Building a cloud- based SIEM with Splunk Cloud and AWS
|
|
- Jonah Cain
- 8 years ago
- Views:
Transcription
1 Copyright 2014 Splunk Inc. Building a cloud- based SIEM with Splunk Cloud and AWS Joe Goldberg Product MarkeAng, Splunk Gary Mikula Senior Director InformaAon Security, FINRA Sivakanth Mundru Product Manager, AWS
2 Disclaimer During the course of this presentaaon, we may make forward- looking statements regarding future events or the expected performance of the company. We cauaon you that such statements reflect our current expectaaons and esamates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward- looking statements, please review our filings with the SEC. The forward- looking statements made in the this presentaaon are being made as of the Ame and date of its live presentaaon. If reviewed aver its live presentaaon, this presentaaon may not contain current or accurate informaaon. We do not assume any obligaaon to update any forward- looking statements we may make. In addiaon, any informaaon about our roadmap outlines our general product direcaon and is subject to change at any Ame without noace. It is for informaaonal purposes only, and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligaaon either to develop the features or funcaonality described or to include any such feature or funcaonality in a future release. 2
3 Agenda! Splunk for security and cloud offerings! AWS CloudTrail! FINRA using Splunk Cloud as a SIEM! Demo of Splunk App for Enterprise Security & AWS CloudTrail 3
4 Splunk for Security and Cloud Offerings
5 Use Cases for Machine Data AnalyAcs Core Use Cases Today s Focus Emerging Use Cases App Dev and App Mgmt. IT OperaAons Security and Compliance Digital Intelligence Business AnalyAcs Industrial Data and Internet of Things Developer Pla[orm (REST API, SDKs) Small Data. Big Data. Huge Data. 5
6 Sources AWS CloudTrail Endpoint Security Machine Data Contains CriAcal Insights Example Correla0on Data Loss {"requestparameters": {"duraaonseconds": 43200}, "responseelements": {"credenaals": {"sessiontoken": "AQoDYXdzEPP///==", "accesskeyid": "ASIAJWQDLBKDOAKEWNIQ", "expiraaon": "Nov 13, :22:32 AM"}, "eventsource": "sts.amazonaws.com", "sourceipaddress": ", "eventtime": " T17:22:32Z", "useridenaty": {Administrator:root", "principalid": " ", "accountid": " ", "type": Source IP "Root"}, "eventname": "GetSessionToken", "useragent": "signin.amazonaws.com"} Default Admin Account Aug 08 06:09:13 acmesep01.acmetech.com Aug 09 06:17:24 SymantecServer acmesep01: Virus found,computer name: ACME- 002,Source: Real Time Scan,Risk name: Hackerremotetool.rootkit,Occurrences: 1,C:/Documents and Sejngs/smithe/Local Sejngs/Temp/evil.tmp,"""",Actual acaon: QuaranAned,Requested acaon: Cleaned, Malware Found Ame: :19:12,Inserted: :20:12,End: :19:12,Domain: Source Default,Group: IP My Company\ACME Remote,Server: acmesep01,user: smithe,source computer:,source IP: Intrusion Detec2on Aug 08 08:26:54 snort.acmetech.com {TCP} : > :443 itsec snort[18774]: [1:100000:3] [ClassificaAon: PotenAal Corporate Privacy ViolaAon] Credit Card Number Detected in Clear Text Source IP [Priority: 2]: Data Loss Time Range All three occurring within a 24- hour period 6
7 Big Data SIEM All Data is Security Relevant Databases Web CloudTrail OSes Tradi0onal SIEM DHCP/ DNS Network Flows Hypervisor Badges Firewall AuthenAcaAon Vulnerability Scans Custom Apps Service Desk Storage Mobile Intrusion DetecAon Data Loss PrevenAon AnA- Malware Industrial Control Call Records 7
8 Top Splunk Security Use Cases A SIEM Plus Much More Splunk Can Complement OR Replace an ExisAng SIEM Incident InvesAgaAons & Forensics Security & Compliance ReporAng Real- Ame Monitoring of Known Threats Real- Ame Monitoring of Unknown Threats Insider Threat Fraud detecaon 8
9 Over 2800 Global Security Customers 9
10 Gartner SIEM MQ Leading Big Data SIEM (plus more!) Best SIEM & Enterprise Security Solu2on Best SIEM 10
11 Cloud Offerings For Security and Compliance SaaS SoEware Applica2ons Splunk Enterprise as a service Full app, SDK, API, pla[orm support Self- deploy in cloud or on- premises Centralized view across cloud and on- premises App for AWS CloudTrail FREE Splunk App for Enterprise Security Amazon Machine Images (AMI) Splunk Enterprise and Hunk AMIs Accelerate deployment in AWS 11
12 AWS CloudTrail
13 Agenda Overview and Use cases Regional availability and support for AWS services Event payload review Aggregation of log files across accounts and services Amazon Confidential
14 CloudTrail Overview Customers are making API calls... On a growing set of services around the world CloudTrail is continuously recording API calls And delivering log files to customers Amazon Confidential
