Technology Highlights Of. (Medusa)

Similar documents
Splunk for VMware Virtualization. Marco Bizzantino Vmug - 05/10/2011

Comprehensive Monitoring of VMware vsphere ESX & ESXi Environments

Cheap and efficient anti-ddos solution

Security Information & Event Manager (SIEM)

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

What is Security Intelligence?

Cloud Optimize Your IT

Q1 Labs Corporate Overview

Clavister InSight TM. Protecting Values

redborder IPS redborder Just common sense IPS overview Common sense

The Time has come for A Single View of IT. Sridhar Iyengar March 2011

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

ENTERPRISE-CLASS MONITORING SOLUTION FOR EVERYONE ALL-IN-ONE OPEN-SOURCE DISTRIBUTED MONITORING

How To Set Up Foglight Nms For A Proof Of Concept

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

How To Create Situational Awareness

Panorama PANORAMA. Panorama provides centralized policy and device management over a network of Palo Alto Networks next-generation firewalls.

STEALTHWATCH MANAGEMENT CONSOLE

F5 Intelligent DNS Scale. Philippe Bogaerts Senior Field Systems Engineer mailto: Mob.:

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

CONTINUOUS LOG MANAGEMENT & MONITORING

Monitor all of your critical infrastructure from a single, integrated system.

Zscaler Internet Security Frequently Asked Questions

Cisco IOS Flexible NetFlow Technology

Splunk: Using Big Data for Cybersecurity

Server & Application Monitor

Delivers fast, accurate data about security threats:

IBM QRadar Security Intelligence Platform appliances

When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

Information Technology Policy

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

Network Performance Monitoring at Minimal Capex

Security Information & Event Manager (SIEM)

Extreme Networks Security Analytics G2 SIEM

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

Overview and Deployment Guide. Sophos UTM on AWS

Plugging Network Security Holes using NetFlow. Loopholes in todays network security solutions and how NetFlow can help

QRadar Security Intelligence Platform Appliances

State of SIEM Challenges, Myths & technology Landscape 4/21/2013 1

The Purview Solution Integration With Splunk

ALERT LOGIC LOG MANAGER & LOGREVIEW

Securing and Monitoring BYOD Networks using NetFlow

Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks

VMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic

Heroix Longitude Quick Start Guide V7.1

Rashmi Knowles Chief Security Architect EMEA

Best of Breed of an ITIL based IT Monitoring. The System Management strategy of NetEye

PROFESSIONAL SECURITY SYSTEMS

Extreme Networks Security Analytics G2 Vulnerability Manager

XpoLog Center Suite Data Sheet

Automate PCI Compliance Monitoring, Investigation & Reporting

THE GLOBAL EVENT MANAGER

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

Networking for Caribbean Development

End-user Security Analytics Strengthens Protection with ArcSight

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

How To Manage Sourcefire From A Command Console

Vistara Lifecycle Management

Palladion Enterprise SOLUTION BRIEF. Overview

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

On-Premises DDoS Mitigation for the Enterprise

IBM QRadar Security Intelligence April 2013

Enabling Security Operations with RSA envision. August, 2009

NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Redefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance

Intrusion Prevention System

locuz.com Professional Services Security Audit Services

First Line of Defense

CALNET 3 Category 7 Network Based Management Security. Table of Contents

Symantec Security Information Manager Version 4.7

Analyzing Big Data with Splunk A Cost Effective Storage Architecture and Solution

AccelOps NOC and SOC Analytics in a Single Pane of Glass Date: March 2016 Author: Tony Palmer, Senior ESG Lab Analyst

Scalability in Log Management

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

Glasnost or Tyranny? You Can Have Secure and Open Networks!

ANNEXURE TO TENDER NO. MRPU/IGCAR/COMP/5239

McAfee Web Gateway 7.4.1

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Scaling Objectivity Database Performance with Panasas Scale-Out NAS Storage

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Paul Cochran - Account Manager. Chris Czerwinski System Engineer

SP Monitor. nfx One gives MSPs the agility and power they need to confidently grow their security services business. NFX FOR MSP SOLUTION BRIEF

XpoLog Center Suite Log Management & Analysis platform

Juniper Security Threat Response Manager (STRM) Mikko Kuljukka COMPUTERLINKS Oy

Move over, TMG! Replacing TMG with Sophos UTM

RSA Security Analytics

Content Distribution Management

TELCO challenge: Learning and managing the network behavior

Network Monitoring Comparison

SapphireIMS 4.0 BSM Feature Specification

Vulnerability Management

REMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION

Red Hat Network Satellite Management and automation of your Red Hat Enterprise Linux environment

Transcription:

Technology Highlights Of CQCloud s NG-SIEM (Medusa)

Table of Contents 1. Genesis of Medusa 2. Philosophy of Medusa 3. Medusa At a Glance 4. Medusa Overview 5. Benefits 6. Implementations 1

1. Genesis of Medusa by Neil MacDonald April 12, 2011 Information Security is becoming a Big Data problem. By Dennis McCafferty on 2010-11-09 2

2. Philosophy of Medusa CQCloud s Medusa is the Roadmap to the Next-Generation Security Platform. Because of Today s security professionals instead face a far more complex set of challenges.. - Rule-based systems are reactive not proactive. - Hacker motivations have been changed. - Data protection, system availability and risk management are all security priorities. 3

2. Philosophy of Medusa Now All IT Data is Security-Relevant Biz Vertical Applications Custom Applications Server Logs IPS RAS VPN Border Security Wireless Sec FW Vulnerability Data Anti- Virus Host IDS New Stresses for the Security Team Insider threat, fraud, advanced security threats increasing Need access to wide variety of data sources and types Need to process massive data volumes current and historical Situational awareness a huge challenge Slow, tedious, costly investigations Physical Sec Database Security Email Sec Windows re gistries Patch Mgmt DLP Host Config Vast Pool of Log Data 4

2. Philosophy of Medusa But existing Enterprise Security Solutions... Are too complex to implement, manage and scale Are Very expensive Don t support ad-hoc requests and investigations Can t keep up with dynamic policies Don t integrate well with other IT silos Only work with limited data sources 5

3. Medusa At a Glance Roadmap to the Next Generation Security Platform. DDoS Mitigation Service (24x7 SoC) DDoS Provisioning Solutions ( UTTM ) Intuitive Dashboard Modular SIEM for BigData Deep Packet Inspection Solution ( fdpi ) Big Data Engine Total integrated Security Management System CQCloud - 2012 New Technologies CQCloud - 2013 Medusa is the total integrated security management solution for ISP/IDC. It support both the traditional SIEM functions and CQCloud s Traffic Analysis technology. Endless roadmap to go to the Next Generation Security Platform endlessly. 6

3. Medusa At a Glance How is Medusa Different? Fast. Real-time(every 10 sec.) DDoS Detection & Analysis Scalable. Distributed architecture handles multiple datacenter Flexible. Ad-hoc analysis, correlation, alerting and reporting Adaptive. Keeps up with changing systems and data formats Cost Effective. Pay as you grow licensing minimizes cost Big Data Engine. Works with any data without complex adapters Service Oriented. Targeted for the service providers (customer portal) Intuitive Dashboard. Patented UX technology for text, image and video 7

3. Medusa At a Glance Fast - Real-time(every 10 sec.) DDoS Detection & Analysis Detection Network flow data is collected and analyzed for anomalous activity all in under 10 seconds for near real-time DDoS detection. Analysis The traffic dashboards include analytical views for Total Traffic, Protocol, TCP Destination Port, UDP Destination Port, TCP Flag, Source IP Top 10 for quick investigation and event analysis. Control Medusa can be integrated with security devices to issue control commands right from the Medusa console so that administrators can respond to incidents as they happen. Monitoring Comprehensive dashboards provide views and drilldowns on the entire network for real-time event monitoring. 8

3. Medusa At a Glance Scalable - Distributed architecture handles multiple datacenter Searcher Header Volume Universal Indexer Searcher Universal Indexer Universal Indexer Searcher Universal Indexer Universal Indexer Medusa s analysis system can be distributed across multiple servers for almost unlimited horizontal scaling. If the volume of collected data increases, another node can be configured and added to the system without any downtime. In this way Medusa as able to collect and analyze anywhere from MB to TB a day. Scaling as needed Network Monitoring DDoS Security Event Medusa SIEM Framework Additional Feature Security as a Service Medusa s system employs a modular architecture so that new features ( like Deep Packet Inspection) and new data sources can be added easily and painlessly. 9

3. Medusa At a Glance Flexible - Ad-hoc analysis, correlation, alerting and reporting Customizable Dashboards Medusa s offers a flexible GUI that allows users to customize their views and dashboards to meet their needs. Different users from different teams in the security organization need to look at different metrics in their own context. Medusa allows users to add and create new charts for their dashboards, displaying data in the way that provides the most meaning for them. Ad-hoc Search Medusa s real-time big data engine allows users to query huge amounts of data very quickly. The flexible command language lets them adjust their queries quickly for precise, fast data analysis Drilldowns All parts of the Medusa UI have an action or drilldown related to it so that users can zoom in on any part of their data or follow a trail of data points wherever it might lead. 10

3. Medusa At a Glance Adaptive - Keeps up with changing systems and data formats New Devices Collection Target: Windows/Linux/Unix Server, Application Log, Security Device, Network Device, Solution Collection Method: FTP, syslog, SNMP, TCP/UDP, Socket, Shell Script, Windows WMI, Registry, Network Flow Agent : agent and agentless methods are both supported SIEM DDoS Windows Registry Syslog Event Log Shell Script Active Directory File System Changes in Infrastructure Linux/Unix Virtualization Application Database Network Solutions Hyperviser Guest OS Cloud Web Logs Tables Log4J,JMS,JMX Schemas.NET events Audit/Query App Logs Syslog SNMP DLP, DRM Vulnerability CRM, DW Network Flow sflow Netflow Flexible to additional devices, configuration changes, etc. Easily configurable to adjust to any changes in environment Simple authorization management for managing changes in organization 11

3. Medusa At a Glance Big Data Engine - Works with any data without complex adapters Scales to Petabytes Medusa s analytics are run on top of a powerful big data engine that can scale from one server to thousands to support collection of data of any size. Deployment and management of the system is fast and easy allowing administrators to get going quickly and start exploring their data. Fast Analytics Medusa s big data engine uses many established paradigms such as Map Reduce and Bloom filters, as well as caching and storing summary data to provide quick, responsive dashboards. Users can browse and drilldown through petabytes of data for truly end-to-end analysis. 12

3. Medusa At a Glance Service Oriented - Targeted for the service providers (customer portal) Service Portal Customers can log into the system themselves and see dashboards that are customized for their services so that they can monitor and receive their own alerts. User Management Users can be registered and given authority as an Admin, Group or Customer over their specific domain. Reporting Total, Protocol, TCP Destination Port, UDP Destination Port, TCP Flag and Source IP Top 10 over the last day, week and month are provided by customer. Personalized GUI Customers can tune the UI to their needs to view the metrics that they need in the context that they choose. 13

3. Medusa At a Glance Intuitive Dashboard - Patented UX technology for text, image and video Event & Information (Alert, Data, Graph, Chart..) Map (Google Map, ammap and user specific map) Image (CAD, JPEG, TIFF, Illustrator, Photoshop...) Video (CCTV, Streaming) No matter how many CCTV in there. Console (Desktop remote access with control.) 14

3. Medusa At a Glance Medusa Use Case Medusa for Global standard SIEM Medusa collect the data the former SIEM doesn t support Medusa is not just SIEM. I can do much much more. Event collect from 13 global branches Real-time correlate with Arbor, FireEye, FW, Web & Network events Medusa for DDoS Protection System Detection per minute (since 2003) Handled with 300G+ traffic simultaneously Combined with Full Packet Capturing technologies (pcap) ACL/BGP Provisioning Planning for Big Data handling now Global Security Operation Center Managing entire SAMSUNG branch office In World wide Central Security Operation Center KT DDoS Detection/Analysis/Provisioning System Medusa replace traditional SIEM Medusa for DDoS 15

4. Medusa Overview System Architecture Traffic Monitoring Packet Inspection DDoS Detection Event Analysis Universal Correlation Incident Management Report/Statistics Compliances Security Administrator Medusa Application Server Universal Analyzer Collect Server ISP/IDC Network Server Status (cpu,memory) Malware Virus Information Vulnerability Scan Report Access Event Intrusion Event Access Control Event Contents Inspection Data sflow Server Anti-Virus Vulnerability Scan VPN IDS/IPS Firewall Packet Inspection Flow generator Various Types of Security Event Sources 16

4. Medusa Overview Key Features Network Protection End User Protection Access Protection Security Compliance Consolidate Anti-DDoS & SIEM Security Event Collect/Analysis functions are fully integrated with Network Monitoring & DDoS Protection functions. No Scheme, No Parser Incident Manage It is not required scheme and parser to index events data in Medusa system. Indexer of Medusa can index any format of log data without additional parser or scheme. No RDBMS required Correlation To collect the security events, and to store the indexed data, additional RDBMS is not required in Medusa system. Unlimited Extensible Indexer Security Events DDoS Detection Universal Indexing Flow Data Medusa Indexer can be configured in the distributed environment. If the indexed volume of events is increased by time, User can configure the additional index nodes in real-time without downtime. Medusa can index the event data from MB to PB per day. Integrated Security Management Platform 17

4. Medusa Overview Layered Structure MEDUSA SYSTEM MEDUSA Integrated Dashboard (INNOWATCH) Apps DDoS Detection ( UTTM/dmz ) Security Information Correlation Manager Security Event Manager ( SEM ) Cloud Proxy Manager Contents Analysis ( fdpi ) MEDUSA (SIEM) MEDUSA(DDoS) BigData Engine Analyzer Universal Analyzer Cloud Proxy Flexible DPI Collection Flow Collector Log/Data Collector State Collector Contents Collector sflow Syslog Log File Health Check Contents Data Meta-Data Sources Flow Generator (UX-FX-100,1000) Log Forwarder Cloud Proxy Server ( CQCloud cproxy ) Deep Packet Inspect ion (fdpi ) 18

5. Benefits Be a Managed Security Service Provider with best-breed Next-Generation Security Platform Highly Scalable (License Model), Flexible, Available Real On-Demand and fully customized solution Differentiated(fastest) Anti-DDoS solution with Price competitiveness Minimum Initial Investment Quick ROI (Pay per Use Licensing) 19

6. Implementation System Sizing Recommendation # of customers Flow Data / day (1) # of Collector Local Storage Indexer Storage (2) Collector Server 10 300 MB 1 ( 4 thread ) 300 GB 1 TB, 1 indexer 20 600 MB 2 ( 8 thread ) 600 GB 2 TB, 1 indexer 50 1.5 GB 3 ( 12 thread ) 1 TB 3 TB, 2 indexer 100 3.0 GB 4 ( 16 thread ) 2 TB 5 TB, 2 indexer Indexer # of customers Events / seconds (3) # of indexer # of Application Servers concurrent user (4) & Application Server 10 10,000 1, shared (5) N/A 5 50 50,000 1 2 15 100 100,000 2 3 30 200 200,000 4 4 100 1) CQCloud UX-FX 100/1000 Flow Generator support packet sampling rate. In this case 100:1 sampling is applied. And flow aggregation period is configured 1 minute. ( Collector server can reduce the flow aggregation period to 10 seconds. For this case, flow data volume will be increased ) 2) Flow data collected in the collector server will be send to the indexer. So additional indexer s storage required. Medusa system is more affected by the volume of events, rather than counts of events. For the case of 10 customers, 1 GB events can be indexed per day by default. Concurrent user means the number of medusa operators who are connected application server at the same time. For the small systems, Medusa application can running on the indexer. In this case, additional application server not required. 20

6. Implementation H/W Recommendation Collector Sever Indexer Application Server Operating System Standard Linux x 64 (kernel 2.6) (2) ( recommend CentOS 5.x ) CPU Intel based x64 4 Core x 2 2.5 GHz over Intel based x64 4 Core x 2 2.5 GHz over Intel based x64 4 Core x 4 2.5 GHz over Memory 16 GB 16 GB 8 GB HDD Logical 600 GB SAS 10k rpm RAID 0 Logical 1.2 TB over SAS 10k rpm RAID 1/0 1200 I/O operation/sec Logical 600 GB SAS 10k rpm RAID 0 NIC Standard 1 GB Ethernet, Optional 2 nd NIC for management 1) In the sizing recommendation described previous page, this recommended servers are applied. 2) This is only recommendation. Medusa system can running on the various operating systems, such as, Solaris, HP/UX, AIX, and Windo ws Server. 21

Medusa System Framework Layer Function Contents Role Presentation Dashboard (workflow) Network Traffic Event Insight Incident Report Logs Sur. Event Security Customer Portal (Access control) SoC & NoC Situation Room Views (Functions) Traffic DDoS Event Incident Posture Access Forensic Operator (CQCloud & ISP/IDC) Operation Rule (Search) Traffic Monitoring Event Correlation DDoS Detection Incident Mgmt. Event Analysis Custom rules Operator (CQCloud) Solution Normalize (Modeling) Index Collect Universal Indexer, Traffic Analyzer Universal Collector Flow Collector Administrator (CQCloud) Infra (Sources) ISP/IDC Network Infra Srr Security Network Customer ISP/IDC 22

We Create the Secure Cloud World Thank You! Support@cqcloud.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information