How to control?• Identity-management• Logging• Activity monitoring
BalaBit IT Security „The syslog-ng company”• 2011 revenue: $10.3 M (35% annual growth)• Number of employees: 120• Number of customers - global: – commercial customers: 800 – open source users: 850.000• 12 years experience in IT Security• Global partner network, 80+ partners in 30+ countries• Awarded to Deloitte Technology Fast 500 and Fast 50 Lists (2010)
syslog-ng Description• IT environments constantly generate important data in log messages• syslog-ng • Collects • Filters • Classifies • Normalizes • Stores • Transfers• syslog-ng is not a log analysis tool but it is essential to analysis 8
Product Family• syslog-ng Open Source Edition • Leader since 1998, de facto standard in 2001 • Large, world-wide community• syslog-ng Premium Edition • Commercial version • Additional features • Professional support• syslog-ng Store Box • Turnkey appliance • Index, search, reporting • Professional support 9
syslog-ng Open Source Edition• Key Features • Flexible message filtering and re-writing • Pattern-based classification • Secure log transfer via SSL/TLS • Flow-control – adaptive message rate control • High speed processing > 650k/sec• Community • 100,000s of users worldwide • Well know by system admins • Included in 3rd party devices • Custom add-ons 10
syslog-ng Premium Edition• Additional Features • Zero Message Loss • Reliable Log Transfer Protocol (RLTP) • Client side failover • Disk buffer • Encrypted log storage • SQL source and destination support • Windows support • Support for more than 50 server platforms• Professional Support 11
Logging is not enough…1. Several security events are not logged! The User Monitoring „Pyramid”2. Logs typically do not show what was done.3. Logs often show only obscure techn. details. Activity Records - security camera System logs - snapshots
Key questions to answer…Can you ensure the accountability of your IT staff? Can you monitor the actions of your „superusers”? Can you reliably control your outsourcing partners? Do you really know „who access what” on servers? Can you conduct quick and cheap audits at your company? Can you present bullet-proof evidence in legal proceedings?Are you sure you’d pass audits concerning user monitoring?
IT Staff Privileged Activity Monitoring by Shell Control BoxOutsourcingpartnersManagers • Firewall,VDI users • Network devices, • Databases, • Web/file servers, • Citrix server…
Privileged Activity Monitoring by BalaBit Shell Control BoxShell Control Box (SCB) is anappliance that controls privilegedaccess to remote systems andrecords the activities into searchableand re-playable movie-like audittrails.
Access ControlSecurity & compliance benefits:• Central access control gateway• Multi-protocol support - SSH, RDP, VNC, Telnet, Citrix, etc.• Sub-channel control (e.g. file transfer)• Access by time policy• 4-eyes authorization• Real-time access monitoringKey Benefit: GRANULAR ACCESS POLICY ENFORCEMENT!
Real-time alerting (& blocking)Security & compliance benefits:• Alerts for monitoring tools• Alerts for supervisorsComing in :• Terminates session if risky action• Risky actions are customizable (e.g. failed login, program execution, credit card number…)Key Benefit: IMMIDIATE REACTION ON CRITICAL EVENTS!
Conclusion Benefits for businessFaster ROI• Faster and higher quality audits• Lower troubleshooting and forensics costs• Centralized authentication & access control• Complete solution for user monitoringLower risk• Improved regulatory and industry compliance• Better employee/partner control• Improved accountability of staff• Bullet-proof evidence in legal proceedings• Setting technical and psychological barrier
Thank you for your attention! Gábor Paróczi Sales Manager firstname.lastname@example.org 25