Juniper Security Threat Response Manager (STRM) Mikko Kuljukka COMPUTERLINKS Oy
|
|
- Roy Blair
- 8 years ago
- Views:
Transcription
1 Juniper Security Threat Response Manager (STRM) Mikko Kuljukka COMPUTERLINKS Oy
2 Customer Challenges Dispersed Threats IT Overload IT information overload Flood of logged events from many point network and security devices Lack of expertise to manage disparate data silos & tools Compliance mandates Industry specific regulations mandating security best practices Internal IT risk assessment programs Evolving internal and external threats Insider abuse, theft of intellectual property Complex integrated attacks Industry Regulations 2 Copyright 2009 Juniper Networks, Inc.
3 Junipers SIEM/NBAD Solution STRM Security Threat Response Manager STRM Key application features Log Management Provides long term collection, archival, search and reporting of event logs, flow logs and application data Security Information and Event Management (SIEM) Centralizes heterogeneous event monitoring, correlation and management Network Behavior Anomaly Detection (NBAD) Discovers aberrant network activities using network and application flow data Log Management Network Behavior Analysis Security Information & Event Management 3 Copyright 2009 Juniper Networks, Inc.
4 STRM s Key Value Proposition Threat Detection: Detect New Threats That Others Miss Log Management: Right Threats at the Right Time 4 Copyright 2009 Juniper Networks, Inc. Enterprise Value Compliance: Compliance and Policy Safety Net Complements Juniper s Enterprise Mgmt Portfolio
5 STRM Architecture 5 Copyright 2009 Juniper Networks, Inc.
6 Log Management Challenges include Log overload for administrators STRM enables Highly scalable log aggregation; Consistent logging taxonomy Multi-vendor network; Constant change of formats Demanding operational requirements Broad vendor coverage and extensible APIs for less common formats Advanced log management capabilities including tamper proof log archives 6 Copyright 2009 Juniper Networks, Inc.
7 Unrivalled Data & log Management Networking events Switches & routers, including flow data Compliance from Jflow, Netflow, Forensics Sflow, Packeteer, qflow Security logs Firewalls, IDS, IPS, VPNs, Vulnerability Scanners, Gateway AV, Desktop AV, & UTM devices Operating Systems/Host logs Microsoft, Unix and Linux, OSX Applications Database, mail & web Support for leading vendors including: Networking: Juniper,Cisco, Extreme, Nokia, F5, 3Com, TopLayer and others Security: Juniper, Bluecoat, Checkpoint, Fortinet, ISS, McAfee,Snort, SonicWall, Sourcefire, Secure Computing, Symantec, and others Network flow: NetFlow, JFlow, Packeteer FDR, & SFlow Operating systems: Microsoft, AIX, HP-UX, Linux (RedHat, SuSe), SunOS, and others Applications: Oracle, MS SQL, MS IIS, MS AD, MS Exchange, and others Security map utilities: Maxmine (provides geographies) Shadownet Botnet Templates Customization logs through generic Device Support Module (DSM) Adaptive Logging Exporter (ALE) Integrate proprietary applications and legacy systems Search Policy Reporting 7 Copyright 2009 Juniper Networks, Inc.
8 Security Event correlation & threat Management How to make sense of the collected data Challenges include Correlation rules complex to manage Vendor log formats are a moving target Constant change on the network STRM provides Simplified out-of-the-box building blocks & rules simplify rule management QID map provides intelligent mapping of vendor events Extensive use of historical profiling for improved accuracy of results 8 Copyright 2009 Juniper Networks, Inc.
9 Event rule example 9 Copyright 2009 Juniper Networks, Inc.
10 Asset Profiles Active and Passive Asset Profiles Combination of Active and Passive Profiles for correlation Host existence Port Open/Close Host vulnerable to this attack/any attack Nessus, nmap, Qualys, Lumension etc. etc. History of Identity (user, host, MAC, etc ) Ability to control timing and type of scanning activity Cross correlation with other events 10 Copyright 2009 Juniper Networks, Inc.
