Security Information Event Management { IT Search } Pongsawat Payungwong CISSP,MCSE,ACSA Business Development Manager Sysware(Thailand) Co., Ltd.

Similar documents
Secret Server HP ArcSight Integration Guide

SecureVue. SecureVue

CRYPTTECH. Cost-effective log management for security and forensic analysis, ensuring compliance with mandates and storage regulations

locuz.com SOC Services

Unlocking the Power of the Cloud

Defense in Depth Security in the Enterprise

Security Information & Event Management

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

ITSM SERVICES. Delivering Technology Solutions With Passion

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

TRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED SECURITY CONTROLS

Ekran System v Program Overview

Ekran System v Program Overview

SoftLayer Security and Compliance:

Security Metrics and Their Importance

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

securing your network perimeter with SIEM

Mapping BeyondTrust Solutions to

Security Readiness Assessment

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

Netwrix Auditor for SQL Server

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Title DC Automation: It s a MARVEL!

Compare Security Analytics Solutions

Cyber Security Audit & Roadmap Business Process and

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

Critical Infrastructure Protection for the Energy Industries. Building Identity Into the Network

Reinvent Your 2013 Security Management Strategy

ALERT LOGIC LOG MANAGER & LOG REVIEW

IBM services and technology solutions for supporting GDPR program

2013 InterWorks, Page 1

One Hospital s Cybersecurity Journey

Tenable for Palo Alto Networks

UNIFICATION OF TECHNOLOGIES

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

Riverbed. Rapidly troubleshoot critical application and network issues using real-time infrastructure visualization and monitoring.

CimTrak Product Brief. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

ArcSight Activate Framework

Network Security: Firewall, VPN, IDS/IPS, SIEM

SIEMLESS THREAT MANAGEMENT

Click to edit Master title style. DIY vs. Managed SIEM

IT Services IT LOGGING POLICY

the SWIFT Customer Security

Automating the Top 20 CIS Critical Security Controls

Consolidation Committee Final Report

ICS Security Monitoring

Creating Near Real-Time and End-to-End Cyber Situational Awareness of University Networks

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

Top 10 use cases of HP ArcSight Logger

IBM Security SiteProtector System User Guide for Security Analysts

NETWRIX GROUP POLICY CHANGE REPORTER

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Intelligent Edge Protection

About NitroSecurity. Application Data Monitor. Log Mgmt Database Monitor SIEM IDS / IPS. NitroEDB

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

Huawei Agile Controller. Agile Controller 1

SIEM Product Comparison

IT infrastructure layers requiring Privileged Identity Management

EXABEAM HELPS PROTECT INFORMATION SYSTEMS

Dynamic Datacenter Security Solidex, November 2009

Security Operations & Analytics Services

Security & Compliance in the AWS Cloud. Amazon Web Services

CLEARPASS EXCHANGE. Open third party integration for endpoint controls, policy and threat prevention SOLUTION OVERVIEW MAKE BETTER-INFORMED DECISIONS

Compliance with CloudCheckr

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

ForeScout Extended Module for ArcSight

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Trust in the Cloud. Mike Foley RSA Virtualization Evangelist 2009/2010/ VMware Inc. All rights reserved

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

ForeScout App for IBM QRadar

NEXT GENERATION SECURITY OPERATIONS CENTER

McAfee Skyhigh Security Cloud for Amazon Web Services

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Industrial Defender ASM. for Automation Systems Management

Business Context: Key for Successful Risk Management

ManageEngine EventLog Analyzer Quick Start Guide

Protecting productivity with Industrial Security Services

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

Integrigy Consulting Overview

Automating for Agility in the Data Center. Purnima Padmanabhan Jeff Evans BMC Software

CyberArk Privileged Threat Analytics

ForeScout Extended Module for Splunk

Managing Microsoft 365 Identity and Access

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

From Managed Security Services to the next evolution of CyberSoc Services

Will your application be secure enough when Robots produce code for you?

Security Automation. Challenge: Automatizzare le azioni di isolamento e contenimento delle minacce rilevate tramite soluzioni di malware analysis

NEXT GENERATION CLOUD SECURITY

Cybersecurity Auditing in an Unsecure World

W H IT E P A P E R. Salesforce Security for the IT Executive

Integration with ArcSight. Guardium Version 7.0

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

Changing face of endpoint security

Imperva Incapsula Website Security

Five Code RED Security Threats to Windows Servers How to Detect them The Importance of Consolidation, Detection Enterprise Security Series

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

SONICWALL GLOBAL MANAGEMENT SYSTEM

Transcription:

Security Information Event Management { IT Search } Pongsawat Payungwong CISSP,MCSE,ACSA Business Development Manager Sysware(Thailand) Co., Ltd.

