SlideShare a Scribd company logo

Best Practices for Log & Event Management

SolarWinds
SolarWinds

Discover What Security Threats are Lurking in Your Network Logs! Proactive threat management is a must in today’s networks, and log files hold the key. Learn how to make your log files work for you to secure your network in an increasingly threat-ridden landscape.

Technology
1 of 12
1 Best Practices for Log & Event Management © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED Discover Security Threats Lurking in Your Network Logs
2 © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED 2 You Can’t Control What You Can’t See!
3 Agenda » The Problem » Best Practices for Log & Event Management » How SolarWinds® Can Help » Additional Resources © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED 3
4 The Problem Network threats are happening at a fast and furious pace! Plus, they’re becoming sneakier and craftier. And, it’s not just external threats you have to worry about – insider abuse is on the rise! 4 © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED
5 The Key to the Solution The good news is that your IT infrastructure’s log files hold the key for mitigating threats and thwarting attacks, but only if they’re handled properly. 5 © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED ® ® ® Make your log files work for you! Otherwise, they’re just taking up space.
6 Best Practices for Log & Event Management 6  Define your log management policies and procedures  Log all relevant and required data (but don’t “over-log”)  Centrally aggregate all logged data  Store logs securely and retain for the required amount of time  Normalize log data and categorize events  Correlate events across multiple log sources  Prioritize events based on criticality  Provide multiple notification methods  Run regularly scheduled security and compliance reports © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED
7 Log Management vs. SIEM » Log Management is the comprehensive collection of all logs and the retention of both raw and parsed log data for operational purposes, including network and application troubleshooting, as well as broad use historical reporting. » SIEM (Security Information and Event Management) builds upon log management by providing the critical piece of event correlation for the primary purpose of detecting, mitigating and remediating network security threats. Also, very importantly, SIEM provides real-time or near real-time visibility into events to minimize the crucial time between detection and response. © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED 7
8 How SolarWinds LEM Can Help  Automated log collection from anywhere data is generated within the IT infrastructure—network devices, security devices, applications, databases, virtual machines, cloud, and more  Real-time, in-memory event correlation to instantly view a security breach, and nearly 700 built-in correlation rules for visibility right out of the box  Built-in active responses to instantly and automatically take action to remediate a threat, such as blocking an IP, killing a process, or logging off a user  Advanced, easy-to-use, search interface with drag-and-drop simplicity, data visualization, and drill-down details for fast and effective forensic analysis  Over 300 out-of-the-box, “audit-proven” security and compliance templates including PCI, HIPAA, SOX, GLBA and many more  USB-Defender® technology protects sensitive data with real-time monitoring, device detection, notification, and the ability to block usage 8 LEM © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED
9 SolarWinds Log & Event Manager (LEM) © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED 9 SolarWinds Log & Event Manager Collects and Correlates Log Data in Real-Time, while also providing Automated Active Responses for Instant Threat Mitigation
10 Additional Resources  SolarWinds Log & Event Manager Overview  SolarWinds Log & Event Manager Guided Tour  Why & How of Monitoring Workstations with Log & Event Manager  Combat Security Threats with SolarWinds LEM's Active Responses  Case Study: SolarWinds LEM & EasyStreet  Case Study: SolarWinds LEM & United States Postal Service Federal Credit Union © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED 10
11 Trademark The SOLARWINDS and SOLARWINDS & Design marks are the exclusive property of SolarWinds Worldwide, LLC, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks, registered or pending registration in the United States or in other countries. All other trademarks mentioned herein are used for identification purposes only and may be or are trademarks or registered trademarks of their respective companies. © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED 11
12 Thank You! © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED

Recommended

SolarWinds Log & Event Manager vs Splunk. What's the Difference?
SolarWinds Log & Event Manager vs Splunk. What's the Difference?SolarWinds Log & Event Manager vs Splunk. What's the Difference?
SolarWinds Log & Event Manager vs Splunk. What's the Difference?SolarWinds
 
Government Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWinds
Government Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWindsGovernment Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWinds
Government Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWindsSolarWinds
 
Webinar: Real IT Compliance with SolarWinds
Webinar: Real IT Compliance with SolarWindsWebinar: Real IT Compliance with SolarWinds
Webinar: Real IT Compliance with SolarWindsSolarWinds
 
Infographic: SDN, BYOD and Cloud! Oh my!
Infographic: SDN, BYOD and Cloud! Oh my!Infographic: SDN, BYOD and Cloud! Oh my!
Infographic: SDN, BYOD and Cloud! Oh my!SolarWinds
 
