Is your SIEM ready.???



Similar documents
Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

IBM QRadar Security Intelligence April 2013

Continuous Network Monitoring

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

State of SIEM Challenges, Myths & technology Landscape 4/21/2013 1

CYBER SECURITY OPERATIONS CENTRE

Securing business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

End-user Security Analytics Strengthens Protection with ArcSight

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security

Real-Time Security Intelligence for Greater Visibility and Information-Asset Protection

How to Choose the Right Security Information and Event Management (SIEM) Solution

INSIDE A CYBER SECURITY OPERATIONS CENTRE

CHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics

System Specification. Author: CMU Team

Information Technology Policy

Compliance Overview: FISMA / NIST SP800 53

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

Security strategies to stay off the Børsen front page

High End Information Security Services

White Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere

Prevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

GOOD PRACTICE GUIDE 13 (GPG13)

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

IBM QRadar as a Service

White Paper: Meeting and Exceeding GSI/GCSx Information Security Monitoring Requirements

Security Information & Event Management (SIEM)

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Compliance Guide: ASD ISM OVERVIEW

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

How To Test For Security On A Network Without Being Hacked

IBM SECURITY QRADAR INCIDENT FORENSICS

A HELPING HAND TO PROTECT YOUR REPUTATION

Database Auditing & Security. Brian Flasck - IBM Louise Joosse - BPSolutions

RSA Security Analytics

File Integrity Monitoring: A Critical Piece in the Security Puzzle. Challenges and Solutions

Detecting Anomalous Behavior with the Business Data Lake. Reference Architecture and Enterprise Approaches.

Endpoint Threat Detection without the Pain

VISIBLY BETTER RISK AND SECURITY MANAGEMENT

BIG DATA. Shaun McLagan General Manager, RSA Australia and New Zealand CHANGING THE REALM OF POSSIBILITY IN SECURITY

Corporate Security Intelligence Services

What is Security Intelligence?

Bridging the gap between COTS tool alerting and raw data analysis

Security Intelligence Services.

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security

Evolving Threat Landscape

Boosting enterprise security with integrated log management

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

IBM Security Intelligence Strategy

The Role of Security Monitoring & SIEM in Risk Management

Effectively Using Security Intelligence to Detect Threats and Exceed Compliance

Making the difference between read to output, and read to copy GOING BEYOND BASIC FILE AUDITING FOR DATA PROTECTION

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

Breaking down silos of protection: An integrated approach to managing application security

I D C A N A L Y S T C O N N E C T I O N

THE EVOLUTION OF SIEM

Five Ways to Use Security Intelligence to Pass Your HIPAA Audit

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

Defending against modern cyber threats

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Advanced Threats: The New World Order

How To Buy Nitro Security

Next Generation Security Strategies. Marc Sarrias Regional Sales Manager

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

Changing the Enterprise Security Landscape

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

Defending Against Data Beaches: Internal Controls for Cybersecurity

Q1 Labs Corporate Overview

MANAGED SECURITY SERVICES (MSS)

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Top tips for improved network security

The SIEM Evaluator s Guide

SORTING OUT YOUR SIEM STRATEGY:

Using LYNXeon with NetFlow to Complete Your Cyber Security Picture

Caretower s SIEM Managed Security Services

Defending the Database Techniques and best practices

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Instilling Confidence in Security and Risk Operations with Behavioral Analytics and Contextualization

Advanced Persistent Threats

CyberArk Privileged Threat Analytics. Solution Brief

Security Analytics The Beginning of the End(Point)

Risk-based solutions for managing application security

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

Sorting out SIEM strategy Five step guide to full security information visibility and controlled threat management

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

Bringing your Security Eco-System closer to Purity utilizing a Vulnerability Data Refinery

Transcription:

New security threats: Is your SIEM ready.??? May 2011 Security is more than just compliance

Compliance Measure of processes and procedures Conformity with policy and directive Reporting against rules Security Protecting information & systems Misuse Attack Information loss/disclosure Confidentiality, integrity and availability Security is this and more. Trojans Phishing attacks Insider threats APTs Social engineering

Security Factors Dynamic nature Pro active vs reactive Strategic vs tactical Dynamic landscape Targets are getting bigger Attacks more frequent Variable in nature

Dynamic landscape Uncertainty is a given Large scale deployments Massive data volume to monitors You can t set the rules Dynamic Landscape So a SIEM must: Be horizontal and vertically scalable Collect all of the data all of the time Real time interpretation of all events Timely alerting

Proactive vs Reactive Most go undetected Losses becoming greater 90% of time breach detectable* * Verizon Business Dt Data Breach hreport t2010 Proactive vs Reactive Time is of the essence Loss prevention All silos no blind spots Join the dots for real time interpretation Threat mitigation

Proactive vs Reactive So a SIEM must: Do more than historical archive & reporting Ensure reliable evidential archive Not depend on pre defined rules alone Prioritise and mitigate threats Strategic vs Tactical Integrated security solutions Local picture Global perspective Security intelligence

Strategic vs tactical Beyond rules: quantify and qualify Event contextualisation Risk profile based threat assessment Completeness of vision Strategic vs Tactical The more the data you analyse the better the decision So a SIEM must: Enterprise wide monitoring across silos Build knowledge base for data enrichment High speed analysis to continuously join the dots Bh Behavioural lbased anomaly detection

Integrated Security Platform Security Management Compliance Information Assurance Security is not Compliance Scalable to meet changing security needs Correlate and investigate real time Evidential records suitable for interrogation Identify anomalous or suspicious events Timely alerting of prioritised threats

Good SIEM Foundation Building a good SIEM Foundation You get what you give, What you put into things is what you get out of them The Foundation of every SIEM is the quality of the data it is capturing Good SIEM Foundation Centralised Capture and Consolidation Real time collection Value of Security Data diminishes over time Original Data Capture for evidential replay Event time synchronization Multiple Time Stamps Internal Event Time Sync Normalisation of data Structure data in searchable columns and rows Single Query across multiple different data sources Scalable architecture Ability to handle variability in data volumes

Alerting and Reporting Real time alerts Faster Remediation Reduce Impact Multi dimensional analysis Static Rules Base Analysis Dynamic Behavioral Analysis External data enrichment Good SIEM Foundation Import and leverage user knowledge base Correlate with external data stores to validate and enrich alerts. (Vulnerability assessment, IAM, CMDB etc) Example Scenario Unusual Activity - Alert base on Behavioural Analysis and external user information correlation from IAM File Change and Privilege Access- Alert base on Correlation between Abnormal File Change with recent unusual activity, flag the server as High Risk Port Scan - Alert on Port Scan coming from High Risk Server Potential Compromise Servers Generate report from a single query to identify potential Compromised Servers Identify Source - Identify the Initial Source of the Attack. Hacker Searches for more machines to compromise Firewall Corporate Server Open Ports Corporate Server Port Scan Corporate Server Privilege Access Unusual Activity Important Files User Private Information, Transaction Details etc Corporate Server Holds user information and transactions Threat Disgruntled Employee, Hacker etc

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information