Top 10 use cases of HP ArcSight Logger

Similar documents
Todays Threat Landscape Cloud / Big data / Mobile Jonathan Martin HP Enterprise Security Products

Business white paper A universal log management solution

Optimizing Security for Situational Awareness

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

Network Security: Firewall, VPN, IDS/IPS, SIEM

SecureVue. SecureVue

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

RSA IT Security Risk Management

Cyber Security Technologies

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

ArcSight Express for the Mid-Market

Not your Father s SIEM

RSA Security Analytics

Compare Security Analytics Solutions

Security Information Managers: State of the Art. Joel M Snyder Senior Partner Opus One

RULES VERSUS MODELS IN YOUR SIEM

Proactive Approach to Cyber Security

SIEM Product Comparison

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Security Information & Event Management (SIEM)

IBM services and technology solutions for supporting GDPR program

Business Context: Key for Successful Risk Management

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

INTEGRATION BRIEF DFLabs and Jira: Streamline Incident Management and Issue Tracking.

Reinvent Your 2013 Security Management Strategy

Security Operations & Analytics Services

IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT

SIEMLESS THREAT MANAGEMENT

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

Unlocking the Power of the Cloud

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

locuz.com SOC Services

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

THE TRIPWIRE NERC SOLUTION SUITE

HPE Security ArcSight User Behavior Analytics

Secret Server HP ArcSight Integration Guide

Designing and Building a Cybersecurity Program

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

SIEMLESS THREAT DETECTION FOR AWS

SIEM Solutions from McAfee

RSA NetWitness Suite Respond in Minutes, Not Months

Snort: The World s Most Widely Deployed IPS Technology

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

Imperva CounterBreach

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

Qualys Cloud Platform

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

TRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED SECURITY CONTROLS

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

CRYPTTECH. Cost-effective log management for security and forensic analysis, ensuring compliance with mandates and storage regulations

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Imperva Incapsula Website Security

Automating the Top 20 CIS Critical Security Controls

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

securing your network perimeter with SIEM

Popular SIEM vs aisiem

Security analytics: From data to action Visual and analytical approaches to detecting modern adversaries

Getting over Ransomware - Plan your Strategy for more Advanced Threats

Introduction to Network Discovery and Identity

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

ForeScout Extended Module for Splunk

Power of the Threat Detection Trinity

AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

Integrated, Intelligence driven Cyber Threat Hunting

Preventing Data Breaches without Constraining Business Beograd 2016

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

Trend Micro and IBM Security QRadar SIEM

CYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta

Dynamic Datacenter Security Solidex, November 2009

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

CloudSOC and Security.cloud for Microsoft Office 365

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

UNIFICATION OF TECHNOLOGIES

The Top 6 WAF Essentials to Achieve Application Security Efficacy

EXABEAM HELPS PROTECT INFORMATION SYSTEMS

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

Novetta Cyber Analytics

The Cognito automated threat detection and response platform

<Partner Name> <Partner Product> RSA Ready Implementation Guide for. Rapid 7 Nexpose Enterprise 6.1

SIEM: Five Requirements that Solve the Bigger Business Issues

NEXT GENERATION SECURITY OPERATIONS CENTER

Aktueller Überblick über das RSA Portfolio

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

Think Like an Attacker

Seceon s Open Threat Management software

Un SOC avanzato per una efficace risposta al cybercrime

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

NIST Framework for Improving Critical Infrastructure Cybersecurity Technical Control Automation

Building an Effective Threat Intelligence Capability. Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO

Transcription:

Top 10 use cases of HP ArcSight Logger Sridhar Karnam @Sri747 Karnam@hp.com #HPSecure

Big data is driving innovation The Big Data will continue to expand Collect Big Data for analytics Store Big Data for compliance Search Big Data for incident response Correlate Big Data for security

Log management challenges Where do I start? Consolidated view Comprehensive collection Ultra-fast forensic investigation Filtering & parsing of various logs IT change management Secure applications Store Big Data Compliance and reporting Mobility

