Security Information & Event Management (SIEM)

Similar documents
Cyber Security Detection Technology for your Security Operations Centre. IT Security made in Europe

Industry 4.0 = Security 4.0?

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

General Data Protection Regulation. May 25, 2018 DON T PANIC! PLAN!

RadarServices for Red Bull

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

locuz.com SOC Services

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

RSA NetWitness Suite Respond in Minutes, Not Months

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

RFP/RFI Questions for Managed Security Services. Sample MSSP RFP Template

Integrated, Intelligence driven Cyber Threat Hunting

Without us, your world could suddenly find itself turned upside down.

PT Unified Application Security Enforcement. ptsecurity.com

CyberArk Privileged Threat Analytics

NEXT GENERATION SECURITY OPERATIONS CENTER

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

SIEMLESS THREAT DETECTION FOR AWS

RSA INCIDENT RESPONSE SERVICES

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

TRUE SECURITY-AS-A-SERVICE

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

Network Security: Firewall, VPN, IDS/IPS, SIEM

Reinvent Your 2013 Security Management Strategy

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

SIEM: Five Requirements that Solve the Bigger Business Issues

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

IT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA

to Enhance Your Cyber Security Needs

Imperva CounterBreach

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

RSA INCIDENT RESPONSE SERVICES

Compare Security Analytics Solutions

CloudSOC and Security.cloud for Microsoft Office 365

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

Transforming Security from Defense in Depth to Comprehensive Security Assurance

How AlienVault ICS SIEM Supports Compliance with CFATS

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Unlocking the Power of the Cloud

Orchestrating and Automating Trend Micro TippingPoint and IBM QRadar

Security by Default: Enabling Transformation Through Cyber Resilience

MITIGATE CYBER ATTACK RISK

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

Snort: The World s Most Widely Deployed IPS Technology

Cyber Security Technologies

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Combating APTs with the Custom Defense Solution. Hans Liljedahl Peter Szendröi

Automated, Real-Time Risk Analysis & Remediation

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

White Paper. How to Write an MSSP RFP

Security. Made Smarter.

Symantec Security Monitoring Services

Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions

THE EVOLUTION OF SIEM

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

AKAMAI CLOUD SECURITY SOLUTIONS

Smart cyber security for smart cities

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

External Supplier Control Obligations. Cyber Security

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

SIEMLESS THREAT MANAGEMENT

securing your network perimeter with SIEM

Un SOC avanzato per una efficace risposta al cybercrime

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

CYBER RESILIENCE & INCIDENT RESPONSE

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

IBM services and technology solutions for supporting GDPR program

Dynamic Datacenter Security Solidex, November 2009

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

align security instill confidence

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

Help Your Security Team Sleep at Night

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

Securing Your Digital Transformation

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

HOSTED SECURITY SERVICES

CYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

TRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED SECURITY CONTROLS

Top 10 use cases of HP ArcSight Logger

Popular SIEM vs aisiem

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

with Advanced Protection

Think Like an Attacker

Transcription:

Security Information & Event Management (SIEM) Datasheet

SIEM in a nutshell The variety of cyber-attacks is extraordinarily large. Phishing, DDoS attacks in combination with ransomware demanding bitcoins or other cryptocurrencies to release the hacked system, exploitation of the maintenance access in almost real time, protracted profiling of employees electronical behavior, and spying on vulnerabilities in the IT are just few examples of jeopardizing maneuvers for companies. Such a variety requires efficient and advanced tools to detect attacks in a valuable manner, and that is what Security Information & Event Management (SIEM) is made for. SIEM is one of the pillars in the field of IT risk detection: it represents the aggregation layer for different types of information, resulting from the IT of a customer and from the Radar risk detection modules. SIEM focuses on the collection and the analysis of logs from various sources within a network (e.g. server, clients, network devices, firewalls, applications) from the cloud environment with a clear aim, that is, to distinguish security-relevant events from other log data and to inform promptly in case of security flaws or potential risks. 2

