Working to be stronger

Similar documents
Why Your SIEM Isn t Adding Value And Why It May Not Be The Tool s Fault. Best Practices Whitepaper June 18, 2014

The first part of this series looked at some of the major areas of spend during the initial stages of designing and building a datacentre.

SIM. Moving beyond network security toward protecting applications. SearchSecurity.com Technical Guide on. inside

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS

Seven Reasons why CRM projects fail

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM

Critical Watch aims to reduce countermeasure deployment pain by doing it all for you

Mucho Big Data y La Seguridad para cuándo?

CONNECTING WITH THE CLOUD

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

How To Manage Threat Intelligence On A Microsoft Microsoft Iphone Or Ipad Or Ipa Device

Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series

Scott Lucas: I m Scott Lucas. I m the Director of Product Marketing for the Branch Solutions Business Unit.

What is SIEM? Security Information and Event Management. Comes in a software format or as an appliance.

THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS

Information & Asset Protection with SIEM and DLP

5 Reasons Your Business Needs Network Monitoring

Sorting out SIEM strategy Five step guide to full security information visibility and controlled threat management

Security Information & Event Management (SIEM)

Changing the Enterprise Security Landscape

UltraVMTM Dedicated Cloud Servers

Presentation Title: When Anti-virus Doesn t Cut it: Catching Malware with SIEM

Five Reasons Your Business Needs Network Monitoring

Planning for and implementing security logging

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security

Towards Threat Wisdom

The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

The SIEM Evaluator s Guide

SORTING OUT YOUR SIEM STRATEGY:

cloud Development Strategies - Part 1

SIEM 2.0: AN IANS INTERACTIVE PHONE CONFERENCE INTEGRATING FIVE KEY REQUIREMENTS MISSING IN 1ST GEN SOLUTIONS SUMMARY OF FINDINGS

Tivoli Security Information and Event Manager V1.0

Gain the cloud advantage. Cloud computing explained Decide if the cloud is right for you See how to get started in the cloud

How To Run An Ultravm Cloud Server

Elbit Systems of America conquers the challenges of expansion with Enterprise IT Management.

Tom Reilly President & CEO, ArcSight

The Emergence of Security Business Intelligence: Risk

Leveraging Intelligence to. Trident Risk Management

Security Information Management (SIM)

PCI White Paper Series. Compliance driven security

With Cloud Defender, Alert Logic combines products to deliver outcome-based security

Introduction. Success Tips for GRC Projects

GETTING MORE FOR LESS AS LOG MANAGEMENT AND SIEM CONVERGE

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers

One View Of Customer Data & Marketing Data

Converting Security & Log Data into Business Intelligence: Art or Science? Phone Conference

DNS Response Policy Zones Roadmap to Accellerate Adoption

Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER

What Works in Supply Chain and Partner Security: Using BitSight to Assess and Monitor Third-Party Cybersecurity

Security. 26 November 2012 Vol.18 No11

Cloud Computing. What does it really mean for your business?

IT Security Strategy and Priorities. Stefan Lager CTO Services

Bio-inspired cyber security for your enterprise

TIBCO Cyber Security Platform. Atif Chaughtai

400+ 2m+ 150k+ The VYRE Cloud. Brands. Assets. Users

Pay per Click Success 5 Easy Ways to Grow Sales and Lower Costs

Trust issues. 68 Computer News Middle East november

WhatWorks: Blocking Complex Malware Threats at Boston Financial

How To Buy Nitro Security

Best value security report

How to make your business more flexible & cost effective? Remote Management & Monitoring Solutions for IT Providers

Putting Critical Applications in the Public Cloud. The Very Latest Best Practices & Methodologies

IBM QRadar Security Intelligence April 2013

Find the needle in the security haystack

Accelerating Software Security With HP. Rob Roy Federal CTO HP Software

Cutting Through SIEM Vendor Marketing. Make the right technology decision A. Ananth

End-user Security Analytics Strengthens Protection with ArcSight

Cyber Security Competency Center

QRadar SIEM and FireEye MPS Integration

Eoin Thornton Senior Security Architect Zinopy Security Ltd.

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Securely Yours LLC Top Security Topics for Sajay Rai, CPA, CISSP, CISM

PUBLIC CLOUD COMES OF AGE

10 ways to ensure successful implementation and user adoption of a new CRM How one firm did it and saw tangible ROI immediately

Actionable Security Intelligence: Preparing for the Next Threat with a Proactive Strategy

Reducing Customer Churn

Be Fast, but be Secure a New Approach to Application Security July 23, 2015

Best Practices for Building a Security Operations Center

Product white paper. ROI and SIEM. How the RSA envision platform delivers an Industry-leading ROI

Tech Brief. Choosing the Right Log Management Product. By Michael Pastore

Advanced File Integrity Monitoring for IT Security, Integrity and Compliance: What you need to know

How To Connect Log Files To A Log File On A Network With A Network Device (Network) On A Computer Or Network (Network Or Network) On Your Network (For A Network)

The Connected CFO a company s secret silver bullet?

