• Save
Security Information and Event Management Services
Upcoming SlideShare
Loading in...5
×
 

Security Information and Event Management Services

on

  • 646 views

mail: mbleshchyk@scnsoft.com; mobile: +375 29 1428781; skype: nikita_bleshchyk

mail: mbleshchyk@scnsoft.com; mobile: +375 29 1428781; skype: nikita_bleshchyk

Statistics

Views

Total Views
646
Views on SlideShare
643
Embed Views
3

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 3

http://www.linkedin.com 3

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Security Information and Event Management Services Security Information and Event Management Services Presentation Transcript

    • Security Information and Event Management Services 2012
    • SIEM services overview PRESENTATION PLAN • INTRODUCTION • SIEM BACKGROUND • SIEM SERVICES • SUCCESS STORIES www.scnsoft.com
    • IntroductionSecurity Information and Event Management “SIEM technology is used to analyze security event data in real time for internal and external threat management, and to collect, store, analyze and report in log data for regulatory compliance and forensics” “SIEM was $987 million in 2010 and is expected to grow up to $1.4 billion in 2013” www.scnsoft.com
    • ScienceSoft SIEM backgroundTimeline 2004 ScienceSoft becomes software vendor for Consul Risk Management, a SIEM leader 2006 IBM acquires Consul Risk Management. Product renamed to TSIEM/TCIM. Over 30-strong team works for IBM at ScienceSoft 2008 ScienceSoft becomes the only team responsible for TCIM and TSIEM Event Sources and TSOM Device Rules development. Team size grows to 55 FTE 2009 ScienceSoft picks up TCIM and TSIEM Compliance Management Modules development 2011 ScienceSoft launches a SIEM professional services division IBM acquires Q1Labs, the leading vendor in SIEM market ScienceSoft becomes an Official Reseller of Q1 Labs, and IBM Company 2012 ScienceSoft signs MSA with Q1Labs www.scnsoft.com
    • ScienceSoft SIEM backgroundExpertise & achievements QRadar • MSA with Q1Labs; QRadar official reseller status • Certified QRadar, Tivoli Security sales resources • Creating TSIEM → QRadar migration guide together with IBM PS and Enablement teams • Participating in the creation of QRadar exam as an invited IBM partner • A number of QRadar Log Source Extensions (LSX) created (e.g. Kaspersky Antivirus LSX) www.scnsoft.com
    • ScienceSoft SIEM backgroundExpertise & achievements IBM TSIEM/TCIM/TSOM (ex Consul) 2004-2012 • 3 major releases of Consul InSight Security Manager (CISM) (2004- 2006) • 2 major releases of IBM TCIM (2007-2008) • 3 major releases of IBM Tivoli Security Information and Event Manager (TSIEM) major releases (2009-2011) • More than 120 completed CISM, TCIM, and TSIEM Event Sources and Compliance Management Modules projects • More than 40 completed TSOM device rules projects and server bug fixes • 2 big consulting TSIEM projects performed in 2011: NJ large Healthcare organization and UK Government Agency www.scnsoft.com
    • SIEM servicesQ1Labs QRadar: license, professional services ScienceSoft is an official Reseller of QRadar in Belarus Certified technical expertise: − Deployment scenarios and solution design − Production platform deployment from a scratch − Configuring Device Support Modules and qFlow − Integration with vulnerability assessment tools − Configuring Building Blocks and Offence Rules − Creating new and customizing existent Compliance Reports − Data processing issues diagnostics − Tuning solution (backups, performance, data integrity) − Full cycle of QRadar Log Source Extensions development and testing • Target platform investigation and data analysis • Creating Logs processing logic and Events Mapping • LSE integration, configuration and testing on the test and production environments www.scnsoft.com
    • SIEM servicesIBM TSIEM, TCIM, TSOM: license, professional services Services − IBM TCIM, TSIEM, TSOM deployment, configuration, and maintenance − IBM TSOM Device Rules development and testing − IBM TCIM, TSIEM, TSOM products customization − Full cycle of TCIM/TSIEM/TSOM Compliance Management Module, Event Sources and User Information Sources customization, development and testing • Requirements clarification and analysis; investigation of target platform • Security subsystem and audit settings analysis • Architecture and design, W7 model mapping design www.scnsoft.com
    • Success Story TSIEM deployment and customization for a large healthcare organization with 4200+ staff in New Jersey, USA CHALLENGE End Customer needed a SIEM solution to provide log management capabilities, deep data analysis, and comprehensive customizable reports to be compliant with generic regulations of the healthcare industry in the US. SOLUTION ScienceSoft involved a team of two TSIEM consultants to create architecture of the TSIEM solution for the End Customer, customize the data collection and normalization mechanisms. The team designed a set of compliance and general reports and deployed the solution in both test and production environments. The resulting solution is capable of processing up to 700,000 medical transaction events per day. TECHNOLOGIES TSIEM, DB2, WAS, TDI, VMWare, GSL, GML, GEM, W7, GVS, RegExp, SQL, Batch, Shell, Python www.scnsoft.com
    • Success Story TSIEM customization for a UK governmental agency in Leeds, UK CHALLENGE End Customer needed a SIEM solution to be compliant with generic regulations of the financial industry and government organizations in the UK. It also needed to achieve a better visibility of internal processes. SOLUTION ScienceSoft involved a TSIEM consultant to create architecture of the TSIEM solution, customize the data collection and normalization mechanisms. The TSIEM consultant designed a set of compliance and general reports and deployed the solution in development environment. All tasks were performed onsite. The resulting solution is capable of processing up to 20 Gb of financial transaction events per day. TECHNOLOGIES TSIEM, DB2, WAS, TDI, VMWare, GSL, GML, GEM, W7, GVS, RegE xp, SQL, Batch, Shell, Python. www.scnsoft.com
    • Contact Details SCIENCESOFT, INC. 4th Floor, 2 Bedy Str., 220040 Minsk, Belarus Phone: + 375 17 293 3736 Email: contact@scnsoft.com Web: www.scnsoft.com SCIENCESOFT OY Hitsaajankatu 22 00810 Helsinki, Finland Phone: +358 50 388 3000 Email: contact@scnsoft.fi Web: www.scnsoft.fi www.scnsoft.com