15 Use Cases Enabled By CloudTrail Security Analysis v Use log files as an input into log management and analysis solutions to perform security analysis and to detect user behavior patterns Track Changes to AWS Resources v Track creation, modification, and deletion of AWS resources such as Amazon EC2 instances, Amazon VPC security groups and Amazon EBS volumes. Troubleshoot Operational Issues v Quickly identify the most recent changes made to resources in your environment Compliance Aid v Easier to demonstrate compliance with internal policies and regulatory standards Amazon Confidential
16 CloudTrail Regional Availability Amazon Confidential
17 Services Supported by CloudTrail Amazon Confidential
18 What s in a CloudTrail Event? Who made the API call? When was the API call made? What was the API call? What were the resources that were acted up on in the API call? Where was the API call made from? Amazon Confidential
19 Who Made the API Call? Records detailed information for all AWS identity types v Root user v IAM user v Federated user v Role Information includes v Friendly user name v AWS AccessKeyId v 12 digit AWS account number v Amazon Resource Name (ARN) v Session context and issuer information, if applicable v invokedby section identifies the AWS service making request on behalf of the user Amazon Confidential
20 Who Made the API Call? IAM user Bob making an API call "useridentity": { "accesskeyid": "AKEXAMPLE123EJVA", "accountid": ", "arn": "arn:aws:iam:: :user/bob", "principalid": "AIEXAMPLE987ZKLALD3HS", "type": "IAMUser", "username": Bob" } Amazon Confidential
21 Who Made the API Call? Federated user Alice making an API call "useridentity":{ "type":"federateduser", "principalid":" :alice", "arn":"arn:aws:sts:: :federated-user/alice", "accountid":" ", "accesskeyid":"asexample1234wtrox8f", "sessionissuer":{ "type":"iamuser", "accountid":" ", "username": Bob" } } Amazon Confidential
22 When Was the API Call Made? Time and Date of the event in ISO 8601 format "eventtime": " T23:30:42Z Event time is captured on the service host where the API call is executed Event time is NOT the time log file is written to S3 Amazon Confidential
23 What Was the API Call? What Resources Were Acted Up On? API call and the service the API call belongs to. "eventname": "RunInstances" "eventsource": "EC2" Request parameters provided by the requester and Response elements returned by the AWS service Response elements for read only API calls (Describe*, Get*, List*) are not recorded to prevent event size inflation Amazon Confidential
24 Where Was the API Call Made From and To? Apparent IP address of the requester making the API call Records the apparent IP address of the requester when making API calls from AWS Management Console AWS region to which the API call was made. Global services ( Examples: IAM/STS) will be recorded as us-east-1 "sourceipaddress": " ", "awsregion": "us-east-1 Amazon Confidential
25 Client Errors, Server Errors & Authorization Failures Detailed and Descriptive error codes and error messages, recorded only when errors occur. Examples v Client error code: TagLimitExceeded v Server error code: Internal Error v Authorization failure: UnauthorizedOperation Authorization Failure Example eventname": TerminateInstances", errorcode": UnauthorizedOperation, errormessage : You are not authorized to perform this operation Amazon Confidential
26 SNS Notifications for Log File Delivery Optionally, CloudTrail will publish SNS notification of each new log file Notifications contain the address of the log file delivered to your S3 bucket and allow you to take immediate action Does not require you to continuously poll S3 to check whether new log files were delivered Multiple subscribers can subscribe to the same SNS topic and retrieve the log files for analysis Amazon Confidential
27 Aggregate Log Files Across Regions and Accounts Default descriptive folder structure makes it easier to store log files from multiple accounts and regions in the same S3 bucket Detailed log file name helps identify the contents of the log file, regardless of where they are stored Time stamp of the log file is the event time of the first event in chronological order In the rare event of duplicate file delivery, unique identifier in the file name prevents overwriting log files Amazon Confidential
28 FINRA using Splunk Cloud as a SIEM Amazon Confidential
29 Who We Are n FINRA the Financial Industry Regulatory Authority is an independent, non-governmental regulator for all securities firms doing business with the public in the United States n FINRA protects investors by regulating brokers and brokerage firms and by monitoring trading on U.S. stock markets n FINRA monitor over 6 billion shares traded on the stock market each day n FINRA handles more big data on a daily basis than the Library of Congress or Visa to build a holistic picture of the trading market n FINRA Deter, Detect, Discipline FINRA Splunk Presentation Copyright 2014FINRA
