Detecting a Hacking Attempt

Similar documents
Monitoring Windows Workstations Seven Important Events

REQUEST FOR PROPOSAL ACQUISITION & IMPLEMENTATION OF CENTRALIZED LOG MANAGEMENT SYSTEM

Supported Devices (Event Log Sources)

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

Symantec Security Information Manager Version 4.7

EventTracker Architecture Handling Millions of Events Each Day

Monitor DHCP Logs. EventTracker. EventTracker Centre Park Drive Columbia MD Publication Date: July 16, 2009

Monitoring Microsoft SQL Server Audit Logs with EventTracker The Importance of Consolidation, Correlation, and Detection Enterprise Security Series

Heroix Longitude Quick Start Guide V7.1

Shipping Products Chart. Contents

Security Correlation Server Quick Installation Guide

Microsoft Windows Apple Mac OS X

Comprehensive Monitoring of VMware vsphere ESX & ESXi Environments

Shipping Products Chart. Contents

Security Correlation Server Quick Installation Guide

Total Protection for Enterprise-Advanced

SNOW LICENSE MANAGER (7.X)... 3

Shipping Products Chart. Contents

SENTINEL MANAGEMENT & MONITORING

Microsoft Windows Apple Mac OS X

Shipping Products Chart. Contents

Online back-up. 1. Install the software from MRJ-COMPUTERS to your PC, notebook or server - 1 -

CiscoWorks SIMS(Netforensics)

The Remote Data Backup & Restore Service from

Fifty Critical Alerts for Monitoring Windows Servers Best Practices

Where can I install GFI EventsManager on my network?

Chapter 7A. Functions of Operating Systems. Types of Operating Systems. Operating System Basics

Managed Backup Service Supported Platforms

Redefining Backup for VMware Environment. Copyright 2009 EMC Corporation. All rights reserved.

RSA envision. Supported Event Sources. Vendor Device Collection Method. Vendor Device Collection Method. Vendor Device Collection Method

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

Mapping EventTracker Reports and Alerts To FISMA Requirements NIST SP Revision 3 Prism Microsystems, August 2009

IBM Tivoli Monitoring for Databases

SnapServer NAS GuardianOS 5.2 Compatibility Guide October 2009

Tripwire Log Center PRODUCT BRIEF HIGH PERFORMANCE LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

The Top Ten Insider Threats and How to Prevent Them

Introduction to Computer Administration. System Administration

Integrating Juniper Netscreen (ScreenOS)

CA Anti-Virus r8.1. Benefits. Overview. CA Advantage

Symantec NetBackup Enterprise Server and Server 7.x OS Software Compatibility List

SNOW LICENSE MANAGER (7.X)... 3

EventTracker Enterprise v7.3 Installation Guide

Monitor Oracle Event Logs using EventTracker

A CrossTec Corporation. Instructional Setup Guide. Activeworx Security Center Quick Install Guide

The syslog-ng Premium Edition 5LTS

Technical Specification Data

List of Supported Systems & Devices

syslog-ng Store Box PRODUCT DESCRIPTION Copyright BalaBit IT Security All rights reserved.

SnapServer NAS GuardianOS 6.5 Compatibility Guide May 2011

SNOW LICENSE MANAGER (7.X)... 3

SNOW LICENSE MANAGER (8.X)... 4

Security and Billing for Azure Pack. Presented by 5nine Software and Cloud Cruiser

Mapping EventTracker Reports and Alerts To The SANS 20 Critical Controls Consensus Audit Guidelines v3.1 Prism Microsystems, October 2012

IBM RealSecure Server Sensor System Requirements

Clustering in Parallels Virtuozzo-Based Systems

Chapter 5: System Software: Operating Systems and Utility Programs

IBM Tivoli Endpoint Manager for Security and Compliance

Symantec NetBackup Enterprise Server and Server 7.x OS Software Compatibility List

The syslog-ng Store Box 3 LTS

Using VMware Player. VMware Player. What Is VMware Player?

This document lists the configurations that have been tested for the Oracle Primavera P6 version 7.0 release.

System Requirements. SAS Profitability Management Deployment

BakBone Software NetVault:Backup APM and Plugin Supported Platforms Updated: 11/21/2008

Symantec Server Management Suite 7.6 powered by Altiris technology

The syslog-ng Premium Edition 5F2

Configuration Audit & Control

Enforcive /Cross-Platform Audit

Data Center. Business Intelligence. Enterprise Computing Solutions North America. Remote Monitoring & Management Solutions. arrow.

Disaster Recovery and Business Continuity Basics The difference between Disaster Recovery and Business Continuity

OPTIONS / AGENTS DESCRIPTION BENEFITS

VULNERABILITY & COMPLIANCE MANAGEMENT SYSTEM

Efficient Data Protection with EMC Avamar Global De-duplication Software

Microsoft Technologies

Symantec Endpoint Protection Datasheet

BMC BladeLogic Client Automation Installation Guide

EMC Smarts SAM, IP, ESM, MPLS, NPM, OTM, and VoIP Managers Support Matrix

Installation Guide. Sentinel Log Manager July 2014

STRATEGIC PLANNING ASSUMPTION(S)

Virtualization Journey Stages

We use VBAK all the time for file restores and if someone wants an old copy of a document, it can be found rapidly.

Adobe LiveCycle ES Update 1 System Requirements Adobe LiveCycle ES Foundation-based solution components

Where can I install GFI EventsManager on my network?

Veritas Cluster Server from Symantec

simplify monitoring Environment Prerequisites for Installation Simplify Monitoring 11.4 (v11.4) Document Date: January

Crystal Reports XI Release 1 for Windows

ALERT LOGIC ACTIVEWATCH FOR LOG MANAGER

IBM Tivoli Endpoint Manager for Security and Compliance

Ensure that the server where you install the Primary Server software meets the following requirements: Item Requirements Additional Details

Transcription:

Detecting a Hacking Attempt Speaker: Isaac Thompson Director of Sales Engineering and Training

About Prism Microsystems Founded in 1999, headquartered Columbia, Maryland Current Version EventTracker 6 Over 750 Customers Worldwide Both Government and Private Sector Clients Worldwide Presence Customers in 50+ Countries Globally Staffed Professional Services

Representative Customer List

2008 - Reported cyberattacks on U.S. government computer networks climbed 40% DOD, State, Homeland Security and Commerce all have suffered "major intrusions" in which sensitive data were stolen or compromised. Just 1% of federal agencies have fully developed tracking systems* *Source: http://www.usatoday.com/news/washington/2009-02- 16-cyber-attacks_N.htm?loc=interstitialskip

Why Log Management? Many machines, many logs, all different Windows, Syslog, SNMP, more Manual collection is hard, understanding even harder Many scenarios require correlation to detect Event on Box 1 + Event on Box 2 + Firewall Event = Hack

Hack Attempt

How It Works

Enterprise Class Solution Compliance Operations Security Can receive 40,000 Events/Seconds Compressed and secured transmission Compressed and tamper-proof data store (SHA-1) Powerful Reporting and Analytics engine Over 850 pre-built reports Virtually no impact on monitored clients <0.01% CPU utilization 0.01% network utilization

Multiple Platform Support Support events from hundreds of sources Windows Systems Any Unix Flavor (Syslog and Syslog-NG) SNMP V1/V2 (Network Devices) Flat Files (application specific log files) CISCO Systems Checkpoint Firewall Solaris BSM Legacy Platforms

Enterprise Wide Support (Not Limited to) Operating Systems: Critical Products: Vendors: Log Formats: WINDOWS SERVER 2008 MICROSOFT CLUSTERS NORTEL EVT/EVTX WINDOWS SERVER 2003 MICROSOFT OFFICE CHECKPOINT SYSLOG WINDOWS XP CITRIX WINDOWS VISTA RESILIENCE SYSLOG NG WINDOWS 2000 MICROSOFT EXCHANGE MICROSOFT SQL SERVER SECUREGUARD SNMP WINDOWS NT SERVER WINDOWS 98 ORACLE SONICWALL IIS/IISW3C/IISMSID AIX MICROSOFT IIS JUNIPER LOG HP-UX MICROSOFT ISA SUN SOLARIS - BSM NORTON ANTIVIRUS SYMANTEC W3C I-SERIES OS/400 V5R2 * TREND MICRO ANTIVIRUS WATCHGUARD TEXTLINE LINUX MCAFEE ANTIVIRUS MAC OS X VMWARE NETSCREEN TEXTWORD NETWARE 6.5 NOKIA URLSCAN WINDOWS DHCP SERVER RED HAT LINUX WINDOWS DNS TIPPINGPOINT BIN SOLARIS 8, 9, 10 IBM Z/OS * WINDOWS TERMINAL SERVER HP NCSA NOVELL SNORT SYMANTEC HTTPERR * Partnership

Functional Areas Secure Event Log Consolidation Real Time Event Correlation User Activity Tracking Network Connection Monitoring USB Monitoring System Administrative Activity Tracking Configuration Control Change Control Performance Monitoring

What is Change Management? Ever wonder why the PC that was working perfectly before is suddenly misbehaving? Ever wonder what changed? Who changed it? Was it accidental or malicious? The file system/registry of every Windows system is constantly changing This change may be voluntary or involuntary, the changes happen quickly and often without the user s knowledge Under current Windows OS architecture there is no easy way for the user to understand change, identify change and recover from change. EventTracker Change Management Compares the configuration of multiple systems with the master configuration. This plug-in provides a much needed assurance for the security team that critical files (critical web pages, sensitive documents, legal contracts, critical financial spreadsheets, critical EXE and DLL) have not been modified.

Disk Space Requirements Disk space utilization depends on two parameters: Event Traffic Number of events received/day How long do the events need to be retained? General rules for storage planning: 1G per Window or Unix server for one year archive 3G per firewall/year 100 MB per workstation/year Storage Requirement 500 servers/1 year = 50 GB* * (approximately 1 Billion events )

Event Vault (Archiving) Disk Space requirements Disk space requirements when EventTracker archives: 1M events (1,000,000 events) 5M events 100M events 1000M (approx. 500 servers, 5,000 average events day for 365 days) 5000M Event Vault 50MB 250MB 5GB 50GB 250GB

Further Information Corporate Headquarters 8815 Centre Park Drive Columbia, MD 21045 Phone: Toll Free: (877) 333-1433 Local: (410) 953-6776 Fax: (410) 953-6780 Email Sales@prismmicrosys.com Support@prismmicrosys.com www.prismmicrosys.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information