CiscoWorks SIMS(Netforensics)

Similar documents

ArcSight Supports a Wide Range of Security Relevant Products

Symantec Security Information Manager Version 4.7

RSA envision. Supported Event Sources. Vendor Device Collection Method. Vendor Device Collection Method. Vendor Device Collection Method

Secure Your Operations through NOC/SOC Integration

Tripwire Log Center PRODUCT BRIEF HIGH PERFORMANCE LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

IBM Tivoli Monitoring for Databases

Detecting a Hacking Attempt

Our Security. History of IDS Cont d In 1983, Dr. Dorothy Denning and SRI International began working on a government project.

Firewall and VPN Top Level Selected Products: Directory & Buyer's Guide

Cisco Security Agent (CSA) Network Admission Control (NAC)

Configuration Audit & Control

An Open Source IPS. IIT Network Security Project Project Team: Mike Smith, Sean Durkin, Kaebin Tan

SENTINEL MANAGEMENT & MONITORING

REQUEST FOR PROPOSAL ACQUISITION & IMPLEMENTATION OF CENTRALIZED LOG MANAGEMENT SYSTEM

Supported Devices (Event Log Sources)

Vendor/Product Log Format Analyzer Standard. Analyzer Premium & Analyzer Giga

Measurably reducing risk through collaboration, consensus & practical security management CIS Security Benchmarks 1

Intrusion Detection and Intrusion Prevention. Ed Sale VP of Security Pivot Group, LLC

DIR Contract Number DIR-TSO-2621 Appendix C Pricing Index

HawkEye AP Log Adapter List Updated January 2014

List of Supported Systems & Devices

Supported Log File Formats

Integrigy Corporate Overview

Data Sheet: Archiving Altiris Server Management Suite 7.0 from Symantec Essential server management: Discover, provision, manage, and monitor

TIBCO LogLogic. SOX and COBIT Compliance Suite Quick Start Guide. Software Release: December Two-Second Advantage

Introduction to Computer Administration. System Administration

LogLogic Release Notes for Security Event Viewer and Security Event Manager, v3.5.0

Data Sheet: Server Management Altiris Server Management Suite 7.0 Essential server management: Discover, provision, manage, and monitor

HawkEye AP Log Adapter List Updated January 2016

Modular Network Security. Tyler Carter, McAfee Network Security

TIBCO LogLogic. HIPAA Compliance Suite Quick Start Guide. Software Release: December Two-Second Advantage

Information Technology Policy

CIO Update: Gartner s IT Security Management Magic Quadrant Lacks a Leader

HP Security Assessment Services

Quest InTrust. Version 8.0. What's New. Active Directory Exchange Windows

IBM InfoSphere Guardium

Measurably reducing risk through collaboration, consensus & practical security management CIS Security Benchmarks 1

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

Security Threats VPNs and IPSec AAA and Security Servers PIX and IOS Router Firewalls. Intrusion Detection Systems

Security Information Management

Diploma in Computer Science

VERITAS NetBackup 6.0 Enterprise Server INNOVATIVE DATA PROTECTION DATASHEET. Product Highlights

Audit and Control of Enterprise Vulnerability Management. Grant Johnson, Technical Account Manager

Comparison Paper Argent vs. SolarWinds

Symantec Disaster Recovery Advisor

Symantec Enterprise Security Manager Patch Policy Release Notes

FUNCTIONAL OVERVIEW

VULNERABILITY ASSESSMENT WHITEPAPER INTRODUCTION, IMPLEMENTATION AND TECHNOLOGY DISCUSSION

Intrusion Detection Systems (IDS)

IBM Tivoli Endpoint Manager for Security and Compliance

Enforcive /Cross-Platform Audit

Managed Security Services Portfolio

CA Insight Database Performance Monitor for Distributed Databases

CA Anti-Virus r8.1. Benefits. Overview. CA Advantage

netforensics - A Security Information Management Solution

Virtualization Journey Stages

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

The Internet Security And Intrusion Detection Market

How To Use Ibm Tivoli Monitoring Software

Best Prac*ces Enterprise Vulnerability Management. Jeff Buzzella, Technical Account Manager Grant Johnson, Technical Account Manager

Effective Use of Security Event Correlation

Data Sheet: Disaster Recovery Veritas Volume Replicator by Symantec Data replication for disaster recovery

Security Correlation Server Quick Installation Guide

Release: 1. ICASAS206A Detect and protect from spam and destructive software

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Secospace elog. Secospace elog

Tivoli Security Information and Event Manager V1.0

MANAGED SECURITY SERVICES

Data Sheet: Storage Management Veritas CommandCentral Storage 5.1 Centralized visibility and control across heterogeneous storage environments

By Jascha Wanger

Symantec Security Information Manager 4.8 Release Notes

Red Hat Network: Monitoring Module Overview

Veritas NetBackup 6.0 Server Now from Symantec

Oracle Business Intelligence Publisher. 1 Oracle Business Intelligence Publisher Certification. Certification Information 10g Release 3 (

Required Software Product List

Juniper Security Threat Response Manager (STRM) Mikko Kuljukka COMPUTERLINKS Oy

CIO Update: The Gartner Firewall Magic Quadrant for 2H02

INTRODUCTION TO FIREWALL SECURITY

Crystal Reports XI Release 1 for Windows

Total Protection for Enterprise-Advanced

3, NetIQ Access Manager 1-User 1-Year Standard Maintenance 6

IBM Tivoli Monitoring for Applications

Symantec Critical System Protection Configuration Monitoring Edition Release Notes

Frequently Asked Questions. Secure Log Manager. Last Update: 6/25/ Barfield Road Atlanta, GA Tel: Fax:

Contents. BMC Atrium Core Compatibility Matrix

Clavister InSight TM. Protecting Values

Data Sheet: Data Protection Veritas NetBackup 6.5 NetBackup Enterprise Server- Next Generation Data Protection

EMC Software Release and Service Dates for NetWorker and NetWorker Modules Last Updated on February 21, 2013

HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide

Transcription:

Managing Logs and Security Events CiscoWorks SIMS(Netforensics) Georg Bommer, Inter-Networking AG (Switzerland)

Table of Content Challenges/Problems Main Functionality Product Tour Report Examples Architecture and Implementations Summary

Challenges Complexity of environment Many different data formats Volume of information Problem of consolidation Correlation and comparing in realtime and for forensics

Requirements for SIM Normalize Synchronisation of time, Event ID, Event Priority, Event Category Aggregate Reduce duplicate information and False/Positives Correlate Identify real threat Visualize Provide multiple views of real-time and historical data

Normalization

Normalization

Aggregation

Aggregation

Aggregation

Correlation Rule based and Statistical

Rule based Correlation

Visualization

Product Tour

Device Map

Realtime Trends

Event Console

Notification

Alert Customization

Knowledge Base

Event Status

Reporting 250 Pre-defined reports Role/User specific report view PDF, HTML, CSV Format Automatic scheduling

Report Generation

Report Scheduling

Activity Assessment by Category

Activity Assessment by Severity

Threat Assessment

Risk Assessment Risk = Threat x Vulnerability x Asset Value

Architecture

Central Office with Branch Office Branch Office Central Office NIDS Firewall Real Time Consoles Firewall Router (n) Server Agent Router NIDS Server Provider Agent Master DB Engine

Central Office with 30 Branches 6 Branches 6 Branches 6 Branches 6 Branches 6 Branches Server Server Server Server Server Agent Agent Agent Agent Agent Central Office Real Time Consoles Engine Server (n) Master Router Server DB Provider NIDS Firewall Engine Engine Agent Fault Tolerant Solution Secondary Location Server Engine Real Time Consoles Master Server DB (n) Provider

Central Data Center Server Farm Central Office Engine Server Real Time Consoles Master (n) 20 Servers + Win Agents 20 Servers + Win Agents Engine 20 Servers + Win Agents Server Engine DB Provider Routers NIDS Blades FW Blade Engine Agent 20 Servers + Win Agents

Supported Devices Supported Devices - SIM Agents or Universal Agents Access Control and Authentication Antivirus Databases Policy + Configuration Management Firewall + VPN Host based IDS Network based IDS Operation System SIM Solution Web Server

Supported Devices Access Control and Authentication Cisco ACS Cisco IOS ACL Antivirus CA InoculateIT McAfee Virus Scan Symantec Norten Antivirus Databases Informix Microsoft SQL-Server My SQL Oracle Sybase

Supported Devices Firewall / VPN Checkpoint Cisco Firewal Service Module Cisco IOS Firewall Cisco VPN Concentrator Cisco Pix CyberGuard Secure Computing Sidewinder Symantec Enterprise Firewall Firewall Borderware CA etrust Gauntlet GNAT Box Lucent Brick Netguard Gaurdian Pro NetScreen Nokia Sonic Wall Sygate WatchGuard ZoneLabs

Supported Devices Host Based IDS Cisco Secure Agent Enterasys Dragen Quire Entercept HIDS ISS RealSecure SS Arbor Peakflow CA etrust Cybercop Monitor PentaSafe Symantec ITA Tripwire Network Based IDS Enterasys Dragon ISS RealSecure Snort NIDS Sourcefire Tripwire NIDS Cisco PIX IDS Cisco IOS IDS CypberCop Net IDS Network Flight Recorder

Supported Devices Policy and Configuration-Management Symantec ESM Cisco Works HP OpenView Micromuse Optivity Solsoft Tivoli Unicenter Websense

Supported Devices Operating Systems SUN Solaris Red Hat Linux Microsoft Win 2000 + NT Events IBM AIX HP-UX Silcon Graphics IRIX Open BSD SuSE SIM Solution ISS Site Protector

Supported Devices Web Server Apache Microsoft IIS Netscape Enterprise IPlanet

Summary Event monitoring Real-time event correlation Integrated threat assessment Advanced visualization Comprehensive reporting & forensics Support for multivendor devices and systems

Benefit Eliminates manual device monitoring Resolves security event management in realtime from a single console Simplifies notification and alert management Transparent view on security and related problems => Increase in productivity => Lower operational cost => Better Security over all

Applications Operating Systems Intrusion Detection Encryption/PKI Content Security Authentication Access Control + VPN Conclusion Management Log + Event Consolidation, Correlation

Vielen Dank! Georg Bommer Inter-Networking AG (Switzerland) gbo@internetworking.ch

CiscoWorks SIMS Appliance