Top 10 use cases of HP ArcSight Logger Sridhar Karnam @Sri747 Karnam@hp.com #HPSecure
Big data is driving innovation The Big Data will continue to expand Collect Big Data for analytics Store Big Data for compliance Search Big Data for incident response Correlate Big Data for security
Log management challenges Where do I start? Consolidated view Comprehensive collection Ultra-fast forensic investigation Filtering & parsing of various logs IT change management Secure applications Store Big Data Compliance and reporting Mobility
A new approach: Comprehensive log management HP s unique approach to universal log management Collect 100% data collection Enrich Search? Unify Big Data through normalization and categorization Fastest search engine on the planet Store Store years worth of Big Data without additional database Correlate Analytics for 25+ use cases including security and compliance
What we do? HP ArcSight Log management and SIEM solution Collect Store Analyze
Unified data Convert all machine data into common format for search, report, and retention Raw machine data Jun 17 2009 12:16:03: %PIX-6-106015: Deny TCP (no connection) from 10.50.215.102/15605 to 204.110.227.16/443 flags FIN ACK on interface outside Jun 17 2009 14:53:16 drop gw.foobar.com >eth0 product VPN-1 & Firewall-1 src xxx.xxx.146.12 s_port 2523 dst xxx.xxx.10.2 service ms-sql-m proto udp rule 49 Unified data Time (Event Time) name 6/17/2009 12:16:03 6/17/2009 14:53:16 Device Vendor DeviceProduct Category Behavior Category DeviceGroup Category Outcome Deny Cisco PIX /Access /Firewall /Failure Drop Checkpoint Firewall-1/VPN-1 /Access/Start /Firewall /Failure Benefit: Single data for searching, indexing, reporting, and archiving Category Significance /Informational/ Warning /Informational/ Warning
Customer benefits 4 weeks to generate IT GRC report Logger compliance packs generates IT GRC reports in 5 minutes 6 weeks to run an IT audit Audit-quality search results helps you run audits in 8 hours 24 days to respond to a breach Fastest search engine along with full-text searching enable respond in 4 hours
Top 10 use cases: Fastest search engine on the planet for the machine data
#10: Dev-Ops/ Sec-Ops Integrating operations to be part of other IT priorities Heat map/ Sec-Ops Asset mapping Risk indicators Dev-Ops Prioritization Isolation of incidents Aggregation events Continuous monitoring Heat map of risk Vulnerability score Risk scoring Development feedback
#9: Log analytics for support team Provide view access to log analytics Different support groups get access to logs that only they care Secure your logs with view only access to broader teams including contractors and partners
#8: Threat detection and response Early detection of attacks from malware, virus or distributed attacks Upload reputation database and use lookup to find any suspicious activities or threats
Security Analytics Attacks Store year s worth of data (1.6 Peta Bytes) of data through peering 20 instances of Logger Run reports/ dashboards/ alerts on years worth of data Transfer data between Logger & ESM for long term security analytics use cases
Organizations of All Sizes Are At Risk Typical threats Bot, Worm, and Virus Attacks Hacker Detection Bandwidth Hogs and Policy Violations Unauthorized Application Access VPN Sneak Attacks 2010 ArcSight Confidential 13
#7: Web log analysis What websites are frequently visited? What is the click through rate? Which Search Engine is generating the lead for the visitor at my website?
#6: Network analytics Analyze network data through netflow, syslog, etc Firewall/ NGFW log analytics in realtime across the devices and vendors Integrate with IPS/ IDS for better management of threats/ attacks
#5: Application intelligence Monitoring application logs for security, performance, and operations Logs both on-the-wire and run-time for securing both new and legacy apps
#4: Cloud monitoring Logger collects and analyzes logs/ data from every layer or any RESTful APIs User Application Application Application Information O/S Network Physical Information O/S image IaaS PaaS SaaS Consumer responsible Provider responsible
#3: Mobility Monitoring on the go Compliance and security analytics on the mobile device Provide access to analysts/ CISO/ CIO to be on the same page Access dashboards/ reports quickly on ipad/ iphone
#2: Compliance and audit reporting Built-in reports for automated compliance and audit reports Focused on delivering compliance Alerts Dashboards Reports Workflow Retention NIST ISO PCI DSS SOX
#1: Big Data analytics Collect from 350+ log generating sources Collect data up to 5 TB/ day Store 1.6 PB of data Search billions of events in seconds through bloom filters Full-text English searching Collect data from thousands of devices from thousands of vendors 20