Highlights of the RadarServices SIEM RadarServices SIEM monitors logs across the IT infrastructure in the customer s environment. In detail, 1. Data collection A highly scalable database captures real-time log events and network flow data. Using the most up-to-date technologies RadarServices SIEM manages various common log formats as well as custom logs. The sources of such logs are: Security events: Events from firewalls, virtual private networks, intrusion detection systems, intrusion prevention systems etc. Network events: Events from switches, routers, servers, hosts etc. Network activity context: Layer 7 application context from network and application traffic. User or asset context: Contextual data from identity and access management products, vulnerability scanners etc. Application logs: Enterprise resource planning (ERP), workflow, application databases, management platforms etc. Operating system information: Vendor name and version number specifics for each network asset. 3

2. Processing Log data from thousands of devices distributed across a network are aggregated and stored in their raw form. Then, they are categorized and normalized, so that the information of differently encoded log formats can be processed in the same way and further enriched. In this way, events that require further investigation or a prompt response are quickly identified. 3. Enrichment Contextual information makes more effective the limited details of an event or a log. Therefore, information about user, asset and network is added to ease the comprehension of the consequences of an event. In this way, an improved situational and content awareness supports the decision-making process and accelerate the remediation measures. 4. Storage A twofold strategy governs the data storage. At first (about 24 hours), the logs are stored on very fast PCI SSDs (the fastest SSD available at the moment) for the data processing, which guarantees high-performances. After that they are transferred to SATA HHDs (which perform slower) and they are still accessible for analyses. The usual storage time for log data is 3 months, but can be extended upon request. 5. Analysis The RadarServices Advanced Correlation Engine uses the normalized and enriched logs as input for the real-time analysis. This component comprises predefined and customized rules, policies and machine learning algorithms, so that the analyst can perform an in-depth analysis to detect false positives, anomalies and real alerts. Realtime Layer 4 network flow data and Layer 7 application payloads are captured by using deep packet inspection technology. An interactive and user-friendly interface permits to visualize and investigate the events. In particular, the analyst can classify and rank alerts of anomalous patterns to highlight the actual attacks. 4

6. Collection Machine Learning (ML) is crucial for processing drastically increasing amounts of input-data with a pre-defined set of Use Case Rules. Depending on the use case, the resulting events can be automatically delivered as incidents or presented to the SIEM-operator for further analysis. The Advanced Correlation Engine contains different ML algorithms such as Limit Learner (outlier-detection), Markov Learner, Zero- Variance Learner. 7. Aggregation and Correlation The RadarServices Advanced Correlation Engine is able to analyze large volumes of event data. It comprises four correlation types, including rule-based, risk-based, standard deviation, and historical analysis. In this way, the Correlation Engine provides a real-time view of a broad spectrum of threats which may affect high-value assets. Moreover, preloaded correlation rules and dashboards allow to easily customize the existing rules according to the customer needs. 8. Alerting & Delivery to the Risk & Security Cockpit and customized result presentation The RadarServices Risk & Security Cockpit (RSC) is the reference point for risk and security information. It provides reports and statistics with various levels of details. Possible risks, security flaws and customizable events raise an alert which is immediately shown in the Cockpit and upon request it is forwarded to the customer via email or mobile phone. Moreover, the workflow framework included in the RSC allows an easy case management and the integration of customer processes and systems. Thus, any user can intuitively investigate the suspected incidents and make promptly the most suitable decision. 5

Security devices Network and virtual activity Application activity Vulnerabilities and threats Servers and mainframes Data activity Configuration information Users and identities Enrichment Activity baselining and anomaly detection Logs/events Flows IP reputation Geographic location User activity Database activity Application activity Network activity Correlation Offense identification Credibility Severity Relevance False positives and false negatives True offense Extensive data sources + Deep intelligence = Exceptionally accurate and actionable insight Conclusion Out of millions of events RadarServices effectively and efficiently identifies those, which indicate abuse of IT and applications, attacks, internal fraud or other security threats. 6

