Your SlideShare is downloading. ×
DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & Logging
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & Logging

244
views

Published on

Presentation from Riga, Latvia. "Data Security Solutions" Ltd. ITSEC Conference.

Presentation from Riga, Latvia. "Data Security Solutions" Ltd. ITSEC Conference.

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
244
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. BalaBit IT SecurityThe logging company
  • 2. External Challenges: Security Breaches
  • 3. External Challenges:Compliance Pressure to Monitor Users PCI-DSS ISO27002 SOX→ COBIT Chapter 7, 8 A.10.2 Third-party serviceDS5.5 Implement Strong mngmnt HIPAA, BaselSecurity monitoring Access Control A.10.10 II, GPG13…DS9.2 Chapter 10 Audit Access to Monitoring user SimilarConfig.changes Cardholder Data activities requirements!DS11.6 Chapter 12 A.13.2Securing Data Maintain Mgmt of Security sec.policy for Incidents personnel
  • 4. Internal Challenges: „Superuser” Fraud Source: BalaBit IT professionals survey, 2011
  • 5. How to control?• Identity-management• Logging• Activity monitoring
  • 6. BalaBit IT Security „The syslog-ng company”• 2011 revenue: $10.3 M (35% annual growth)• Number of employees: 120• Number of customers - global: – commercial customers: 800 – open source users: 850.000• 12 years experience in IT Security• Global partner network, 80+ partners in 30+ countries• Awarded to Deloitte Technology Fast 500 and Fast 50 Lists (2010)
  • 7. syslog-ng Description• IT environments constantly generate important data in log messages• syslog-ng • Collects • Filters • Classifies • Normalizes • Stores • Transfers• syslog-ng is not a log analysis tool but it is essential to analysis 8
  • 8. Product Family• syslog-ng Open Source Edition • Leader since 1998, de facto standard in 2001 • Large, world-wide community• syslog-ng Premium Edition • Commercial version • Additional features • Professional support• syslog-ng Store Box • Turnkey appliance • Index, search, reporting • Professional support 9
  • 9. syslog-ng Open Source Edition• Key Features • Flexible message filtering and re-writing • Pattern-based classification • Secure log transfer via SSL/TLS • Flow-control – adaptive message rate control • High speed processing > 650k/sec• Community • 100,000s of users worldwide • Well know by system admins • Included in 3rd party devices • Custom add-ons 10
  • 10. syslog-ng Premium Edition• Additional Features • Zero Message Loss • Reliable Log Transfer Protocol (RLTP) • Client side failover • Disk buffer • Encrypted log storage • SQL source and destination support • Windows support • Support for more than 50 server platforms• Professional Support 11
  • 11. Customers
  • 12. Logging is not enough…1. Several security events are not logged! The User Monitoring „Pyramid”2. Logs typically do not show what was done.3. Logs often show only obscure techn. details. Activity Records - security camera System logs - snapshots
  • 13. Key questions to answer…Can you ensure the accountability of your IT staff? Can you monitor the actions of your „superusers”? Can you reliably control your outsourcing partners? Do you really know „who access what” on servers? Can you conduct quick and cheap audits at your company? Can you present bullet-proof evidence in legal proceedings?Are you sure you’d pass audits concerning user monitoring?
  • 14. IT Staff Privileged Activity Monitoring by Shell Control BoxOutsourcingpartnersManagers • Firewall,VDI users • Network devices, • Databases, • Web/file servers, • Citrix server…
  • 15. Privileged Activity Monitoring by BalaBit Shell Control BoxShell Control Box (SCB) is anappliance that controls privilegedaccess to remote systems andrecords the activities into searchableand re-playable movie-like audittrails.
  • 16. Access ControlSecurity & compliance benefits:• Central access control gateway• Multi-protocol support - SSH, RDP, VNC, Telnet, Citrix, etc.• Sub-channel control (e.g. file transfer)• Access by time policy• 4-eyes authorization• Real-time access monitoringKey Benefit: GRANULAR ACCESS POLICY ENFORCEMENT!
  • 17. Real-time alerting (& blocking)Security & compliance benefits:• Alerts for monitoring tools• Alerts for supervisorsComing in :• Terminates session if risky action• Risky actions are customizable (e.g. failed login, program execution, credit card number…)Key Benefit: IMMIDIATE REACTION ON CRITICAL EVENTS!
  • 18. Audit & ForensicsSecurity & compliance benefits:• Real-time activity monitoring• Tamper-proof, HQ audit trails• Movie-like playback & search• File transfer audit• Independent, transparent audit deviceKey Benefit: INDEPENDENT TOOL FOR QUICK AUDITS & FORENSICS!
  • 19. Big SCB Users
  • 20. Conclusion Benefits for businessFaster ROI• Faster and higher quality audits• Lower troubleshooting and forensics costs• Centralized authentication & access control• Complete solution for user monitoringLower risk• Improved regulatory and industry compliance• Better employee/partner control• Improved accountability of staff• Bullet-proof evidence in legal proceedings• Setting technical and psychological barrier
  • 21. Thank you for your attention! Gábor Paróczi Sales Manager gabor.paroczi@balabit.com 25