The Seismic Impact of the SolarWinds Hack
The Seismic Impact of the SolarWinds HackThe Seismic Impact of the SolarWinds Hack
The Seismic Impact of the SolarWinds HackNicole Fucile-Borsian
 
How to Enable, Monitor, and Secure Your Remote Workforce
How to Enable, Monitor, and Secure Your Remote WorkforceHow to Enable, Monitor, and Secure Your Remote Workforce
How to Enable, Monitor, and Secure Your Remote WorkforceSolarWinds
 
Government and Education Webinar: SolarWinds Orion Platform: Audit and Stream...
Government and Education Webinar: SolarWinds Orion Platform: Audit and Stream...Government and Education Webinar: SolarWinds Orion Platform: Audit and Stream...
Government and Education Webinar: SolarWinds Orion Platform: Audit and Stream...SolarWinds
 
Government Webinar: Preparing for CMMC Compliance Roundtable
Government Webinar: Preparing for CMMC Compliance Roundtable Government Webinar: Preparing for CMMC Compliance Roundtable
Government Webinar: Preparing for CMMC Compliance Roundtable SolarWinds
 

Recommended

SolarWinds Log & Event Manager vs Splunk. What's the Difference?
SolarWinds Log & Event Manager vs Splunk. What's the Difference?SolarWinds Log & Event Manager vs Splunk. What's the Difference?
SolarWinds Log & Event Manager vs Splunk. What's the Difference?SolarWinds
 
Government Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWinds
Government Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWindsGovernment Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWinds
Government Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWindsSolarWinds
 
Webinar: Real IT Compliance with SolarWinds
Webinar: Real IT Compliance with SolarWindsWebinar: Real IT Compliance with SolarWinds
Webinar: Real IT Compliance with SolarWindsSolarWinds
 
Infographic: SDN, BYOD and Cloud! Oh my!
Infographic: SDN, BYOD and Cloud! Oh my!Infographic: SDN, BYOD and Cloud! Oh my!
Infographic: SDN, BYOD and Cloud! Oh my!SolarWinds
 
The Seismic Impact of the SolarWinds Hack
The Seismic Impact of the SolarWinds HackThe Seismic Impact of the SolarWinds Hack
The Seismic Impact of the SolarWinds HackNicole Fucile-Borsian
 
How to Enable, Monitor, and Secure Your Remote Workforce
How to Enable, Monitor, and Secure Your Remote WorkforceHow to Enable, Monitor, and Secure Your Remote Workforce
How to Enable, Monitor, and Secure Your Remote WorkforceSolarWinds
 
Government and Education Webinar: SolarWinds Orion Platform: Audit and Stream...
Government and Education Webinar: SolarWinds Orion Platform: Audit and Stream...Government and Education Webinar: SolarWinds Orion Platform: Audit and Stream...
Government and Education Webinar: SolarWinds Orion Platform: Audit and Stream...SolarWinds
 
Government Webinar: Preparing for CMMC Compliance Roundtable
Government Webinar: Preparing for CMMC Compliance Roundtable Government Webinar: Preparing for CMMC Compliance Roundtable
Government Webinar: Preparing for CMMC Compliance Roundtable SolarWinds
 
Taming Multi-Cloud, Hybrid Cloud, Docker, and Kubernetes
Taming Multi-Cloud, Hybrid Cloud, Docker, and KubernetesTaming Multi-Cloud, Hybrid Cloud, Docker, and Kubernetes
Taming Multi-Cloud, Hybrid Cloud, Docker, and KubernetesSolarWinds
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardEMC
 
7 Reasons your existing SIEM is not enough
7 Reasons your existing SIEM is not enough7 Reasons your existing SIEM is not enough
7 Reasons your existing SIEM is not enoughCloudAccess
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhydn|u - The Open Security Community
 
Introduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for BusinesssIntroduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for BusinesssAndrew Wong
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013Wolfgang Kandek
 
APAC Partner Update: SolarWinds Security
APAC Partner Update: SolarWinds SecurityAPAC Partner Update: SolarWinds Security
APAC Partner Update: SolarWinds SecuritySolarWinds
 
Kofax Document Security
Kofax Document Security Kofax Document Security
Kofax Document Security Kofax
 
kaspersky presentation for palette business solution June 2016 v1.0.
kaspersky presentation for palette business solution June 2016 v1.0.kaspersky presentation for palette business solution June 2016 v1.0.
kaspersky presentation for palette business solution June 2016 v1.0.Onwubiko Emmanuel
 
KASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATIONKASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATIONGS CHO
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceQualys
 
Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemSBWebinars
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire
 
SIEM evolution
SIEM evolutionSIEM evolution
SIEM evolutionStijn Vande Casteele
 
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinSo You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinAnton Chuvakin
 
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...Symantec
 
Security Analytics for Data Discovery - Closing the SIEM Gap
Security Analytics for Data Discovery - Closing the SIEM GapSecurity Analytics for Data Discovery - Closing the SIEM Gap
Security Analytics for Data Discovery - Closing the SIEM GapEric Johansen, CISSP
 
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...Qualys
 
Kaspersky endpoint security business presentation
Kaspersky endpoint security business presentationKaspersky endpoint security business presentation
Kaspersky endpoint security business presentationData Unit
 
SIEM in NIST Cyber Security Framework
SIEM in NIST Cyber Security FrameworkSIEM in NIST Cyber Security Framework
SIEM in NIST Cyber Security FrameworkBernie Leung, P.E., CISSP
 
The SR Group - International Recruitment & Search
The SR Group - International Recruitment & SearchThe SR Group - International Recruitment & Search
The SR Group - International Recruitment & SearchKatie Sadler
 

More Related Content

What's hot

Taming Multi-Cloud, Hybrid Cloud, Docker, and Kubernetes
Taming Multi-Cloud, Hybrid Cloud, Docker, and KubernetesTaming Multi-Cloud, Hybrid Cloud, Docker, and Kubernetes
Taming Multi-Cloud, Hybrid Cloud, Docker, and KubernetesSolarWinds
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardEMC
 
7 Reasons your existing SIEM is not enough
7 Reasons your existing SIEM is not enough7 Reasons your existing SIEM is not enough
7 Reasons your existing SIEM is not enoughCloudAccess
 
Introduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for BusinesssIntroduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for BusinesssAndrew Wong
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013Wolfgang Kandek
 
APAC Partner Update: SolarWinds Security
APAC Partner Update: SolarWinds SecurityAPAC Partner Update: SolarWinds Security
APAC Partner Update: SolarWinds SecuritySolarWinds
 
Kofax Document Security
Kofax Document Security Kofax Document Security
Kofax Document Security Kofax
 
kaspersky presentation for palette business solution June 2016 v1.0.
kaspersky presentation for palette business solution June 2016 v1.0.kaspersky presentation for palette business solution June 2016 v1.0.
kaspersky presentation for palette business solution June 2016 v1.0.Onwubiko Emmanuel
 
KASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATIONKASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATIONGS CHO
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceQualys
 
Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemSBWebinars
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire
 
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinSo You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinAnton Chuvakin
 
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...Symantec
 
Security Analytics for Data Discovery - Closing the SIEM Gap
Security Analytics for Data Discovery - Closing the SIEM GapSecurity Analytics for Data Discovery - Closing the SIEM Gap
Security Analytics for Data Discovery - Closing the SIEM GapEric Johansen, CISSP
 
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...Qualys
 
Kaspersky endpoint security business presentation
Kaspersky endpoint security business presentationKaspersky endpoint security business presentation
Kaspersky endpoint security business presentationData Unit
 

What's hot (20)

Taming Multi-Cloud, Hybrid Cloud, Docker, and Kubernetes
Taming Multi-Cloud, Hybrid Cloud, Docker, and KubernetesTaming Multi-Cloud, Hybrid Cloud, Docker, and Kubernetes
Taming Multi-Cloud, Hybrid Cloud, Docker, and Kubernetes
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path Forward
 
7 Reasons your existing SIEM is not enough
7 Reasons your existing SIEM is not enough7 Reasons your existing SIEM is not enough
7 Reasons your existing SIEM is not enough
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhyd
 
Introduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for BusinesssIntroduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for Businesss
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
 
APAC Partner Update: SolarWinds Security
APAC Partner Update: SolarWinds SecurityAPAC Partner Update: SolarWinds Security
APAC Partner Update: SolarWinds Security
 
Kofax Document Security
Kofax Document Security Kofax Document Security
Kofax Document Security
 
kaspersky presentation for palette business solution June 2016 v1.0.
kaspersky presentation for palette business solution June 2016 v1.0.kaspersky presentation for palette business solution June 2016 v1.0.
kaspersky presentation for palette business solution June 2016 v1.0.
 
KASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATIONKASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATION
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and Compliance
 
Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against Them
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations Center
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo
 
SIEM evolution
SIEM evolutionSIEM evolution
SIEM evolution
 
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinSo You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
 
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
 
Security Analytics for Data Discovery - Closing the SIEM Gap
Security Analytics for Data Discovery - Closing the SIEM GapSecurity Analytics for Data Discovery - Closing the SIEM Gap
Security Analytics for Data Discovery - Closing the SIEM Gap
 
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
 
Kaspersky endpoint security business presentation
Kaspersky endpoint security business presentationKaspersky endpoint security business presentation
Kaspersky endpoint security business presentation
 

Viewers also liked

The SR Group - International Recruitment & Search
The SR Group - International Recruitment & SearchThe SR Group - International Recruitment & Search
The SR Group - International Recruitment & SearchKatie Sadler
 
Why Workstation Log Management is Crucial for Network Security?
Why Workstation Log Management is Crucial for Network Security?Why Workstation Log Management is Crucial for Network Security?
Why Workstation Log Management is Crucial for Network Security?SolarWinds
 
Windows Event Analysis - Correlation for Investigation
Windows Event Analysis - Correlation for InvestigationWindows Event Analysis - Correlation for Investigation
Windows Event Analysis - Correlation for InvestigationMahendra Pratap Singh
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Logchuckbt
 
Logging for Hackers - What you need to know to catch them
Logging for Hackers - What you need to know to catch themLogging for Hackers - What you need to know to catch them
Logging for Hackers - What you need to know to catch themMichael Gough
 
The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0Michael Gough
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapFireEye, Inc.
 
Finding attacks with these 6 events
Finding attacks with these 6 eventsFinding attacks with these 6 events
Finding attacks with these 6 eventsMichael Gough
 

Viewers also liked (12)

SIEM in NIST Cyber Security Framework
SIEM in NIST Cyber Security FrameworkSIEM in NIST Cyber Security Framework
SIEM in NIST Cyber Security Framework
 
The SR Group - International Recruitment & Search
The SR Group - International Recruitment & SearchThe SR Group - International Recruitment & Search
The SR Group - International Recruitment & Search
 
Why Workstation Log Management is Crucial for Network Security?
Why Workstation Log Management is Crucial for Network Security?Why Workstation Log Management is Crucial for Network Security?
Why Workstation Log Management is Crucial for Network Security?
 
Windows Event Analysis - Correlation for Investigation
Windows Event Analysis - Correlation for InvestigationWindows Event Analysis - Correlation for Investigation
Windows Event Analysis - Correlation for Investigation
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Log
 
Logging for Hackers - What you need to know to catch them
Logging for Hackers - What you need to know to catch themLogging for Hackers - What you need to know to catch them
Logging for Hackers - What you need to know to catch them
 
The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0
 
The 5 Cs of Event Management
The 5 Cs of Event ManagementThe 5 Cs of Event Management
The 5 Cs of Event Management
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security Gap
 
Finding attacks with these 6 events
Finding attacks with these 6 eventsFinding attacks with these 6 events
Finding attacks with these 6 events
 
Event management
Event managementEvent management
Event management
 
Active Directory Training
Active Directory TrainingActive Directory Training
Active Directory Training
 

Similar to Best Practices for Log & Event Management

vip_day_2._1130_cloud
vip_day_2._1130_cloudvip_day_2._1130_cloud
vip_day_2._1130_cloudNicholas Chia
 
These aren't the logs you’re looking for... Learn the Basics of Security Moni...
These aren't the logs you’re looking for... Learn the Basics of Security Moni...These aren't the logs you’re looking for... Learn the Basics of Security Moni...
These aren't the logs you’re looking for... Learn the Basics of Security Moni...SolarWinds
 
Top 10 Database Threats
Top 10 Database ThreatsTop 10 Database Threats
Top 10 Database ThreatsImperva
 
SolarWinds Presents Compliance with Log and Event Manager
SolarWinds Presents Compliance with Log and Event ManagerSolarWinds Presents Compliance with Log and Event Manager
SolarWinds Presents Compliance with Log and Event ManagerSolarWinds
 
Introduction to SIEM.pptx
Introduction to SIEM.pptxIntroduction to SIEM.pptx
Introduction to SIEM.pptxneoalt
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
All You Need to Know About 5 Biggest Cloud Security Risks and How One Can Avo...
All You Need to Know About 5 Biggest Cloud Security Risks and How One Can Avo...All You Need to Know About 5 Biggest Cloud Security Risks and How One Can Avo...
All You Need to Know About 5 Biggest Cloud Security Risks and How One Can Avo...Skyline IT Management
 
IBM security systems overview v1.0 - rohit nagarajan
IBM security systems overview v1.0 - rohit nagarajanIBM security systems overview v1.0 - rohit nagarajan
IBM security systems overview v1.0 - rohit nagarajanShwetank Jayaswal
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Education & Training Boards
 
The Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceThe Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceImperva
 
Digital Guardian and CDM
Digital Guardian and CDMDigital Guardian and CDM
Digital Guardian and CDMGreg Cranley
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfTechugo
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfTechugo
 
Kista watson summit final public version
Kista watson summit final public versionKista watson summit final public version
Kista watson summit final public versionIBM Sverige
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataIBM Security
 
GDPR 9 Step SIEM Implementation Checklist
GDPR 9 Step SIEM Implementation ChecklistGDPR 9 Step SIEM Implementation Checklist
GDPR 9 Step SIEM Implementation ChecklistNetworkIQ
 
Detection of Anomalous Behavior
Detection of Anomalous BehaviorDetection of Anomalous Behavior
Detection of Anomalous BehaviorCapgemini
 

Similar to Best Practices for Log & Event Management (20)

vip_day_2._1130_cloud
vip_day_2._1130_cloudvip_day_2._1130_cloud
vip_day_2._1130_cloud
 
These aren't the logs you’re looking for... Learn the Basics of Security Moni...
These aren't the logs you’re looking for... Learn the Basics of Security Moni...These aren't the logs you’re looking for... Learn the Basics of Security Moni...
These aren't the logs you’re looking for... Learn the Basics of Security Moni...
 
Top 10 Database Threats
Top 10 Database ThreatsTop 10 Database Threats
Top 10 Database Threats
 
SolarWinds Presents Compliance with Log and Event Manager
SolarWinds Presents Compliance with Log and Event ManagerSolarWinds Presents Compliance with Log and Event Manager
SolarWinds Presents Compliance with Log and Event Manager
 
Introduction to SIEM.pptx
Introduction to SIEM.pptxIntroduction to SIEM.pptx
Introduction to SIEM.pptx
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
SC Magazine eSymposium: SIEM
SC Magazine eSymposium: SIEMSC Magazine eSymposium: SIEM
SC Magazine eSymposium: SIEM
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
All You Need to Know About 5 Biggest Cloud Security Risks and How One Can Avo...
All You Need to Know About 5 Biggest Cloud Security Risks and How One Can Avo...All You Need to Know About 5 Biggest Cloud Security Risks and How One Can Avo...
All You Need to Know About 5 Biggest Cloud Security Risks and How One Can Avo...
 
IBM security systems overview v1.0 - rohit nagarajan
IBM security systems overview v1.0 - rohit nagarajanIBM security systems overview v1.0 - rohit nagarajan
IBM security systems overview v1.0 - rohit nagarajan
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
 
The Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceThe Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat Intelligence
 
Digital Guardian and CDM
Digital Guardian and CDMDigital Guardian and CDM
Digital Guardian and CDM
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
 
Kista watson summit final public version
Kista watson summit final public versionKista watson summit final public version
Kista watson summit final public version
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
 
GDPR 9 Step SIEM Implementation Checklist
GDPR 9 Step SIEM Implementation ChecklistGDPR 9 Step SIEM Implementation Checklist
GDPR 9 Step SIEM Implementation Checklist
 
Detection of Anomalous Behavior
Detection of Anomalous BehaviorDetection of Anomalous Behavior
Detection of Anomalous Behavior
 

More from SolarWinds

SolarWinds Government and Education Webinar: Greatest SolarWinds Features I N...
SolarWinds Government and Education Webinar: Greatest SolarWinds Features I N...SolarWinds Government and Education Webinar: Greatest SolarWinds Features I N...
SolarWinds Government and Education Webinar: Greatest SolarWinds Features I N...SolarWinds
 
SolarWinds Government and Education Webinar: Gaps Exist in Your Monitoring In...
SolarWinds Government and Education Webinar: Gaps Exist in Your Monitoring In...SolarWinds Government and Education Webinar: Gaps Exist in Your Monitoring In...
SolarWinds Government and Education Webinar: Gaps Exist in Your Monitoring In...SolarWinds
 
Government Webinar: Alerting and Reporting in the Age of Observability
Government Webinar: Alerting and Reporting in the Age of ObservabilityGovernment Webinar: Alerting and Reporting in the Age of Observability
Government Webinar: Alerting and Reporting in the Age of ObservabilitySolarWinds
 
Government and Education Webinar: Full Stack Observability
Government and Education Webinar: Full Stack ObservabilityGovernment and Education Webinar: Full Stack Observability
Government and Education Webinar: Full Stack ObservabilitySolarWinds
 
Government and Education Webinar: Public Sector Cybersecurity Survey - What I...
Government and Education Webinar: Public Sector Cybersecurity Survey - What I...Government and Education Webinar: Public Sector Cybersecurity Survey - What I...
Government and Education Webinar: Public Sector Cybersecurity Survey - What I...SolarWinds
 
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software VendorsBecoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software VendorsSolarWinds
 
Government and Education Webinar: Real-Time Mission, CIO, and Command Dashboards
Government and Education Webinar: Real-Time Mission, CIO, and Command DashboardsGovernment and Education Webinar: Real-Time Mission, CIO, and Command Dashboards
Government and Education Webinar: Real-Time Mission, CIO, and Command DashboardsSolarWinds
 
Government and Education Webinar: Simplify Your Database Performance Manageme...
Government and Education Webinar: Simplify Your Database Performance Manageme...Government and Education Webinar: Simplify Your Database Performance Manageme...
Government and Education Webinar: Simplify Your Database Performance Manageme...SolarWinds
 
Government and Education Webinar: Leverage Automation to Improve IT Operations
Government and Education Webinar: Leverage Automation to Improve IT OperationsGovernment and Education Webinar: Leverage Automation to Improve IT Operations
Government and Education Webinar: Leverage Automation to Improve IT OperationsSolarWinds
 
Government and Education Webinar: Improving Application Performance
Government and Education Webinar: Improving Application PerformanceGovernment and Education Webinar: Improving Application Performance
Government and Education Webinar: Improving Application PerformanceSolarWinds
 
Government and Education: IT Tools to Support Your Hybrid Workforce
Government and Education: IT Tools to Support Your Hybrid WorkforceGovernment and Education: IT Tools to Support Your Hybrid Workforce
Government and Education: IT Tools to Support Your Hybrid WorkforceSolarWinds
 
Government and Education Webinar: There's More Than One Way to Monitor SQL Da...
Government and Education Webinar: There's More Than One Way to Monitor SQL Da...Government and Education Webinar: There's More Than One Way to Monitor SQL Da...
Government and Education Webinar: There's More Than One Way to Monitor SQL Da...SolarWinds
 
SolarWinds Government and Education Webinar: Virtual Technology Briefing 08.0...
SolarWinds Government and Education Webinar: Virtual Technology Briefing 08.0...SolarWinds Government and Education Webinar: Virtual Technology Briefing 08.0...
SolarWinds Government and Education Webinar: Virtual Technology Briefing 08.0...SolarWinds
 
Government and Education Webinar: Zero-Trust Panel Discussion
Government and Education Webinar: Zero-Trust Panel Discussion Government and Education Webinar: Zero-Trust Panel Discussion
Government and Education Webinar: Zero-Trust Panel Discussion SolarWinds
 
Government and Education: Leveraging The SolarWinds Orion Assistance Program ...
Government and Education: Leveraging The SolarWinds Orion Assistance Program ...Government and Education: Leveraging The SolarWinds Orion Assistance Program ...
Government and Education: Leveraging The SolarWinds Orion Assistance Program ...SolarWinds
 
Government and Education Webinar: SQL Server—Advanced Performance Tuning
Government and Education Webinar: SQL Server—Advanced Performance Tuning Government and Education Webinar: SQL Server—Advanced Performance Tuning
Government and Education Webinar: SQL Server—Advanced Performance Tuning SolarWinds
 
Government and Education Webinar: Recovering IP Addresses on Your Network
Government and Education Webinar: Recovering IP Addresses on Your NetworkGovernment and Education Webinar: Recovering IP Addresses on Your Network
Government and Education Webinar: Recovering IP Addresses on Your NetworkSolarWinds
 
Government and Education Webinar: Optimize Performance With Advanced Host Mon...
Government and Education Webinar: Optimize Performance With Advanced Host Mon...Government and Education Webinar: Optimize Performance With Advanced Host Mon...
Government and Education Webinar: Optimize Performance With Advanced Host Mon...SolarWinds
 
Government and Education Webinar: Conquering Remote Work IT Challenges
Government and Education Webinar: Conquering Remote Work IT Challenges Government and Education Webinar: Conquering Remote Work IT Challenges
Government and Education Webinar: Conquering Remote Work IT Challenges SolarWinds
 
Government and Education Webinar: SQL Server—Indexing for Performance
Government and Education Webinar: SQL Server—Indexing for PerformanceGovernment and Education Webinar: SQL Server—Indexing for Performance
Government and Education Webinar: SQL Server—Indexing for PerformanceSolarWinds
 

More from SolarWinds (20)

SolarWinds Government and Education Webinar: Greatest SolarWinds Features I N...
SolarWinds Government and Education Webinar: Greatest SolarWinds Features I N...SolarWinds Government and Education Webinar: Greatest SolarWinds Features I N...
SolarWinds Government and Education Webinar: Greatest SolarWinds Features I N...
 
SolarWinds Government and Education Webinar: Gaps Exist in Your Monitoring In...
SolarWinds Government and Education Webinar: Gaps Exist in Your Monitoring In...SolarWinds Government and Education Webinar: Gaps Exist in Your Monitoring In...
SolarWinds Government and Education Webinar: Gaps Exist in Your Monitoring In...
 
Government Webinar: Alerting and Reporting in the Age of Observability
Government Webinar: Alerting and Reporting in the Age of ObservabilityGovernment Webinar: Alerting and Reporting in the Age of Observability
Government Webinar: Alerting and Reporting in the Age of Observability
 
Government and Education Webinar: Full Stack Observability
Government and Education Webinar: Full Stack ObservabilityGovernment and Education Webinar: Full Stack Observability
Government and Education Webinar: Full Stack Observability
 
Government and Education Webinar: Public Sector Cybersecurity Survey - What I...
Government and Education Webinar: Public Sector Cybersecurity Survey - What I...Government and Education Webinar: Public Sector Cybersecurity Survey - What I...
Government and Education Webinar: Public Sector Cybersecurity Survey - What I...
 
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software VendorsBecoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
 
Government and Education Webinar: Real-Time Mission, CIO, and Command Dashboards
Government and Education Webinar: Real-Time Mission, CIO, and Command DashboardsGovernment and Education Webinar: Real-Time Mission, CIO, and Command Dashboards
Government and Education Webinar: Real-Time Mission, CIO, and Command Dashboards
 
Government and Education Webinar: Simplify Your Database Performance Manageme...
Government and Education Webinar: Simplify Your Database Performance Manageme...Government and Education Webinar: Simplify Your Database Performance Manageme...
Government and Education Webinar: Simplify Your Database Performance Manageme...
 
Government and Education Webinar: Leverage Automation to Improve IT Operations
Government and Education Webinar: Leverage Automation to Improve IT OperationsGovernment and Education Webinar: Leverage Automation to Improve IT Operations
Government and Education Webinar: Leverage Automation to Improve IT Operations
 
Government and Education Webinar: Improving Application Performance
Government and Education Webinar: Improving Application PerformanceGovernment and Education Webinar: Improving Application Performance
Government and Education Webinar: Improving Application Performance
 
Government and Education: IT Tools to Support Your Hybrid Workforce
Government and Education: IT Tools to Support Your Hybrid WorkforceGovernment and Education: IT Tools to Support Your Hybrid Workforce
Government and Education: IT Tools to Support Your Hybrid Workforce
 
Government and Education Webinar: There's More Than One Way to Monitor SQL Da...
Government and Education Webinar: There's More Than One Way to Monitor SQL Da...Government and Education Webinar: There's More Than One Way to Monitor SQL Da...
Government and Education Webinar: There's More Than One Way to Monitor SQL Da...
 
SolarWinds Government and Education Webinar: Virtual Technology Briefing 08.0...
SolarWinds Government and Education Webinar: Virtual Technology Briefing 08.0...SolarWinds Government and Education Webinar: Virtual Technology Briefing 08.0...
SolarWinds Government and Education Webinar: Virtual Technology Briefing 08.0...
 
Government and Education Webinar: Zero-Trust Panel Discussion
Government and Education Webinar: Zero-Trust Panel Discussion Government and Education Webinar: Zero-Trust Panel Discussion
Government and Education Webinar: Zero-Trust Panel Discussion
 
Government and Education: Leveraging The SolarWinds Orion Assistance Program ...
Government and Education: Leveraging The SolarWinds Orion Assistance Program ...Government and Education: Leveraging The SolarWinds Orion Assistance Program ...
Government and Education: Leveraging The SolarWinds Orion Assistance Program ...
 
Government and Education Webinar: SQL Server—Advanced Performance Tuning
Government and Education Webinar: SQL Server—Advanced Performance Tuning Government and Education Webinar: SQL Server—Advanced Performance Tuning
Government and Education Webinar: SQL Server—Advanced Performance Tuning
 
Government and Education Webinar: Recovering IP Addresses on Your Network
Government and Education Webinar: Recovering IP Addresses on Your NetworkGovernment and Education Webinar: Recovering IP Addresses on Your Network
Government and Education Webinar: Recovering IP Addresses on Your Network
 
Government and Education Webinar: Optimize Performance With Advanced Host Mon...
Government and Education Webinar: Optimize Performance With Advanced Host Mon...Government and Education Webinar: Optimize Performance With Advanced Host Mon...
Government and Education Webinar: Optimize Performance With Advanced Host Mon...
 
