ClearSkies. Re-Defining SIEM

Transcription

1 ClearSkies Re-Defining SIEM

2 Re-Defining SIEM You are required to collect and archive log data generated from diverse systems and applications for forensics and regulatory compliance purposes. You need to appropriately analyze, investigate and report on log data collected for Security Threats and Vulnerabilities that might affect the Confidentiality, Integrity and Availability of your mission - critical systems and communication links. You need access to dependable and up to date, in-depth Threat Intelligence information so that you can become more proactive and focused in minimizing and managing your information security risk. In essence, what you need is a robust, intelligent, cost effective, easy to deploy, SIEM solution. Efficient and effective Security Information and (SIEM) is no longer an expensive information security tool that can be afforded only by large and resource-rich organizations. Odyssey s ClearSkies Security-as-a-Service (SECaaS) SIEM platform addresses the need of organizations of any size or industry, to manage the wealth of log data generated from security devices, systems, applications, network infrastructures and communication links. It does so, in a holistic manner, enabling organizations to effectively and cost efficiently, enhance their information security and compliance operations across the board with virtually zero upfront investment. Challenges faced by Organizations today The ever increasing frequency, complexity and sophistication of threats and attacks on organizational security devices, systems, applications, network infrastructures and communication links, imposes a greater pressure on organizations towards enhancing their information security arsenal and becoming more proactive in facing such risks. This reality however, creates an operational oxymoron; the more extensive and complex the organizational information security arsenal becomes, the greatest the cost and difficulty in monitoring it to efficiently and timely identify and respond to threats and attacks on the organizational resources. This challenge is further compounded by the fact that legal and regulatory frameworks exert an even stronger pressure on organizations to comply with, and report on stringent information security control measures. To overcome these challenges, larger organizations have been internally investing in Security Information and (SIEM) capabilities. However, economic pressures, as well as the fast pace at which information security trends and threats are emerging, make the administration and maintenance of an in-house SIEM capability, both expensive as well as highly specialized and thus, outside the core competency sphere of most organizations. How Odyssey helps you in addressing these challenges As a regional leader in the provision of information security and managed security services for over a decade, with hundreds of clients in security sensitive industries such as banking, insurance, energy and healthcare, we have been exposed to these challenges and have heavily invested in addressing them in a manner that not only meets current needs but is also flexible enough to evolve into accommodating emerging trends. With ClearSkies Security-as-a-Service (SECaaS) SIEM you can: Achieve UP TO 80% reduction in the Number of False-Positive Alerts Noise, allowing you to focus your efforts on combating Real Threats. Minimize incident response times and maximize response success rates by integrating with the Threat Intelligence and Vulnerability service part of this service portfolio. Gain access to our BigData platform which provides Smarter Statistical & Behavioral, including User Behavior UBA capabilities. Have a clear, real-time view of important information security incidents, metrics and indicators literally at your fingertips through smart, fully customizable SIEM dashboards. Tailor your SIEM service to your needs and budget through our flexible service delivery model. Deploy a valuable tool which will immediately improve your information security baseline without long deployment learning curves and no upfront investment. ClearSkies Security-as-a-Service (SECaaS) SIEM, successfully tackles these challenges by helping you achieve pivotal information security and business objectives including: Functional Log and with clear view of your overall information security posture at any time. Instant transformation of log data into information security intelligence, useful in making informed decisions. Early identification of suspected or actual malicious events and the ability to analyze, address and follow up on them through a structured process. Effortless preparation of both specialized as well as ad-hoc reports in no time, vastly enhancing your compliance and business decision support processes. Enhanced knowledge of latest information security threats and trends by tapping into a unique Information Security and Threat Intelligence knowledge pool Odyssey IthacaLabs. Accessing your service anywhere, anytime with ClearSkies mobile application available for Windows, ios and Android smart-phones and tablets.

3 Incorporates predefined reports designed to meet the requirements of regulatory frameworks such as the PCI, but also allows you to easily create additional reports based on your needs and business requirements. The module s scheduling capabilities further simplify the reporting process. BigData Helps you by intelligently processing and analyzing large volumes of structured and unstructured data, identifying threats, which would go unnoticed by traditional analysis tools and techniques. Fully configurable dashboards can be customized to meet users needs and work habits. With smart drill down capabilities, the module allows users to have pertinent information right at their fingertips. Allows you to efficiently and effectively monitor, classify and manage events according to their severity, permitting security staff to delegate actions and responsibilities internally. Compliance Provides you with the framework for understanding compliance behavior since Information Security rules and regulations of the organization are the key to strengthening information security. Threat Intelligence by IthacaLabs Continuously enriched with evidence-based knowledge for existing and/or emerging Cyber Threats and Vulnerabilities. This outcome is fed into the Analysis and Correlation processes, thus minimizing False-Positive Alerts; also improving your decision making process when strategically planning your internal defenses against similar future threats. Performance & Availability Helps you proactively monitor the performance and availability of your mission-critical systems and communication links. Vulnerability Provides you with the ability to import results from different vulnerability tools and use them during the Analysis and Correlation process in order to further minimize False-Positive Alerts. ClearSkies SECaaS SIEM line of Service Modules & Architecture The ClearSkies Security-as-a-Service (SECaaS) SIEM is a cloud-based line of services, which combines a unique set of features, while its architecture is based on our proven security event management methodology. Together, they formulate a service, which places Odyssey at the forefront of the global SIEM SECaaS provider market. In addition, it is Integrated with BigData, intelligent security capabilities, thus bringing unparalleled performance capabilities to the platform s Investigation, Remediation, Statistical and User Behavioral (UBA) features; vital aspects for any organization that is serious about its information security capability. Copyright 2015 Odyssey Consultants LTD. All rights Reserved

4 Service Architecture The entire architecture of the ClearSkies Security-as-a-Service (SECaaS) SIEM service is based on our proven Methodology developed through our decades long experience and expertise in the challenging sector of information security. Basically, this architecture is based on the following process, which demonstrates how effective and efficient of Security threats is achieved. Collect: Log data generated from a number of diverse security devices, systems, applications, network infrastructures and communication links, are collected. Archive: Log data collected are compressed at a ratio of up to 85%, digitally signed and optionally encrypted before archived. This way collected logs are maintained at a state which allows them to be also utilized for forensic investigation or legal evidence should the need arise. Normalize/Mask: Log data from different network, systems, applications and vendors are formatted in different ways, even if these events are semantically equivalent. Copy of the log data collected are normalized and stored into a common schema at the time of data collection for further processing, Analysis and Correlation, and ad hoc search and reporting. Optionally, sensitive information found within the log data, such as user credentials, could be masked before leaving your premises for further Statistical and Behavioral Analysis. Analyze: Analysis of normalized log data is performed for identifying Real-Threats, thus minimizing False-Positive Alerts, by utilizing IthacaLabs Threat Intelligence feed and Vulnerability Information that might exist on your missioncritical systems. Based on these characteristics the Severity, Exploitability and Impact Factors for Real-Threats are calculated and fed into the Correlation process. Correlation: The Correlation of Real-Threats utilizes not only a number of statistical and behavioral heuristics models but also a number of intelligent correlation rules which are developed on an ongoing basis by taking into consideration the Threat Analysis & Security Intelligence provided through IthacaLabs. This process facilitates the early identification of Real-Threats and/ or misuse attempts that might affect the Confidentially, Integrity and Availability of your information. Incident : You can escalate events which have been determined to impose a Real-Threat to your mission-critical systems and communication links to incident status and assign them internally for further investigation and resolution using the built-in incident management process workflow through Incident Escalation communication channels such as: Sending , Push-Notifications* and/or SMS to those people that this incident is assigned to, accompanied with a brief summary of the incident including its severity level. Updating the built-in incident management dashboard with details regarding the raised incident, including course of action. notifications Push notifications smart-phones & tablets Clearskies Secure Web Portal *For receiving Push-Notifications on smart-phones and tablets you should have installed ClearSkies mobile application, which is available for Windows, ios and Android operating systems. Flexible Service Delivery Model SMS notifications Understanding the varying sizes, needs, internal capabilities and information security management maturity levels of different organizations, we have structured the ClearSkies Security-as-a-Service (SECaaS) SIEM line of services in a modular manner and in different deployment options including virtual and physical appliances. While each module can operate on its own, the addition of service modules based on clients changing needs and budget, can be a swift and transparent process. Part or the entire ClearSkies Security-as-a-Service (SECaaS) SIEM services could be upgraded at any given time to Managed Security & Protection Services and/or to Outsourcing Services. This scenario is ideal for organizations with the need of 24/7/365 Asset Monitoring, Log Review, Analysis, for their critical assets, but at the same time wish to perform their own log review and analysis for non critical assets. Standard Plus Premium Managed Security & protection services Outsourcing Services Collection Archiving Normalization Analysis Correlation process minimizes further False-Positive Alerts thus allows you to focus only on those events that require your attention. Vulnerability Threat Intelligence Vulnerability Performance & Availability Threat Intelligence Compliance Intelligent Correlation Service by Odyssey IthacaLabs

5 Company Overview Odyssey Consultants is an ISO certified, Information Security, Infrastructure and Risk Solutions integrator and a Managed Security & Outsourcing Services Provider. Odyssey is accredited by the Payment Card Industry Security Standards Council (PCI SSC) as a Qualified Security Assessor (QSA) and an Approved Scanning Vendor (ASV). Our services and solutions span the whole spectrum of People, Process and Technology. Odyssey was founded in 2002 with the main objective of providing High-Quality, Cutting- Edge, Information Security, Infrastructure and Risk Services to organizations that value their information assets. Since then, and in keeping with market trends, we have evolved and pride ourselves for becoming a regional leader in the Managed Security & Outsourcing Services sector as well. Our Vision and Mission Our vision is to be the leading organization in the wider region in the areas of Information Security, Infrastructure and Risk Services and related Managed Security & Outsourcing Services, creating real and sustainable value to our clients, employees and shareholders. Our Mission is to be the recognized leader in the regional Information Security, Infrastructure, Risk and Managed Security & Outsourcing Services market, projecting trust in our experience and skills, and consistently delivering a high quality experience to our clients. Our Principles We Are Centered Around You Underlying our business mission is the unconditional requirement that our services fulfill our clients needs and exceed their expectations. Having this in mind, our business approach places the client in the center of our business equation. Building Value For Our Customers This statement underpins our philosophy in servicing our clients needs through robust cost - benefit analysis and approaches, which take a pragmatic and practical approach in balancing risks and controls. Our Values + Innovation We transform innovative ideas into progressive products and solutions that proactively address information security trends and challenges. + Passion for Perfection We strive for perfection by inspiring into our people the sense of leadership, ownership and perseverance that is supported by a culture of teamwork, mutual respect and professionalism. + Customer Focus Underlying our business mission is the unconditional commitment to be ahead of our customers needs and exceed their expectations, by delivering high quality, adaptive and robust solutions. For Sales Enquiries: sales@odysseyc.com For General Enquiries: info@odysseyc.com Headquarters Cyprus: 1 Lefkos Anastasiades str Strovolos, Nicosia, tel.: , fax: Offices Greece: 7 Anastaseos str., 2nd floor, Holargos , Athens, tel.: , fax: Serbia: Vladimira Popovica, 1st floor, , Belgrade, tel.: , fax: Dubai: Ground Floor #07, Building 16, Dubai Internet City, PO Box Dubai, UAE tel.: , fax: