Security Information & Event Management (SIEM) Sri Carlyle Country Manager

Security Information & Event Management (SIEM) Sri Carlyle Country Manager

LogPoint Introduction Founded i 2001, Copenhagen, Denmark 100 % Danish ownership Yearly growth: 100 percent 70 employees: 20 Sales/admin + 50 development Business Model Partner focus - Partners covering the globe Supporting European sales offices: DK, SE, UK, DE, FR Focus 2001: Focus on vulnerability scans and IT consultancy 2008: Purchase Immune focus on log management 2

Selected References 3

Selected References 4

Danish software company partners with Boeing Per Beith, Director, Information Security Solutions Network and Space Systems, Boeing, highlights the importance of access to the best of the best within the type of technology ImmuneSecurity [LogPoint red.] delivers even for a company like Boeing. Read more: www.logpoint.com/en/press 5

SCADA Risks: 3 rd Generation SCADA exposed to Internet Complex software applications Built on open standards & commercial available hardware COTS Don t meet The Commom Criteria (EAL) standards Legacy Products are end of Life are not supported 6

Why Risks No longer separation on corporate and plant networks Weak passwords Availability of 3rd party products Security documentation not in place Not enough internal training 7

SCADA Systems Global Map 8

SCADA Systems 9

SCADA Systems 10

11

12

13

14

15

16

17

18

19

20

21

22

Why SIEM and LogPoint? (1/3) Today, the majority of our communication takes place digitally travelling through various networks, and across enterprises, organisations, nations and continents. This very communication is now susceptible to crime, espionage and terrorism. Cyber security is now an essential part of our lives and business operations. So while digital communication has become our global lifeline, breakdowns and intrusions in our networks are bringing global threats to our economy and society. 23

Why SIEM and LogPoint (2/3) With racing volumes of increasingly complex data coursing through our networks, effectively monitoring such digital crimes seems an impossible task. At the same time, we all have a fundamental need for privacy. No one likes the idea that someone else may be watching our information. But our digital communication leaves a log a trail of critical information about time, place and routes. LogPoint monitors the behavior of this log traffic without invading privacy. 24

Why SIEM and LogPoint (3/3) LogPoint is a tool that collects and organises logs from activities anywhere on our networks, from applications to computers to servers to switches, routers and mobile devices. LogPoint makes log analysis and information assessment an easy, swift process to help you track and reveal security breaches in your network in real time. LogPoint constantly monitors your network's overall condition, identifying traffic bottlenecks and detecting attempts of intrusion so you can take prompt action to prevent future disruption and protect your assets. 25

Tool or Business Critical Application? What many enterprises think when they hear about LogPoint: We already have sufficient control of our logs! We don t want another monitoring tool! No demand from the business units consequently: nice-to-have! BUT An Enterprise without SIEM = A community without law enforcement! SIEM protects business assets SIEM creates overview SIEM discovers anomal behaviours SIEM is the Enterprise Business Intelligence platform for IT Security at the same level as e.g. SAP og SalesForce etc 26

LogPoint Unique Points: True enterprise application that scales globally Complete multi-tenancy for hosted solutions (ISP s) Flexibility, scaling and fully distributed One common language across the entire IT infrastructure Secure storage of secured logs (forensics) Real time analysis and alarming Advanced correlation across the enterprise environment EASY to install and maintain User interface is unique and Scandinavian License model is simple and transparent

Market Analytics Market size/year: Licenses: USD 1,6 billion Services: USD 1,2 billion EU = 30% Bottom Line: Enterprise architects have to plan for IT deployments of ever-increasing complexity and deal with increasing threats and risks. These and other trends create the need to expand security visibility throughout the entire stack of IT tools and technologies. Security information and event management (SIEM) is a pivotal technology that currently provides security visibility, and it is likely to hold the same role for the next two to three years. SIEM faces opportunities for growth in five core areas: new types of log and context data, shared intelligence, novel analytic algorithms, monitoring of emerging environments, and application security monitoring. Gartner Report (SIEM Futures) 28

Captures Events from the Entire Network 29

SIEM in Simple Terms 30

Security Operations Center View 31

Security Operations Center View 32

Real-tids dashboards og alarmer 33

Visit and Download 34