11 The Value of FLOW Passive flow monitoring creates asset profiles and helps classify hosts Detection of day-zero attacks Policy monitoring and rogue server detection Visibility into all communication Network awareness, visibility and problem solving 11 Copyright 2009 Juniper Networks, Inc.
12 Flow Data For Policy Monitoring Detection of applications and protocols that are not trusted P2P Chat Unencrypted traffic in secure areas of network Applications or Protocols running on non standard ports Establishing Policies for trusted network communications 12 Copyright 2009 Juniper Networks, Inc.
13 Flow Data For Anomaly Detection Detects changes in traffic based on New protocol or application on the network Abnormal use of a protocol or service (SSH) Loss of a service such as web server 13 Copyright 2009 Juniper Networks, Inc.
14 Flow Data For Behavior Profiling Learn normal traffic patters for hosts, protocols and networks Predicts behavior and identifies abnormal conditions Abnormal traffic patterns to country X 14 Copyright 2009 Juniper Networks, Inc.
15 Reduction and Prioritization Threat Management STRM Previous 24hr period of network and security activity (1.3 M logs)! STRM correlation of data sources creates offenses (129)! Data reduction:! 10633:1! 15 Copyright 2009 Juniper Networks, Inc.
16 STRM Offense Management Tracks significant security incidents & threats Leverages building blocks & rules Builds history of supporting & relevant information for significant security incidents Provides point-in-time reference of offending users and vulnerability state Provides record of first and last occurrence of security incidents Incorporates network behavior analysis to validate/discredit incidents & detect unknown traffic patterns Provides prioritization based on: credibility, relevance & severity 16 Copyright 2009 Juniper Networks, Inc.
17 Offense Management Intelligent Workflow for Operators Who Is attacking? What is being attacked? What is the impact? Where do I investigate? 17 Copyright 2009 Juniper Networks, Inc.
18 STRM System features Centralized browser based UI Role based access to information Customizable dashboards Real-time & historical visibility Advanced data mining & drill down Easy to use rule engine Hierarchical distribution for scale 18 Copyright 2009 Juniper Networks, Inc.
19 About Reports Reports interface allows you to create, distribute, and manage reports Use the Report Template Wizard to create operational and executive level reports that combine any network traffic and security event data in a single report Reports also allows you to brand your documents with your customized logos enabling you to support various unique logos for each report 19 Copyright 2009 Juniper Networks, Inc.
20 Reporting Out of the box report templates Fully customizable reporting engine: creating, branding and scheduling delivery of reports Events and Time Series Reports Compliance reporting packages for PCI, SOX, FISMA, GLBA, and HIPAA Reports based on control frameworks: NIST, ISO and CoBIT Executive Reports Vendor Specific Reports Routers/Switches VPN/SSL Firewalls/IDP UTM Application Database Access 20 Copyright 2009 Juniper Networks, Inc.
21 STRM Products Distributed STRM 2500 EP/ FP Combo Large enterprises &Service Providers STRM5000 STRM 500 QFC STRM 5000 STRM 2500 FP STRM5000 STRM 5000 STRM 2500 EP STRM 500 QFC Small Medium Enterprise STRM2500 STRM 500 QFC Small Enterprise STRM500 STRM 500 QFC 250EPS 500EPS 1000EPS 2500EPS 5000EPS EPS 15K flows 25K 50K flows 21 Copyright 2009 Juniper Networks, Inc. (50 MB 200MB QFlow collection) 100K 200K flows 200K 400K flows
22 Hardware Summary Market Segments STRM Models CPU Memory Storage Small STRM 500 Intel Core 2 Dual 8GB 2x 500GB HDD RAID 1 Medium STRM 2500 Intel Core 2 Quad 8GB 6x 250GB HDD RAID 5 array Large STRM 5000 Intel Core 2 Quad 8GB 6x 500GB HDD RAID 10 array 22 Copyright 2009 Juniper Networks, Inc.
23 SMALL/MEDIUM ENTERPRISE ALL-IN-ONE Company Requirement Less than 200 eps Less than 10K flows STRM Web Console STRM Solution All in one STRM eps and 15K Flow license Correlation Reporting Log Management Flow Management Embedded Qflow Collection Network Devices Exporting Flow Data Security Devices Exporting Logs 23 Copyright 2009 Juniper Networks, Inc.