30 So You Want to Own a SIEM? Now Double It FINRA Splunk Presentation Copyright 2014FINRA
31 What We Learned Owning a SIEM n Wanted ALL logs Centralized n Enterprise Resource n Maintenance <<< Analytics n Push Changes Centrally n Integrated into Process Flow n Ease/Flexibility in Reporting n Avoid Hidden Costs n Relational DB Independent n Tech Refreshes Hurt FINRA Splunk Presentation Copyright 2014FINRA
32 n n n n n n n n Offload HW/SW Worries Can Collect Anything Widened Our User Base Granular AC Where We Are: Splunk Cloud Easily Duplicated All Reporting & Alerting Vendors Give Us Apps Great User Community Easily Determine Actual Costs FINRA VPC S AWS FINRA DATA CENTERS SplunkCloud VPC s FINRA Splunk Presentation Copyright 2014FINRA
33 Why the AWS CloudTrail Application? n FINRA Moving Applications into the Cloud n AWS is Currently FINRA s Primary Cloud Provider n Data Collection via AWS s3 Bucket Objects Not Trivial n CloudTrail Captures Everything, Well Almost n Splunk App for AWS Allows for Filtering n Fully Extracted & Tagged AWS CloudTrail Records in an Easy, Flexible UI n CloudTrail is Transactional FINRA Splunk Presentation Copyright 2014FINRA
34 Ad-Hoc Queries/Reporting n Who Spun Up/Terminated that ec2 FINRA Use Cases n Show me Everything Done by Role X Yesterday Alerting n Has Anyone Used the Root Account n Does the Security Group Contain a Class A Compliance & Governance n Do the Policies Adhere to FINRA Standards** Notify When to Re-Run Compliance FINRA Splunk Presentation Copyright 2014FINRA
35 AWS CloudTrail Overview FINRA Splunk Presentation Copyright 2014FINRA
36 Use Case: Ensure User Permissions in the Cloud FINRA Splunk Presentation Copyright 2014FINRA
37 How We Do It Overview of FINRA AWS Compliance System AWS S3 Buckets AWS SNS AWS CloudTrail AWS Identity Access and Management Search API calling records for CreateRole, PutRolePolicy, DeleteRolePolicy SPLUNK SAVED SEARCH: iam_change_detection (daily) Cron AWS IAM Compliance Dashboard Finra Cloudpass aws_daily_check.py aws_monthly_check.py Subversion Compliance Results FINRA Splunk Presentation Copyright 2014FINRA
38 Executive Summary FINRA Splunk Presentation Copyright 2014FINRA
39 Remediation Report FINRA Splunk Presentation Copyright 2014FINRA
40 Demo of Splunk App for Enterprise Security & AWS CloudTrail FINRA Splunk Presentation Copyright 2014FINRA
41 ! Splunk Cloud h p:// Splunk App for AWS CloudTrail h p://apps.splunk.com/app/1274/ Resources! Splunk App for Enterprise Security h p:// security- app/sp- CAAAE8Z 41
42 Q&A FINRA Splunk Presentation Copyright 2014FINRA
43 THANK YOU
Amazon WorkDocs. Administration Guide Version 1.0
Amazon WorkDocs Administration Guide Amazon WorkDocs: Administration Guide Copyright 2015 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not
More informationGOOD GUYS VS BAD GUYS: USING BIG DATA TO COUNTERACT ADVANCED THREATS. Joe Goldberg. Splunk. Session ID: SPO-W09 Session Classification: Intermediate
GOOD GUYS VS BAD GUYS: USING BIG DATA TO COUNTERACT ADVANCED THREATS Joe Goldberg Splunk Session ID: SPO-W09 Session Classification: Intermediate About Me Joe Goldberg Current: Splunk - Security Evangelist
More informationSplunk Company Overview
Copyright 2015 Splunk Inc. Splunk Company Overview Name Title Safe Harbor Statement During the course of this presentation, we may make forward looking statements regarding future events or the expected
More informationIntrusion Detection in the Cloud
Intrusion Detection in the Cloud Greg Roth, AWS Identity & Access Management Don Bailey, AWS Security November 14 th, 2013 2013 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied,
More informationSecurity & Threat Detection: Go Beyond Monitoring
Copyright 2014 Splunk Inc. Security & Threat Detection: Go Beyond Monitoring Philip Sow, CISSP Sales Engineering Manager SEA Security: We have come a long way.. FIG 1: New Malware Sample Over Years Advanced
More informationBIG DATA FOR SECURITY: HOW CAN I PUT BIG DATA TO WORK FOR ME? Joe Goldberg. Splunk. Session ID: HT-T08 Session Classification: Intermediate
BIG DATA FOR SECURITY: HOW CAN I PUT BIG DATA TO WORK FOR ME? Joe Goldberg Splunk Session ID: HT-T08 Session Classification: Intermediate About Me Joe Goldberg Current: Splunk - Security Evangelist and
More informationSplunk: Using Big Data for Cybersecurity
Next Session Begins at 14:40 Splunk: Using Big Data for Cybersecurity Joe Goldberg Splunk Splunk: Using Big Data for Cybersecurity Joseph Goldberg Splunk Advanced Threats in the Headlines Cyber Criminals
More informationwww.boost ur skills.com
www.boost ur skills.com AWS CLOUD COMPUTING WORKSHOP Write us at training@boosturskills.com BOOSTURSKILLS No 1736 1st Amrutha College Road Kasavanhalli,Off Sarjapur Road,Bangalore-35 1) Introduction &
More informationLogentries Insights: The State of Log Management & Analytics for AWS
Logentries Insights: The State of Log Management & Analytics for AWS Trevor Parsons Ph.D Co-founder & Chief Scientist Logentries 1 1. Introduction The Log Management industry was traditionally driven by
More informationGrid CompuAng AnalyAcs with Splunk Finnbar Cunningham
Copyright 2014 Splunk Inc. Grid CompuAng AnalyAcs with Splunk Finnbar Cunningham Head of Grid CompuAng OperaAons & Support Credit Suisse Disclaimer During the course of this presentaaon, we may make forward-
More informationCopyright 2013 Splunk, Inc. Splunk 6 Overview. Presenter Name, Presenter Title
Copyright 2013 Splunk, Inc. Splunk 6 Overview Presenter Name, Presenter Title Safe Harbor Statement During the course of this presentahon, we may make forward looking statements regarding future events
More informationCopyright 2014 Splunk Inc.
Copyright 2014 Splunk Inc. Extend Splunk by Visualizing Data using Tableau and the ODBC driver Sharad Kylasam Sr. Product Manager, Splunk Ashley Jaschke Product Manager, Tableau Joe Specht Sr. Director
More informationSECURITY IS JOB ZERO. Security The Forefront For Any Online Business Bill Murray Director AWS Security Programs
SECURITY IS JOB ZERO Security The Forefront For Any Online Business Bill Murray Director AWS Security Programs Security is Job Zero Physical Security Network Security Platform Security People & Procedures
More informationIBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer
IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.
More informationHunk & Elas=c MapReduce: Big Data Analy=cs on AWS
Copyright 2014 Splunk Inc. Hunk & Elas=c MapReduce: Big Data Analy=cs on AWS Dritan Bi=ncka BD Solu=ons Architecture Disclaimer During the course of this presenta=on, we may make forward looking statements
More informationIBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation
IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing
More informationSplunk Enterprise in the Cloud Vision and Roadmap
Copyright 2013 Splunk Inc. Splunk Enterprise in the Cloud Vision and Roadmap Alex Munk PM Cloud #splunkconf Ledio Ago Director of Engineering Cloud Legal NoJces During the course of this presentajon, we
More informationSarbanes-Oxley Act. Solution Brief. Sarbanes-Oxley Act. Publication Date: March 17, 2015. EventTracker 8815 Centre Park Drive, Columbia MD 21045
Publication Date: March 17, 2015 Solution Brief EventTracker 8815 Centre Park Drive, Columbia MD 21045 About EventTracker EventTracker delivers business critical software and services that transform high-volume
More informationNetzwerkvirtualisierung? Aber mit Sicherheit!
Netzwerkvirtualisierung? Aber mit Sicherheit! Markus Schönberger Advisory Technology Consultant Trend Micro Stephan Bohnengel Sr. Network Virtualization SE VMware Agenda Background and Basic Introduction
More informationElastic Detector on Amazon Web Services (AWS) User Guide v5
Elastic Detector on Amazon Web Services (AWS) User Guide v5 This guide is intended for Elastic Detector users on AWS. Elastic Detector is available as SaaS or deployed as a virtual appliance through an
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
More informationUTILIZING CLOUDCHECKR FOR SECURITY
UTILIZING CLOUDCHECKR FOR SECURITY A guide to security in your AWS Environment Abstract This document outlines steps to properly secure your AWS environment using CloudCheckr. We cover CloudCheckr use
More informationWHITE PAPER SPLUNK SOFTWARE AS A SIEM
SPLUNK SOFTWARE AS A SIEM Improve your security posture by using Splunk as your SIEM HIGHLIGHTS Splunk software can be used to operate security operations centers (SOC) of any size (large, med, small)
More informationUnified Security, ATP and more
SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users
More informationPalo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats
Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats Executive Summary Palo Alto Networks strategic partnership with Splunk brings the power of our next generation
More informationSymantec Enterprise Security: Strategy and Roadmap Galin Grozev
Symantec Enterprise Security: Strategy and Roadmap Galin Grozev Senior Technology Consultant Symantec Bulgaria Enterprise Threat Landscape Attackers Moving Faster Digital extortion on the rise Malware
More informationSophos Ltd. All rights reserved.
Sophos Ltd. All rights reserved. 1 Sophos Approach to Unified Security Integrated Security for Be9er Protec;on James Burchell & Greg Iddon, Sales Engineers UK&I, Technology Services What we re going to
More informationCloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive
Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 Key Points Introduction Threat Model Primer Assessing Threats Mitigating Threats Sample Threat Model Exercise
More informationCopyright 2013 Splunk Inc. Introducing Splunk 6
Copyright 2013 Splunk Inc. Introducing Splunk 6 Safe Harbor Statement During the course of this presentation, we may make forward looking statements regarding future events or the expected performance
More informationLogLogic Symantec Endpoint Protection Log Configuration Guide
LogLogic Symantec Endpoint Protection Log Configuration Guide Document Release: September 2011 Part Number: LL60005-00ELS100001 This manual supports LogLogic Symantec Endpoint Protection Release 1.0 and
More informationApplication Security Best Practices. Matt Tavis Principal Solutions Architect
Application Security Best Practices Matt Tavis Principal Solutions Architect Application Security Best Practices is a Complex topic! Design scalable and fault tolerant applications See Architecting for
More informationAWS Service Catalog. User Guide
AWS Service Catalog User Guide AWS Service Catalog: User Guide Copyright 2016 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in
More informationComprehensive Security with Splunk and Cisco
Copyright 2014 Splunk Inc. Comprehensive Security with Splunk and Cisco Mario MASSARD Splunk Senior SE mario@splunk.com Company Company (NASDAQ: SPLK) Founded 2004, first software release in 2006 HQ: San
More informationSplunk Cloud as a SIEM for Cybersecurity CollaboraFon
Copyright 2015 Splunk Inc. Splunk Cloud as a SIEM for Cybersecurity CollaboraFon Timothy Lee CISO, City of Los Angeles Disclaimer During the course of this presentafon, we may make forward looking statements
More informationLeveraging Machine Data to Deliver New Insights for Business Analytics
Copyright 2015 Splunk Inc. Leveraging Machine Data to Deliver New Insights for Business Analytics Rahul Deshmukh Director, Solutions Marketing Jason Fedota Regional Sales Manager Safe Harbor Statement
More informationBUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports
BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security
More informationMucho Big Data y La Seguridad para cuándo?
Mucho Big Data y La Seguridad para cuándo? Juan Carlos Vázquez Sales Systems Engineer, LTAM mayo 9, 2013 Agenda Business Drivers Big Security Data GTI Integration SIEM Architecture & Offering Why McAfee
More informationStaying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro
Staying Secure After Microsoft Windows Server 2003 Reaches End of Life Trevor Richmond, Sales Engineer Trend Micro Windows Server 2003 End of Life- Why Care? The next big vulnerability (Heartbleed/Shellshock)
More informationThe Benefits of an Integrated Approach to Security in the Cloud
The Benefits of an Integrated Approach to Security in the Cloud Judith Hurwitz President and CEO Marcia Kaufman COO and Principal Analyst Daniel Kirsch Senior Analyst Sponsored by IBM Introduction The
More informationAnalyzing HTTP/HTTPS Traffic Logs
Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that
More informationCodeproof Mobile Security & SaaS MDM Platform
Codeproof Mobile Security & SaaS MDM Platform info@codeproof.com https://codeproof.com Mobile devices have been transformed into multi-faceted, multi-tasking, multimedia tools for personal expression,
More informationQuick Service Data for Quick Service Restaurants
Copyright 2015 Splunk Inc. Quick Service Data for Quick Service Restaurants Brandon Burk, Juan Gomez Sonic Drive- In Disclaimer During the course of this presentahon, we may make forward looking statements
More informationCloud models and compliance requirements which is right for you?
Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,
More informationEnd- to- End Monitoring Unified Performance Dashboard (UPD)
Calvin Smith Project Solution Architect Rich Galloway Systems Integration Engineer Michael Rodriguez Splunk Analytics Engineer Karen Wilson Program Manager Northrop Grumman Information Systems (NGIS) Copyright
More informationAchieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR
Achieving Actionable Situational Awareness... McAfee ESM Ad Quist, Sales Engineer NEEUR The Old SECURITY Model Is BROKEN 2 Advanced Targeted Attacks The Reality ADVANCED TARGETED ATTACKS COMPROMISE TO
More informationOverview and Deployment Guide. Sophos UTM on AWS
Overview and Deployment Guide Sophos UTM on AWS Overview and Deployment Guide Document date: November 2014 1 Sophos UTM and AWS Contents 1 Amazon Web Services... 4 1.1 AMI (Amazon Machine Image)... 4 1.2
More informationHow to Grow and Transform your Security Program into the Cloud
How to Grow and Transform your Security Program into the Cloud Wolfgang Kandek Qualys, Inc. Session ID: SPO-207 Session Classification: Intermediate Agenda Introduction Fundamentals of Vulnerability Management
More informationUsing SIEM for Real- Time Threat Detection
Using SIEM for Real- Time Threat Detection Presentation to ISSA Baltimore See and secure what matters Joe Magee CTO and Co-Founder March, 27 2013 About us Vigilant helps clients build and operate dynamic,
More informationHow To Use Splunk For Android (Windows) With A Mobile App On A Microsoft Tablet (Windows 8) For Free (Windows 7) For A Limited Time (Windows 10) For $99.99) For Two Years (Windows 9
Copyright 2014 Splunk Inc. Splunk for Mobile Intelligence Bill Emme< Director, Solu?ons Marke?ng Panos Papadopoulos Director, Product Management Disclaimer During the course of this presenta?on, we may
More informationEverything You Always Wanted to Know About Log Management But Were Afraid to Ask. August 21, 2013
Everything You Always Wanted to Know About Log Management But Were Afraid to Ask August 21, 2013 Logging and Log Management Logging and Log Management The authoritative Guide to Understanding the Concepts
More informationCloud Computing with Amazon Web Services and the DevOps Methodology. www.cloudreach.com
Cloud Computing with Amazon Web Services and the DevOps Methodology Who am I? Max Manders @maxmanders Systems Developer at Cloudreach @cloudreach Director / Co-Founder of Whisky Web @whiskyweb Who are
More informationThing Big: How to Scale Your Own Internet of Things. Walter'Pernstecher'-'pernstec@amazon.de' Dr.'Markus'Schmidberger'-'schmidbe@amazon.
Thing Big: How to Scale Your Own Internet of Things Walter'Pernstecher'-'pernstec@amazon.de' Dr.'Markus'Schmidberger'-'schmidbe@amazon.de' Internet of Things is the network of physical objects or "things"
More informationIntroduction to AWS in Higher Ed
Introduction to AWS in Higher Ed Lori Clithero loricli@amazon.com 206.227.5054 University of Washington Cloud Day 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 2 Cloud democratizes
More informationMcAfee - Overview. Anthony Albisser
McAfee - Overview Anthony Albisser Channel Account Manager About McAfee Founded in 1987, McAfee is now the world s largest dedicated security company (acquired by Intel in 2011) Global research for real-time
More informationT2 IaaSand PCI Compliance. Robert Zigweid, IOActive
T2 IaaSand PCI Compliance Robert Zigweid, IOActive Introduction Robert M. Zigweid Principal Compliance Consultant at IOActive, Inc. PCI QSA, PCI PA-QSA QSA for Amazon Web Services 2 Creating a PCI Compliant
More informationSecurity Essentials & Best Practices
Security Essentials & Best Practices Overview Overview of the AWS cloud security concepts such as the AWS security center, Shared Responsibility Model, and Identity and Access Management. 1 AWS Security
More informationDeploying the Splunk App for Microso> Exchange
Copyright 2014 Splunk Inc. Deploying the Splunk App for Microso> Exchange Jeff Bernt SDET Disclaimer During the course of this presentahon, we may make forward- looking statements regarding future events
More informationTHE BLUENOSE SECURITY FRAMEWORK
THE BLUENOSE SECURITY FRAMEWORK Bluenose Analytics, Inc. All rights reserved TABLE OF CONTENTS Bluenose Analytics, Inc. Security Whitepaper ISO 27001/27002 / 1 The Four Pillars of Our Security Program
More informationAWS CodePipeline. User Guide API Version 2015-07-09
AWS CodePipeline User Guide AWS CodePipeline: User Guide Copyright 2015 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in connection
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More informationQ1 Labs Corporate Overview
Q1 Labs Corporate Overview The Security Intelligence Leader Who we are: Innovative Security Intelligence software company One of the largest and most successful SIEM vendors Leader in Gartner 2011, 2010,
More informationSecuring the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation
Securing the Cloud with IBM Security Systems 1 2012 2012 IBM IBM Corporation Corporation IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns
More informationIdentity and Access Management for the Cloud
Identity and Access Management for the Cloud What you need to know about managing access to your clouds Organizations need to control who has access to which systems and technology within the enterprise.
More informationK7 Business Lite User Manual
K7 Business Lite User Manual About the Admin Console The Admin Console is a centralized web-based management console. The web console is accessible through any modern web browser from any computer on the
More informationSplunk Operational Visibility
Copyright 2015 Splunk Inc. Splunk Operational Visibility Matthias Maier Sales Engineer, CISSP Safe Harbor Statement During the course of this presentation, we may make forward looking statements regarding
More informationMore Comprehensive Digital Intelligence - CorrelaFng Client and Server- side Data
Copyright 2013 Splunk Inc. More Comprehensive Digital Intelligence - CorrelaFng Client and Server- side Data Allan, Mike, Rahul, Sondra #splunkconf About Us! Allan Tomkinson Senior Developer @Lincoln Financial
More informationWhat is Security Intelligence?
2 What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationProtecting the un-protectable Addressing Virtualisation Security Challenges
Protecting the un-protectable Addressing Virtualisation Security Challenges Paul Hogan, Technical Director, Ward Solutions November 11, 2010 Top Cloud Security Challenges Secure Virtualisation Need secure
More informationHow To Buy Nitro Security
McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security
More informationSecret Server Splunk Integration Guide
Secret Server Splunk Integration Guide Table of Contents Meeting Information Security Compliance Mandates: Secret Server and Splunk SIEM Integration and Configuration... 1 The Secret Server Approach to
More informationAWS Lambda. Developer Guide
AWS Lambda Developer Guide AWS Lambda: Developer Guide Copyright 2015 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in connection
More informationCloudStack Metering Working with the Usage Data. Tariq Iqbal Senior Consultant tariq.iqbal@shapeblue.com Twitter: @TariqIqbal_ @ShapeBlue
CloudStack Metering Working with the Usage Data Tariq Iqbal Senior Consultant tariq.iqbal@shapeblue.com Twitter: @TariqIqbal_ @ShapeBlue About Me Involved with CloudStack before donation to Apache Built
More informationGain Insight into Your Cloud Usage with the Splunk App for AWS
Copyright 2013 Splunk Inc. Gain Insight into Your Cloud Usage with the Splunk App for AWS Nilesh Khe
More informationPega as a Service. Kim Singletary, Dir. Product Marketing Cloud Matt Yanchyshyn, Sr. Mgr., AWS Solutions Architect
1 Pega as a Service Kim Singletary, Dir. Product Marketing Cloud Matt Yanchyshyn, Sr. Mgr., AWS Solutions Architect This information is not a commitment, promise or legal obligation to deliver any material,
More informationMobile Device Management Version 8. Last updated: 17-10-14
Mobile Device Management Version 8 Last updated: 17-10-14 Copyright 2013, 2X Ltd. http://www.2x.com E mail: info@2x.com Information in this document is subject to change without notice. Companies names
More informationCopyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com
Manual Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Information in this document is subject to change without notice. Companies names and data used in examples herein are fictitious
More informationAdvanced Threats: The New World Order
Advanced Threats: The New World Order Gary Lau Technology Consulting Manager Greater China gary.lau@rsa.com 1 Agenda Change of Threat Landscape and Business Impact Case Sharing Korean Incidents EMC CIRC
More informationCisco & Big Data Security
Cisco & Big Data Security 巨 量 資 料 的 傳 輸 保 護 Joey Kuo Borderless Networks Manager hskuo@cisco.com The any-to-any world and the Internet of Everything is an evolution in connectivity and collaboration that
More informationPatching, AlerFng, BYOD and More: Managing Security in the Enterprise with Splunk Enterprise
Copyright 2013 Splunk Inc. Patching, AlerFng, BYOD and More: Managing Security in the Enterprise with Splunk Enterprise Marquis Montgomery, CISSP, SSCP, GSEC Senior Security Architect, CedarCrestone #splunkconf
More informationSecurity Information & Event Management (SIEM)
Security Information & Event Management (SIEM) Peter Helms, Senior Sales Engineer, CISA, CISSP September 6, 2012 1 McAfee Security Connected 2 September 6, 2012 Enterprise Security How? CAN? 3 Getting
More informationInformation Technology Policy
