NOTHING IS WHAT IT SIEMs: COVER PAGE Simpler Way to Effective Threat Management TEMPLATE Dan Pitman Principal Security Architect
Cybersecurity is harder than it should be 2
SIEM can be harder than it should be If you think this is expensive, look twice, because it really is so. Product is starting to show its age. Not keeping up with current requirements. So many options, that it can be bewildering. Great out of the box for meeting compliance requirements, but does not scale well. Implementation tedious, support often overlooks known bugs, interface clunky, non-intuitive. Needs technical training to take advantage of its capabilities and reporting. 3
Common Pitfalls Failure to Perform Detailed Planning Before Buying 1 Overcoming Common Causes for SIEM Solution Deployment Failures, G00328573, 30 May 2017 4
Common Pitfalls Failure to Define Scope 1 Overcoming Common Causes for SIEM Solution Deployment Failures, G00328573, 30 May 2017 5
Common Pitfalls Overly Simplistic Scoping 1 Overcoming Common Causes for SIEM Solution Deployment Failures, G00328573, 30 May 2017 6
Common Pitfalls Monitoring Noise 1 Overcoming Common Causes for SIEM Solution Deployment Failures, G00328573, 30 May 2017 7
Common Pitfalls Lack of Sufficient Context 1 Overcoming Common Causes for SIEM Solution Deployment Failures, G00328573, 30 May 2017 8
Common Pitfalls Insufficient Resources 1 Overcoming Common Causes for SIEM Solution Deployment Failures, G00328573, 30 May 2017 9
Industry and size no predictor of risk Web applications still top target Attack automation and spray and pray 10
Attack Surface Penetration IDENTIFY & RECON Manage exposures Ensure coding best practices INITIAL ATTACK Coding best practices Application monitoring Network monitoring COMMAND & CONTROL DISCOVER & SPREAD EXTRACT & EXFILTRATE Vulnerability management Least privilege access Vulnerability management User lifecycle management Application response monitoring Network monitoring Role-based Access Network monitoring Network monitoring Log correlation Least privilege access Role-based access Log correlation File integrity monitoring 11
Introducing a Better Way 12
A Solution That SIEMlessly Works Across Environments ASSESS VULNERABILITY SCANNING Software CVEs Network Config Remediation workloads AUDITING AWS Configuration exposures Auto-discovery, topology DEFEND ACTIVE DEFENSE In-Line Web Application Firewall (WAF) DETECT DATA INSPECTION Web (HTTP) requests & responses System logs (Agent) Network packets (IDS) Connected Devices ActiveWatch ANALYTICS Signatures & rules Anomaly detection Machine learning COMPLY LIVE EXPERTS 24/7 monitoring Validation & enrichment Remediation advise Incident Reports Priority Alerts 15 minute SLA App Owners Dev/Ops Cloud PCI-DSS, GDPR, HIPAA, SOX, SOC2, ISO, NIST, and COBIT Attestation reporting Log review & archiving Alerts Security
A Better Way for Your Peace of Mind: SIEMLess Threat Management We SIEMlessly Connect Platform Intelligence Experts Providing you The Right Coverage for the Right Resources Asset discovery Vulnerability scanning Cloud configuration checks Compliance Threat Risk Index Remediation guidance Prioritization and next steps Comprehensive vulnerability library 24/7 email and phone support PCI Scanning and ASV support Service health monitoring Threat monitoring and visibility Intrusion detection Security analytics Log collection and monitoring Extensive log search capabilities to support investigations Event insights and analysis Threat frequency, severity, and status intelligence Attack prevention capabilities ActiveWatch Professional 24/7 SOC with incident management, escalation, and response support Always-on WAF defense against web attacks (e.g. OWASP Top 10, emerging threats, zero-day vulnerabilities) Protection from SQL Injection, DoS attacks, URL tampering, cross-site scripting attacks and more Verified testing against more than 2.1 million web application attacks Advanced detection capabilities to spot and block malicious activity ActiveWatch Enterprise Security Posture Review Incident response assistance Threat hunting Help with tuning strategies, customized policies, and best practices SIEMless by Design Lower Total Cost Always Advancing ON-PREMISES PUBLIC CLOUD PRIVATE CLOUD Across Any Environment 14
SIEMless Threat Management in Action: Headline Risk Avoidance 1. THREAT INTEL In 2013 research of Apache Struts vulnerability, development of signature 2. SECURITY PLATFORM Addition of signature (blocking) starting 2013 3. EXPERT DEFENDERS Able to alert and raise incidents for customers 4. THREAT INTEL Research of new variants, new defenses developed 5. SECURITY PLATFORM Hardened defenses deployed in March 2017 6. EXPERT DEFENDERS March 6 Alert Logic proactively notifies customers ALERT LOGIC CUSTOMERS ALREADY PROTECTED! In May 2017 a major credit rating agency discovers breach. In September 2017 the major credit rating agency publicly discloses breach 2013 Apache Struts vulnerability 2013 Apache Struts vulnerability Breach discovered Breach disclosure Total cost is $439M Alert Logic attack blocking in place Alert Logic hardens defenses proactively notifies customers Alert Logic customers protected 15