SlideShare a Scribd company logo

Why SureLog?

Ertugrul Akbas
Ertugrul Akbas

SureLog: Integrated Log Management and SIEM Solution

Technology
1 of 37
Download to read offline
The Easiest Solution for Next-Generation SIEM SureLog International Edition //2016www.anetusa.net
SureLog Next –Generation SIEM ANET Agenda • Introduction to SureLog • What is SureLog • Benefits of SureLog
SureLog Next –Generation SIEM ANET More Than Just a SIEM  Integrated Log Management and SIEM Solution
SureLog Next –Generation SIEM ANET Advanced Correlation Engine  Observed Rule: This is the most frequently used component and it performs a criteria match based on the elements of an event that are contained within it. One or more filters can be within a Match Component. Each Match Component within a rule may match separate events in order to satisfy the rule.  Threshold Rule: Count Based rules. This rule will look for total count of predefined event within a time window. The threshold should be adjusted based on use case  Trend Monitor Rule: By trending any event, SureLog can find deviations from time to time that may be indications of important security or performance events
SureLog Next –Generation SIEM ANET Advanced Correlation Engine
SureLog Next –Generation SIEM ANET Advanced Correlation Engine  Statistical Rule: As the label describes, this component uses the traditional model for Standard Deviation and applies this deviation to the filters contained within the component. In addition to traditional Deviation, we’ve added Percent from Average and Fixed Value from Average as additional comparison operators. • Population Standard Deviation • Sample Standard Deviation • Variance(Sample Standard) • Variance (Population Standard) This provides more flexibility than regular standard deviation. For a quick primer on Standard Deviation, see this Wiki link: http://en.wikipedia.org/wiki/Standard_deviation.
SureLog Next –Generation SIEM ANET Advanced Correlation Engine  Value Changed Rule: Match when a field has two different values within some time  Never Seen Before Rule: Match when a never before seen term appears in a field
SureLog Next –Generation SIEM ANET Advanced Correlation Engine  New correlation engine also has many new features like: Suppression (Starts Time), Expire Time, Timer (Periodic running), etc..  New correlation engine has many new operators like: Starts with in List, Regex search in List, matches etc..
SureLog Next –Generation SIEM ANET Advanced Correlation Engine
SureLog Next –Generation SIEM ANET Advanced Correlation Engine  Wizard Driven Rule Samples: 1. If 100 packets are blocked within 15 minutes by UTM/FireWall from the same outside source IP to distinct destination inside IPs and then starts a traffic session from ANY of the inside (destination) IPs to the (outside) IP, send ALL IPs (Source, Destination) as a mail 2. If 100 packets are blocked within 15 minutes by UTM/FireWall from the same outside source IP to distinct destination inside IPs and then starts a traffic session from ALL of the inside (destination) IPs to the (outside) IP, send Outside IP as a mail 3. Monitor weekly running processes by a user and compare the trend with the current week running process list 4. Detects An Unusual Condition Where A Source Has Authentication Failures At A Host But That Is Not Followed By A Successful Authentication by the Same User At The Same Host Within 2 Hours 5. If the traffic on port X exceeds the standard deviation of historic traffic patterns then trigger an alert (e.g., new worm, bot communicating with C&C). 6. If attack type is destructive (e.g., buffer overflow vs. SYN scan), and target is a critical asset (production server vs. workstation), then trigger an alert. 7. Detect a scenario where the server stopped but did not start again within an interval of 5 minutes
SureLog Next –Generation SIEM ANET Historical Correlation  Use historical correlation to run past events through the custom rules engine to identify threats or security incidents that already occurred.  By default, an SureLog SIEM deployment analyzes information that is collected from log sources in near real-time. With historical correlation, you can correlate by either the start time or the device time. Start time is the time that the event was received by SureLog. Device time is the time that the event occurred on the device.
SureLog Next –Generation SIEM ANET SureLog
SureLog Next –Generation SIEM ANET Risk Calculation  Content Based Risk Calculation Content Based Risk Calculation: If log type is critical (e.g., failed login), and target is a critical asset (production server vs. workstation), maybe time is suspicious (during lunch) then risk of this event is important. Alarm will be triggered without developing additional correlation rule.  Rule Based Risk Calculation Alarms can be created with one or more correlation rules. If attack type is destructive (e.g., buffer overflow vs. SYN scan), and target is a critical asset (production server vs. workstation), then trigger an alert
SureLog Next –Generation SIEM ANET Rich Taxonomy Taxonomy is a mapping of information from heterogeneous sources to a common classification. A taxonomy aids in pattern recognition and also improves the scope and stability of correlation rules. When events from heterogeneous sources are normalized they can be analyzed by a smaller number of correlation rules, which reduces deployment and support labor. In addition, normalized events are easier to work with when developing reports and dashboards
SureLog Next –Generation SIEM ANET • Some of the existing 1500+ taxonomy groups in SureLog: • Reconnaissance->Scan->Host • TCPTrafficAudit->TCP SYN Flag • ICMPTrafficAudit • NamingTrafficAudit • Malicious->Web->SQL • Flow->Fragmentation • httpproxy->TrafficAudit accept • HTTPDynamicContentAccess • WebTrafficAudit.Web Content • HealthStatus.Informational.Traffic.Start • Malicious.BufferOverflow • Malicious.Trojan • PolicyViolation • Malicious.Web.Attack Rich Taxonomy
SureLog Next –Generation SIEM ANET Rich Taxonomy Enrich log data with context data in real-time
SureLog Next –Generation SIEM ANET Multilayer Data Management • Column-oriented DBMS : https://en.wikipedia.org /wiki/Column- oriented_DBMS • ElasticSearch
SureLog Next –Generation SIEM ANET Multilayer Data Management • BIG DATA Architecture • SureLog uses a custom, extremely fast, data execution engine for its large-scale, real-time data and warehouse reporting. Capacity and performance are measured in trillions of logs within SureLog- allowing reporting across thousands of devices simultaneously.
SureLog Next –Generation SIEM ANET Change Management SureLog supports change reporting in log data, give answers to what is changed in log data in a defined time period within selected time range. Example: What is the traffic counts for all IPs (Top N IPs) for the last month in a daily period?
SureLog Next –Generation SIEM ANET Advanced User Management The SureLog SIEM allows for granular and deeply-tiered user control. Permissions can be determined with a high level of specificity and nested into multiple hierarchies. User profiles can be replicated to provide administrators an efficient template method for creating user accounts. The Open Source SIEM provides basic controls of user permission and a single simple user hierarchy. Profile templates cannot be used to create new user accounts • Reports • Correlation Rules • Administrative Activities are role based
SureLog Next –Generation SIEM ANET Google Like Search & Kibana Integration
SureLog Next –Generation SIEM ANET Drill Down Support  You can organize data in a variety of ways to show the relationship of the general to the detailed.  You can put all the data in the report, but set it to be hidden until a user clicks to reveal details;  You can display the data in a data region, such as a table or chart, which is nested inside report. You can display the data in a sub report that is completely contained within a main report. Or, you can put the detail data in drill down reports, separate reports that are displayed when a user clicks a link.
SureLog Next –Generation SIEM ANET Time Analysis
SureLog Next –Generation SIEM ANET Dashboards & Monitoring Unlimited user defined report creation supported. Dashboard refresh settings are configurable. One of the new dashboard feature is: you can configure dashboards that will be displayed periodically which gives slide show affect
SureLog Next –Generation SIEM ANET Intelligent Response  ANET SureLog SIEM product can handle correlation alerts and actions in smart way through intelligent response system.  Mail sending  Executing script • Visual basic • Batch file • Perl script • Phyton script  Executing java code  Running application  Dynamic list update. Example: Adding or removing new IP to the banned IP list, Adding or removing a new user to those which try more than three failed login attempts to the same machine within the last week.,etc.
SureLog Next –Generation SIEM ANET Intelligent Response  Suspend Users: If an account compromise is suspected, halt a user’s account access  Suspend Network Access: If data exfiltration is occurring, the incident response team can kill the connection by updating the access control list used by corporate firewalls.  Kill Processes: If a team detects unknown or blacklisted processes on critical devices, Intelligent Response can kill the specific running program.
SureLog Next –Generation SIEM ANET Manageable Threat Intelligence Threat Intelligence is integrated with different global sources and takes black lists from there and works as warning system by using these data. SureLog Threat Intelligence module constantly updates its rich feed sources and enables rapid discovery of events involving communications with suspicious or malicious IP addresses.
SureLog Next –Generation SIEM ANET Manageable Threat Intelligence SureLog aggregates information from numerous sources and applies automated confidence algorithms to produce intelligence and reputation data. A large library of openly available information lists, which is consolidated, classified and automatically analyzed to derive intelligence and reputation information with confidence • Sources include: • Botnet Domains • Botnet URL’s • Malware Domains • Malware URL’s • Email Phishing • Phishing Domains • Phishing URL’s
SureLog Next –Generation SIEM ANET  SureLog Incident Management module helps organization to identify, analyze, and correct hazards to prevent a future re-occurrence. Incidents will be assigned to specialist security admins. A resolution or work-around should be established as quickly as possible in order to correct the security breaches. Incident Management
SureLog Next –Generation SIEM ANET  SureLog consolidates and normalizes output from multiple vulnerability scanners.  SureLog provides analyzed and prioritized vulnerabilities by applying threat intelligence and full data-enrichment capabilities.  SureLog supports log data from vulnerability scanners such as Nessus, Qualys, OpenVas, and NMAP. VA Reports
SureLog Next –Generation SIEM ANET  SureLog supports 500+ log types like: Rich Normalizer Library Apache HTTP Server Cisco IOS Cisco IronPort Cisco PIX Firewall Fortinet FortiGate Security Gateway Juniper Networks Firewall and VPN Linux iptables Firewall Linux OS Microsoft ISA Microsoft SQL Server Microsoft Windows OS Microsoft Windows DHCP&DNS Microsoft Windows IIS Nessus NMAP OpenVas Oracle RDBMS OS Audit Record Qualys Sophos SonicWall UTM/Firewall/VPN Sourcefire Defense Center Symantec Endpoint Protection TippingPoint Intrusion Prevention System Websense
SureLog Next –Generation SIEM ANET SureLog
SureLog Next –Generation SIEM ANET Custom&Extended Parser API SureLog's simple and XML based parsers API will give the power of parser engine to the developers Developers • Can change the output of the normalization engine with Extended Parser API • Can develop new parser for unparsed log types with Custom Parser API
SureLog Next –Generation SIEM ANET Intuitive Browser Based UI SureLog's simple and user friendly interfaces helps you to find your way even in complex definitions like advanced correlation rules or extended event queries. We made every effort to fulfill the requirements and yet be simple and fast. Browser based single UI makes it easy to configure, control and manage all aspects of the system centrally including mobile devices. SureLog is designed for you to have the best user experience from a SIEM solution.
SureLog Next –Generation SIEM ANET TAGS SureLog brings about the addition of a very powerful event tagging system, which allows individual users as well as teams to tag events with an unlimited number of keywords that may define that various Characteristics of an event (intrusion, financial, departmental and topological). System users can create their own set of custom tags. Tags can be added to events individually as needed or through the automated action system as events are imported and normalized. Searching and reporting by tags is supported and tag statistics displays are included as well.
SureLog Next –Generation SIEM ANET Statistics Reports Traffic and security statistics reports
SureLog Next –Generation SIEM ANET Distributed Architecture Supports master-slave mode installation. Hundreds of thousands of EPS capacity and centralized correlation can be achieved.

Recommended

Log correlation SIEM rule examples and correlation engine performance data
Log correlation SIEM rule examples and correlation engine performance dataLog correlation SIEM rule examples and correlation engine performance data
Log correlation SIEM rule examples and correlation engine performance data
Ertugrul Akbas
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
Ertugrul Akbas
 
SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...
SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...
SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...
Ertugrul Akbas
 
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Ertugrul Akbas
 
Siem tools
Siem toolsSiem tools
Siem tools
Ertugrul Akbas
 
Surelog Intelligence
Surelog IntelligenceSurelog Intelligence
Surelog Intelligence
Ertugrul Akbas
 
Why taxonomy is critical
Why taxonomy is criticalWhy taxonomy is critical
Why taxonomy is critical
Ertugrul Akbas
 
Which generation of siem?
Which generation of siem?Which generation of siem?
Which generation of siem?
Ertugrul Akbas
 

Recommended

Log correlation SIEM rule examples and correlation engine performance data
Log correlation SIEM rule examples and correlation engine performance dataLog correlation SIEM rule examples and correlation engine performance data
Log correlation SIEM rule examples and correlation engine performance data
Ertugrul Akbas
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
Ertugrul Akbas
 
SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...
SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...
SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...
Ertugrul Akbas
 
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Ertugrul Akbas
 
Siem tools
Siem toolsSiem tools
Siem tools
Ertugrul Akbas
 
Surelog Intelligence
Surelog IntelligenceSurelog Intelligence
Surelog Intelligence
Ertugrul Akbas
 
Why taxonomy is critical
Why taxonomy is criticalWhy taxonomy is critical
Why taxonomy is critical
Ertugrul Akbas
 
Which generation of siem?
Which generation of siem?Which generation of siem?
Which generation of siem?
Ertugrul Akbas
 
Context Driven Scalable SIEM Solution
Context Driven Scalable SIEM Solution Context Driven Scalable SIEM Solution
Context Driven Scalable SIEM Solution
Ertugrul Akbas
 
Enhancing SIEM Correlation Rules Through Baselining
Enhancing SIEM Correlation Rules Through BaseliningEnhancing SIEM Correlation Rules Through Baselining
Enhancing SIEM Correlation Rules Through Baselining
Ertugrul Akbas
 
SureLog SIEM Profiler
SureLog SIEM ProfilerSureLog SIEM Profiler
SureLog SIEM Profiler
Ertugrul Akbas
 
Teri_Radichel_Top_5_Priorities_for_Cloud_Security
Teri_Radichel_Top_5_Priorities_for_Cloud_SecurityTeri_Radichel_Top_5_Priorities_for_Cloud_Security
Teri_Radichel_Top_5_Priorities_for_Cloud_Security
TriNimbus
 
Bir macOS APT Senaryosu
Bir macOS APT SenaryosuBir macOS APT Senaryosu
Bir macOS APT Senaryosu
BGA Cyber Security
 
SYMANTEC ENDPOINT PROTECTION Advanced Monitoring and Reporting
SYMANTEC ENDPOINT PROTECTION Advanced Monitoring and ReportingSYMANTEC ENDPOINT PROTECTION Advanced Monitoring and Reporting
SYMANTEC ENDPOINT PROTECTION Advanced Monitoring and Reporting
Dsunte Wilson
 
Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.
Ignyte Assurance Platform
 
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015
n|u - The Open Security Community
 
OSSIM User Training: Get Improved Security Visibility with OSSIM
OSSIM User Training: Get Improved Security Visibility with OSSIMOSSIM User Training: Get Improved Security Visibility with OSSIM
OSSIM User Training: Get Improved Security Visibility with OSSIM
AlienVault
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015
SLBdiensten
 
Changing the Security Monitoring Status Quo
Changing the Security Monitoring Status QuoChanging the Security Monitoring Status Quo
Changing the Security Monitoring Status Quo
EMC
 
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection Center
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection CenterSYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection Center
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection Center
Dsunte Wilson
 
SureLog SIEM Compliancy Korelasyon Log Yonetimi Tehdit istihbarati Threat Int...
SureLog SIEM Compliancy Korelasyon Log Yonetimi Tehdit istihbarati Threat Int...SureLog SIEM Compliancy Korelasyon Log Yonetimi Tehdit istihbarati Threat Int...
SureLog SIEM Compliancy Korelasyon Log Yonetimi Tehdit istihbarati Threat Int...
Ertugrul Akbas
 
Log yonetimi korelasyon ve SIEM
Log yonetimi korelasyon ve SIEMLog yonetimi korelasyon ve SIEM
Log yonetimi korelasyon ve SIEM
Ertugrul Akbas
 
SIEM ÇÖZÜMLERİNDE TAXONOMY NE İŞE YARAR?
SIEM ÇÖZÜMLERİNDE TAXONOMY NE İŞE YARAR?SIEM ÇÖZÜMLERİNDE TAXONOMY NE İŞE YARAR?
SIEM ÇÖZÜMLERİNDE TAXONOMY NE İŞE YARAR?
Ertugrul Akbas
 
ANET SureLog SIEM avantajları
ANET SureLog SIEM avantajlarıANET SureLog SIEM avantajları
ANET SureLog SIEM avantajları
Ertugrul Akbas
 
5651 sayili kanun
5651 sayili kanun5651 sayili kanun
5651 sayili kanun
Ertugrul Akbas
 
Güvenlik, uyumluluk ve veritabani loglama
Güvenlik, uyumluluk ve veritabani loglamaGüvenlik, uyumluluk ve veritabani loglama
Güvenlik, uyumluluk ve veritabani loglama
Ertugrul Akbas
 
Hep İşin Geyiğini Yapıyoruz: AR-GE, İnovasyon, Endüstri 4.0, Ahlak, Eğitim, P...
Hep İşin Geyiğini Yapıyoruz: AR-GE, İnovasyon, Endüstri 4.0, Ahlak, Eğitim, P...Hep İşin Geyiğini Yapıyoruz: AR-GE, İnovasyon, Endüstri 4.0, Ahlak, Eğitim, P...
Hep İşin Geyiğini Yapıyoruz: AR-GE, İnovasyon, Endüstri 4.0, Ahlak, Eğitim, P...
Ertugrul Akbas
 
SIEM ÜRÜNLERİ GÖRÜNÜŞTE BİRBİRİNE BENZİYOR HATTA LOG YÖNETİMİ ÇÖZÜMÜ OLUP DA ...
SIEM ÜRÜNLERİ GÖRÜNÜŞTE BİRBİRİNE BENZİYOR HATTA LOG YÖNETİMİ ÇÖZÜMÜ OLUP DA ...SIEM ÜRÜNLERİ GÖRÜNÜŞTE BİRBİRİNE BENZİYOR HATTA LOG YÖNETİMİ ÇÖZÜMÜ OLUP DA ...
SIEM ÜRÜNLERİ GÖRÜNÜŞTE BİRBİRİNE BENZİYOR HATTA LOG YÖNETİMİ ÇÖZÜMÜ OLUP DA ...
Ertugrul Akbas
 
MonkeySpider at Sicherheit 2008
MonkeySpider at Sicherheit 2008MonkeySpider at Sicherheit 2008
MonkeySpider at Sicherheit 2008
Ali Ikinci
 
Dell Boomi HIMSS 2017 Demo: Solve Health IT Interoperability Challenges
Dell Boomi HIMSS 2017 Demo: Solve Health IT Interoperability ChallengesDell Boomi HIMSS 2017 Demo: Solve Health IT Interoperability Challenges
Dell Boomi HIMSS 2017 Demo: Solve Health IT Interoperability Challenges
DellBoomi
 

More Related Content

What's hot

SureLog SIEM Profiler
SureLog SIEM ProfilerSureLog SIEM Profiler
SureLog SIEM Profiler
Ertugrul Akbas
 

What's hot (12)

Context Driven Scalable SIEM Solution
Context Driven Scalable SIEM Solution Context Driven Scalable SIEM Solution
Context Driven Scalable SIEM Solution
 
Enhancing SIEM Correlation Rules Through Baselining
Enhancing SIEM Correlation Rules Through BaseliningEnhancing SIEM Correlation Rules Through Baselining
Enhancing SIEM Correlation Rules Through Baselining
 
SureLog SIEM Profiler
SureLog SIEM ProfilerSureLog SIEM Profiler
SureLog SIEM Profiler
 
Teri_Radichel_Top_5_Priorities_for_Cloud_Security
Teri_Radichel_Top_5_Priorities_for_Cloud_SecurityTeri_Radichel_Top_5_Priorities_for_Cloud_Security
Teri_Radichel_Top_5_Priorities_for_Cloud_Security
 
Bir macOS APT Senaryosu
Bir macOS APT SenaryosuBir macOS APT Senaryosu
Bir macOS APT Senaryosu
 
SYMANTEC ENDPOINT PROTECTION Advanced Monitoring and Reporting
SYMANTEC ENDPOINT PROTECTION Advanced Monitoring and ReportingSYMANTEC ENDPOINT PROTECTION Advanced Monitoring and Reporting
SYMANTEC ENDPOINT PROTECTION Advanced Monitoring and Reporting
 
Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.
 
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015
 
OSSIM User Training: Get Improved Security Visibility with OSSIM
OSSIM User Training: Get Improved Security Visibility with OSSIMOSSIM User Training: Get Improved Security Visibility with OSSIM
OSSIM User Training: Get Improved Security Visibility with OSSIM
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015
 
Changing the Security Monitoring Status Quo
Changing the Security Monitoring Status QuoChanging the Security Monitoring Status Quo
Changing the Security Monitoring Status Quo
 
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection Center
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection CenterSYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection Center
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection Center
 

Viewers also liked

MonkeySpider at Sicherheit 2008
MonkeySpider at Sicherheit 2008MonkeySpider at Sicherheit 2008
MonkeySpider at Sicherheit 2008
Ali Ikinci
 

Viewers also liked (20)

SureLog SIEM Compliancy Korelasyon Log Yonetimi Tehdit istihbarati Threat Int...
SureLog SIEM Compliancy Korelasyon Log Yonetimi Tehdit istihbarati Threat Int...SureLog SIEM Compliancy Korelasyon Log Yonetimi Tehdit istihbarati Threat Int...
SureLog SIEM Compliancy Korelasyon Log Yonetimi Tehdit istihbarati Threat Int...
 
Log yonetimi korelasyon ve SIEM
Log yonetimi korelasyon ve SIEMLog yonetimi korelasyon ve SIEM
Log yonetimi korelasyon ve SIEM
 
SIEM ÇÖZÜMLERİNDE TAXONOMY NE İŞE YARAR?
SIEM ÇÖZÜMLERİNDE TAXONOMY NE İŞE YARAR?SIEM ÇÖZÜMLERİNDE TAXONOMY NE İŞE YARAR?
SIEM ÇÖZÜMLERİNDE TAXONOMY NE İŞE YARAR?
 
ANET SureLog SIEM avantajları
ANET SureLog SIEM avantajlarıANET SureLog SIEM avantajları
ANET SureLog SIEM avantajları
 
5651 sayili kanun
5651 sayili kanun5651 sayili kanun
5651 sayili kanun
 
Güvenlik, uyumluluk ve veritabani loglama
Güvenlik, uyumluluk ve veritabani loglamaGüvenlik, uyumluluk ve veritabani loglama
Güvenlik, uyumluluk ve veritabani loglama
 
Hep İşin Geyiğini Yapıyoruz: AR-GE, İnovasyon, Endüstri 4.0, Ahlak, Eğitim, P...
Hep İşin Geyiğini Yapıyoruz: AR-GE, İnovasyon, Endüstri 4.0, Ahlak, Eğitim, P...Hep İşin Geyiğini Yapıyoruz: AR-GE, İnovasyon, Endüstri 4.0, Ahlak, Eğitim, P...
Hep İşin Geyiğini Yapıyoruz: AR-GE, İnovasyon, Endüstri 4.0, Ahlak, Eğitim, P...
 
SIEM ÜRÜNLERİ GÖRÜNÜŞTE BİRBİRİNE BENZİYOR HATTA LOG YÖNETİMİ ÇÖZÜMÜ OLUP DA ...
SIEM ÜRÜNLERİ GÖRÜNÜŞTE BİRBİRİNE BENZİYOR HATTA LOG YÖNETİMİ ÇÖZÜMÜ OLUP DA ...SIEM ÜRÜNLERİ GÖRÜNÜŞTE BİRBİRİNE BENZİYOR HATTA LOG YÖNETİMİ ÇÖZÜMÜ OLUP DA ...
SIEM ÜRÜNLERİ GÖRÜNÜŞTE BİRBİRİNE BENZİYOR HATTA LOG YÖNETİMİ ÇÖZÜMÜ OLUP DA ...
 
MonkeySpider at Sicherheit 2008
MonkeySpider at Sicherheit 2008MonkeySpider at Sicherheit 2008
MonkeySpider at Sicherheit 2008
 
Dell Boomi HIMSS 2017 Demo: Solve Health IT Interoperability Challenges
Dell Boomi HIMSS 2017 Demo: Solve Health IT Interoperability ChallengesDell Boomi HIMSS 2017 Demo: Solve Health IT Interoperability Challenges
Dell Boomi HIMSS 2017 Demo: Solve Health IT Interoperability Challenges
 
Log Korelasyon/SIEM Kural Örnekleri ve Korelasyon Motoru Performans Verileri
Log Korelasyon/SIEM Kural Örnekleri ve Korelasyon Motoru Performans VerileriLog Korelasyon/SIEM Kural Örnekleri ve Korelasyon Motoru Performans Verileri
Log Korelasyon/SIEM Kural Örnekleri ve Korelasyon Motoru Performans Verileri
 
SureLog SIEM Jobs
SureLog SIEM JobsSureLog SIEM Jobs
SureLog SIEM Jobs
 
Log Yönetiminde Gerçek Veriler ve Tutarlı Analiz
Log Yönetiminde Gerçek Veriler ve Tutarlı AnalizLog Yönetiminde Gerçek Veriler ve Tutarlı Analiz
Log Yönetiminde Gerçek Veriler ve Tutarlı Analiz
 
Log yonetmi ve siem ürünlerinde veri analizi, sonuclarin tutarliligi ve dogru...
Log yonetmi ve siem ürünlerinde veri analizi, sonuclarin tutarliligi ve dogru...Log yonetmi ve siem ürünlerinde veri analizi, sonuclarin tutarliligi ve dogru...
Log yonetmi ve siem ürünlerinde veri analizi, sonuclarin tutarliligi ve dogru...
 
ANET SURELOG INTERNATIONAL EDITION SIEM ÜRÜNÜNÜN KORELASYON İLE İLGİLİ ÜSTÜNL...
ANET SURELOG INTERNATIONAL EDITION SIEM ÜRÜNÜNÜN KORELASYON İLE İLGİLİ ÜSTÜNL...ANET SURELOG INTERNATIONAL EDITION SIEM ÜRÜNÜNÜN KORELASYON İLE İLGİLİ ÜSTÜNL...
ANET SURELOG INTERNATIONAL EDITION SIEM ÜRÜNÜNÜN KORELASYON İLE İLGİLİ ÜSTÜNL...
 
ANET SureLog SIEM IntelligentResponse
ANET SureLog SIEM IntelligentResponseANET SureLog SIEM IntelligentResponse
ANET SureLog SIEM IntelligentResponse
 
Anet SureLog SIEM IntelligentResponse
Anet SureLog SIEM IntelligentResponse Anet SureLog SIEM IntelligentResponse
Anet SureLog SIEM IntelligentResponse
 
Machine learning scientist
Machine learning scientistMachine learning scientist
Machine learning scientist
 
The correlation advantages of ANET SURELOG International Edition SIEM product
The correlation advantages of ANET SURELOG International Edition SIEM product The correlation advantages of ANET SURELOG International Edition SIEM product
The correlation advantages of ANET SURELOG International Edition SIEM product
 
Log siem korelasyon
Log siem korelasyonLog siem korelasyon
Log siem korelasyon
 

Similar to Why SureLog?

Event mgt feb09
Event mgt feb09Event mgt feb09
Event mgt feb09
pladott11
 
Cloud Intrusion and Autonomic Management in Autonomic Cloud Computing
Cloud Intrusion and Autonomic Management in Autonomic Cloud ComputingCloud Intrusion and Autonomic Management in Autonomic Cloud Computing
Cloud Intrusion and Autonomic Management in Autonomic Cloud Computing
ijtsrd
 
Part 3 ApplicationEnd-User Security Recommendations.docx
Part 3 ApplicationEnd-User Security Recommendations.docxPart 3 ApplicationEnd-User Security Recommendations.docx
Part 3 ApplicationEnd-User Security Recommendations.docx
danhaley45372
 
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
NoNameCon
 
Software Testing and Quality Assurance Assignment 2
Software Testing and Quality Assurance Assignment 2Software Testing and Quality Assurance Assignment 2
Software Testing and Quality Assurance Assignment 2
Gurpreet singh
 

Similar to Why SureLog? (20)

Sure log full
Sure log fullSure log full
Sure log full
 
ANET SureLog International Edition Main Advantages
ANET SureLog International Edition Main AdvantagesANET SureLog International Edition Main Advantages
ANET SureLog International Edition Main Advantages
 
SureLog intelligent response
SureLog intelligent responseSureLog intelligent response
SureLog intelligent response
 
Use Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiencyUse Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiency
 
Event mgt feb09
Event mgt feb09Event mgt feb09
Event mgt feb09
 
Crypto sim_cryptolog_cryptospot_v3
Crypto sim_cryptolog_cryptospot_v3Crypto sim_cryptolog_cryptospot_v3
Crypto sim_cryptolog_cryptospot_v3
 
Correlog Overview Presentation
Correlog Overview PresentationCorrelog Overview Presentation
Correlog Overview Presentation
 
Open service risk correlation
Open service risk correlationOpen service risk correlation
Open service risk correlation
 
Generic siem how_2017
Generic siem how_2017Generic siem how_2017
Generic siem how_2017
 
Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018
 
IRJET- Two Factor Authentication using User Behavioural Analytics
IRJET- Two Factor Authentication using User Behavioural AnalyticsIRJET- Two Factor Authentication using User Behavioural Analytics
IRJET- Two Factor Authentication using User Behavioural Analytics
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
 
Hacking appliances
Hacking appliancesHacking appliances
Hacking appliances
 
A practical look at how to build & run IoT business logic
A practical look at how to build & run IoT business logicA practical look at how to build & run IoT business logic
A practical look at how to build & run IoT business logic
 
Dot Net performance monitoring
Dot Net performance monitoring Dot Net performance monitoring
Dot Net performance monitoring
 
Cloud Intrusion and Autonomic Management in Autonomic Cloud Computing
Cloud Intrusion and Autonomic Management in Autonomic Cloud ComputingCloud Intrusion and Autonomic Management in Autonomic Cloud Computing
Cloud Intrusion and Autonomic Management in Autonomic Cloud Computing
 
Part 3 ApplicationEnd-User Security Recommendations.docx
Part 3 ApplicationEnd-User Security Recommendations.docxPart 3 ApplicationEnd-User Security Recommendations.docx
Part 3 ApplicationEnd-User Security Recommendations.docx
 
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
 
Maceo Wattley Contributor Infosec
Maceo Wattley Contributor InfosecMaceo Wattley Contributor Infosec
Maceo Wattley Contributor Infosec
 
Software Testing and Quality Assurance Assignment 2
Software Testing and Quality Assurance Assignment 2Software Testing and Quality Assurance Assignment 2
Software Testing and Quality Assurance Assignment 2
 

More from Ertugrul Akbas

Olay Müdahale İçin Canlı Kayıtların Saklanmasının Önemi
Olay Müdahale İçin Canlı Kayıtların Saklanmasının ÖnemiOlay Müdahale İçin Canlı Kayıtların Saklanmasının Önemi
Olay Müdahale İçin Canlı Kayıtların Saklanmasının Önemi
Ertugrul Akbas
 
SOC ve SIEM Çözümlerinde Korelasyon
SOC ve SIEM Çözümlerinde KorelasyonSOC ve SIEM Çözümlerinde Korelasyon
SOC ve SIEM Çözümlerinde Korelasyon
Ertugrul Akbas
 
SureLog SIEM Fast Edition
SureLog SIEM Fast EditionSureLog SIEM Fast Edition
SureLog SIEM Fast Edition
Ertugrul Akbas
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
Ertugrul Akbas
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
Ertugrul Akbas
 
KVKK Siperium Data Analyzer & Data Discovery
KVKK Siperium Data Analyzer & Data DiscoveryKVKK Siperium Data Analyzer & Data Discovery
KVKK Siperium Data Analyzer & Data Discovery
Ertugrul Akbas
 

More from Ertugrul Akbas (20)

BDDK, SPK, TCMB, Cumhurbaşkanlığı Dijital Dönüşüm Ofisi ve ISO27001 Denetiml...
BDDK, SPK, TCMB, Cumhurbaşkanlığı Dijital Dönüşüm Ofisi ve ISO27001 Denetiml...BDDK, SPK, TCMB, Cumhurbaşkanlığı Dijital Dönüşüm Ofisi ve ISO27001 Denetiml...
BDDK, SPK, TCMB, Cumhurbaşkanlığı Dijital Dönüşüm Ofisi ve ISO27001 Denetiml...
 
Olay Müdahale İçin Canlı Kayıtların Saklanmasının Önemi
Olay Müdahale İçin Canlı Kayıtların Saklanmasının ÖnemiOlay Müdahale İçin Canlı Kayıtların Saklanmasının Önemi
Olay Müdahale İçin Canlı Kayıtların Saklanmasının Önemi
 
SOC ve SIEM Çözümlerinde Korelasyon
SOC ve SIEM Çözümlerinde KorelasyonSOC ve SIEM Çözümlerinde Korelasyon
SOC ve SIEM Çözümlerinde Korelasyon
 
SIEM den Maksimum Fayda Almak
SIEM den Maksimum Fayda AlmakSIEM den Maksimum Fayda Almak
SIEM den Maksimum Fayda Almak
 
SureLog SIEM Fast Edition Özellikleri ve Fiyatı
SureLog SIEM Fast Edition Özellikleri ve FiyatıSureLog SIEM Fast Edition Özellikleri ve Fiyatı
SureLog SIEM Fast Edition Özellikleri ve Fiyatı
 
Neden SureLog?
Neden SureLog?Neden SureLog?
Neden SureLog?
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
 
SureLog SIEM Fast Edition
SureLog SIEM Fast EditionSureLog SIEM Fast Edition
SureLog SIEM Fast Edition
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
 
SureLog SIEM Has The Best On-Line Log Retention Time (Hot Storage).
SureLog SIEM Has The Best On-Line Log Retention Time (Hot Storage).SureLog SIEM Has The Best On-Line Log Retention Time (Hot Storage).
SureLog SIEM Has The Best On-Line Log Retention Time (Hot Storage).
 
Detecting attacks with SureLog SIEM
Detecting attacks with SureLog SIEMDetecting attacks with SureLog SIEM
Detecting attacks with SureLog SIEM
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
 
KVKK
KVKKKVKK
KVKK
 
SIEM ve KVKK Teknik Tedbirlerinin ANET SureLog SIEM ile uygulanması
SIEM ve KVKK Teknik Tedbirlerinin ANET SureLog SIEM ile uygulanması SIEM ve KVKK Teknik Tedbirlerinin ANET SureLog SIEM ile uygulanması
SIEM ve KVKK Teknik Tedbirlerinin ANET SureLog SIEM ile uygulanması
 
KVKK Siperium Data Analyzer & Data Discovery
KVKK Siperium Data Analyzer & Data DiscoveryKVKK Siperium Data Analyzer & Data Discovery
KVKK Siperium Data Analyzer & Data Discovery
 
SIEM
SIEMSIEM
SIEM
 

Recently uploaded

UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
DianaGray10
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Paige Cruz
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
FIDO Alliance
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Skynet Technologies
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
FIDO Alliance
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
Srushith Repakula
 

Recently uploaded (20)

Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptx
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 

Why SureLog?