A new approach: Comprehensive log management HP s unique approach to universal log management Collect 100% data collection Enrich Search? Unify Big Data through normalization and categorization Fastest search engine on the planet Store Store years worth of Big Data without additional database Correlate Analytics for 25+ use cases including security and compliance

What we do? HP ArcSight Log management and SIEM solution Collect Store Analyze

Unified data Convert all machine data into common format for search, report, and retention Raw machine data Jun 17 2009 12:16:03: %PIX-6-106015: Deny TCP (no connection) from 10.50.215.102/15605 to 204.110.227.16/443 flags FIN ACK on interface outside Jun 17 2009 14:53:16 drop gw.foobar.com >eth0 product VPN-1 & Firewall-1 src xxx.xxx.146.12 s_port 2523 dst xxx.xxx.10.2 service ms-sql-m proto udp rule 49 Unified data Time (Event Time) name 6/17/2009 12:16:03 6/17/2009 14:53:16 Device Vendor DeviceProduct Category Behavior Category DeviceGroup Category Outcome Deny Cisco PIX /Access /Firewall /Failure Drop Checkpoint Firewall-1/VPN-1 /Access/Start /Firewall /Failure Benefit: Single data for searching, indexing, reporting, and archiving Category Significance /Informational/ Warning /Informational/ Warning

Customer benefits 4 weeks to generate IT GRC report Logger compliance packs generates IT GRC reports in 5 minutes 6 weeks to run an IT audit Audit-quality search results helps you run audits in 8 hours 24 days to respond to a breach Fastest search engine along with full-text searching enable respond in 4 hours

Top 10 use cases: Fastest search engine on the planet for the machine data

#10: Dev-Ops/ Sec-Ops Integrating operations to be part of other IT priorities Heat map/ Sec-Ops Asset mapping Risk indicators Dev-Ops Prioritization Isolation of incidents Aggregation events Continuous monitoring Heat map of risk Vulnerability score Risk scoring Development feedback

#9: Log analytics for support team Provide view access to log analytics Different support groups get access to logs that only they care Secure your logs with view only access to broader teams including contractors and partners

#8: Threat detection and response Early detection of attacks from malware, virus or distributed attacks Upload reputation database and use lookup to find any suspicious activities or threats

Security Analytics Attacks Store year s worth of data (1.6 Peta Bytes) of data through peering 20 instances of Logger Run reports/ dashboards/ alerts on years worth of data Transfer data between Logger & ESM for long term security analytics use cases

Organizations of All Sizes Are At Risk Typical threats Bot, Worm, and Virus Attacks Hacker Detection Bandwidth Hogs and Policy Violations Unauthorized Application Access VPN Sneak Attacks 2010 ArcSight Confidential 13

#7: Web log analysis What websites are frequently visited? What is the click through rate? Which Search Engine is generating the lead for the visitor at my website?

#6: Network analytics Analyze network data through netflow, syslog, etc Firewall/ NGFW log analytics in realtime across the devices and vendors Integrate with IPS/ IDS for better management of threats/ attacks

#5: Application intelligence Monitoring application logs for security, performance, and operations Logs both on-the-wire and run-time for securing both new and legacy apps

#4: Cloud monitoring Logger collects and analyzes logs/ data from every layer or any RESTful APIs User Application Application Application Information O/S Network Physical Information O/S image IaaS PaaS SaaS Consumer responsible Provider responsible

#3: Mobility Monitoring on the go Compliance and security analytics on the mobile device Provide access to analysts/ CISO/ CIO to be on the same page Access dashboards/ reports quickly on ipad/ iphone

#2: Compliance and audit reporting Built-in reports for automated compliance and audit reports Focused on delivering compliance Alerts Dashboards Reports Workflow Retention NIST ISO PCI DSS SOX

#1: Big Data analytics Collect from 350+ log generating sources Collect data up to 5 TB/ day Store 1.6 PB of data Search billions of events in seconds through bloom filters Full-text English searching Collect data from thousands of devices from thousands of vendors 20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback