UNIFICATION OF TECHNOLOGIES

Transcription

1

2

3 UNIFICATION OF TECHNOLOGIES SIEM Management Incident Management Risk Intelligence Storage Detection Prevention Awareness Security Technology IDS/IPS WIDS Vulnerability Assessment Identity Unified SIEM Inventory HIDS File Integrity Threat Assessment Resources

4 HOW IT WORKS: 3 INTERACTIVE COMPONENTS Monitoring & Management Intelligent Correlation Security Dashboard 1.SIEM 2. Logger Security Information Transaction Data 3. Sensor

5 WHY UNIFIED SIEM? Intelligence Compliance Time Cost

6 1. INTELLIGENCE: Security intelligence comes from context information processing 1. Attacks & Logs 7. Ext. Reputation 2. Vulnerabilities & Threats 6. Applications & Data CONTEXT 3. Inventory 5. Network & Resources 4. Users PROCESSING

7 1. INTELLIGENCE: SIEM products have achieved great intelligence, but they are rarely fed with the information to use it Prioritization False Positive Cleaning Attack 30% 50% 100% Vulnerability / Threat Inventory 20% Effective Impact Analysis

8 2. COMPLIANCE: All security technologies required by Compliance Regulations PCI 12.9 respond immediately to breach SOX, ISO, PCI SIEM SOX 304 & PCI 10.5 Secure audit trails PCI 11.2 quarterly vulnerability scans Incident Management Risk Intelligence Storage FISMA, HIPAA, ISO 12.6: periodic security testing PCI 11.4 requires NIDS/ IPS deployment Detection Prevention Awareness PCI 1.1.5, PCI WG, ISO require asset inventoty PCI 11.1: WIDS and Rogue AP detection IDS/IPS WIDS Vulnerability Assessment Identity Inventory HIDS File Integrity Threat Assessment Resources PCI 11.4 requires HIDS PCI 11.5 File integrity PCI 6.2 identify new threats ISO requires monitoring system resources

9 2. TIME: Effective Security Posture and Analysis delivered in 300 seconds Attacks Inventory Threats second 1 second 100 second 300

10 3. COST: Experience dramatic reduction 1. Unified Licenses & Hardware 2. Integration Services Up to 90% Cost Reduction 3. Maintenance & Support

11 COMPETITIVE POSITIONING Why CloudAccess Matters (Differentiation) Unified SIEM vs. Pure SIEM The sensor advantage Low Barrier to entry Hybrid Architecture

12 WHY CLOUD ACCESS MATTERS 24/7 monitoring on request Multi-tenant OPEX or CAPEX Supported Unique Pattern Recognition Engine (REACT) Integrated suite of products including SIEM/Log, IAM and REACT Lower Cost Go-To-Market strategy immediate Leading and Unique Technologies EASY TO USE!!!

13 CLOUD ACCESS VERSUS PURE SIEM SIEM Management Incident Management Risk Intelligence Storage Detection Prevention Awareness Security Context IDS/IPS WIDS Vulnerability Assessment Identity Inventory HIDS File Integrity Threat Assessment Resources

14 THE SENSOR ADVANTAGE Fast: Customer Security Posture from the first second Stealthy: Will not break the customer s network Complete: Provide all security services in a single box Out-of-the-box full Security Visibility

15 LOW BARRIER TO ENTRY: With elastic scaling in performance and complexity SaaS Web Services Elastic Performance Scaling Multi-tier hybrid architecture Cloud Customer Premises

16 HYBRID ARCHITECTURE: Function Deploy Lev Cloud 1 Analysis Cloud 2 Storage Cloud CP 3 Vulnerability Mgmt A. External B. Internal Cloud CP 4 Detection & Awareness CP Customer Premises

17 CLOUD ACCESS FLEXIBLE ARCHITECTURE: Customer1 has no on-site gear, sends logs to CloudAccess Collection Customer2 is using Managed IDS service, CloudAccess Sensor on Customer Premise Detection & Awareness Customer3 is using Local Vulnerability Scanning, CloudAccess Sensor on Customer Premise Tiered 2 nd Level Local Vulnerability Scan Customer4 has complete CloudAccess solution on premise, Managed by CloudAccess

18 INTRODUCING CloudAccess Unified SIEM Version 4

19 UNIFIED SITUATIONAL AWARENESS: AUTO DISCOVERY Function Technology Identity Monitoring Active Directory LDAP Authentication logs Network Auto-Discovery Topology Map Inventory Profiling Recurrent snmp scans Passive fingerprinting Active fingerprinting Host agent WMI Time-Service-Usage profiling Resource Monitoring Network Monitoring Network Availability Host Resources Anomaly detection Flows Snmp Snmp Any resource

20 OUT-OF THE-BOX PCI WIRELESS COMPLIANCE PCI Requirement Solution 11.1 Deploy a WIDS/WIPS CloudAccess Sensor includes a WIDS/WIPS WG WG Maintain an up-to-date wireless hardware inventory Detect Rogue AP and unauthorized wireless connections Automatically done by Situational Awareness Correlate information between WIDS and Inventory Ensure strong cryptography.. WEP is prohibited Monitored by WIDS default

21 OTHER FEATURES & ENHANCEMENTS Enhancements in all areas of function: Policy Management Visualization Compliance Reporting Detection/analytics Integration Incident Response Host Security Vulnerability Assessment Asset Management Network Monitoring User Management Network Discovery Dashboards Usability Performance

22 UNIFED MANAGEMENT 1 unique Login 1 unique Asset Structure 1 unique User Structure

23 SEIM: A SINGLE PANE OF GLASS

24 LOG MANAGEMENT

25 UNIFIED VULNERABILITY SCANNER

26 NETWORK IDS

27 HOST IDS

28 UNIFIED SITUATIONAL AWARENESS

29 UNIFIED REPORTING

30 SUMMARY CloudAccess Unified SIEM 4.0 changes the game for SIEM customers. CloudAccess Unified SIEM 4.0 is a unique offering in the market Compliance, Time and Cost advantages makes CloudAccess Unified SIEM 4.0 the most competitive solution CloudAccess enables broad enterprise adoption

31 Thank You