24 SMALL/MEDIUM ENTERPRISE LOG MANAGEMENT ONLY Company Requirement Less than 200 eps No need for Flows No need for Correlation STRM LM Web Console STRM Solution STRM 500 LM (Log Manager) 500 eps LM license Reporting Log Management 24 Copyright 2009 Juniper Networks, Inc. Security Devices Exporting Logs
25 Medium to Large Enterprise All-in-One Company Requirements 100K Flows 2000 EPS Up to devices STRM Web Console STRM Solution STRM 2500 Correlation Reporting Log Management Flow Management Embedded Qflow Collection Network Devices Exporting Flow Data Security Devices Exporting Logs 25 Copyright 2009 Juniper Networks, Inc.
26 Large Enterprise/SP All-in-One Company Requirements 200K Flows 5000 EPS Up to devices STRM Web Console STRM Solution STRM 5000 Correlation Reporting Log Management Flow Management Network Devices Exporting Flow Data Security Devices Exporting Logs 26 Copyright 2009 Juniper Networks, Inc.
27 Distributed Deployment Typical STRM Web Console Company Requirements Distributed deployment 200K Flows 2500 EPS Up to devices STRM Solution STRM 5000 CON STRM 2500 EP STRM 2500 FP STRM 5000 Console STRM 2500 EP STRM 2500 FP STRM QFC (Optional) STRM 500 Qflow Network Devices Exporting Flow Data Security Devices Exporting Logs 27 Copyright 2009 Juniper Networks, Inc.
28 STRM 50K EPS Deployment Scenario True Distribution Large Scale deployment One Central Console Normalization on EPs STRM Web Console STRM 5000 Console 10K EPS 10K EPS 10K EPS 10K EPS 10K EPS Security Devices Exporting Logs Security Devices Exporting Logs Security Devices Exporting Logs Security Devices Exporting Logs Security Devices Exporting Logs 28 Copyright 2009 Juniper Networks, Inc.
29 ISCSI (IP-SAN) Deployment Scenario STRM Event Processors Collection, Analysis Storage of Events from Security and Infrastructure Devices (Up to 10,000 EPS each) STRM Console Correlation, Reporting Storage &, Analysis LAN Network STRM Flow Processor Flow Processing and Storage (Up to 600,000 flows) STRM EP STRM EP STRM FC STRM FC STRM Netflow/J Flow Collectors Collection from routers, switches with optional L7 flow collection from a span port or tap 29 Copyright 2009 Juniper Networks, Inc. IP-SAN Appliance
30 Deploying STRM with Existing SIM solutions ArcSight, RSA etc Correlation 3 rd Party SEM Solution Syslog Forwarding 3 rd Party Syslog Servers STRM (LM) Log Consolidation Flexibility in deployment Coexist with competitors Log Management No Correlation needed Consolidation of Logs Security Devices Exporting Logs Security Devices Exporting Logs 30 Copyright 2009 Juniper Networks, Inc.
31 ..so what is STRM Visibility to the environment Support wide vendor spread to gather information Combine flow information with log data Both passive and active asset mapping Network, security, application, & identity awareness Unrivaled data management greatly improves ability to meet IT security control objectives Advanced analytics & threat detection Detects threats that other solutions miss Intuitive and easy to get the information Data reduction and priorization Scalable distributed log collection and archival Network security management scales to any sized organization 31 Copyright 2009 Juniper Networks, Inc.
32 Thank You
QRadar SIEM 6.3 Datasheet
QRadar SIEM 6.3 Datasheet Overview Q1 Labs flagship solution QRadar SIEM is unrivaled in its ability to provide an organization centralized IT security command and control. The unique capabilities of QRadar
More informationQRadar Security Management Appliances
QRadar Security Management Appliances Q1 Labs QRadar network security management appliances and related software provide enterprises with an integrated framework that combines typically disparate network
More informationQRadar Security Intelligence Platform Appliances
DATASHEET Total Security Intelligence An IBM Company QRadar Security Intelligence Platform Appliances QRadar Security Intelligence Platform appliances combine typically disparate network and security management
More informationSecurity Information & Event Manager (SIEM)
DATA SHEET Security Information & Event Manager (SIEM) Compliance through Security Information and Event Management, Log Management, and Network Behavioral Analysis Benefits Enables NOC and SOC staff to
More informationIBM QRadar Security Intelligence Platform appliances
IBM QRadar Security Intelligence Platform Comprehensive, state-of-the-art solutions providing next-generation security intelligence Highlights Get integrated log management, security information and event
More informationBenefits. Product Overview. There is nothing more important than our customers. DATASHEET
DATASHEET Security Information & Event Manager (SIEM) Compliance through Security Information and Event Management, Log Management, and Network Behavioral Analysis Product Overview Delivers fast, accurate
More informationWhen it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs
White Paper Meeting PCI Data Security Standards with Juniper Networks SECURE ANALYTICS When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs Copyright 2013, Juniper Networks,
More informationSecurity Information & Event Manager (SIEM)
DATA SHEET Security Information & Event Manager (SIEM) Compliance through Security Information and Event Management, Log Management, and Network Behavioral Analysis Benefits Enables NOC and SOC staff to
More informationIBM Security QRadar SIEM Product Overview
IBM Security QRadar SIEM Product Overview Alex Kioni IBM Security Systems Technical Consultant 1 2012 IBM Corporation The importance of integrated, all source analysis cannot be overstated. Without it,
More informationBenefits. Product Overview. There is nothing more important than our customers. DATASHEET
DATASHEET Security Information & Event Manager (SIEM) Compliance through Security Information and Event Management, Log Management, and Network Behavioral Analysis Product Overview Delivers fast, accurate
More informationDelivers fast, accurate data about security threats:
DATASHEET Security Information & Event Manager (SIEM) Compliance through Security Information and Event Management, Log Management, and Network Behavioral Analysis Product Overview Delivers fast, accurate
More informationMeeting PCI Data Security Standards with
WHITE PAPER Meeting PCI Data Security Standards with Juniper Networks STRM Series Security Threat Response Managers When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs Copyright
More informationSTRM SERIES SECURITY THREAT RESPONSE MANAGERS
DATASHEET STRM SERIES SECURITY THREAT RESPONSE MANAGERS Product Overview The integrated approach of the STRM Series used in conjunction with unparalleled data collection, analysis, correlation and auditing
More informationBenefits. Product Overview. There is nothing more important than our customers. DATASHEET
DATASHEET Security Information & Event Manager (SIEM) Compliance through Security Information and Event Management, Log Management, and Network Behavioral Analysis Product Overview Delivers fast, accurate
More informationClavister InSight TM. Protecting Values
Clavister InSight TM Clavister SSP Security Services Platform firewall VPN termination intrusion prevention anti-virus anti-spam content filtering traffic shaping authentication Protecting Values & Enterprise-wide
More informationBoosting enterprise security with integrated log management
IBM Software Thought Leadership White Paper May 2013 Boosting enterprise security with integrated log management Reduce security risks and improve compliance across diverse IT environments 2 Boosting enterprise
More informationMeeting PCI Data Security Standards with Juniper Networks Security Threat Response Manager (STRM)
White Paper Meeting PCI Data Security Standards with Juniper Networks Security Threat Response Manager (STRM) When It Comes To Monitoring and Validation It Takes More Than Just Collecting Logs Juniper
More informationJuniper Networks Security Threat Response Manager (STRM)
Datasheet Juniper Networks Security Threat Response Manager () The integrated approach of appliances used in conjunction with unparalleled data collection, analysis, correlation and auditing capabilities,
More informationSymantec Security Information Manager Version 4.7
Version 4.7 Agenda What are the challenges? What is Security Information Manager? How does Security Information Manager work? Why? 2 Security Management Challenges 3 Managing IT Security PREVENT INFORM
More informationWhat is Security Intelligence?
2 What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationIBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer
IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.
