How to Solve Your Top IT Security Reporting Challenges with AlienVault
Embed Size (px)
Transcript of How to Solve Your Top IT Security Reporting Challenges with AlienVault
- 1. Jeff Olen, Senior Product Manager, AlienVault Kate MacLean, Senior Product Marketing Manager, Cisco Sacha Dawes, Principal Product Marketing Manager Felipe Legorreta, Sales Engineer How to Solve your Top IT Security Reporting Challenges with AlienVault
- 2. Managing your Cybersecurity Risk The Necessity, Benefits, and Challenges of IT Security Reporting Simplify IT Security Reporting with AlienVault USM Anywhere USM Anywhere Live Demo Ask Us Questions! Agenda
- 3. 3 Managing Your Cybersecurity Risk Identify Protect Detect Respond Learn & Adapt Report Identify what and who is in your environment, and what vulnerabilities exist Protect the confidentiality, integrity, and availability of your information and systems Detect threats and anomalies Respond to incidents Learn about intrusions and adapt your protections Report that your security controls are in place, are working, and watch for anomalies
- 4. Regular/Continuous review of security controls Identify trends and anomalies Executive / Management reporting Demonstrate security posture and effectiveness Audit Success Demonstrate controls are in place and operational IT Security Reporting is Necessary Assess RemediateRespond
- 5. Many regulations seek monitoring and report out against common control objectives, including: Asset inventories Detected vulnerabilities Detected malware & threats Failed logon attempts Security Frameworks are increasingly being used as a basis for security and compliance programs Ex: NIST CSF has multiple mappings to other security frameworks such as CIS Controls, NIST 800-53, COBIT, ISO 27001, and more Implementation and report out of controls supports continuous compliance practices Security Reporting Supports Compliance & Security Best Practices
- 6. Source: LinkedIn Information Security Threat Monitoring, Detection & Response (2017)
- 7. Requires analysis of events from multiple sources and solutions Different vendor solutions typically have custom log formats Built-in vendor reports typically only provide insight into that solution Even where APIs are available to gather logs, typically requires programming expertise IT Security Reporting is Hard How many staff and different tools are required to successfully create your IT security reports?
- 8. Aggregating logs into a centralized location is a necessary first step Enables log collection and normalization from multiple sources Precursor for activities including event correlation Facilitates and simplifies reporting for all your environments, not just by solution IT Security Reporting Success Requires Log Management
- 9. A Unified Approach to Threat Detection, Incident Response & Compliance Management Simplify IT Security Reporting with AlienVault USM Anywhere Unified Security Management (USM) Platform AlienVault combines five essential security monitoring capabilities for your cloud and on-premises environments, and cloud applications, in a unified platform for todays resource-constrained organizations. Supports Continuous Security Monitoring USM Anywhere constantly monitors your environment with capabilities that support continuous security monitoring of your environments. Combined with continuously updated threat intelligence, USM Anywhere provides optimal threat detection, incident response, and compliance management. Simplifies and Reduces the Cost of Compliance Security automation and orchestration enables different point solutions to work together, helping your teams manage incidents more efficiently. Built-in and customizable views and reports simplify review and compliance reporting.
- 10. 10 Combines Five Security Essentials Vulnerability Assessment Know where the vulnerabilities are to avoid easy exploitation and compromise Incident Response Enable discovered threats to be quickly contained and/or mitigated Threat Detection Know when anomalies and suspicious activities happen in your environment SIEM, Log Management & Reporting Aggregate, retain and enable analysis of security event data from across your network into a HIPAA, PCI DSS & SOC 2 certified solution Asset Discovery Know who and what is connected to your cloud and on-premises environments at all times Unified Security Management from a single cloud-based pane of glass
- 11. 11 Complete Cloud and On-Premises Monitoring Cloud Sensors On-Premises Sensors Monitor cloud environments and applications Monitor on-premises virtual and physical environments
- 12. Continuously Updated Threat Intelligence Threat Intelligence Powered by AlienVault Labs Security Research AlienVault researches emerging threatsso you dont have to Continuous Threat Intelligence updates built into your USM Anywhere include: Correlation directives IDS signatures Vulnerability audits Asset discovery signatures IP reputation data Data source plugins & AlienApps Incident response guidance Supplemented by the AlienVault Open Threat Exchange (OTX) FREE access to over 14 million threat indicators contributed daily Collaborate with 65,000+ global participants to investigate emerging threats in the wild Subscribe to threat research updates from other OTX contributors Leverage the latest OTX threat intelligence directly in your AlienVault USM environment
- 13. Cloud InfrastructureProductivity Apps IT VirtualizationIT OperationsIT Security A Growing Galaxy of AlienApps Respond Automate and orchestrate your threat responses for efficiency Monitor AlienApps collect and enrich data from your environment Detect USM Anywhere uses that data to detect threats and alerts you Security Automation & Orchestration Simplifies and Reduces the Cost of Compliance
- 14. Built-In Reports for PCI & HIPAA Malware, Vulnerabilities, Failed Logons, and more Reports Covering Key NIST Cybersecurity Framework (NIST CSF) Functions Asset Management, Risk Management, Access Control, Audit/Log Records Review, Anomalies & Events, Security Continuous Monitoring, Detection Processes, and Analysis Reports to Review Common Events Events by Types of Data Source Events by Data Source Customizable Views with Hundreds of Available Fields Fast, Repeatable Reporting for Compliance & Security Best Practice Built-In & Customizable Reports
- 15. 17 How USM Anywhere Works Hyper-V VMware AlienVault Threat Intelligence URLs Malware Samples File Hashes Domains IP Addresses PUBLIC CLOUD ON-PREMISES CLOUD APPS
- 16. ITS DEMO TIME!
- 17. 19 Centrally Monitor All Your Environments Orchestrate & Automate Your Incident Response Leverage Integrated Threat Intelligence Save Time & Money with Unified Essentials Deploy Fast in the Cloud or in Your Data Center Five Reasons Youll Love the AlienVault Approach
- 18. Questions? Test Drive USM Anywhere in our Interactive, Online Demo: Get instant access, no download, no install https://www.alienvault.com/products/usm-anywhere/demo Try it for Free in your Environment : Start detecting threats in less than an hour https://www.alienvault.com/products/usm-anywhere/free-trial Review Pricing and Get a Quote: Multiple tiers available, low annual subscription pricing https://www.alienvault.com/products/usm-anywhere/pricing