TAKE SIEM TO THE CLOUD:

Similar documents
WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Splunk Company Overview

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

WHITE PAPER. Five Steps to Better Application Monitoring and Troubleshooting

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

Optimizing Service Levels in Public Cloud Deployments

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

NCTA Cloud Architecture

End-user Security Analytics Strengthens Protection with ArcSight

BlackStratus for Managed Service Providers

HP and netforensics Security Information Management solutions. Business blueprint

How To Buy Nitro Security

nfx One for Managed Service Providers

Analyzing HTTP/HTTPS Traffic Logs

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Harnessing the Power of Big Data for Real-Time IT: Sumo Logic Log Management and Analytics Service

I D C A N A L Y S T C O N N E C T I O N

NEC Managed Security Services

AccelOps NOC and SOC Analytics in a Single Pane of Glass Date: March 2016 Author: Tony Palmer, Senior ESG Lab Analyst

Cisco Advanced Malware Protection for Endpoints

SP Monitor. nfx One gives MSPs the agility and power they need to confidently grow their security services business. NFX FOR MSP SOLUTION BRIEF

Vulnerability Management

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Securing business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security

Unified Security, ATP and more

Detecting Anomalous Behavior with the Business Data Lake. Reference Architecture and Enterprise Approaches.

QRadar SIEM and FireEye MPS Integration

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

Detect & Investigate Threats. OVERVIEW

Managed Security Services for Data

Seven Things To Consider When Evaluating Privileged Account Security Solutions

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

Cloud Services. More agility. More freedom. More choice.

LogInspect 5 Product Features Robust. Dynamic. Unparalleled.

Logentries Insights: The State of Log Management & Analytics for AWS

How to Choose the Right Security Information and Event Management (SIEM) Solution

Secure Cloud Computing

Continuous Network Monitoring

UNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS ADMINISTRATION TOOLS NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Q1 Labs Corporate Overview

THE BLUENOSE SECURITY FRAMEWORK

LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled.

Cloud and Data Center Security

The SIEM Evaluator s Guide

The Benefits of an Integrated Approach to Security in the Cloud

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Hexaware E-book on Q & A for Cloud BI Hexaware Business Intelligence & Analytics Actionable Intelligence Enabled

PCI Compliance for Cloud Applications

Ecom Infotech. Page 1 of 6

I D C T E C H N O L O G Y S P O T L I G H T. S e r ve r S e c u rity: N o t W h a t It U s e d t o Be!

The Cloud App Visibility Blindspot

A Unified View of Network Monitoring. One Cohesive Network Monitoring View and How You Can Achieve It with NMSaaS

Trend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION

ALERT LOGIC FOR HIPAA COMPLIANCE

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

State of SIEM Challenges, Myths & technology Landscape 4/21/2013 1

The Purview Solution Integration With Splunk

How To Monitor Hybrid It From A Hybrid Environment

Safeguarding the cloud with IBM Dynamic Cloud Security

PREMIER SERVICES MAXIMIZE PERFORMANCE AND REDUCE RISK

Digital Marketplace - G-Cloud

Top 10 Reasons Enterprises are Moving Security to the Cloud

Discover & Investigate Advanced Threats. OVERVIEW

The Sumo Logic Solution: Security and Compliance

An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

Cloud Computing - Benefits and Barriers for Retail Adoption

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

WHITE PAPER OCTOBER Unified Monitoring. A Business Perspective

Symantec Enterprise Security: Strategy and Roadmap Galin Grozev

Leveraging the Cloud for Smarter Development On Oilfields; What Does that Entail? Kevin Wagner, Director - Energy

Now Leverage Big Data for Successful Customer Engagements

A BETTER SOLUTION FOR MAINTAINING HEALTHCARE DATA SECURITY IN THE CLOUD

The Case For A Cloud Access Security Broker

How to Turn the Promise of the Cloud into an Operational Reality

PROTECTED CLOUDS: Symantec solutions for consuming, building, or extending into the cloud

How cloud computing can transform your business landscape.

Minder. simplifying IT. All-in-one solution to monitor Network, Server, Application & Log Data

Simplify Software as a Service (SaaS) Integration

How To Manage Security On A Networked Computer System

Implementing Software- Defined Security with CloudPassage Halo

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

Payment Card Industry Data Security Standard

IBM Security IBM Corporation IBM Corporation

How cloud computing can transform your business landscape

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

Finding Order(s) in the Chaos

IBM Security Intelligence Strategy

Becoming a Cloud Services Broker. Neelam Chakrabarty Sr. Product Marketing Manager, HP SW Cloud Products, HP April 17, 2013

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

IBM QRadar as a Service

Transcription:

TAKE SIEM TO THE CLOUD: Simplify and strengthen security management with cloud-based SIEM WHITE PAPER

Situation Overview A security information event management (SIEM) solution is like a radar system that pilots and air traffic controllers use. Without one, enterprise IT is flying blind. Although security appliances and system software are good at catching and logging isolated attacks and anomalous behavior, today s most serious threats are distributed, acting in concert across multiple systems and using advanced evasion techniques to avoid detection. Without a SIEM, attacks are allowed to germinate and grow into catastrophic incidents. The importance of a SIEM solution to today s enterprise is magnified by the growing sophistication of attacks and the use of cloud services that only increase the surface of vulnerability. As more businesses evolve their infrastructure into the cloud, security strategies and technology must also adapt. Organizations increasingly are turning to SIEM deployed in the cloud or as software-as-a-service (SaaS) to strengthen security management while reducing the resources required for protection. SIEM: What s Inside? Enterprise security teams must use a SIEM solution that not only solves common security use cases, but also advanced use cases as well. To keep up with the dynamic threat landscape, modern SIEMs are expected to be able to: Centralize and aggregate all security-relevant events as they re generated from their source Support a variety of reception, collection mechanisms including syslog, file transmissions, file collections and more Add context and threat intelligence to security events Correlate and alert across a range of data Detect advanced and unknown threats Profile behavior across the organization Ingest all data (users, applications) and make them available for use monitoring, alerting, investigation and ad hoc searching Provide ad hoc searching and reporting from data for advanced breach analysis and track potential attackers actions Investigate incidents and conduct forensic investigations for detailed incident analysis Assess and report on compliance posture Use analytics and report on security posture Although primarily gathered from servers and network device logs, SIEM data also can come from endpoint security, network security devices, applications, cloud services, authentication and authorization systems and online databases of existing vulnerabilities and threats. But data aggregation is only half of the story. SIEM software then correlates the resulting repository looking for unusual behavior, system anomalies and other indicators of a security incident. This information is used not only for real-time event notification, but also for compliance audits and reporting, performance dashboards, historical trend analysis and post-hoc incident forensics. Given the escalating number and sophistication of security threats, along with the increasing value of digital assets in every organization, it s not surprising that adoption of SIEM continues to grow as part of the overall IT security ecosystem. Gartner pegged the growth for the SIEM market at 12.5 percent in 2015 and expects the double-digit growth to continue in 2016 and beyond. 1 A SIEM solution is like a radar system that pilots and air traffic controllers use. Without one, IT is flying blind. Key Benefits of Taking SIEM to the Cloud Running SIEM in the cloud or as SaaS can help solve the problems many organizations have with security intelligence, yet many IT leaders still distrust cloud security and reliability. Before eliminating cloudbased SIEM, know that the security practices and technology at most large cloud services can be far more sophisticated than those in the typical enterprise. SaaS is already widely used for business-critical systems like CRM, HR, ERP and business analytics. The same reasons that SaaS makes sense for enterprise applications fast, convenient deployment, lowoverhead operations, automatic updates, usage-based 2

billing and scalable, hardened infrastructure make the cloud a great fit for SIEM. Cloud-based solutions provide the flexibility to use a wide range of data sets from on-premises and cloud. As more enterprise workloads move to infrastructure-as-aservice (IaaS), platform-as-a-service (PaaS) and SaaS, the ease of integrating with third-party systems shows that SIEM in the cloud makes even more sense. Key benefits of taking your SIEM to the cloud include the flexibility of a hybrid architecture, automatic software updates and simplified configuration, instant, scalable infrastructure, and strong controls and high availability. Flexible, Hybrid Architecture The enterprise use of cloud services is accelerating and many organizations now have a hybrid environment with data and applications both on-premises and in the cloud. That means regardless of where a SIEM product is deployed, it must be able to collect data for both environments. Taking a SIEM to the cloud gives enterprises more flexibility. With a hybrid cloud deployment, a SIEM can be deployed in a company s private data center but still aggregate data from on-premises and cloud services and also be used as a cloud service that can pull security data from anywhere. Automatic Software Updates and Simplified Configuration Management The rapidly changing threat landscape, with increasingly complex and effective attacks, makes it hard for security professionals and their tools to keep up with the state of the art. A SIEM system should help, not hinder their efforts. However, because many legacy SIEM vendors place constraints on the data schema, hard-coding threat and log event formats or attack signatures, they might miss the latest exploits. A SIEM product is only as good as its ability to evolve with the threat environment. A cloud-based SIEM leverages its flagship big data architecture to create dynamic schemas-on-the-fly to catch threats that can escape hard-coded threat definitions. A cloud-based SIEM is flexible, easier to manage, scalable and highly available. Robust and Scalable Infrastructure In addition, provisioning and operating infrastructure for an on-premises based SIEM requires time and operational effort. Security systems must adapt to both data growth and the diversity of sources. SIEM in the cloud allows organizations to instantly deploy and easily scale according to their data needs. Consolidating all relevant security information in a single repository, ensuring that it s protected, indexed and analyzed, is the best way to improve security-related decisions. Strong Controls and High Availability Enterprise services, particularly for something as critical as SIEM, must address common concerns around cloud services security, controls and performance. Data and system security: SaaS providers often run on one of the major IaaS platforms like Amazon Web Services (AWS), Google Cloud Platform or Microsoft Azure. These leading cloud infrastructure providers operate secure data centers with audited security policies that are capable of achieving SOC 2 Type II and ISO 27001 certifications. A best practice for SIEM services is to logically separate customer data by assigning each to dedicated virtual servers and customer-specific storage. Customer data in transit must be encrypted using SSL and optionally at rest using AES-256 with unique keys that are regularly rotated. Data sovereignty and residency requirements: Using a hybrid cloud architecture is a good option for SIEM since it means data subject to locallyspecific privacy, handling or regulatory requirements can stay on-premises or in a local region from an IaaS provider. By hosting at a major IaaS provider, 1 Magic Quadrant for Security Information and Event Management, by Kelly Kavanagh, Oliver Rochford, Gartner, July 20, 2015, ID G00267505, http://www.splunk.com/goto/siem_mq 3

organizations have the option of deploying in regions around the world. AWS even provides a FedRAMP-certified region for U.S. federal users with AWS GovCloud (US). Service control and customization: Moving to the cloud shouldn t mean losing control over important application settings and security policies. A SIEM cloud service must provide users control over application-level governance while insulating them from infrastructure-level details. And that alllows organizations to retain control to meet internal and external requirements. Application performance and availability: Running on a major IaaS provider like AWS allows a SIEM service to provide state-of-the-art system availability at a reasonable price. For example, the service can be architected to span multiple cloud availability zones or regions, which means that the service stays up even if an individual data center goes offline. The Power of Big Data Analytics and SIEM in the Cloud Running SIEM in the cloud has many benefits, but combining it with a big data analysis platform delivers log analysis and reporting for all system and application metrics. Products that are built on an Operational Intelligence and log analysis platform allow securityrelated data and operational logs to be combined and correlated, allowing businesses to make optimal security decisions. Such a symbiotic combination provides end-to-end application monitoring, troubleshooting and Operational Intelligence plus a fullfeatured SIEM. The best Operational Intelligence platforms are designed to consume, collect and make sense of log records from myriad systems and is a time-tested platform used in organizations large and small. These platforms deliver real-time data collection, search across all data with a rich query language, data EQUINIX MOVES SIEM TO THE CLOUD Equinix is one of the world s leading interconnection solutions providers with over 100 data centers and a massively complex infrastructure. Customers rely on Equinix to maintain strong security and 100 percent uptime, yet it lacked a consolidated, unified view into its security infrastructure and posture. Equinix also had inefficient, manual processes for extraction and correlation of security information. After evaluating various SIEM alternatives, Equinix selected Splunk Cloud for its ability to handle multiple data types, from any source and scale to meet its expected growth. As an infrastructure provider for other cloud services, Equinix knew the value of cloud services but needed something robust and secure. Splunk Cloud s 100 percent uptime SLA and its SOC2 Type II certification gave us the confidence to forward our critical data offsite. With Splunk Cloud we had value immediately, says George Do, CISO at Equinix. Equinix uses Splunk Cloud to collect information from a wide variety of sources. By leveraging Splunk Cloud and Splunk Enterprise Security, Equinix gains: Operational visibility across all infrastructure with enhanced security visibility Full SIEM functionality that aggregates and correlates data from all security systems Faster time to value with a cloud deployment versus on-premises Reduced 12 billion raw security events down to roughly 24,000 indicators of compromise and 143 actionable alerts Fifty percent TCO savings compared to an onpremises legacy SIEM deployment Thirty percent faster response to security incidents The technological foundation for its planned security operations center Splunk s analysis and visualization features underpin Equinix s core security analytics, KPIs and alerts. Whenever we need to investigate an incident, we simply display the relevant data in Splunk dashboards, so the information can be accessed by everyone on our security team as well as our C-level executives, says Do. 4

visualization and statistical analysis features that can feed real-time information dashboards. For SIEM, these platforms should add support for external threat intelligence data feeds including STIX/TAXII formats such that multiple threat intelligence sources can be aggregated, and weighted to build a range of security indicators. Combining SIEM with a big data platform that can pull data from any system allows businesses to achieve a unified view of the most important operational, application performance and security metrics. By deploying it as a cloud service, organizations derive value immediately without lengthy setup and learning curves or high up-front expenses, yet are still able to collect and analyze data from all environments including both cloud and on-premises systems. With sources of relevant security information and overall data volumes exploding, a cloud service is a perfect solution for SIEM deployments. Building SIEM upon a proven data aggregation and analysis platform like Splunk leverages the same rich features designed to improve IT operations for security management all in one package. CITY OF LOS ANGELES INTEGRATES REAL-TIME SECURITY INTELLIGENCE ACROSS 40+ CITY AGENCIES Los Angeles is a vast metropolis with critical infrastructure like airports, seaports, and water and power, as well as 35,000 employees and over 100,000 endpoints generating 14 million security events daily. The city s departments had their own security tools, requiring it to gather and manually correlate logs from each agency for broad views of its network security an untenable process that was cumbersome, imprecise and slow to address threats. To better protect its digital infrastructure, Los Angeles sought a scalable cloud-based SIEM to identify, prioritize and mitigate threats, gain visibility into suspicious activities and assess citywide risks. After considering available solutions, Los Angeles chose Splunk Cloud and Splunk Enterprise Security for its extraordinary scalability and 100 percent uptime SLA. Splunk Cloud was fast to deploy and easy to tailor, whereas customizing competing products required two full-time employees, says Timothy Lee, chief information security officer for the City of Los Angeles. Since deploying Splunk Cloud and Splunk Enterprise Security, the city has seen benefits including: Creation of citywide security operations center (SOC) Real-time threat intelligence Reduced operational costs Splunk s real-time situational awareness and timely threat intelligence is enabling the city to securely lock down its digital assets. By anchoring its integrated SOC with the rich SIEM functionalities of Splunk Cloud and Enterprise Security, Los Angeles met its mayor s directive by transforming its patchwork of security measures into a cohesive, all-encompassing cyber security strategy. For municipalities that are decentralized into many departments, the Splunk platform is a comprehensive yet cost-effective security solution, says Lee. Try Splunk Enterprise Security now. Experience the power of Splunk Enterprise Security with no downloads, no hardware set-up and no configuration required. The Splunk Enterprise Security Online Sandbox is a 7-day evaluation environment with pre-populated data, provisioned in the cloud, enabling you to search, visualize and analyze data, and thoroughly investigate incidents across a wide range of security use cases. You can also follow a step-by-step tutorial that will guide you through the powerful visualizations and analysis enabled by Splunk software. Learn More. sales@splunk.com www.splunk.com 2016 Splunk Inc. All rights reserved. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Hunk, Splunk Cloud, Splunk Light, SPL and Splunk MINT are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. WP_Splunk_SIEM-in-the-Cloud_102

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information