More informationExtreme Networks Security Analytics G2 Risk Manager
DATA SHEET Extreme Networks Security Analytics G2 Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance HIGHLIGHTS Visualize current and potential
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More informationIBM Security. 2013 IBM Corporation. 2013 IBM Corporation
IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure
More informationQ1 Labs Corporate Overview
Q1 Labs Corporate Overview The Security Intelligence Leader Who we are: Innovative Security Intelligence software company One of the largest and most successful SIEM vendors Leader in Gartner 2011, 2010,
More informationEoin Thornton Senior Security Architect Zinopy Security Ltd.
RSA envision: Transform your Security Operations A Technical overview & demo of RSA envision The Information Log Management Platform for Security and Compliance Success Eoin Thornton Senior Security Architect
More informationCimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred
DETECT All changes across your IT environment With coverage for your servers, network devices, critical workstations, point of sale systems, and more, CimTrak has your infrastructure covered. CimTrak provides
More informationExtreme Networks Security Analytics G2 SIEM
DATA SHEET Security Analytics G2 SIEM Boost compliance & threat protection through integrated Security Information and Event Management, Log Management, and Network Behavioral Analysis HIGHLIGHTS Integrate
More informationIBM SECURITY QRADAR INCIDENT FORENSICS
IBM SECURITY QRADAR INCIDENT FORENSICS DELIVERING CLARITY TO CYBER SECURITY INVESTIGATIONS Gyenese Péter Channel Sales Leader, CEE IBM Security Systems 12014 IBM Corporation Harsh realities for many enterprise
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationNetwork Configuration Manager
Network Configuration Manager AUTOMATED NETWORK CONFIGURATION & CHANGE MANAGEMENT Download a free product trial and start in minutes. SolarWinds Network Configuration Manager (NCM) simplifies managing
More informationExtreme Networks Security Analytics G2 Vulnerability Manager
DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering
More informationIntro to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe
Intro to QualysGuard IT Compliance SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe QualysGuard ICT Security Management Integrated Suite of ICT Security
More informationHow To Set Up Foglight Nms For A Proof Of Concept
Page 1 of 5 Foglight NMS Overview Foglight Network Management System (NMS) is a robust and complete network monitoring solution that allows you to thoroughly and efficiently manage your network. It is
More informationInformation Technology Policy
Information Technology Policy Security Information and Event Management Policy ITP Number Effective Date ITP-SEC021 October 10, 2006 Category Supersedes Recommended Policy Contact Scheduled Review RA-ITCentral@pa.gov
More informationHow To Make A Network Safer With Stealthwatch
Netzwerkkonzept Informationsveranstaltung am 03.07.2007 Im Bristol Hotel Mainz Thema: Ideen zum Netzwerkdesign - Switching -WLAN - Security - VoIP Datum: 03.07.2007, Seite: 1 Network Behaviour Analysis
More informationScalability in Log Management
Whitepaper Scalability in Log Management Research 010-021609-02 ArcSight, Inc. 5 Results Way, Cupertino, CA 95014, USA www.arcsight.com info@arcsight.com Corporate Headquarters: 1-888-415-ARST EMEA Headquarters:
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationSecurity Event Management. February 7, 2007 (Revision 5)
Security Event Management February 7, 2007 (Revision 5) Table of Contents TABLE OF CONTENTS... 2 INTRODUCTION... 3 CRITICAL EVENT DETECTION... 3 LOG ANALYSIS, REPORTING AND STORAGE... 7 LOWER TOTAL COST
More informationAn Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011
An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011 Brian McLean, CISSP Sr Technology Consultant, RSA Changing Threats and More Demanding Regulations External
More informationSecospace elog. Secospace elog
Secospace elog Product Overview With the development of networks, security events continually occur on hosts, databases, and Web servers. These range from Trojans, worms, and SQL injections, to Web page
More informationJSA Series Secure Analytics
JSA Series Secure Analytics Product Overview The integrated approach of JSA Series Secure Analytics, used in conjunction with unparalleled data collection, analysis, correlation, and auditing capabilities,
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationRAVEN, Network Security and Health for the Enterprise
RAVEN, Network Security and Health for the Enterprise The Promia RAVEN is a hardened Security Information and Event Management (SIEM) solution further providing network health, and interactive visualizations
More informationQRadar SIEM 7.2 Flows Overview
QRadar SIEM 7.2 Flows Overview Panelists Dwight Spencer Principal Solutions Architect & Co-founder of Q1 Labs Aaron Breen QRadar World-wide Support Leader Adam Frank Principal Solutions Architect Dale
More informationHow To Buy Nitro Security
McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security
More informationLog management & SIEM: QRadar Security Intelligence Platform
Log management & SIEM: QRadar Security Intelligence Platform Tibor Bősze Security Architect for CEE+RCIS tibor.boesze@hu.ibm.com The Security Intelligence Leader Who is Q1Labs: Innovative Security Intelligence
More informationINCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS
WHITE PAPER INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS Network administrators and security teams can gain valuable insight into network health in real-time by
More informationHow To Manage Sourcefire From A Command Console
Sourcefire TM Sourcefire Capabilities Store up to 100,000,000 security & host events, including packet data Centralized policy & sensor management Centralized audit logging of configuration & security
More informationWhite Paper: Meeting and Exceeding GSI/GCSx Information Security Monitoring Requirements
White Paper: Meeting and Exceeding GSI/GCSx Information Security Monitoring Requirements The benefits of QRadar for protective monitoring of government systems as required by the UK Government Connect
More informationTripwire Log Center PRODUCT BRIEF HIGH PERFORMANCE LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF Tripwire Log Center HIGH PERFORMANCE LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE Enterprise organizations of all sizes need to achieve compliance with regulations and standards and
More informationRSA Solution Brief. RSA envision. Platform. Compliance and Security Information Management. RSA Solution Brief
RSA Solution Brief RSA envision Compliance and Security Information Management Platform RSA Solution Brief Actionable Compliance and Security Intelligence RSA envision technology is an information management
More informationEnvironment. Attacks against physical integrity that can modify or destroy the information, Unauthorized use of information.
Cyber Security. Environment, Solutions and Case study. Special Telecommunications Service David Gabriel, Buciu Adrian Contact: gdavid13@sts.ro adibuciu@sts.ro Environment Network/services can be damaged
More informationLogInspect 5 Product Features Robust. Dynamic. Unparalleled.
LogInspect 5 Product Features Robust. Dynamic. Unparalleled. Enjoy ultra fast search capabilities in simple and complex modes optimized for Big Data Easily filter and display relevant topics, eg: Top 10
More informationLogPoint 5.1 Product Features Robust. Dynamic. Unparalleled.
LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled. LOGPOINT Enjoy ultra fast search capabilities in simple and complex modes optimized for Big Data Easily filter and display relevant topics,
More informationSecure Cloud-Ready Data Centers Juniper Networks
Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security
More informationAnalyzing Logs For Security Information Event Management Whitepaper
ADVENTNET INC. Analyzing Logs For Security Information Event Management Whitepaper Notice: AdventNet shall have no liability for errors, omissions or inadequacies in the information contained herein or
More informationIntroduction to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe
Introduction to QualysGuard IT Compliance SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe A Unified and Continuous View of ICT Security, Risks and
More informationQRadar SIEM and Zscaler Nanolog Streaming Service
QRadar SIEM and Zscaler Nanolog Streaming Service February 2014 1 QRadar SIEM: Security Intelligence Platform QRadar SIEM provides full visibility and actionable insight to protect networks and IT assets
More informationIBM Security Intelligence Strategy
IBM Security Intelligence Strategy Delivering Insight with Agility October 17, 2014 Victor Margina Security Solutions Accent Electronic 12013 IBM Corporation We are in an era of continuous breaches Operational
More informationTech Brief. Choosing the Right Log Management Product. By Michael Pastore
Choosing the Right Log Management Product By Michael Pastore Tech Brief an Log management is IT s version of the good old fashioned detective work that authorities credit for solving a lot of crimes. It
More informationLOG INTELLIGENCE FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF uugiven today s environment of sophisticated security threats, big data security intelligence solutions and regulatory compliance demands, the need for a log intelligence solution has become
More informationMeeting and Exceeding GSI/GCSx Information Security Monitoring Requirements with Enterasys SIEM
Meeting and Exceeding GSI/GCSx Information Security Monitoring Requirements with Enterasys SIEM The benefits of Enterasys SIEM for protective monitoring of government systems as required by the UK Government
More informationThe Value of QRadar QFlow and QRadar VFlow for Security Intelligence
BROCHURE The Value of QRadar QFlow and QRadar VFlow for Security Intelligence As the security threats facing organizations have grown exponentially, the need for greater visibility into network activity
More informationEnabling Security Operations with RSA envision. August, 2009
Enabling Security Operations with RSA envision August, 2009 Agenda What is security operations? How does RSA envision help with security operations? How does RSA envision fit with other EMC products? If
More informationHow To Monitor Your Entire It Environment
Preparing for FISMA 2.0 and Continuous Monitoring Requirements Symantec's Continuous Monitoring Solution White Paper: Preparing for FISMA 2.0 and Continuous Monitoring Requirements Contents Introduction............................................................................................
More informationSymantec Security Information Manager 4.7.4 Administrator Guide
Symantec Security Information Manager 4.7.4 Administrator Guide Symantec Security Information Manager 4.7.4 Administrator Guide The software described in this book is furnished under a license agreement
More informationIBM Security QRadar SIEM Version 7.1.0 (MR1) Tuning Guide
IBM Security QRadar SIEM Version 7.1.0 (MR1) Tuning Guide Note: Before using this information and the product that it supports, read the information in Notices and Trademarks on page 35. Copyright IBM
More informationIBM. Vulnerability scanning and best practices
IBM Vulnerability scanning and best practices ii Vulnerability scanning and best practices Contents Vulnerability scanning strategy and best practices.............. 1 Scan types............... 2 Scan duration
More informationNitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers
NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers The World's Fastest and Most Scalable SIEM Finally an enterprise-class security information and event management system
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationQRadar SIEM and FireEye MPS Integration
QRadar SIEM and FireEye MPS Integration March 2014 1 IBM QRadar Security Intelligence Platform Providing actionable intelligence INTELLIGENT Correlation, analysis and massive data reduction AUTOMATED Driving
More informationAnalyzing Logs For Security Information Event Management Whitepaper
ADVENTNET INC. Analyzing Logs For Security Information Event Management Whitepaper Notice: AdventNet shall have no liability for errors, omissions or inadequacies in the information contained herein or
More informationEnforcive /Cross-Platform Audit
Enforcive /Cross-Platform Audit Enterprise-Wide Log Manager and Database Activity Monitor Real-time Monitoring Alert Center Before & After Change Image Custom Reports Enforcive's Cross-Platform Audit (CPA)
More informationIBM QRadar as a Service
Government Efficiency through Innovative Reform IBM QRadar as a Service Service Definition Copyright IBM Corporation 2014 Table of Contents IBM Cloud Overview... 2 IBM/Sentinel PaaS... 2 QRadar... 2 Major
More informationEvaluating, choosing and implementing a SIEM solution. Dan Han, Virginia Commonwealth University
Evaluating, choosing and implementing a SIEM solution Dan Han, Virginia Commonwealth University A little about me Worked in IT for about 15 years Worked in Application Development, Desktop Support, Server
More informationNetwork Performance Management Solutions Architecture
Network Performance Management Solutions Architecture agility made possible Network Performance Management solutions from CA Technologies compliment your services to deliver easily implemented and maintained
More informationWhite Paper. Time for Integrated vs. Bolted-on IT Security. Cyphort Platform Architecture: Modular, Open and Flexible
White Paper Time for Integrated vs. Bolted-on IT Security Cyphort Platform Architecture: Modular, Open and Flexible Overview This paper discusses prevalent market approaches to designing and architecting
More informationIBM Tivoli Endpoint Manager for Security and Compliance
IBM Endpoint Manager for Security and Compliance A single solution for managing endpoint security across the organization Highlights Provide up-to-date visibility and control from a single management console
More informationIBM Security QRadar Risk Manager
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Visualize current and potential network traffic patterns
More informationMucho Big Data y La Seguridad para cuándo?
