Security Information & Event Management (SIEM) Sri Carlyle Country Manager

Size: px

Start display at page:

Download "Security Information & Event Management (SIEM) Sri Carlyle Country Manager"

Jeffry Byrd
10 years ago
Views:

1 Security Information & Event Management (SIEM) Sri Carlyle Country Manager

2 LogPoint Introduction Founded i 2001, Copenhagen, Denmark 100 % Danish ownership Yearly growth: 100 percent 70 employees: 20 Sales/admin + 50 development Business Model Partner focus - Partners covering the globe Supporting European sales offices: DK, SE, UK, DE, FR Focus 2001: Focus on vulnerability scans and IT consultancy 2008: Purchase Immune focus on log management 2

focus - Partners covering the globe Supporting European sales offices: DK, SE, UK, DE, FR

3 Selected References 3

4 Selected References 4

5 Danish software company partners with Boeing Per Beith, Director, Information Security Solutions Network and Space Systems, Boeing, highlights the importance of access to the best of the best within the type of technology ImmuneSecurity [LogPoint red.] delivers even for a company like Boeing. Read more: 5

access to the best of the best within the type of technology ImmuneSecurity

6 SCADA Risks: 3 rd Generation SCADA exposed to Internet Complex software applications Built on open standards & commercial available hardware COTS Don t meet The Commom Criteria (EAL) standards Legacy Products are end of Life are not supported 6

commercial available hardware COTS Don t meet The Commom

7 Why Risks No longer separation on corporate and plant networks Weak passwords Availability of 3rd party products Security documentation not in place Not enough internal training 7

8 SCADA Systems Global Map 8

9 SCADA Systems 9

10 SCADA Systems 10

11 11

12 12

13 13

14 14

15 15

16 16

17 17

18 18

19 19

20 20

21 21

22 22

23 Why SIEM and LogPoint? (1/3) Today, the majority of our communication takes place digitally travelling through various networks, and across enterprises, organisations, nations and continents. This very communication is now susceptible to crime, espionage and terrorism. Cyber security is now an essential part of our lives and business operations. So while digital communication has become our global lifeline, breakdowns and intrusions in our networks are bringing global threats to our economy and society. 23

24 Why SIEM and LogPoint (2/3) With racing volumes of increasingly complex data coursing through our networks, effectively monitoring such digital crimes seems an impossible task. At the same time, we all have a fundamental need for privacy. No one likes the idea that someone else may be watching our information. But our digital communication leaves a log a trail of critical information about time, place and routes. LogPoint monitors the behavior of this log traffic without invading privacy. 24

25 Why SIEM and LogPoint (3/3) LogPoint is a tool that collects and organises logs from activities anywhere on our networks, from applications to computers to servers to switches, routers and mobile devices. LogPoint makes log analysis and information assessment an easy, swift process to help you track and reveal security breaches in your network in real time. LogPoint constantly monitors your network's overall condition, identifying traffic bottlenecks and detecting attempts of intrusion so you can take prompt action to prevent future disruption and protect your assets. 25

26 Tool or Business Critical Application? What many enterprises think when they hear about LogPoint: We already have sufficient control of our logs! We don t want another monitoring tool! No demand from the business units consequently: nice-to-have! BUT An Enterprise without SIEM = A community without law enforcement! SIEM protects business assets SIEM creates overview SIEM discovers anomal behaviours SIEM is the Enterprise Business Intelligence platform for IT Security at the same level as e.g. SAP og SalesForce etc 26

27 LogPoint Unique Points: True enterprise application that scales globally Complete multi-tenancy for hosted solutions (ISP s) Flexibility, scaling and fully distributed One common language across the entire IT infrastructure Secure storage of secured logs (forensics) Real time analysis and alarming Advanced correlation across the enterprise environment EASY to install and maintain User interface is unique and Scandinavian License model is simple and transparent

28 Market Analytics Market size/year: Licenses: USD 1,6 billion Services: USD 1,2 billion EU = 30% Bottom Line: Enterprise architects have to plan for IT deployments of ever-increasing complexity and deal with increasing threats and risks. These and other trends create the need to expand security visibility throughout the entire stack of IT tools and technologies. Security information and event management (SIEM) is a pivotal technology that currently provides security visibility, and it is likely to hold the same role for the next two to three years. SIEM faces opportunities for growth in five core areas: new types of log and context data, shared intelligence, novel analytic algorithms, monitoring of emerging environments, and application security monitoring. Gartner Report (SIEM Futures) 28

29 Captures Events from the Entire Network 29

30 SIEM in Simple Terms 30

31 Security Operations Center View 31

32 Security Operations Center View 32

33 Real-tids dashboards og alarmer 33

34 Visit and Download 34

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales The Cost of Cybercrime Sony $171m PlayStation 3 data breach (April 2011) $3 trillion