• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Security and Information Management
 

Security and Information Management

on

  • 788 views

Andy Walden, Sales Solution Architect, McAfee

Andy Walden, Sales Solution Architect, McAfee

Statistics

Views

Total Views
788
Views on SlideShare
646
Embed Views
142

Actions

Likes
0
Downloads
11
Comments
0

1 Embed 142

http://fedscoop.com 142

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Security and Information Management Security and Information Management Presentation Transcript

    • ANDY WALDENSALES SOLUTIONS ARCHITECT,MCAFEE
    • McAfee SIEMNext Generation SIEMApril 16, 2012
    • First Gen SIEM Deficiencies• The primary issue with SIEM today is the inability to gather, correlate and analyze the large volume of data in any kind of time efficient manner.• The lack of visibility caused by insufficient data collection/analysis in a time sensitive manner leaves the network exposed.• Deeper, broader visibility requires MORE, not less, data analysis which further stresses SIEMs into an almost useless state from an operational, risk and remediation perspective.• SIEM must migrate from just compliance to compliance AND security.• Only NitroView offers the breadth of data, the deeper correlation rules, and the real time access to the data which turns “SIEM” into a critical asset for risk, compliance and security3 April 16, 2012 Confidential McAfee Internal Use Only
    • Content Aware SIEM• Ability to inspect, analyze and correlate on network content and usage• Application decode and protocol anomalies WebMail, Email Malware Web Access (HTTP) Viruses Trojans Chat (IRC, AOL/ICQ, SIP Exploits Yahoo, MSN, Jabber) Vulnerabilities P2P File Sharing (Gnutella) Network Flows Protocol Anomalies Confidential McAfee Internal Use Only
    • Broad Correlation Events from security Application Authentication & devices Contents IAM User Identity Device & Application Log Files Database transactions Location VA Scan OS events Data Confidential McAfee Internal Use Only
    • Focus on Exceptions Confidential McAfee Internal Use Only
    • Advanced Threat Level Correlation Engine• Threat level based correlation takes a different approach than traditional correlation engines• Combination of the two creates a more comprehensive approach to threat detection.Rule Based Threat Based• Rules trigger on a specific set of • A complementary technology which events broadens the visibility into threats• Important to detect known attack on a network. vectors • Does not depend on specific rules to – Example: brute force login attempt trigger.• Used widely throughout the • Assigns a weight to all events and enterprise to look for fraud, attacks, maintains a series of and other malicious activity. “thermometers” for different assets. Confidential McAfee Internal Use Only
    • How McAfee Global Threat Intelligence WorksDelivering the Most Comprehensive Intelligence in the Market Threat Intelligence Feeds Other feeds Endpoints Appliances Servers Firewalls & analysis McAfee Labs File Reputation Email Reputation Engine Engine Web Reputation Network Reputation Engine Engine Vulnerability Information IPS Firewall Email Web AV HIPS8 Confidential McAfee Internal Use Only
    • Integrated with Vulnerability PostureIntegrated with Foundstone scanners and penetrationtesting tools 9 HBSS – McAfee Business Brief April 16, 2012 Confidential McAfee Internal Use Only
    • 10 Confidential McAfee Internal Use Only