Decrypting the security mystery with SIEM (Part 1)
-
Upload
manageengine-adsolutions -
Category
Technology
-
view
99 -
download
0
Transcript of Decrypting the security mystery with SIEM (Part 1)
![Page 1: Decrypting the security mystery with SIEM (Part 1)](https://reader033.fdocuments.in/reader033/viewer/2022052915/58e4b0d51a28ab1c1f8b4d25/html5/thumbnails/1.jpg)
EventLog AnalyzerYour complete security arsenal
Nitin Devanand
![Page 2: Decrypting the security mystery with SIEM (Part 1)](https://reader033.fdocuments.in/reader033/viewer/2022052915/58e4b0d51a28ab1c1f8b4d25/html5/thumbnails/2.jpg)
• Need for a SIEM solution
• EventLog Analyzer – quick overview
• Security attacks - use cases
• -Brute force• -Stopping the rise of ransomware• -SQL injection• -Insider threat• -Monitoring privileged user activities• -Securing physical ,virtual and cloud environment• -Compliance
• Q & A
Agenda
![Page 3: Decrypting the security mystery with SIEM (Part 1)](https://reader033.fdocuments.in/reader033/viewer/2022052915/58e4b0d51a28ab1c1f8b4d25/html5/thumbnails/3.jpg)
![Page 4: Decrypting the security mystery with SIEM (Part 1)](https://reader033.fdocuments.in/reader033/viewer/2022052915/58e4b0d51a28ab1c1f8b4d25/html5/thumbnails/4.jpg)
Collect data from log sources Correlate events
Alert IT about security
incidents
Generate IT security and compliance
reports
Archive logs for forensic analysis
![Page 5: Decrypting the security mystery with SIEM (Part 1)](https://reader033.fdocuments.in/reader033/viewer/2022052915/58e4b0d51a28ab1c1f8b4d25/html5/thumbnails/5.jpg)
![Page 6: Decrypting the security mystery with SIEM (Part 1)](https://reader033.fdocuments.in/reader033/viewer/2022052915/58e4b0d51a28ab1c1f8b4d25/html5/thumbnails/6.jpg)
Sealing security loopholes
• To protect from security attacks, it is essential for a company to deploy various security solutions such as vulnerability scanners, endpoint security protection tools, perimeter security devices and so forth.
• This leaves security administrators overwhelmed with the number of security alerts they get each day.
• Problem faced - lack of contextual understanding of security information required to distinguish an actual threat from the false positives.
![Page 7: Decrypting the security mystery with SIEM (Part 1)](https://reader033.fdocuments.in/reader033/viewer/2022052915/58e4b0d51a28ab1c1f8b4d25/html5/thumbnails/7.jpg)
![Page 8: Decrypting the security mystery with SIEM (Part 1)](https://reader033.fdocuments.in/reader033/viewer/2022052915/58e4b0d51a28ab1c1f8b4d25/html5/thumbnails/8.jpg)
Windows
Unix andLinux
Applications
Network devices
Predefined alert criteria
Alerting
![Page 9: Decrypting the security mystery with SIEM (Part 1)](https://reader033.fdocuments.in/reader033/viewer/2022052915/58e4b0d51a28ab1c1f8b4d25/html5/thumbnails/9.jpg)
![Page 10: Decrypting the security mystery with SIEM (Part 1)](https://reader033.fdocuments.in/reader033/viewer/2022052915/58e4b0d51a28ab1c1f8b4d25/html5/thumbnails/10.jpg)
![Page 11: Decrypting the security mystery with SIEM (Part 1)](https://reader033.fdocuments.in/reader033/viewer/2022052915/58e4b0d51a28ab1c1f8b4d25/html5/thumbnails/11.jpg)
![Page 12: Decrypting the security mystery with SIEM (Part 1)](https://reader033.fdocuments.in/reader033/viewer/2022052915/58e4b0d51a28ab1c1f8b4d25/html5/thumbnails/12.jpg)
![Page 13: Decrypting the security mystery with SIEM (Part 1)](https://reader033.fdocuments.in/reader033/viewer/2022052915/58e4b0d51a28ab1c1f8b4d25/html5/thumbnails/13.jpg)
![Page 14: Decrypting the security mystery with SIEM (Part 1)](https://reader033.fdocuments.in/reader033/viewer/2022052915/58e4b0d51a28ab1c1f8b4d25/html5/thumbnails/14.jpg)
![Page 15: Decrypting the security mystery with SIEM (Part 1)](https://reader033.fdocuments.in/reader033/viewer/2022052915/58e4b0d51a28ab1c1f8b4d25/html5/thumbnails/15.jpg)
![Page 16: Decrypting the security mystery with SIEM (Part 1)](https://reader033.fdocuments.in/reader033/viewer/2022052915/58e4b0d51a28ab1c1f8b4d25/html5/thumbnails/16.jpg)
![Page 17: Decrypting the security mystery with SIEM (Part 1)](https://reader033.fdocuments.in/reader033/viewer/2022052915/58e4b0d51a28ab1c1f8b4d25/html5/thumbnails/17.jpg)
![Page 18: Decrypting the security mystery with SIEM (Part 1)](https://reader033.fdocuments.in/reader033/viewer/2022052915/58e4b0d51a28ab1c1f8b4d25/html5/thumbnails/18.jpg)
Detecting insider attacks
![Page 19: Decrypting the security mystery with SIEM (Part 1)](https://reader033.fdocuments.in/reader033/viewer/2022052915/58e4b0d51a28ab1c1f8b4d25/html5/thumbnails/19.jpg)
Dealing insider attacks
More than 40% of attacks are from malicious insiders in any organization. Therefore, every organization must keep the same level of security policies for insiders too.
• Insider threat detection • Forensic analysis of scope of foot print of the former
employee
Source-http://resources.infosecinstitute.com/top-6-seim-use-cases/#gref
![Page 20: Decrypting the security mystery with SIEM (Part 1)](https://reader033.fdocuments.in/reader033/viewer/2022052915/58e4b0d51a28ab1c1f8b4d25/html5/thumbnails/20.jpg)
User session monitoring
Provides a complete user audit trial from log on to log off
Answers who did what, when, and from where
Reconstruct any network incident with the help of the user activity timeline.
![Page 21: Decrypting the security mystery with SIEM (Part 1)](https://reader033.fdocuments.in/reader033/viewer/2022052915/58e4b0d51a28ab1c1f8b4d25/html5/thumbnails/21.jpg)
Securing physical, virtual and cloud environments
• Apart from data security, there are numerous challenges like network forensics, troubleshooting, fault monitoring, and compliance.
• To overcome these challenges, IT security professionals need to monitor and analyze the log data generated by their cloud infrastructure.
![Page 22: Decrypting the security mystery with SIEM (Part 1)](https://reader033.fdocuments.in/reader033/viewer/2022052915/58e4b0d51a28ab1c1f8b4d25/html5/thumbnails/22.jpg)
Results of compliance fail..
Banks suddenly asks its 3.2
million users to change their debit cards
2.6 million card data is on Visa
and MasterCard and 600k is on
RuPay platform
The data theft happened because of
malware introduction on
the PoS supplied by
Hitachi Payment Systems
![Page 23: Decrypting the security mystery with SIEM (Part 1)](https://reader033.fdocuments.in/reader033/viewer/2022052915/58e4b0d51a28ab1c1f8b4d25/html5/thumbnails/23.jpg)
Integrated compliance management• Out of the box compliance reports for PCI DSS,
FISMA, GLBA, HIPPA, ISO 27001, and more
• Compliance reports for both Windows event logs and Linux/Unix syslogs
• Generate compliance reports from a centralized location
• Get compliance reports in multiple formats: HTML, PDF, or CSV
• Schedule compliance reports to run periodically, and get emailed to multiple administrators
![Page 24: Decrypting the security mystery with SIEM (Part 1)](https://reader033.fdocuments.in/reader033/viewer/2022052915/58e4b0d51a28ab1c1f8b4d25/html5/thumbnails/24.jpg)
Questions?
Sources : http://www.hackmageddon.com/
http://www.zdnet.com/article/the-top-security-threats-of-2016/