Eoin Thornton Senior Security Architect Zinopy Security Ltd.

Similar documents

An Introduction to RSA envision The Information Log Management Platform for Security and Compliance Success. September, 2009

An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011

Security Information and Event Management Introduction to envision: The Information Management Platform for Security and Compliance Operations Success

Enabling Security Operations with RSA envision. August, 2009

RSA SIEM and DLP Infrastructure and Information Monitoring in One Solution

QRadar SIEM 6.3 Datasheet

RSA Solution Brief. RSA envision. Platform. Compliance and Security Information Management. RSA Solution Brief

End-to-end Solutions to Enable Log Management Best Practices

RSA Solution Brief. Platform. The RSA envision. A Single, Integrated 3-in-1 Log Management Solution. RSA Solution Brief

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

LogInspect 5 Product Features Robust. Dynamic. Unparalleled.

LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled.

Modular Network Security. Tyler Carter, McAfee Network Security

How To Protect Your Virtual Infrastructure From Attack From A Cyber Threat

Q1 Labs Corporate Overview

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

IBM QRadar Security Intelligence April 2013

syslog-ng Product Line

What is Security Intelligence?

Discover & Investigate Advanced Threats. OVERVIEW

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

VMware Integrated Partner Solutions for Networking and Security

The SIEM Evaluator s Guide

Tech Brief. Choosing the Right Log Management Product. By Michael Pastore

RSA envision Platform. Sales Guide

Clavister InSight TM. Protecting Values

Detect & Investigate Threats. OVERVIEW

Payment Card Industry Data Security Standard

Certification Report

Juniper Security Threat Response Manager (STRM) Mikko Kuljukka COMPUTERLINKS Oy

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

DIR Contract Number DIR-TSO-2621 Appendix C Pricing Index

Caretower s SIEM Managed Security Services

White paper. Security Check: 7 Things to Consider When Evaluating Vendor Solutions for SIEM

Log management & SIEM: QRadar Security Intelligence Platform

Ecom Infotech. Page 1 of 6

TRIPWIRE NERC SOLUTION SUITE

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

How To Buy Nitro Security

HP and netforensics Security Information Management solutions. Business blueprint

Boosting enterprise security with integrated log management

Compliance and Security Information Management for PCI DSS Requirement 10 and Beyond

Configuring Celerra for Security Information Management with Network Intelligence s envision

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

White Paper: Meeting and Exceeding GSI/GCSx Information Security Monitoring Requirements

Product white paper. ROI and SIEM. How the RSA envision platform delivers an Industry-leading ROI

Log Management How to Develop the Right Strategy for Business and Compliance. Log Management

Replacing Microsoft Forefront Threat Management Gateway with F5 BIG-IP. Dennis de Leest Sr. Systems Engineer Netherlands

Scalability in Log Management

RSA Security Solutions for Virtualization

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide

Redefining SIEM to Real Time Security Intelligence

Current IBAT Endorsed Services

Security Event and Log Management Service:

Sichere Virtualisierung mit VMware

Information Technology Policy

Cisco ASA 5500 Series Firewall Edition for the Enterprise

Find the needle in the security haystack

SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

Symantec Consulting Services

How RSA has helped EMC to secure its Virtual Infrastructure

Vulnerability Management

IBM Security IBM Corporation IBM Corporation

We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review

How To Protect Your Network From Attack From A Network Security Threat

The Sumo Logic Solution: Security and Compliance

IT Security & Compliance. On Time. On Budget. On Demand.

Compliance Management, made easy

10 Reasons Your Existing SIEM Isn t Good Enough

Cisco Remote Management Services for Security

RSA, The Security Division of EMC. Zamanta Anguiano Sales Manager RSA

McAfee Network Security Platform

1 Introduction Product Description Strengths and Challenges Copyright... 5

IBM Internet Security Systems products and services

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

RSA Solution Brief. RSA envision LogSmart Internet Protocol Database. RSA Solution Brief

Enterprise Security Solutions

Peter Dulay, CISSP Senior Architect, Security BU

nfx Cinxi One SIEM Partner Guide Revision: H2CY10

NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers

Symantec Security Information Manager Version 4.7

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

Protection & Compliance are you capturing what s going on? Alistair Holmes. Senior Systems Consultant

What is SIEM? Security Information and Event Management. Comes in a software format or as an appliance.

Evaluating, choosing and implementing a SIEM solution. Dan Han, Virginia Commonwealth University

SECURITY OVERVIEW FOR MY.ENDNOTE.COM. In line with commercial industry standards, Thomson Reuters employs a dedicated security team to protect our

Injazat s Managed Services Portfolio

Advanced Threats: The New World Order

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

What s New in Security Analytics Be the Hunter.. Not the Hunted

IBM Security Operations Center Poland! Wrocław! Daniel Donhefner SOC Manager!

Transcription:

RSA envision: Transform your Security Operations A Technical overview & demo of RSA envision The Information Log Management Platform for Security and Compliance Success Eoin Thornton Senior Security Architect Zinopy Security Ltd.

Changing Threats and More Demanding Regulations External attacks Malicious insiders taking financial info Data Center R&D Careless users leaking IP Costly audit requirements Executive Financial DMZ Ever changing business requirements New Web 2.0 and P2P technologies

IT Staff Feels the Pressure Security team lacks visibility into the IT environment. Overwhelming to process raw log and event volume. Compliance is costly and resource intensive. Real time security posture is difficult to understand.

Issues and Needs Security team cannot see into the IT environment. Non intrusive log collection to access all event sources. Overwhelming to process raw log and event volume. Complete information lifecycle management process. Real time security posture is difficult to understand. Real time risk based prioritization of events. Compliance is timeconsuming. Compliance reports in minutes not weeks.

RSA envision 3 in 1 SIEM Platform Simplifying Compliance Enhancing Security Optimizing IT & Network Operations Compliance reports for regulations and internal policy Real time security alerting and analysis IT monitoring across the infrastructure Reporting Auditing Forensics Alert / correlation Network baseline Visibility Purpose built database (IPDB) RSA envision Log Management platform security devices network devices applications / databases servers storage

Simplifying Compliance Robust Alerting & Reporting 1400 reports+ included out of the box Easily customizable Grouped according to standards, e.g. National Laws (SOX, Basel II, JSOX), Industry Regulations (PCI), Best Practices & Standards (ISO 27002, ITIL)

Enhancing Security Support the 3 key aspects of Security Operations Turn Turn real real time time events, e.g. e.g. threats, into into actionable data data Create a a closed loop incident handling process Report Report on on the the effectiveness of of security management SIEM technology provides real time event management and historical analysis of security data from a wide set of heterogeneous sources. This technology is used to filter incident information into data that can be acted on for the purposes of incident response and forensic analysis. Mark Nicolette, Gartner

Benefits Turns raw log data into actionable information Increases visibility into security, compliance and operational issues Saves time through compliance reporting Streamlines the security incident handling process Lowers operational costs

Why envision? Any Data Any Scale Collection of any type of log data, real time correlation, and best inbreed scalability Lowest TCO SIEM solution Appliance form factor, agentless architecture Flexible but simple customization Most Complete Security Knowledge Comprehensive combination of event sources, correlation rules and reports Frequent updates to security knowledgebase Broad partner eco system of strategic technology partners plus frontline security and compliance expertise Proven Solution with a large and active install base Unparalleled installed base of more than 1600 production customers Active online customer Intelligence Community for shared best practices and knowledge All from EMC/RSA Simplified IT operations, single point of contact, and global customer support Integration with RSA and EMC solutions (e.g. Access Manager, Authentication Manager, Voyence, Celerra, Symmetrix)

300,000 30000 EPS RSA envision Stand alone Appliances to Distributed Solutions LS Series 10000 7500 5000 ES Series 2500 1000 500 # DEVICES 100 200 400 750 1250 1500 2048 30,000

RSA envision Deployment Scales from a single appliance. Baseline Correlated Alerts Report Realtime Analysis Forensics Interactive Integrated Incident Query Mgmt. Event Explorer Analyze Manage Collect Collect Collect UDS Windows Server Netscreen Firewall Cisco IPS Juniper IDP Microsoft ISS Trend Micro Antivirus Device Device RSA envision Supported Devices Legacy

RSA envision Deployment to a distributed, enterprise wide architecture A SRV D SRV NAS D SRV LC NAS LC Chicago WW Security Operations London European Headquarters A SRV D SRV D SRV Mumbai Remote Office NAS LC LC A SRV: D SRV: LC: RC: Analysis Server Data Server Local Collector Remote Collector New York WW Compliance Operations

Technical demo

Thank You! Any questions? eoin.thornton@zinopy.ie