What we offer RadarServices offers the SIEM risk detection module as a stand-alone solution, in combination with other modules and together with the Radar Risk & Security Intelligence Team (RSI Team) in the form of a managed service. Using its extensive experience, the RSI Team aggregates, inspects and analyzes the data collected by automated monitoring and detection modules to properly face risk and security information with a particular focus on critical businesses and urgent responses. This approach allows to exclude false positives and false negatives and ultimately reduces the number of events reported to the customer. The RSI Team reviews and correlates thousands of incidents daily; then, the findings are used to continuously enhance policies and rules of the automated correlation and risk detection. The Technical Writing Team enriches the findings description with clear and detailed instructions for mitigation and possible solution of the issue. Thus, RadarServices directly supports the IT risk management process in the customer s organization and contributes to continuous and always up-to-date risk evaluation. As a matter of fact, given the deep expertise of each team component in security audit, penetration testing, white-hat hacking and social engineering, the RSI Team plays the dual role of guide for the IT operations and advisor for strategic decisions. Customers that turn to RadarServices during or after an attack on their IT, find the right expertise for firefighting and forensics on demand. Therefore, the RSI Team has also the competences to entirely support you as an external CERT team. 7

What we are proud to offer you Recognized, classified and prioritized security flaws: Security flaws, possible risks and any information that needs an urgent response raise an alert which is immediately shown in the Cockpit and upon request immediately forwarded to you via email or mobile phone. A complete incident workflow: The overall risk remediation workflow and the messaging / feedback system for the communication with the RIS Team allows an easy and effective coordination between you and us. The possibility to automatically assign users to user groups (teams) as well as to dispatch incidents: Asset management functionalities provide an overview about what is really running in the network, from perimeter and corporate network to virtualized machines and cloud services. Assets are tagged according to a wide range of attributes such as network address, open ports, OS, installed software, found vulnerabilities to allow automatic selection of hosts for scanning or reporting. In fact, the Cockpit uncovers unexpected access points, web servers and other devices that may leave a network open to attack. Moreover, it gathers and identifies operating systems of each device, open network ports, active services on those ports, and installed certificates. The customer s employee(s) responsible for remediation as well as the current status of the remediation process: The business process risk view presents the current threats of the IT security flaws to business processes. For example, a server with several vulnerabilities is not only a threat to the IT infrastructure, but also to the IT services provided by the server. Employees might be unable to send and receive emails, web portals might be inaccessible or the ERP system interrupted. Thus, communication by email becomes impossible, incoming orders via the web portal are not received or new stock levels cannot be entered in the ERP system. In this way, the presentation of IT risks and their influences on IT services and business processes in turn demonstrates clearly and understandably the effects and the overall context at a glance. 8

Benefits for You Accurate and fast identification of real threats from various gateways to enable a prompt incident respond. Optimal environment for the fulfillment of several compliance requirements in an efficient and scalable way. Customized rules, use cases, dashboards and reports fitting your organization s needs. Unified and centralized security event management and extraction of relevant security related patterns. Clear view of heterogeneous IT environments, data and security. Best-in-class correlation capabilities, analysis and reporting. Fast, powerful, scalable and highly flexible SIEM solution. Risk & Security Cockpit as the central and unified information platform. Optimization of existing security investments. Support for multitenancy deployments. SIEM is the key for risk analysis and correlation and can be a decisive step in your holistic IT security. Find out more about other IT risk detection modules to complete your IT security monitoring: https://www.radarservices.com/radarplatform/risk-detection-modules/ 9

The European Experts in IT Security Monitoring and IT Risk Detection RadarServices is Europe s leading technology company in the field of Detection & Response. In focus: The early detection of IT and OT security risks for corporations and public authorities offered as a Solution or a Managed Service. The cutting-edge, inhouse-developed technology platform is the basis used for building up a client s Security Operations Centre (SOC) or it is used in combination with our expert analysts, documented processes and best practices as SOC as a Service. The result: Highly effective and efficient improvement of IT and OT security and IT and OT risk management, continuous IT and OT security monitoring and an overview of security-related information throughout the entire IT and OT landscape of an organization. RadarServices Zieglergasse 6 1070 Vienna Austria Phone: +43 (1) 929 12 71-0 Fax: +43 (1) 929 12 71-710 Email: sales@radarservices.com Web: www.radarservices.com 2018 RadarServices Smart IT-Security GmbH. FN371019s, Commercial Court Vienna, Austria. All rights and changes reserved. RadarServices is a registered trademark of RadarServices Smart IT-Security GmbH. All other product or company names are trademarks or registered trademarks of the respective owners. PUBLIC 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback