tier IV Data Center is built to offer the highest level of security and reliability.
More informationIBM Software Enabling business agility through real-time process visibility
IBM Software Enabling business agility through real-time process visibility IBM Business Monitor 2 Enabling business agility through real-time process visibility Highlights Understand the big picture of
More informationCisco and EMC Solutions for Application Acceleration and Branch Office Infrastructure Consolidation
Solution Overview Cisco and EMC Solutions for Application Acceleration and Branch Office Infrastructure Consolidation IT organizations face challenges in consolidating costly and difficult-to-manage branch-office
More informationInformatica Application Information Lifecycle Management
Brochure Informatica Application Information Lifecycle Management Cost-Effectively Manage Every Phase of the Information Lifecycle Controlling Explosive Data Growth Informatica Application Information
More informationThe Advantages of Enterprise Historians vs. Relational Databases
GE Intelligent Platforms The Advantages of Enterprise Historians vs. Relational Databases Comparing Two Approaches for Data Collection and Optimized Process Operations The Advantages of Enterprise Historians
More informationIBM SECURITY QRADAR INCIDENT FORENSICS
IBM SECURITY QRADAR INCIDENT FORENSICS DELIVERING CLARITY TO CYBER SECURITY INVESTIGATIONS Gyenese Péter Channel Sales Leader, CEE IBM Security Systems 12014 IBM Corporation Harsh realities for many enterprise
More informationRSA SIEM and DLP Infrastructure and Information Monitoring in One Solution
RSA SIEM and DLP Infrastructure and Information Monitoring in One Solution David Mateju RSA Sales Consultant, RSA CSE david.mateju@rsa.com Adding an information-centric view Infrastructure Information
More informationDiscover & Investigate Advanced Threats. OVERVIEW
Discover & Investigate Advanced Threats. OVERVIEW HIGHLIGHTS Introducing RSA Security Analytics, Providing: Security monitoring Incident investigation Compliance reporting Providing Big Data Security Analytics
More informationNetwrix Auditor. Сomplete visibility into who changed what, when and where and who has access to what across the entire IT infrastructure
Netwrix Auditor Сomplete visibility into who changed what, when and where and who has access to what across the entire IT infrastructure netwrix.com netwrix.com/social 01 Product Overview Netwrix Auditor
More informationQRadar Security Management Appliances
QRadar Security Management Appliances Q1 Labs QRadar network security management appliances and related software provide enterprises with an integrated framework that combines typically disparate network
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationSecuring Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption
THE DATA PROTECTIO TIO N COMPANY Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption whitepaper Executive Summary Long an important security measure, encryption has
More informationAugust 2011. Investigating an Insider Threat. A Sensage TechNote highlighting the essential workflow involved in a potential insider breach
August 2011 A Sensage TechNote highlighting the essential workflow involved in a potential insider breach Table of Contents Executive Summary... 1... 1 What Just Happened?... 2 What did that user account
More informationHow To Buy Nitro Security
McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security
More informationLogInspect 5 Product Features Robust. Dynamic. Unparalleled.
LogInspect 5 Product Features Robust. Dynamic. Unparalleled. Enjoy ultra fast search capabilities in simple and complex modes optimized for Big Data Easily filter and display relevant topics, eg: Top 10
More informationWhat is Security Intelligence?
2 What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the
More informationEMC DATA DOMAIN OPERATING SYSTEM
ESSENTIALS HIGH-SPEED, SCALABLE DEDUPLICATION Up to 58.7 TB/hr performance Reduces protection storage requirements by 10 to 30x CPU-centric scalability DATA INVULNERABILITY ARCHITECTURE Inline write/read
More informationThe Value of Vulnerability Management*
The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda
More informationData Sheet: Archiving Symantec Enterprise Vault Store, Manage, and Discover Critical Business Information
Store, Manage, and Discover Critical Business Information Managing millions of mailboxes for thousands of customers worldwide, Enterprise Vault, the industry leader in email and content archiving, enables
More informationAutomated Network Control for
Key Differentiators Application Layer Availability: Minimizes downtime and improves the user experience by determining health at the application layer for every user. Management Automation: Provides automated
More informationNIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT
NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT OVERVIEW The National Institute of Standards of Technology Framework for Improving Critical Infrastructure Cybersecurity (The NIST Framework) is a
More informationAUTOMATED DATA RETENTION WITH EMC ISILON SMARTLOCK
White Paper AUTOMATED DATA RETENTION WITH EMC ISILON SMARTLOCK Abstract EMC Isilon SmartLock protects critical data against accidental, malicious or premature deletion or alteration. Whether you need to
More informationFight the Noise with SIEM
Fight the Noise with SIEM An Incident Response System Classified: Public An Indiana Bankers Association Preferred Service Provider! elmdemo.infotex.com Managed Security Services by infotex! Page 2 Incident
More informationCHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics
CHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics TRADITIONAL SIEMS ARE SHOWING THEIR AGE Security Information and Event Management (SIEM) tools have been a
More informationA 15-Minute Guide to 15-MINUTE GUIDE
A 15-Minute Guide to Retention Management 15-MINUTE GUIDE Foreword For you as a business professional, time is a precious commodity. You spend much of your day distilling concepts, evaluating options,
More informationThings You Need to Know About Cloud Backup
Things You Need to Know About Cloud Backup Over the last decade, cloud backup, recovery and restore (BURR) options have emerged as a secure, cost-effective and reliable method of safeguarding the increasing
More informationLogPoint 5.1 Product Features Robust. Dynamic. Unparalleled.
LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled. LOGPOINT Enjoy ultra fast search capabilities in simple and complex modes optimized for Big Data Easily filter and display relevant topics,
More informationMeeting PCI Data Security Standards with
WHITE PAPER Meeting PCI Data Security Standards with Juniper Networks STRM Series Security Threat Response Managers When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs Copyright
More informationEMC DATA DOMAIN OPERATING SYSTEM
EMC DATA DOMAIN OPERATING SYSTEM Powering EMC Protection Storage ESSENTIALS High-Speed, Scalable Deduplication Up to 58.7 TB/hr performance Reduces requirements for backup storage by 10 to 30x and archive
More informationSecurity Information and Event Management (SIEM)
NEbraskaCERT 2005: Security Information and Event Management (SIEM) Matt Stevens Chief Technology Officer Network Intelligence Corporation 8-10-05 Security Information/Events = Logs Logs are audit records
More informationSuccessfully managing geographically distributed development
IBM Rational SCM solutions for distributed development August 2004 Successfully managing geographically distributed development Karen Wade SCM Product Marketing Manager IBM Software Group Page 2 Contents
More informationEnhance visibility into and control over software projects IBM Rational change and release management software
Enhance visibility into and control over software projects IBM Rational change and release management software Accelerating the software delivery lifecycle Faster delivery of high-quality software Software
More informationIBM Tivoli Storage Manager
Help maintain business continuity through efficient and effective storage management IBM Tivoli Storage Manager Highlights Increase business continuity by shortening backup and recovery times and maximizing
More informationWhite Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI
White Paper Achieving PCI Data Security Standard Compliance through Security Information Management White Paper / PCI Contents Executive Summary... 1 Introduction: Brief Overview of PCI...1 The PCI Challenge:
More informationOracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0
Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies
More informationManaged Security Services for Data
A v a y a G l o b a l S e r v i c e s Managed Security Services for Data P r o a c t i v e l y M a n a g i n g Y o u r N e t w o r k S e c u r i t y 2 4 x 7 x 3 6 5 IP Telephony Contact Centers Unified
More informationIBM QRadar Security Intelligence Platform appliances
IBM QRadar Security Intelligence Platform Comprehensive, state-of-the-art solutions providing next-generation security intelligence Highlights Get integrated log management, security information and event
More informationWhite Paper. Central Administration of Data Archiving
White Paper Central Administration of Data Archiving Archiving and Securing Corporate Data... 1 The Growing Need for Data Archive Solutions... 1 Determining Data Archiving Policy... 2 Establishing the
More informationSyslog Analyzer ABOUT US. Member of the TeleManagement Forum. info@ossera.com +1-916-290-9300 http://www.ossera.com
Syslog Analyzer ABOUT US OSSera, Inc. is a global provider of Operational Support System (OSS) solutions for IT organizations, service planning, service operations, and network operations. OSSera's multithreaded
More informationP u b l i c a t i o n N u m b e r : W P 0 0 0 0 0 0 0 4 R e v. A
P u b l i c a t i o n N u m b e r : W P 0 0 0 0 0 0 0 4 R e v. A FileTek, Inc. 9400 Key West Avenue Rockville, MD 20850 Phone: 301.251.0600 International Headquarters: FileTek Ltd 1 Northumberland Avenue
More informationSymantec Security Information Manager 4.7.4 Administrator Guide
Symantec Security Information Manager 4.7.4 Administrator Guide Symantec Security Information Manager 4.7.4 Administrator Guide The software described in this book is furnished under a license agreement
More informationWhite paper. Five Key Considerations for Selecting a Data Loss Prevention Solution
White paper Five Key Considerations for Selecting a Data Loss Prevention Solution What do you need to consider before selecting a data loss prevention solution? There is a renewed awareness of the value
More informationHigh End Information Security Services
High End Information Security Services Welcome Trion Logics Security Solutions was established after understanding the market's need for a high end - End to end security integration and consulting company.
More information