Government and Education Webinar: Conquering Remote Work IT Challenges
Government and Education Webinar: Conquering Remote Work IT Challenges Government and Education Webinar: Conquering Remote Work IT Challenges
Government and Education Webinar: Conquering Remote Work IT Challenges
 
Government and Education Webinar: SQL Server—Indexing for Performance
Government and Education Webinar: SQL Server—Indexing for PerformanceGovernment and Education Webinar: SQL Server—Indexing for Performance
Government and Education Webinar: SQL Server—Indexing for Performance
 

Recently uploaded

My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 

Recently uploaded (20)

My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 

Best Practices for Log & Event Management

  • 1. 1 Best Practices for Log & Event Management © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED Discover Security Threats Lurking in Your Network Logs
  • 2. 2 © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED 2 You Can’t Control What You Can’t See!
  • 3. 3 Agenda » The Problem » Best Practices for Log & Event Management » How SolarWinds® Can Help » Additional Resources © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED 3
  • 4. 4 The Problem Network threats are happening at a fast and furious pace! Plus, they’re becoming sneakier and craftier. And, it’s not just external threats you have to worry about – insider abuse is on the rise! 4 © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED
  • 5. 5 The Key to the Solution The good news is that your IT infrastructure’s log files hold the key for mitigating threats and thwarting attacks, but only if they’re handled properly. 5 © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED ® ® ® Make your log files work for you! Otherwise, they’re just taking up space.
  • 6. 6 Best Practices for Log & Event Management 6  Define your log management policies and procedures  Log all relevant and required data (but don’t “over-log”)  Centrally aggregate all logged data  Store logs securely and retain for the required amount of time  Normalize log data and categorize events  Correlate events across multiple log sources  Prioritize events based on criticality  Provide multiple notification methods  Run regularly scheduled security and compliance reports © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED
  • 7. 7 Log Management vs. SIEM » Log Management is the comprehensive collection of all logs and the retention of both raw and parsed log data for operational purposes, including network and application troubleshooting, as well as broad use historical reporting. » SIEM (Security Information and Event Management) builds upon log management by providing the critical piece of event correlation for the primary purpose of detecting, mitigating and remediating network security threats. Also, very importantly, SIEM provides real-time or near real-time visibility into events to minimize the crucial time between detection and response. © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED 7
  • 8. 8 How SolarWinds LEM Can Help  Automated log collection from anywhere data is generated within the IT infrastructure—network devices, security devices, applications, databases, virtual machines, cloud, and more  Real-time, in-memory event correlation to instantly view a security breach, and nearly 700 built-in correlation rules for visibility right out of the box  Built-in active responses to instantly and automatically take action to remediate a threat, such as blocking an IP, killing a process, or logging off a user  Advanced, easy-to-use, search interface with drag-and-drop simplicity, data visualization, and drill-down details for fast and effective forensic analysis  Over 300 out-of-the-box, “audit-proven” security and compliance templates including PCI, HIPAA, SOX, GLBA and many more  USB-Defender® technology protects sensitive data with real-time monitoring, device detection, notification, and the ability to block usage 8 LEM © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED
  • 9. 9 SolarWinds Log & Event Manager (LEM) © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED 9 SolarWinds Log & Event Manager Collects and Correlates Log Data in Real-Time, while also providing Automated Active Responses for Instant Threat Mitigation
  • 10. 10 Additional Resources  SolarWinds Log & Event Manager Overview  SolarWinds Log & Event Manager Guided Tour  Why & How of Monitoring Workstations with Log & Event Manager  Combat Security Threats with SolarWinds LEM's Active Responses  Case Study: SolarWinds LEM & EasyStreet  Case Study: SolarWinds LEM & United States Postal Service Federal Credit Union © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED 10
  • 11. 11 Trademark The SOLARWINDS and SOLARWINDS & Design marks are the exclusive property of SolarWinds Worldwide, LLC, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks, registered or pending registration in the United States or in other countries. All other trademarks mentioned herein are used for identification purposes only and may be or are trademarks or registered trademarks of their respective companies. © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED 11
  • 12. 12 Thank You! © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED

Editor's Notes

  1. Log files are generated throughout the IT infrastructure -- web server logs, operating system logs, application logs, firewall logs, and more