Security Information Event Management - nullhyd

23
SIEM

Transcript of Security Information Event Management - nullhyd

Page 1: Security Information Event Management - nullhyd

SIEM

Page 2: Security Information Event Management - nullhyd

Brief history of SIEM!!! 1996 – Birth of SIEM 2000 – SIEM winner: ArcSight launches Big players in the market

ArcSight-HPQRadar-IBMNitro-McAfeeSecureVue–EiQSplunk, RSA envision and so on….

Page 3: Security Information Event Management - nullhyd

What is a SIEM??

SIEM - Security Information Event Management Logging and Event Aggregation

Network (Routers, Switches, Firewall ,etc.) System (Server ,workstation ,etc.) Application (Web, DB, etc.)

Correlation Engine 2+ related events = higher alarm

Page 4: Security Information Event Management - nullhyd

SIEM Advantages Correlation of data from multiple systems Prioritization based on risk of threat to assets Alerting and monitoring on events of interest to

escalate priority Monitor and log the access and use of sensitive data Limits exposure to breach Allows organizations to demonstrate adherence to

polices and controls

Page 5: Security Information Event Management - nullhyd

Present world !!!

Attackers are more sophisticated in their attacks. Defenders need systems which help provide

visibility and altering across numerous security systems.

SIEM adoption driven by compliance Gartner says “more than 80%”

Put “Security” back into SIEM using real world examples.

Page 6: Security Information Event Management - nullhyd

5 reasons why SIEM is important…ComplianceOperations SupportZero-day & APTForensics

Page 7: Security Information Event Management - nullhyd

FIM

Page 8: Security Information Event Management - nullhyd

What does it do

Directory PolicyFile PolicyRegistry PolicyUSB Policy

Page 9: Security Information Event Management - nullhyd

SIEM – It’s usage

How is SIEM helpful in the following Security concerns??

Countermeasures to detect attempts to infect internal system

Identification of infected systems Mitigation of risk for infected systems Detection of outbound sensitive information ( DLP) 

Page 10: Security Information Event Management - nullhyd

"Sep 01 2015 01:52:37: %ASA-4-402119: IPSEC: Received an ESP packet (SPI= 0x8C623E78, sequence number= 0x193D) from xxx.xxx.xxx.xxx (user= ezvpn2) to xxx.xxx.xxx.xxx that failed anti-replay checking. "

uid=asa1.int.xnxx.edu ip=10.1.9.55extip=10.1.9.55 sev=local6.warnec=402119 et=3 sip= xxx.xxx.xxx.xxxdip=xxx.xxx.xxx.xxx npri=4 dir=1sgrp=Extranet dgrp=Extranet proto=IPSECact=1 family=Others user=ezvpn2 cnt=1msg="Invalid sequence number in the recvd. IPSEC packet." seq=0x193D ecat=Systemecatsubcat=Error ecatresult=Attemp

RAW log Parsed logRAW log

Page 11: Security Information Event Management - nullhyd

Architecture

Page 12: Security Information Event Management - nullhyd
Page 13: Security Information Event Management - nullhyd

Screens

Page 14: Security Information Event Management - nullhyd

Dashboard

Page 15: Security Information Event Management - nullhyd

Creating Alert

Page 16: Security Information Event Management - nullhyd

Triggered Alerts

Page 17: Security Information Event Management - nullhyd

Forensic Search

Page 18: Security Information Event Management - nullhyd

Asset Configuration

Page 19: Security Information Event Management - nullhyd

Alarms

Page 20: Security Information Event Management - nullhyd

Generated Events

Page 21: Security Information Event Management - nullhyd

Ticketing System for Customers

Page 22: Security Information Event Management - nullhyd

Reports

Page 23: Security Information Event Management - nullhyd

Magic Quadrant for Security Information and Event Management · Magic Quadrant for Security Information and Event Management ... solution is Open Source SIEM (OSSIM ... Magic Quadrant

Magic Quadrant for Security Information and Event Management · Magic Quadrant for Security Information and Event Management ... solution is Open Source SIEM (OSSIM ... Magic Quadrant

Security Information and Event Managementfederalnewsradio.com/wp-content/uploads/pdfs/mcafeewp-siem.pdfWhite Paper Security Information and Event Management Unique McAfee data management

Security Information and Event Managementfederalnewsradio.com/wp-content/uploads/pdfs/mcafeewp-siem.pdfWhite Paper Security Information and Event Management Unique McAfee data management

An approach to security information and event management …jvandermerwe/Anomalous... · 2012-11-16 · An approach to security information and event management through collection,

An approach to security information and event management …jvandermerwe/Anomalous... · 2012-11-16 · An approach to security information and event management through collection,

Magic Quadrant for Security Information and Event Management

Magic Quadrant for Security Information and Event Management

Effective Case Modeling Security Information Event Management 33319

Effective Case Modeling Security Information Event Management 33319

IBM Managed Security Information and Event Management · PDF fileManaged Security Information and Event Management ... 5.1.2 Your Project Initiation and Planning ... IBM Managed Security

IBM Managed Security Information and Event Management · PDF fileManaged Security Information and Event Management ... 5.1.2 Your Project Initiation and Planning ... IBM Managed Security

Vendor Landscape: Security Information & Event Management ......Vendor Landscape: Security Information & Event Management Info-Tech Research Group 1 Info-Tech Research Group, Inc.

Vendor Landscape: Security Information & Event Management ......Vendor Landscape: Security Information & Event Management Info-Tech Research Group 1 Info-Tech Research Group, Inc.

Security Information and Event Management · solution for your organization isn’t easy. SIEM has a reputation as a complex and convoluted product, ... Security Information and Event

Security Information and Event Management · solution for your organization isn’t easy. SIEM has a reputation as a complex and convoluted product, ... Security Information and Event

Next Generation Security Information and Event Management … · Next Generation Security Information and Event Management Software Version 1.4 Administrator Guide Guide Version 1.4.101915

Next Generation Security Information and Event Management … · Next Generation Security Information and Event Management Software Version 1.4 Administrator Guide Guide Version 1.4.101915

WHITE PAPER AN EXECUTIVE’S GUIDE TO BUDGETING FOR SECURITY INFORMATION & EVENT ... · 2015-09-16 · an executive’s guide to budgeting for security information & event management

WHITE PAPER AN EXECUTIVE’S GUIDE TO BUDGETING FOR SECURITY INFORMATION & EVENT ... · 2015-09-16 · an executive’s guide to budgeting for security information & event management

2015 Global Security Information and Event Management (SIEM ...

2015 Global Security Information and Event Management (SIEM ...

IT-Monitoring und Security Information and Event ...

IT-Monitoring und Security Information and Event ...

Cisco Security Information Event Management Deployment · PDF fileTechnology Overview 2 Technology Overview Security Information and Event Management SIEM technology is used in many

Cisco Security Information Event Management Deployment · PDF fileTechnology Overview 2 Technology Overview Security Information and Event Management SIEM technology is used in many

Security Information and Event Management (SIEM) Orchestration · Guide 3 SIEM Orchestration Over the last two decades, security information and event management (SIEM) adoption has

Security Information and Event Management (SIEM) Orchestration · Guide 3 SIEM Orchestration Over the last two decades, security information and event management (SIEM) adoption has

Global Security Information and Event Management Market 2017 - 2021

Global Security Information and Event Management Market 2017 - 2021

Next Generation Security Information and Event Management€¦ · rat Comodo Next Generation Security Information and Event Management Software Version 1.4 Quick Start Guide Guide

Next Generation Security Information and Event Management€¦ · rat Comodo Next Generation Security Information and Event Management Software Version 1.4 Quick Start Guide Guide

Perancangan Security Information and Event Management ......Perancangan Security Information and Event Management (SIEM) Menggunakan Open Source SIEM (OSSIM) Artikel Ilmiah Peneliti

Perancangan Security Information and Event Management ......Perancangan Security Information and Event Management (SIEM) Menggunakan Open Source SIEM (OSSIM) Artikel Ilmiah Peneliti

Critical Capabilities for Security Information and Event ... · 10/23/2015 Critical Capabilities for Security Information and ... Security information and event management ... Capabilities

Critical Capabilities for Security Information and Event ... · 10/23/2015 Critical Capabilities for Security Information and ... Security information and event management ... Capabilities

Vendor Landscape: Security Information and Event Management

Vendor Landscape: Security Information and Event Management

Security information and Event management systemsubicomp/... · 2018. 11. 28. · SIEMonster und Event-Korrelation (!) 27.11.2018 GSM WiSe18- Security Information and Event Management

Security information and Event management systemsubicomp/... · 2018. 11. 28. · SIEMonster und Event-Korrelation (!) 27.11.2018 GSM WiSe18- Security Information and Event Management