IT Search Company

About Me ประสบการณ (ท เก ยวข อง) - ร วมงาน SIEM User Conference 2007-2008: The world s largest gathering of SIEM users!,washington, USA. - ประช มเช งปฎ บ ต การ Search Engine for IT Management, SPLUNK is Next General IT Search Engine, San Francisco, USA. - ประช มเช งปฎ บ ต การ เร องการจ ดการระบบ SIEM for National Security Operation Center: NSOC, Acer edc. Taipei. - ร วมประช ม SIEM, Critical Information Infrastructure: Project LOGIIC (Linking the Oil and Gas Industry to Improve Cyber Security),SCADA System, Department of Homeland Security, Arcsight USA, Washington DC, USA. - ประช มเช งปฎ บ ต การ SPLUNK-SYSTEX, IT Search Business in ASIA, Taipei, Taiwan. - ท ปร กษา ออกแบบระบบ ท เก ยวข อง IT Security Certification: CISSP,MCSE, ACSA,CCNP

Log Management Challenge > Regulations Industry Mandates Security Operations IT Operations Compliance Reporting Compliance Posture? Audit & Risk IT Governance System Health?? Infrastructure Network Availability Networking? User Monitoring?? Applications Change Management Uncontrolled Log Infrastructure Manual & Expensive Audits Inefficient IT Operations Configuration Monitoring Security Perimeter & Insider Threats SLA Monitoring? IT Operations Logs

What s Needed IT Operations Security Operations Regulations & Industry Mandates PCI HIPAA SOX FISMA System Health Network Avail SLA ITIL Insider Threat Perimeter Threat Forensics SANS IT & Security Controls NIST ISO CobiT

Enterprise Event Management Services Event Correlation Response Management Log Aggregation SIEM Advanced Analysis Real-Time Correlation Event Management Services Storage Lifecycle Management Universal Event Collection Enterprise Event Warehouse Event Analysis Search Alert Report Search Alert Report Deployment Challenge Event Source Architecture Bandwidth Integrity/Auditable Time Sync Log Format/Type Normalization Correlation/Use Case

What is IT Search? A New Approach to Enterprise IT Monitoring

What is IT Search?

Defense in Depth Console Console Console Console Console Console Console VM Manager Virtualization/Cloud Computing Guest Apps Guest OS Hypervisor Host OS Systems & Application Web Java.NET Solaris Linux Windows Database Network IDS/IPS Firewalls Router Storage Proxies VPNs ACS

Anatomy of Security Investigation Application activity Log Web server access log dhcp log asset db Single sign-on logs User Joe completed a suspicious transaction Came from IP 10.1.1.57 Was leased to MAC Address 00:0B:86:C5:5F:F4 MAC Address belongs to Sue Joe s logins usually come from other MAC Addresses

Just one example Customer calls start coming in about a specific transaction failing. Search for user id and time of one report Get transaction ID Application and access logs ESB events Find message ID in triggered ESB events for transaction ID Find failed JDBC database connection for message ID Message queues Database error logs Find locking problem in same time window related to permissions problem Find change preceding start of authentication failures Directory server administrative log Change tickets Change was not authorized

Cycle of Using IT Search Users start with ad hoc search to investigate problems in a specific area and add new data, knowledge and automation over time. Proactive search for change execution and impact Validate Changes Investigate Problems Fast, interactive search across all activity and status continuously indexed in real time Report, chart and trend Review Trends on any dimension based on the results of any search Automate Monitoring Save and schedule searches as alerts Capture Knowledge Name, tag and describe types and fields in your data as you search

How is IT Search applied? Operations Troubleshoot problems Security Investigate attacks Compliance Reporting and Controls Business Intelligence Analyze transactions

One Platform. Many Applications.

How does IT Search work?

Universal Indexing Universal algorithms interpret any data without specific parsers or adapters.

Multi-dimensional Search Turn volumes of raw data into information with powerful searches.

Knowledge Management Types create a late binding common knowledge model. Types are pieces of knowledge defined by a search or expression, applied at search time

Security & Authentication Control and audit access to all your IT data.

What can Splunk do?

Search Time search with interactive results Keyword search with quoted strings, wild cards, booleans and nesting Targeted field search - Host, sources, events -Custom fields Summary and statistical search Transaction search Right click integration with other applications

Alert Save any search and run it on a schedule to create an alert Alerts can trigger notifications and/or actions based on the search results Notifications can be sent via email, SMS, RSS or SNMP and integrated with other management consoles Actions can trigger scripts to perform activities like restarting a server

Report One click reports from search results Any field can be used to plot series Flexible chart outputs and formats Interactive charts provide one click drill down Select multiple fields to plot several series together

Visualize Connect visualization apps to the Splunk API Feed business intelligence and reporting applications with IT data using the Splunk API Create dynamic visualizations of data with using one of the Splunk SDKs -Flash - Python -C, C++ -Java -.Net

Open Platform and API

Package Your Own Application

Splunk for Server Virtualization Search and navigate across the complete virtual and physical stack.

Splunk for Network Security Move from event and alert overload to Situational Awareness

Google Search for IT Professional

THANK YOU

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback