SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)

Transcription

1 E-SPIN PROFESSIONAL BOOK SECURITY MANAGEMENT SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM) ALL THE PRACTICAL KNOW HOW AND HOW TO RELATED TO THE SUBJECT MATTERS. COMPLIANCE MANAGEMENT,PROACTIVE MONITORING,THREAT MANAGEMENT FORENSICS & TRACEABILITY

2 Editor s Summary E-SPIN Comprehensive Professionals Book on Security Management helps to face a greater challenge when prioritizing just where their limited budgets should be invested in order to emerge as strong, viable companies. Security Management is possibly today's most overlooked aspect to enjoy advanced correlation, searches, reporting and displays for security incidents across any IT infrastructure. One area where the tools can provide the most needed help is in compliance. Corporations increasingly face the challenge of staying accountable to customers, employees and shareholders, and that means protecting IT infrastructure, customer and corporate data, and complying with rules and regulations as defined by the government and industry. A lot has happened in the past few months, including an increased international growth that now has taken us further into the global markets. As a sole distributor In Malaysia, ImmuneSecurity products are part of E-SPIN s Security Management Solution Portfolio to to manage Dashboards that are user configurable depending on roles and responsibilities and have a secure, centralized log archive that automatically analyzes log messages in real-time. E-SPIN Professional book on Security Management will focuses on Security Information and Event Management (SIEM), Compliance Management, PCI Data Security Standards, Vulnerability Assessment, Managed Services, and security concerns. By reading this book, organizations, firms and companies should consider adopting Security Information and Event Management (SIEM) solutions in the areas of security management providing a platform that extracts intelligent events and incidents from the millions of logs that today exists in an IT infrastructure of any size. Finally, till we meet again in the next issue and happy reading. Chief Of Editor, Madeline Lim

3 TABLE OF CONTENTS Chapters Page CHAPTER 1 Introduction of Security Information and Event Management CHAPTER 2 Compliance Management... 6 CHAPTER 3 - PCI Data Security Standards...7 CHAPTER 4 Vulnerability Assessment...8 CHAPTER 5 Managed Service...9 CHAPTER 6 SIEM Security Concerns...10

4 SIEM MADE EASY Robust. Dynamic. Unparalleled. Today s extreme digital, IT and economic climates are increasingly demanding more from your company than ever before. But balancing cybercrime security, compliance regulations and the optimization of IT systems is a delicate act particularly when budgets are under strain. Many organizations are realizing that a rich solution can turning SIEM into true business value, thanks to several key wins: Automated compliance and regulatory processes. Improved efficiency in forensic investigations. Increased troubleshooting turnaround. An overall improved security posture. LogPoint 5.1 ROI, made easy. ImmuneSecurity s LogPoint 5.1 solution was created with your business value in mind. Inspired by the needs of our customers and partners, LogPoint 5.1 incorporates SIEM innovations that translate into a welcome return on your investment. Proactive Monitoring. When services are IT dependent, unexpected performance issues and security breaches can severely impact a company's competitiveness.logpoint 5.1 allows you to quickly respond to unexpected situations and problems before business performance are affected or revenue is lost. Threat Management. Investigations into IT and cybercrimes have revealed that more organizations are being exposed to internal as well as external attacks across the board. And these attacks are growing more complex and targeted as well as more silent, efficient and harder to discover. LogPoint 5.1 is the one-stop-shop for detecting complex, external attacks and overlooked internal fraud across your enterprise no matter the size. Forensics & Traceability. Enterprises of all scales face the task of finding and gathering information from multiple data logs. And keeping track of these logs steals precious time away from your other security needs. LogPoint 5.1 is a single, secure and compliant-ready warehouse for all log data allowing you to analyze all data uniformly. Response time is minimized, events across the entire infrastructure are quickly alerted and easily addressed, and authorities and auditing firms can easily be given necessary documentation for investigation or analysis.

5 Compliance Management. The burden of regulatory compliance has grown significantly heavier for nearly every industry. The list of regulations is long and potential penalties are significant.logpoint 5.1 provides the foundation for meeting compliance, but can also be the first step towards a truly effective security strategy. It allows you to focus on the right choices and core issues for your security solutions as you swiftly reach your compliance requirements. Data Enrichment. Logs alone don t always give you the answers they often lack the data you need to know. Organizations often burden themselves by launching unnecessary measures to search for this data, including manual processes, routines for executing proper controls, and spot checks in compliance with regulations or security controls. LogPoint 5.1 offers dynamically enriched log messages from external as well as internal data sources enabling complex correlation and analysis features.

6 LogInspect v5.1.1 ImmuneSecurity proudly presents LogInspect version This version contains numerous enhancements as well as some bug fixes. The highlights for this release are: Introduction of LI Lite for distributed collection of logs from remote locations. Higher availability of logs from the main LogInspect can be made by creating a copy of a repo in the remote LogInspect. Introduction of tenants for effective object management between various organizational units. Enhancements A selection of the major enhancements of LogInspect v5.1.1 is listed below in detail. Devices and Collection Logs can be forwarded into the system from different platforms using the Distributed Collector. This support is available for LI Lite at the moment. IPv6 support is extended to the following collectors and fetchers: SNMP fetcher, sflow collector,fileinspect collector, SNMP trap collector and the netflow collector. The CIDR IP address, is supported for all of the collectors. Log parser's pattern can be validated by checking against the example message. SNMP fetcher works for leaf OIDs. Search and Queries Fields in search query can now be renamed. Grouping constructs support "order by" syntax. Inline list now supports, using whitespace enclosed by quotes. Cmd + click (Ctrl + click) opens and displays the search result on a new tab. Dashboard and User Interface Growl position setting, can now be managed from preferences page. Dashboard tabs are now moveable.

7 User Management LDAP authentication supports three different login formats: "Sam Account Name", "UID" and "DN". This can be configured from "Advance LDAP Settings". SSL implemented for Directory Access Protocol (LDAP Strategy). Username is now made non editable. Correlation and Alert Ownership of rules can be transferred to other users. System and Performance Critical security updates for the system can be applied by uploading the tested security patch and installing them. Backup and Storage Backup scheduling is made optional. For backups, its now possible to apply a retention policy. FileInspect Windows events can now be collected, by using the "Windows Event Log Reader" checkmark, while configuring the FileInspect client. Reporting Queries in reports templates are now editable. Bug Fixes A selection of the major bug fixes of LogInspect v5.1.1 is listed below. Netflow v9 now contains all available fields. HTTPS certificate can now be applied, without rebooting the server. Problem with configuration backup has been fixed. Vendor dashboard can now be used through the "use action".

8 Compliance Management a daunting task? Security compliance requirements are normally a highly time-consuming and expensive task. Companies must not only interpret audit requirements and controls, they also face managing extreme volumes of log data all this while facing regulations at federal, state, and industry levels. Not only are these mandates costly and complicated, failure to comply can result in huge financial losses from fines, notification costs, legal issues and damaged reputations. A compliance opportunity. The LogPoint 5.1 SIEM solution goes beyond enabling compliance. It provides the opportunity to prove you are implementing and monitoring the required processes. And it gives you a powerful tool to protect and secure your company s data. LogPoint 5.1 s compliance solution allows for ease when meeting compliance requirements, thanks to: Compliance standard pre-sets. Meet compliance obligations quickly, easily and efficiently. Tailored reports. Easy, quick and customizable. Full auditing trails. Track and trace your data with ease. Log capture & storage. Secure and security-signed for evidence and forensics. Additionally, LogPoint 5.1 supports out-of-the-box compliance and regulatory requirements, including: PCI-DSS SOX ISO (auditing and monitoring) ISO including ds484:2005 Basel II HIPAA FISMA Many more...

9 PCI DATA SECURITY STANDARDS (PCI-DSS) PCI compliance, made easy. PCI the Payment Card Industry data security standard. PCI standard mandates that merchants and service providers storing, processing, or transmitting credit card data must comply with a multitude of requirements. The consequences of not meeting compliance are costly and include fines, notification costs, legal issues and brand damage. Don t just log detect, stop, and remedy. Typical log management solutions merely collect, store, and report on raw event Logs. But meeting PCI requirements is more than simply checking the box. Assuring that proper controls are in place and effective requires more than just plugging in a log management tool and forgetting about it. Simple and cost effective. LogPoint 5.1 adds an additional layer of security intelligence by employing multiple layers of correlation technology packaged with detection, security and remedy capabilities. It not only helps you meet the most stringent PCI compliance obligations, it helps you fulfill your unique security intelligence needs assuring that you do not have to overinvest your time, budget and resources. SARBANES-OXLEY-SOX SOX for security best practices & proactive risk management. The Sarbanes-Oxley Act (SOX) was designed to protect investors by improving the accuracy and reliability of corporate disclosures made in accordance with securities laws. SOX standards must be followed or companies face strict penalties for non-compliance. Manageable and cost effective. A properly implemented risk-based approach to auditing for SOX compliance can make SOX more manageable. It can also reduce the associated cost and help ensure the adequacy of controls and the integrity of financial reporting. With LogPoint 5.1, a company can achieve security best practices and continuously manage risk through: Data collection Log management Real-time monitoring Threat identification Rapid response Actionable reporting

10 VULNERABILITY ASSESSMENT Vulnerability scanning prevents successful attacks in a business network An Outpost24 solution automatically identifies security flaws in your network and gives an important overview of what an attacker could achieve by attacking your high-value assets. To a cyber-criminal, vulnerabilities on a network are hidden gateways to gain access to the high-value assets in your organization. When exposed, these vulnerabilities can be targeted for exploitation, and consequently provide fuel for stolen identities, trigger theft of business secrets, violate privacy provisions of laws and regulations or right-out paralyze operations. Organizations are forced to continuously maintain the protection of their networks. Traditionally, this has been accomplished by creating barriers against attacks by investing in reactive security tools such as firewalls, anti-virus tools and intrusion detection systems. In today's environment these reactive mechanisms simply are not enough. Instead of waiting for attacks to occur, there is a need to take a proactive approach. Only by using proactive security tools that continuously identify security risks, it is possible to effectively manage and reduce the risk exposure. Legislation and compliance with security requirements are also becoming more demanding. The PCI (Payment Card Industry) security standards, Sarbanes-Oxley (SOX) among others all include requirements for regular testing of network security. Outpost24 is dedicated to offering turnkey solutions based on a true proactive approach. Every day, we assist over 1,000 customers world-wide in securing their valuable assets and ensuring compliance with policies and regulations. Our solutions can be immediately deployed and are always accompanied by our well-appreciated 24/7 security expert support. ImmuneSecurity has exclusive distribution rights of all Outpost24 products in Denmark.

11 MANAGED SERVICES Highly Specialized Services Log Management and Vulnerability Assessment Management solutions from ImmuneSecurity within are often combined with a tailored managed service delivered on a weekly, monthly or quarterly basis. The impact of implementing these often complex IT security solutions consumes many key resources within an organization. A managed service will ease the internal workload and the organization can concentrate on analyzing the key findings summarized by the ImmuneSecurity professionals. Other key benefit from using a managed service is to have a neutral and external party deliver an IT security report on a frequent basis this ensures that all IT breaches are covered and the desired level of security can be maintained. The main driver for managed service subscriptions are assurance of compliance e.g. PCI, SOX, DS484 by letting ImmuneSecurity deliver on-time quality compliance reporting and suggestions to remediation.

12 SIEM Security Concerns Most organizations face the same inherent challenges when dealing with security information and event management (SIEM): effectively balancing limited IT resources, ever-increasing supplies of log data, dealing with regulation compliance, and keeping staff training up-to-date. There are four best challenges that organizations should consider to achieve this balance: Prioritize security information and event management appropriately throughout organizations Organizations can define requirements and goals for performing logging and monitoring logs to include applicable laws, regulations, and existing organization policies. They can then prioritize goals based on balancing risk with time and resources needed to manage logs Establish policies and procedures for security information and event management Policies and procedures are beneficial because they ensure consistent approaches throughout organizations as well as ensure that laws and regulations are observed. Periodic audits can confirm that logging standards and guidelines are followed throughout organizations. Furthermore, testing and validating can properly ensure log management policies and procedures Create and maintain robust security information and event management infrastructures Having secure log management infrastructures aids in preserving the integrity of log data from accidental or intentional modifications or deletions and in maintaining confidentiality. It is also critical for creating scalable infrastructures for handling expected volumes of log data as well as peak volumes during extreme situations (e.g. widespread malware incidents) Provide proper training for all staff with security information and event management responsibilities While defining log management schemas, organizations must provide requisite training to relevant staffers regarding their log management responsibilities as well as skilled instruction on the resources necessary to support log management. This includes providing log management tools, tool documentation, technical guidance on log management, and disseminating information to log management staffers.