Fight the Noise with SIEM

Similar documents
Server Monitoring: Centralize and Win

The SIEM Evaluator s Guide

7 Tips for Achieving Active Directory Compliance. By Darren Mar-Elia

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Clavister InSight TM. Protecting Values

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring

Intel Security Certified Product Specialist Security Information Event Management (SIEM)

Using Monitoring, Logging, and Alerting to Improve ICS Security ICSJWG 2015 Fall Meeting October 27, 2015

EXPERT STRATEGIES FOR LOG COLLECTION, ROOT CAUSE ANALYSIS, AND COMPLIANCE

AlienVault for Regulatory Compliance

Log Analysis: Overall Issues p. 1 Introduction p. 2 IT Budgets and Results: Leveraging OSS Solutions at Little Cost p. 2 Reporting Security

Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER

Security Information & Event Management A Best Practices Approach

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

It s Time to Outsource the Dirty Work

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

RAVEN, Network Security and Health for the Enterprise

Best Practices for Log File Management (Compliance, Security, Troubleshooting)

CALNET 3 Category 7 Network Based Management Security. Table of Contents

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

AlienVault Unified Security Management Solution Complete. Simple. Affordable Life Cycle of a log

Continuous Network Monitoring

2014 ZOHO Corp, Inc. All Rights Reserved

Passive Logging. Intrusion Detection System (IDS): Software that automates this process

Payment Card Industry Data Security Standard

Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)

Top 3 Issues and Questions (in Network Monitoring!) Developing a Network Monitoring Architecture! infotex. Dan Hadaway CRISC Managing Partner, infotex

Cyber Security Metrics Dashboards & Analytics

SANS Top 20 Critical Controls for Effective Cyber Defense

Everything You Always Wanted to Know About Log Management But Were Afraid to Ask. August 21, 2013

Overcoming PCI Compliance Challenges

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Log Management How to Develop the Right Strategy for Business and Compliance. Log Management

Security Intelligence in Action: SANS Review of McAfee Enterprise Security Manager (ESM) 9.2

End-user Security Analytics Strengthens Protection with ArcSight

NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers

SourceFireNext-Generation IPS

Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER

Applying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events

MANAGED SERVICES PROVIDER. Dynamic Solutions. Superior Results.

TRIPWIRE NERC SOLUTION SUITE

How To Manage Security On A Networked Computer System

Enforcive / Enterprise Security

Overcoming Five Critical Cybersecurity Gaps

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, Concepts.

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Presentation Title: When Anti-virus Doesn t Cut it: Catching Malware with SIEM

Security Manual Template Policy and Procedure Manual Compliance Management Made Easy ISO / HIPAA / SOX / CobiT / FIPS 199 Compliant

INTRUSION PREVENTION SYSTEMS: FIVE BENEFITS OF SECUREDATA S MANAGED SERVICE APPROACH

Cisco IPS Tuning Overview

AlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals

CLOUD GUARD UNIFIED ENTERPRISE

The Sumo Logic Solution: Security and Compliance

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

Current IBAT Endorsed Services

How To Manage Sourcefire From A Command Console

LogInspect 5 Product Features Robust. Dynamic. Unparalleled.

SOC & HIPAA Compliance

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Simply Sophisticated. Information Security and Compliance

SIEM just another acronym? What is it Why Advanced Persistent Threats (APTs) Audit Objectives Audit Program

CAS8489 Delivering Security as a Service (SIEMaaS) November 2014

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

Firewalls Overview and Best Practices. White Paper

Why Your SIEM Isn t Adding Value And Why It May Not Be The Tool s Fault. Best Practices Whitepaper June 18, 2014

whitepaper The Benefits of Integrating File Integrity Monitoring with SIEM

LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled.

McAfee Network Security Platform Administration Course

Securing business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security

Hosted SharePoint: Questions every provider should answer

Bridging the gap between COTS tool alerting and raw data analysis

whitepaper 4 Best Practices for Building PCI DSS Compliant Networks

Intrusion Detection Systems

Risk-based security buyer s guide:

Client Security Risk Assessment Questionnaire

Detect & Investigate Threats. OVERVIEW

How To Manage Log Management

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

WHITE PAPER WHAT HAPPENED?

Five Ways to Use Security Intelligence to Pass Your HIPAA Audit

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

Secure Networks for Process Control

PCI Compliance for Cloud Applications

Agenda. Agenda. Security Testing: The Easiest Part of PCI Certification. Core Security Technologies September 6, 2007

SIEM 2.0: AN IANS INTERACTIVE PHONE CONFERENCE INTEGRATING FIVE KEY REQUIREMENTS MISSING IN 1ST GEN SOLUTIONS SUMMARY OF FINDINGS

It s not a matter of if but when. Actionable Threat Intelligence, Accelerated Response

Architecture Overview

SP Monitor. nfx One gives MSPs the agility and power they need to confidently grow their security services business. NFX FOR MSP SOLUTION BRIEF

Understanding It s Me 247 Security. A Guide for our Credit Union Clients and Owners

Log Management Standard 1.0 INTRODUCTION 2.0 SYSTEM AND APPLICATION MONITORING STANDARD. 2.1 Required Logging

CyberArk Privileged Threat Analytics. Solution Brief

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

SonicWALL Global Management System Reporting Guide Standard Edition

White paper: Nine Simple Steps to Vendor Management

Transcription:

Fight the Noise with SIEM An Incident Response System Classified: Public An Indiana Bankers Association Preferred Service Provider! elmdemo.infotex.com

Managed Security Services by infotex! Page 2 Incident Response Management We re on Your Team A big difference between purchasing an application and engaging with infotex: we join your team. Imagine hiring a well-knit group of Information Security Professionals, with certifications from ISACA, ISC 2, and others. The sale is the start of our relationship with you. We work to get to know your unique system meaning your network AND your people and we bring a balanced approach. Twenty Four by Seven by Three Sixty Five! If you re looking into a Managed Security Service Provider (MSSP), chances are you re doing so for one of these reasons: Compliance: You ve been working with an international firm and you re realized that the cookie cutter approach is putting you out of compliance with your own policies and procedures related to network monitoring. Risk Management: You ve decided that you simply can not accept the risk of NOT watching what s happening to your network when you re asleep, on vacation, or otherwise unavailable. Cost Savings: You ve done the math and have decided that your people are better off focusing on what they do for a living, and leaving the tedious, impermanent work of security to people who do nothing but watch networks for a living. Balancing Technology with Humanity! Our Clients can tell you how we work not only in the technical act of watching your network, but also with the nontechnical implications of our services. When we re on your team, hundreds of policy and procedure templates are always at your disposal. A Good Night s Sleep We ve studied why people contract with Managed Security Service Providers, and beyond all the rhetoric that the corporate marketers have in their websites and slick marketing flyers, we ve reduced it all down to one thing: You want somebody to watch your back, to be there when you can t. You want a good night s sleep! Customization Having made the decision to outsource or to get more professional help, the next decision you need to make is this: Are you really willing to hand over the important monitoring function to a cookie-cutter approach? When you do your homework, you will find that infotex has the appropriate controls in place to provide top-notch service: including third-party assurance controls, certifications, training, and testing. Why be one of thousands, when you can have a custom approach? Who Watches the Watcher? The most important question to ask of any Managed Security Service Provider is, what assurance do I have that you follow the same best practices you preach? At infotex, we walk the talk. We conform to the FFIEC Guidelines, HIPAA Security Ruling, Sarbanes Oxley, PCI, and other important regulations. We re in the FFIEC Technology Service Provider Examination Program.... undergoing the same scrutiny as any of our financial institution clients. infotex Managing Technology Risk my.infotex.com (800) 466-9939

Managed Security Services by infotex! Page 3 Incident Response Management A compliant solution... Being in the FFIEC Examination program is not enough. We also hire at least two additional audit firms each year. We also make sure it s easy for you to see what controls we have in place to protect our access to your network. We teach banks and credit unions how to make sure they know the risk they face because they share information with or grant network access to vendors. Again, we walk the talk. Don t take our word for it: Ask for a copy of our Due Diligence package. In it you will see exactly what you should be receiving from all your technology vendors: assurance of controls! Monitor Your Network So just what is a Managed Security Service? To us, it means that infotex will monitor your network, looking for anything potentially negative, filter out the noise, and find reportable incidents. infotex will then respond in realtime to critical incidents per your customized decision tree. A web interface is available so you can see exactly what our Data Security Analysts see, but few of our clients actually use the web interface because we are very big on what we call Human Reporting. Human Reporting The biggest myth in Information Security is that you can automate information security. Sure, some parts of the process are automated. But human beings still need to monitor the automated processes, and that s exactly what separates infotex from other vendors. We sort through all the noise, and only involve you when you need to be involved. Yes, we have all the fancy charts and graphs and reports. But we push those out to you, in time for your Incident Response Team meetings. Our Data Security Analysts decipher the graphs and charts, review the data collected in your database, and create reports with varying levels of detail to share with your Incident Response Team. You are welcome to learn our interface and download all kinds of great information and statistics about your network. Still, rather than making you pull information from the system, human beings decipher the information and push it to you. You only see what you need to see, when you need to see it. infotex Managing Technology Risk my.infotex.com (800) 466-9939

Managed Security Services by infotex! Page 4 Network Monitoring Controls Preventive Control: IPS infotex uses an automated Intrusion Prevention Service that responds to predictable attacks within seconds. We get our signatures from Emerging Threats Pro, which reportably catches double the amount of malware, 20% more exploits, and about 10% more in all other categories... all while performing better. There s only one problem with all this. The notion that security can be automated is a myth! Detective Control: IDS Sure, you can automate some of the processes in information security, but without Human Beings monitoring these processes, the result is a false sense of security. We re here 24x7x365, watching your network and RESPONDING to threats. If something out of the ordinary happens, our Security Analysts are here in real time to investigate and respond. For detection, we use thousands of signatures as well as protocol and anomaly analysis. infotex also adds customized signatures to detect the issues and activities that you are most concerned about. Detective Control: ELM Millions and millions of event logs are generated each day by your servers, network devices, and various applications. Your auditors and examiner are only asking whether you re reviewing failed logins, but you just KNOW they are eventually going to ask more sophisticated questions than that! Our Event Log Management Visualization Interface not only helps you filter out the noise, but the interface includes everything you need to show your auditors that you are reviewing your logs. A health report, an interface for each log type, and real time monitoring all work together to ensure you are compliant! Change Management: Change Detection When somebody on your staff opens a port for a vendor, have we remembered to close it? You will when scan a range of IP addresses on a monthly basis and report the ports that have changed since the last scan. Not only is this a great security tool, but it is an excellent change management tool as well. Tying It All Together with SIEM: The easiest way to explain Advanced Threat Protection is to think about intrusion detection in your home. What s the first thing you do after your pets sound the alarm that somebody is at your door? (You look out the window!) Our approach makes sure that we are correlating event logs with network traffic. Not only do we queue up potential correlations, but our staff is trained to look for those patterns between network traffic alerts and event logs. The end result is a much more robust approach to monitoring your network, and the security advantages to that are excellent! infotex Managing Technology Risk my.infotex.com (800) 466-9939

Managed Security Services Page 5 Intrusion Prevention (IPS) / Intrusion Detection (IDS) Multiple Methodologies We customize our approach to your unique needs, not only in our reporting and response decision tree, but also in how we connect to your network. Our Intrusion Prevention Service can be in-line, utilize Dynamic ACL updating, or leverage a LAN Bypass function so that the sensor is not a single point of failure. Decision Tree Our Decision Tree is a matrix listing all the predictable security incidents and your customized instructions as to the appropriate response. We queue up a default decision tree to take advantage of the 15 years we have been doing this, but we also allow you to customize response to your own unique situation. (Just because most of our Clients want to be awoke in the middle of the night to deal with that imminent threat, doesn t mean you do)! Calling Tree When you engage with us, infotex will help you create a calling tree.... very similar to what you re already using in your Disaster Recovery Plan, only in this case it s focused on Network Security Incidents. You will use the calling tree to direct us on how to respond to various types of incidents. It can get as granular as you wish. Policy Development The calling tree, by the way, is just one part of your overall Incident Response Program, which infotex will help you write, as we will become part of your Incident Response Team. Other documents related to what we do include your data retention policies, asset management procedures, access management procedures, and change management procedures. Forensics Capabilities Another advantage to outsourcing the network monitoring controls to a third party is that, as a third party, we are in a much better position to capture evidence in the event you need it. Our ELM system is already configured to store data forensically, but we can also be called out on site to gather evidence.... on a 24x7 basis! Put a Watch: We also have a Put a Watch service that you can invoke. We interview you to gather the information we need, and next thing you know you have a report showing pertinent information about a particular user or asset. Imagine the benefits of having a third party monitor a particular user, vendor, or even auditor. infotex Managing Technology Risk my.infotex.com (800) 466-9939

infotex Managing Technology Risk elmdemo.infotex.com ELM System Event Log Management System Consolidate, Monitor, Archive We consolidate, monitor, report on, and respond in real-time to logs from your servers, firewalls, workstations, active directory, spyware defense, and anti-malware systems, Microsoft Exchange servers, core processors, and on-line banking systems. Any device or application that generates logs in syslog format can be filtered through our system and analyzed. Server Operating Systems Event Log Database Network Devices Fight the Noise! Let us find that needle in the haystack for you. With our ELM services, you get the all the best tools and support straight from us. No third party! Competitive Pricing 24x7x365 Real Time Monitoring Daily Reporting of Actionable Events Trend Reporting - Pushed to you! Completely Customizable Tuning Evolved Since 2005 Health Reporting Signature Set Based On Best Practices, FFIEC Guidelines, and CobiT Workstation Operating Systems We re looking at these logs every day now, and only see what we need to. Our auditors love that! Health Reporting One of the tricks to Event Log Management is making sure what you are seeing corresponds with what is happening. Our health report ensures consistent collection of logs. We monitor that report in real time. Of course, if there s anything wrong we re on it immediately, but we also push daily information to you that helps you feel assured that down the road, when you need to investigate, all the evidence will be there, unchanged, in forensicsfriendly storage. Our auditors love the health reporting. Logmon Health Statistics Device HCO used Space: 12% Space consumed by archive: 39455156 MB Total Logs in Database: 3793556 Oldest Log in Database: 2011-04-11 00:01:06 Last Parse Run: 19:50 Software Applications elmdemo.infotex.com (800) 466-9939 @ 2003-2012 infotex All rights reserved.

infotex Managing Technology Risk elmdemo.infotex.com ELM System Event Log Management System Real-time Monitoring Our team of certified security data security professionals is working behind the scenes, 24 x 7 x 365, looking to find your needle in the hay stack. During the tuning process we will walk you through a tried-and-true process that allows you to determine which log events you want to respond to in real time, versus which ones can be included in our interactive daily reports or our monthly and quarterly trend reports. Interactive & Trend Reporting Not only will you be able to notice anomalies and issues over the long term with our trend reports, but you will also be able to declare that you are monitoring events in real time as well as daily. Our interactive daily reports contain detailed information and statistics about your event logs with the ability to drill down for more details. We make sure you only see what you need to see, when you need to see it! Customized to Meet Your Needs! At infotex, we understand that a cookie cutter approach may be more economy-of-scale, but it is not always the best approach to risk mitigation. Using our templates as a starting point, so you can see what others are looking for, we ll then work with you to configure and tune the event log management process using industry best practices. Any application or device that generates syslog format reports can be fed into our system. The Diamond Stack Process Our unique diamond stack process starts by consolidating all log sources into one stream of logs so that we re looking at everything in one place. We then archive raw logs in a forensics proof manner. You will be able to tell your examiners, auditors, and litigators that an independent third party ensured logs were archived in raw format, and show them the hash to prove that they were not modified from the moment they were created. Now I have one place to go where I see everything I need to see at a glance. We simultaneously feed the logs to the real-time system which will alert our data security analysts of potential issues based on a decision tree customized to your situation. We then massage the logs and populate a database with them. This database then serves as the basis for your Interactive Daily Reports, your Dashboard, and your Trend Reports. All of this information is made readily available for you to download anytime at your convenience. Using our ELM Visualization Interface, you can browse through statistics and report summaries. But if you don t have the time or the expertise, no worries! Our security team can run the trend reports and make them available to you in an easyto-read format. elmdemo.infotex.com (800) 466-9939 @ 2003-2012 infotex All rights reserved.

Confidentiality Notice: The enclosed information is proprietary and classified as Publicl, and therefore may be disclosed to third parties without prior consent of infotex. In fact, we d be happy if you put this into as many hands as you possibly can! Copyright 2000-2014 infotex. All rights reserved with the only exception being those listed above. Direct inquiries to infotex, PO Box 163, Buck Creek, Indiana 47924-0163. elmdemo.infotex.com (800) 466-9939

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information