Information Technology Policy Security Information and Event Management Policy ITP Number Effective Date ITP-SEC021 October 10, 2006 Category Supersedes Recommended Policy Contact Scheduled Review RA-ITCentral@pa.gov
More informationSolution Brief for ISO 27002: 2013 Audit Standard ISO 27002. Publication Date: Feb 6, 2015. EventTracker 8815 Centre Park Drive, Columbia MD 21045
Solution Brief for ISO 27002: 2013 Audit Standard Publication Date: Feb 6, 2015 8815 Centre Park Drive, Columbia MD 21045 ISO 27002 About delivers business critical software and services that transform
More informationAWS Security & Compliance
AWS Public Sector Jerusalem 19 Nov 2014 AWS Security & Compliance CJ Moses General Manager, Government Cloud Solu3ons Security Is Our No.1 Priority Comprehensive Security Capabilities to Support Virtually
More informationCAS8489 Delivering Security as a Service (SIEMaaS) November 2014
CAS8489 Delivering Security as a Service (SIEMaaS) November 2014 Usman Choudhary Senior Director usman@netiq.com Rajeev Khanolkar CEO SecurView Agenda What is Security Monitoring? Definition & concepts
More informationThe Case For A Cloud Access Security Broker
The Case For A Cloud Access Security Broker 1 Executive summary The SaaS era is here. According to Gartner, SaaS and cloud-based business application services revenue will grow from $13.5 billion in 2011
More informationAutomatizace Private Cloud. Petr Košec, Microsoft MVP, MCT, MCSE www.kosecsolutions.cz, @PetrKosec
Automatizace Private Cloud Petr Košec, Microsoft MVP, MCT, MCSE www.kosecsolutions.cz, @PetrKosec Session Objectives and Takeaways Introduction to Orchestrator Introduction to Service Management Automation
More informationEvolving Log Analysis. Jason McCord <jmccord@kcp.com> Jon Green <jgreen1@kcp.com>
Evolving Log Analysis Jason McCord Jon Green May 2010 First Some Geek Humor. 04/xx jg An Evolution, Really? Going beyond security plan requirements a good set of logs
More informationOn and off premises technologies Which is best for you?
On and off premises technologies Which is best for you? We don t mind what you buy, as long as it is YELLOW! Warren Sealey and Paul-Christian Garpe On Premises or in the cloud? 1 Agenda Why Symantec? Email
More informationAmazon EFS (Preview) User Guide
Amazon EFS (Preview) User Guide Amazon EFS (Preview): User Guide Copyright 2015 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used
More informationBITDEFENDER SECURITY FOR AMAZON WEB SERVICES
BITDEFENDER SECURITY FOR AMAZON WEB SERVICES Beta Version Testing Guide Bitdefender Security for Amazon Web Services Beta Version Testing Guide Publication date 2015.03.04 Copyright 2015 Bitdefender Legal
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationEvery Silver Lining Has a Vault in the Cloud
Irvin Hayes Jr. Autodesk, Inc. PL6015-P Don t worry about acquiring hardware and additional personnel in order to manage your Vault software installation. Learn how to spin up a hosted server instance
More informationHow To Deploy Sangoma Sbc Vm At Amazon Cloud Service (Awes) On A Vpc (Virtual Private Cloud) On An Ec2 Instance (Virtual Cloud)
Sangoma VM SBC AMI at AWS (Amazon Web Services) SBC in a Cloud Based UC/VoIP Service. One of the interesting use cases for Sangoma SBC is to provide VoIP Edge connectivity between Soft switches or IPPBX's
More informationSecuring the Service Desk in the Cloud
TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,
More informationUSER CONFERENCE 2011 SAN FRANCISCO APRIL 26 29. Running MarkLogic in the Cloud DEVELOPER LOUNGE LAB
USER CONFERENCE 2011 SAN FRANCISCO APRIL 26 29 Running MarkLogic in the Cloud DEVELOPER LOUNGE LAB Table of Contents UNIT 1: Lab description... 3 Pre-requisites:... 3 UNIT 2: Launching an instance on EC2...
More informationAWS Account Management Guidance
AWS Account Management Guidance Introduction Security is a top priority at AWS. Every service that is offered is tightly controlled and adheres to a strict security standard. This is evident in the security
More informationSolicitation RFI-FTB-1415-SIEM Project. SIEM Project. Bid designation: Public. State of California
5 Solicitation RFI-FTB-1415-SIEM SIEM Bid designation: Public 6/19/2014 10:56 AM p. 1 6 SIEM 5 Bid Number Bid Title RFI-FTB-1415-SIEM SIEM Bid Start Date Jun 19, 2014 9:56:09 AM PDT Bid End Date Jul 7,
More information