QRadar SIEM 6.3 Datasheet

Identifying the Future. Physical Security Information Management (PSIM) The Transformation of Gaming Security and Surveillance

DIR Contract Number DIR-TSO-2621 Appendix C Pricing Index

THE TOP 4 CONTROLS.

Company Overview. Enterprise Cloud Solutions

FREE REPORT: Answers To The Top 5 Questions Business Owners Have About Cloud Computing

PATCH MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

Seven Reclamation Targets

Attack Intelligence: Why It Matters

REVAMP YOUR IT CAREER AS A CLOUD SECURITY EXPERT

security changes with Orange focus on your business, we focus on your security

Introduction to Runtime Application Self Protection (RASP) Making Applications Self Protecting, Self Diagnosing and Self Testing

White Paper. To upgrade or consolidate - that is the question. Why not do both?

Threat intelligence visibility the way forward. Mike Adler, Senior Product Manager Assure Threat Intelligence

Transcription:

Working to be stronger Many companies in the Middle East are missing out by not gaining valuable intelligence from threats. Security information and event management () has arisen on the enterprise scene as the latest must-have in not only protecting your business environment, but providing you with tools to analyse each threat. Ben Rossi dissects the ins and outs of. W how many organisations in the Middle East are engaging in active, it s no easy feat. Companies are notoriously, and understandably, reluctant to reveal any information about their security environments. As a result, when industry experts are quizzed on the subject, answers are quite varied. Around 25% and that will double this year, says Jude Pereira, MD at Nanjgel Solutions. Bulent Teksoz, chief security strategist at Symantec, reckons more. I think most of them right now either have a project running now or are thinking about running it, he says. Simon Carvalho, principal security architect at Paramount, draws upon the introduce the concept of to the market in 2005 and in the last seven years has done around 30-35 implementations. I would say there have been about 150 implementations in organisations from the Middle East. In terms of the number of organisations that have engaged in a true 60 Computer News Middle East MARCH 2012 www.cnmeonline.com

active in the right manner, I would say probably only a handful, very low less than 5%, he says. Explosion s name derives from the convergence of the formerly disparate products of security information management (SIM) and security event management (SEM). It s a centralised security monitoring technology where you can have all threats you can rely on the single platform to understand your threat risks and security levels at any given time, Pereira says Nicolai Solling, director of technology services at helpag ME, refers to the explosion of security devices and solutions in the last few years leading to the necessity of to control the increase in events. Jude Pereira, MD at Nanjgel Solutions care of network security and maybe an antivirus for the clients. But on top of that, today, we have things like IPS, quality of service devices and network access control devices, Solling says. As we saw an explosion in all of these devices, we also had an explosion in the number of events. Each of these devices would feed in information and say, we have a problem. The security team needs to react to these. A solution is very important because it takes those events and analyses them based on the risks they present to the enterprise, he adds. Carvalho says provides insight into threats before, during and after an attack takes place. A lot of organisations in the Middle East invest a lot in security infrastructure, but unfortunately nobody is looking at the generate 10 to 20 thousand lines of logs. It is manually not possible for a human being to sit and look at these, he says. So if your organisation is going to be under attack, can give you a heads up on that. It gives you the ability to understand when an attack is going to happen. An effective solution also has the capability to give you real- time information when an attack is happening. It tells you in real time how you were attacked, what is being attacked and what the impact is. A solution also makes it possible to investigate and understand what exactly happened during an attack. makes it possible to investigate exactly what happen after an attack occurs. A lot of organisations in the Middle East invest a lot in security infrastructure, but unfortunately nobody is looking at the logs. On a typical day a typical firewall will generate 10 to 20 thousand lines of logs. It is manually not possible for a human being to sit and look at these. Justin Doo, security practice director at Symantec MENA Basic requirements Before starting out on a implementation, a company s current security environment does not require much more than a basic existing infrastructure. Most enterprises have already invested a security perspective. The idea of a good is that it should be able to utilise the right technology that s already within the business, says Justin Doo, security practice director at Symantec MENA. basic things that need to be there before embarking on, Carvalho says. Solling refers to these as bread and butter security requirements. There s no need to look at a solution if you haven t matured as a security organisation already, he adds. Once all the security requirements are in place, it is time to choose a vendor. Pereira provides some insight into who the major vendors of are and what he believes they offer. vendors, and then three more that are kind of jack- of- all, master- of- none. The vendors are very close, but each one is unique based on the concept, the architecture or where it started from. The top vendors in the www.cnmeonline.com MARCH 2012 Computer News Middle East 61

space are RSA, Arcsight, NitroSecurity, Log Logic and Q1 Labs, Pereira says. When you look at Log Logic, the name itself is an indicator of what they are, which is pioneers in log management. But in order to enter the space they needed some events management so I would say they give customers 80% in log management and 20% in SIM. Nitro, on the other hand, are trying to become 50% SIM and 50% log, but they re still not quite there. I would say Arcsight, Q1 Labs and RSA are the guys that have nearly got it right, he adds. Solling expands on the varying offerings of solutions from vendors. There are different levels of. There are companies that are just focused on log management who are now rebranding themselves as a solution providers, which is correct that they correlate logs and understand logs from different kinds of devices.however, they re not necessarily a solution in the sense that they can add intelligence to how to react and report on a Selection With different vendors offering different choose the right solution for their business. Pereira says the lack of understanding Simon Carvalho, principal security architect at Paramount organisations have on the subject of can lead to them making the wrong decision. Since the customer is not educated enough to understand and to qualify the vendor, he ends up going into, say, Axel Ops or EIQ Networks, which at the end of the day are not really correlation management tools. Since they can do a bit of security they convince a customer on that, and it s only later that the customer realises that they ve lost the value of, he says. All of the industry experts questioned on do when choosing a vendor is to set down the objectives of what they want to achieve and expect from the solution. If your initiatives are purely compliance based then there are several solutions that can do that. If your objectives are to enhance existing security operations then there are fewer solutions that can do that, Carvalho says. time and money you can devote to the. There are some solutions that require you to have a lot of people dedicated, and some that can be managed with just one of two people. Also, a lot of time it makes sense to go for a solution from a vendor that you already have products from. Finally, all organisations should do a proof of concept before they buy a solution. They have to do trial, pilot and test what the best solution is, he adds. Doo says it is important to examine the track record and also training offerings of vendors. You should look at how each vendor has evidenced success in similar implementations in the region or vertical Bulent Teksoz, chief security strategist at Symantec A lot of organisations in the Middle East invest a lot in security infrastructures, but unfortunately nobody is looking at the logs. On a typical day a typical firewall will generate 10 to 20 thousand lines of logs. It is manually not possible for a human being to sit and look at these. markets similar to the one you are in. Then, since building a team internally is integral to getting the most out of the solution, for me the vendor should be able to help train those teams in terms of identifying possible organisational structures, and how to respond to and help rate critical incidents, he says. It is this team that is constantly emphasised in discussions with our experts as the most important aspect of making the solution successful, and the most common pitfall in failed implementations. It s one thing to have a deployed, but it s another to actually derive all of the information out of it. You need trained people that understand what it is they re seeing and to benchmark that against the risk within the business. That is something that has traditionally been harder to achieve in the local market, Doo says. 62 Computer News Middle East MARCH 2012 www.cnmeonline.com

People play a very important role. In order for companies to derive maximum people, because at the end of the day these are the people that are managing the solution and taking action from what the solution tells you. Human action is a necessity, Teksoz adds. Pereira believes that a lack of training will create further issues for organisations from. The challenge is to be able to educate the customer. Often they are not trained enough to understand the technology and the engineers just say, that s not the right way or let s not do this thing, which can lead to problems, he says. Phased approach In terms of best practices, Carvalho says Waseem Hattar, operations security manager at ehdf implementing in stages is essential to get the most out of. Start small and grow as you see success. Start off with basic use cases that address your pinpoints and then try to integrate all the devices. Some organisations try to start off with everything and they end up getting lost. Get the main 20 to 50 pinpoints down and then address the next pinpoints in further stages, he says. Any organisation looking to deploy has to integrate all devices under, but typically it is not possible for logistical reasons. Typically a medium sized organisation in the Middle East would have between 300 and 500 devices, so you should servers, databases and operating systems. Then do things like business applications it is very important to integrate these because that s where you get the real value out of, he adds. Whilst undoubtedly requiring a lot of invested work and time for an organisation, if all devices are not integrated and all logs not collected, it will be a wasted solution, Carvalho says. Many organisations try to be stingy in and only want to collect certain important logs, but the problem with that is once you start collecting and analysing you won t know what s important. When the time of an investigation comes after an attack and you realise you weren t collecting the right logs, then it will be a wasted process, he says. You can t make a solution better than the data it receives - you have to have support from the different departments Nicolai Solling, director of technology service at help AG ME within the IT infrastructure - your server side, security side and client side. You need to make sure that you correlate information from everything, Solling says. Waseem Hattar, operations security manager at ehdf (ehosting DataFort), adds that companies must be prepared to completely commit to, as the costs and efforts to make it work will be high. The main challenge is the cost that can be very high even without management and engineering costs. Enterprises also need to remain updated with the current attacks and need to have a deep insight on creating alert rules on the system. If alerts are not generated, the system will only log data and archive the logs without any assessment, Hattar concludes. BY THE NUMBERS $858m $987m 15% 80% Cost of market at the beginning of 2010 Cost of market at the end of 2010 Growth rate of market during 2010 Source: Source: Gartner (2011) Amount of initial deployments in North America funded to close a compliance gap 64 Computer News Middle East MARCH 2012 www.cnmeonline.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information