Mucho Big Data y La Seguridad para cuándo? Juan Carlos Vázquez Sales Systems Engineer, LTAM mayo 9, 2013 Agenda Business Drivers Big Security Data GTI Integration SIEM Architecture & Offering Why McAfee
More informationALERT LOGIC LOG MANAGER & LOGREVIEW
SOLUTION OVERVIEW: ALERT LOGIC LOG MANAGER & LOGREVIEW CLOUD-POWERED LOG MANAGEMENT AS A SERVICE Simplify Security and Compliance Across All Your IT Assets. Log management is an infrastructure management
More informationSymantec Security Information Manager 4.7.4 User Guide
Symantec Security Information Manager 4.7.4 User Guide Symantec Security Information Manager 4.7.4 User Guide The software described in this book is furnished under a license agreement and may be used
More informationKevin Hayes, CISSP, CISM MULTIPLY SECURITY EFFECTIVENESS WITH SIEM
Kevin Hayes, CISSP, CISM MULTIPLY SECURITY EFFECTIVENESS WITH SIEM TODAY S AGENDA Describe the need for SIEM Explore different options available for SIEM Demonstrate a few Use Cases Cover some caveats
More informationFind the needle in the security haystack
Find the needle in the security haystack Gunnar Kristian Kopperud Principal Presales Consultant Security & Endpoint Management Technology Day Oslo 1 Find the needle in the security haystack Manually deep
More informationPeter Dulay, CISSP Senior Architect, Security BU
CA Enterprise Log Manager 12.5 Peter Dulay, CISSP Senior Architect, Security BU Agenda ELM Overview ELM 12.5: What s new? ELM to CA Access Control/PUPM Integration CA CONFIDENTIAL - Internal Use Only Overview
More informationVulnerability Management for the Distributed Enterprise. The Integration Challenge
Vulnerability Management for the Distributed Enterprise The Integration Challenge Vulnerability Management and Distributed Enterprises All organizations face the threat of unpatched vulnerabilities on
More informationCHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics
CHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics TRADITIONAL SIEMS ARE SHOWING THEIR AGE Security Information and Event Management (SIEM) tools have been a
More informationState of SIEM Challenges, Myths & technology Landscape 4/21/2013 1
State of SIEM Challenges, Myths & technology Landscape 4/21/2013 1 Introduction What s in a name? SIEM? SEM? SIM? Technology Drivers Challenges & Technology Overview Deciding what s right for you Worst
More informationNetwork Monitoring Comparison
Network Monitoring Comparison vs Network Monitoring is essential for every network administrator. It determines how effective your IT team is at solving problems or even completely eliminating them. Even
More informationRedefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance
White Paper Redefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance What You Will Learn Modern data centers power businesses through a new generation of applications,
More informationSymantec Control Compliance Suite Standards Manager
Symantec Control Compliance Suite Standards Manager Automate Security Configuration Assessments. Discover Rogue Networks & Assets. Harden the Data Center. Data Sheet: Security Management Control Compliance
More informationSecureVue Product Brochure
SecureVue unifies next-generation SIEM, security configuration auditing, compliance automation and contextual forensic analysis into a single platform, delivering situational awareness, operational efficiency
More informationAlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide
AlienVault Unified Security Management (USM) 4.x-5.x Deployment Planning Guide USM 4.x-5.x Deployment Planning Guide, rev. 1 Copyright AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,
More informationIBM Security QRadar Risk Manager
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Collect network security device configuration data to
More informationIntroduction to Network Discovery and Identity
The following topics provide an introduction to network discovery and identity policies and data: Host, Application, and User Detection, page 1 Uses for Host, Application, and User Discovery and Identity
More informationSecurity Information and Event Management Introduction to envision: The Information Management Platform for Security and Compliance Operations Success
Security Information and Event Management Introduction to envision: The Information Management Platform for Security and Compliance Operations Success Copyright 2008 EMC Corporation. All rights reserved.
More informationIBM ISS Optimizacija Sigurnosti
IBM ISS Optimizacija Sigurnosti Slaven Novak IBM ISS Technical Sales Specialist slaven.novak@hr.ibm.com 1 The Business Challenge: New Methods and Motives: Adding to the complexity and sheer number of risks
More information