Since 2005 E-SPIN SDN BHD. All Right Reserved. www.e-spincorp.com. SIEM - Log Consolidation Management (LCM) Solution

Since 2005 E-SPIN SDN BHD. All Right Reserved. www.e-spincorp.com SIEM - Log Consolidation Management (LCM) Solution

Copyrighted Copyright Since 2005-2011 and respective update by E-SPIN Sdn. Bhd. All rights reserved. No part of this training presentation/handout may be reproduced, stored in a retrieval system, or transmitted in any form or by an means, electronic, mechanical, photocopying, recording, scanning, or otherwise, without either the prior written permission of E-SPIN, or authorization through payment of the appropriate per-copy fee to E-SPIN, tel (603) 7728 2866, fax (603) 7725 4757, or on the web at www.espincorp.com Limit of Liability / Disclaimer of Warranty: While the author have used their best efforts in preparing this training presentation/handout, they make no representations or warranties with respect to the accuracy or completeness of the contents and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for any situation. You should consult with a professional where appropriate. Neither the author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. For general information on our other products and services or for technical support, please contact our customer service department at (603) 7728 2866, fax (603) 7725 4757, or email info@e-spincorp.com.

Log Management Overview Log files are everywhere each server, network or application component generates tons of log entries all of the log are interconnected to build complex infrastructures log files are often the first and only way to detect unusual events the challenge is to be able to extract the right information at the right time it is impossible to review log manually, you need tools to achieve this on security point of view, we don't need to look for events ("something that happens at a time") but incidents ("something that should NOT happen") An incident is an adverse event. Thousands of events occur at a time, we need to focus on incidents! Events are collected, processed (filtered, normalized, aggregated) and archived. Incidents are results of correlations rules applied on events. Alerts can be triggered on specific incidents. Later, events can be processed for reporting purpose. The commercial enterprise product offer complete solution to perform log analysis known as SIEM ("Security Information and Event Management") or STRM ("Security Threat Response Management") E-SPIN specialized in deploy highly advanced and large scale end to end SIEM to enterprise affordable Log Management.

Event Log Management

Drivers for ELM & SIEM

Defending Against Targeted Attacks

Better Monitoring and Detection Is Essential

Security Information and Event Management: Broad- Scope Security Event, User Access Monitoring

Emerging Monitoring Capabilities for SIEM

SIEM - Acquire Access Management Policies and Consolidated Monitoring

Using SIEM to Monitor Privileged User Activity

Using SIEM for Application Monitoring Monitoring Application user Activity

Consolidated Monitoring: Tracking User Activity Across the Infrastructure and Applications

Targeted Attacks - Collective Intelligence

Rule-Based Correlation Versus Anomaly Detection

Repairing User Monitoring Blind Spots Caused by Cloud Computing

Log Management: Monitoring & Retention Collect Collect Report Aggregate Log Monitoring Export Log Retention Index Respond Correlate Assess Store

Log Management implication

Log Management implication

Top Ten Security Requirements for Enterprise Applications The app must support a three tier deployment Integration with LDAP and/or Radius for authentication Integration with Access control Audit Logs should output to Syslog Support for NTP Support for proxy authentication Encryption on storage

SIEM & ELM Main Usages / Implications Log Management Reporting SIEM & ELM Monitoring & Alerting Forensics Analysis

Log Management Hierarchy of Needs

Event Log Management (ELM) Overview

E-SPIN Group Profile Established since 2005 E-SPIN Sdn Bhd E-SPIN Outsourcing Sdn Bhd 1Tech Distribution & Trading Sdn Bhd Vision to be leading enterprise solution provider in deliver enabling solution for customer to remain competitiveness in their respective marketplace Mission to deliver end-to-end value-adding solutions in Enterprise IT Solutions (hardware, software, services), Business Process & Technology Outsourcing Technology products distribution & trading

E-SPIN Group Business Overview Requirement Analysis Solutions Development Training and Consultancy Project Coaching and Blueprint Advisory Performance & Load Testing, Security Assessment & Penetration Test, Vulnerability Patching & System hardening Technology Solutions Consulting Distribution & Trading, Network System Integration Product Distribution & Trading Hardware, Software and Service Global Sourcing and Single Procurement Turnkey Project Management and Delivery Standalone, Client/Server & Web Application Customization / Integration / Migration Web Design, Portal Development, Custom WebApp Web and Application Hosting E-Business, Web & Online Solutions Managed Service / Shared Service Outsourcing (SSO) Software as a Service (SaaS) Project implementation, training, and maintenance outsourcing IT Consultant Value Added Reseller (VAR) for Enterprise Technology Distributor/VAR System Integrator (SI) / Network Integrator (NI) Independent Software Vendor (ISV) Managed Service Provider (MSP) Service Outsourcer

E-SPIN Business Domain B.A.S.E. Business and Technology Applications Business Process and Workflow Automation Sales Force Automation and Customer Relationship Management (CRM) Business Intelligence, Data Warehousing and Performance Management System (PMS) Datacenter Global Integration, Server Consolidation and Infrastructure Virtualization WAN / Web Application Acceleration and Bandwidth Optimization, Open Source Application and Initiative Media and Broadcasting Technologies and Automation Element/ Network Management System (EMS/NMS), Network/System/App Monitoring, Alerting, Reporting Helpdesk and Remote Support; Computer lab and classroom training management Wired, Wireless Network and Spectrum TCP/IP Network Analysis, Performance Troubleshooting and Visual Reporting & Site Survey Enterprise Solutions Portfolio Availability, Storage and Business Continuity Data integrity, anti-hacking/ web defacement and availability assurance Data backup, storage archiving, replication, mirroring Continuous Data Protection (CDP) and Online Storage Protection Network, System and Data High Availability, Continuous Availability Business continuity and disaster recovery (BCDR) External storage, Network Attached Storage (NAS) and Storage Area Network (SAN) Internet link load, bandwidth aggregation, application traffic server load balancing Non-Stop mission critical system hardware and network infrastructure High availability, system/network hardware and software clustering, auto failover and redundancy High Availability, Continuous Availability Network, System and Data Security, Risk and Compliance Management Network & Wireless Security, Firewall / VPN, Intrusion Defense, Identity Access Management, Network Access Control (NAC), Web, Application, Server and Network, Database Vulnerability Assessment (VA), Patch Management and Security Hardening, Security Event Management (SEM), Incident Correlation Analysis and Reporting System; wired and wireless TCP/IP traffic analysis; Exploitation Content Security, Employee PC Activity Monitoring, Virus, Spyware, Phishing, Web, E-mail, IM, P2P Blocking and Filtering, Endpoint Security and Port Management, Data Theft Prevention Data Encryption, Code, Files, E-mail, Database, Folders, Virtual Disk, Full Disk Encryption; Digital Steganography, Watermarking and Digital Fingerprinting; Secure Data Erasure and Destruction Digital Signature and Signing, Multi Factor Authentication, Managed, Automated, Secure File Transfer (SFTP) and Application Tunnelling, Secure Document Exchange and Storage IT Governance, Risk Management, and Regulatory Compliance End-to-End Complete One-Stop Solutions Technology consulting, requirement assessment and solution development Ongoing education, training and development (in-house or on-site) Solution sourcing, integration, migration, project implementation, main / sub contracting and maintenance support Independent Software Application development, integration and customization (standalone, client/server, web application) E-Business and Web Solutions, web design, portal development, e- commerce, web / domain / email / application hosting service Business process and information technology share service and outsourcing (SSO)

Log Consolidation Management (LCM) Solution E-SPIN Value Added Services Professional Qualification & Skill Cert. Product In Depth Training Extended Platforms Network System Integration Software Customization & Integration Consulting & Solutions Development AIX BSD CentOS/Fedora/RedHat Debian/Ubuntu HP-UX Core Log Management Solution Local Technical Support 8x5/24x7 Single Sourcing Hardware, Software, Svs. SUSE/OpenSUSE Solaris/openSolaris Tru64 Windows Syslog Windows Event Log Distributed Log Secure log Graphical Device Reporting Log Storage & Archive Customizing Technology Outsourcing Subcontracting Others

Clients Overview

Some Live Photo conduct business Conduct 5 days technical certified training class for IT professional

Some Live Photo conduct business Conduct 5 days technical certified training class for IT professional

Some Live Photo conduct business Conduct 5 days technical certified training class for IT professional

Client NOC/Network Integration EMS/NMS NOC Terminal Workstation

Network/Application Performance Troubleshooting Visually

Network/Application Performance Troubleshooting Addon visualize, troubleshoot, monitoring wireless network analysis and spectrum analysis on 900Mhz, 2.4Ghz and 5Ghz, 802.11 a/b/g/n

Network/Application Performance Troubleshooting Addon

Transfer of Technology Option Skill Nature Transfer Group Extent of Skill How it is transferred Technology Training Technical Staff End user technical group Basic Application and System Training Formal Courses 1 Day Basic System Administration Training Application Training Independent and Global Certified Training and Exam Project Consulting and Coaching Initial exposure and management awareness of the application and network/system operation System & Network Admin End user Training for In house domain expert/consultant Real job in hand joint exercise to transfer real skill set by learned it first hand Technical Support End user operations personnel Department Manager End user operations manager Operation of the application Independent and Global recognize ITIL complete range of training and testing first hand experience on carry out real job and duties from scanning, configuration, reporting, interpretation, to 3 rd party inms/northbound integration, to really customize the system for the production/oss Exposure and knowledge in EMS/NMS in real-life environment Formal Courses 5 Day Advanced hand on system administration training Subscribe for E-SPIN ITIL certified training + certified testing Participating in the real job in hand, learn by doing and observe how it is performing Subscribe for consulting service Visit sites in Europe / US / Asia

Value Added Service(s) Training Cert. Media Kit/Lic. Cert. Agreement Tender paperwork Training Handout System Integration Technical Proposal Consulting Report Technical Reference

Some Live Photo conduct business

Some Live Photo conduct business Technical Onsite Support / Project Deployment / Project Delivery