  • 2. SureLog Next –Generation SIEM ANET Agenda • Introduction to SureLog • What is SureLog • Benefits of SureLog
  • 3. SureLog Next –Generation SIEM ANET More Than Just a SIEM  Integrated Log Management and SIEM Solution
  • 4. SureLog Next –Generation SIEM ANET Advanced Correlation Engine  Observed Rule: This is the most frequently used component and it performs a criteria match based on the elements of an event that are contained within it. One or more filters can be within a Match Component. Each Match Component within a rule may match separate events in order to satisfy the rule.  Threshold Rule: Count Based rules. This rule will look for total count of predefined event within a time window. The threshold should be adjusted based on use case  Trend Monitor Rule: By trending any event, SureLog can find deviations from time to time that may be indications of important security or performance events
  • 6. SureLog Next –Generation SIEM ANET Advanced Correlation Engine  Statistical Rule: As the label describes, this component uses the traditional model for Standard Deviation and applies this deviation to the filters contained within the component. In addition to traditional Deviation, we’ve added Percent from Average and Fixed Value from Average as additional comparison operators. • Population Standard Deviation • Sample Standard Deviation • Variance(Sample Standard) • Variance (Population Standard) This provides more flexibility than regular standard deviation. For a quick primer on Standard Deviation, see this Wiki link: http://en.wikipedia.org/wiki/Standard_deviation.
  • 7. SureLog Next –Generation SIEM ANET Advanced Correlation Engine  Value Changed Rule: Match when a field has two different values within some time  Never Seen Before Rule: Match when a never before seen term appears in a field
  • 8. SureLog Next –Generation SIEM ANET Advanced Correlation Engine  New correlation engine also has many new features like: Suppression (Starts Time), Expire Time, Timer (Periodic running), etc..  New correlation engine has many new operators like: Starts with in List, Regex search in List, matches etc..
  • 10. SureLog Next –Generation SIEM ANET Advanced Correlation Engine  Wizard Driven Rule Samples: 1. If 100 packets are blocked within 15 minutes by UTM/FireWall from the same outside source IP to distinct destination inside IPs and then starts a traffic session from ANY of the inside (destination) IPs to the (outside) IP, send ALL IPs (Source, Destination) as a mail 2. If 100 packets are blocked within 15 minutes by UTM/FireWall from the same outside source IP to distinct destination inside IPs and then starts a traffic session from ALL of the inside (destination) IPs to the (outside) IP, send Outside IP as a mail 3. Monitor weekly running processes by a user and compare the trend with the current week running process list 4. Detects An Unusual Condition Where A Source Has Authentication Failures At A Host But That Is Not Followed By A Successful Authentication by the Same User At The Same Host Within 2 Hours 5. If the traffic on port X exceeds the standard deviation of historic traffic patterns then trigger an alert (e.g., new worm, bot communicating with C&C). 6. If attack type is destructive (e.g., buffer overflow vs. SYN scan), and target is a critical asset (production server vs. workstation), then trigger an alert. 7. Detect a scenario where the server stopped but did not start again within an interval of 5 minutes
  • 11. SureLog Next –Generation SIEM ANET Historical Correlation  Use historical correlation to run past events through the custom rules engine to identify threats or security incidents that already occurred.  By default, an SureLog SIEM deployment analyzes information that is collected from log sources in near real-time. With historical correlation, you can correlate by either the start time or the device time. Start time is the time that the event was received by SureLog. Device time is the time that the event occurred on the device.
  • 13. SureLog Next –Generation SIEM ANET Risk Calculation  Content Based Risk Calculation Content Based Risk Calculation: If log type is critical (e.g., failed login), and target is a critical asset (production server vs. workstation), maybe time is suspicious (during lunch) then risk of this event is important. Alarm will be triggered without developing additional correlation rule.  Rule Based Risk Calculation Alarms can be created with one or more correlation rules. If attack type is destructive (e.g., buffer overflow vs. SYN scan), and target is a critical asset (production server vs. workstation), then trigger an alert
  • 14. SureLog Next –Generation SIEM ANET Rich Taxonomy Taxonomy is a mapping of information from heterogeneous sources to a common classification. A taxonomy aids in pattern recognition and also improves the scope and stability of correlation rules. When events from heterogeneous sources are normalized they can be analyzed by a smaller number of correlation rules, which reduces deployment and support labor. In addition, normalized events are easier to work with when developing reports and dashboards
  • 15. SureLog Next –Generation SIEM ANET • Some of the existing 1500+ taxonomy groups in SureLog: • Reconnaissance->Scan->Host • TCPTrafficAudit->TCP SYN Flag • ICMPTrafficAudit • NamingTrafficAudit • Malicious->Web->SQL • Flow->Fragmentation • httpproxy->TrafficAudit accept • HTTPDynamicContentAccess • WebTrafficAudit.Web Content • HealthStatus.Informational.Traffic.Start • Malicious.BufferOverflow • Malicious.Trojan • PolicyViolation • Malicious.Web.Attack Rich Taxonomy
  • 16. SureLog Next –Generation SIEM ANET Rich Taxonomy Enrich log data with context data in real-time
  • 17. SureLog Next –Generation SIEM ANET Multilayer Data Management • Column-oriented DBMS : https://en.wikipedia.org /wiki/Column- oriented_DBMS • ElasticSearch
  • 18. SureLog Next –Generation SIEM ANET Multilayer Data Management • BIG DATA Architecture • SureLog uses a custom, extremely fast, data execution engine for its large-scale, real-time data and warehouse reporting. Capacity and performance are measured in trillions of logs within SureLog- allowing reporting across thousands of devices simultaneously.
  • 19. SureLog Next –Generation SIEM ANET Change Management SureLog supports change reporting in log data, give answers to what is changed in log data in a defined time period within selected time range. Example: What is the traffic counts for all IPs (Top N IPs) for the last month in a daily period?
  • 20. SureLog Next –Generation SIEM ANET Advanced User Management The SureLog SIEM allows for granular and deeply-tiered user control. Permissions can be determined with a high level of specificity and nested into multiple hierarchies. User profiles can be replicated to provide administrators an efficient template method for creating user accounts. The Open Source SIEM provides basic controls of user permission and a single simple user hierarchy. Profile templates cannot be used to create new user accounts • Reports • Correlation Rules • Administrative Activities are role based
  • 21. SureLog Next –Generation SIEM ANET Google Like Search & Kibana Integration
  • 22. SureLog Next –Generation SIEM ANET Drill Down Support  You can organize data in a variety of ways to show the relationship of the general to the detailed.  You can put all the data in the report, but set it to be hidden until a user clicks to reveal details;  You can display the data in a data region, such as a table or chart, which is nested inside report. You can display the data in a sub report that is completely contained within a main report. Or, you can put the detail data in drill down reports, separate reports that are displayed when a user clicks a link.
  • 24. SureLog Next –Generation SIEM ANET Dashboards & Monitoring Unlimited user defined report creation supported. Dashboard refresh settings are configurable. One of the new dashboard feature is: you can configure dashboards that will be displayed periodically which gives slide show affect
  • 25. SureLog Next –Generation SIEM ANET Intelligent Response  ANET SureLog SIEM product can handle correlation alerts and actions in smart way through intelligent response system.  Mail sending  Executing script • Visual basic • Batch file • Perl script • Phyton script  Executing java code  Running application  Dynamic list update. Example: Adding or removing new IP to the banned IP list, Adding or removing a new user to those which try more than three failed login attempts to the same machine within the last week.,etc.
  • 26. SureLog Next –Generation SIEM ANET Intelligent Response  Suspend Users: If an account compromise is suspected, halt a user’s account access  Suspend Network Access: If data exfiltration is occurring, the incident response team can kill the connection by updating the access control list used by corporate firewalls.  Kill Processes: If a team detects unknown or blacklisted processes on critical devices, Intelligent Response can kill the specific running program.
  • 27. SureLog Next –Generation SIEM ANET Manageable Threat Intelligence Threat Intelligence is integrated with different global sources and takes black lists from there and works as warning system by using these data. SureLog Threat Intelligence module constantly updates its rich feed sources and enables rapid discovery of events involving communications with suspicious or malicious IP addresses.
  • 28. SureLog Next –Generation SIEM ANET Manageable Threat Intelligence SureLog aggregates information from numerous sources and applies automated confidence algorithms to produce intelligence and reputation data. A large library of openly available information lists, which is consolidated, classified and automatically analyzed to derive intelligence and reputation information with confidence • Sources include: • Botnet Domains • Botnet URL’s • Malware Domains • Malware URL’s • Email Phishing • Phishing Domains • Phishing URL’s
  • 29. SureLog Next –Generation SIEM ANET  SureLog Incident Management module helps organization to identify, analyze, and correct hazards to prevent a future re-occurrence. Incidents will be assigned to specialist security admins. A resolution or work-around should be established as quickly as possible in order to correct the security breaches. Incident Management
  • 30. SureLog Next –Generation SIEM ANET  SureLog consolidates and normalizes output from multiple vulnerability scanners.  SureLog provides analyzed and prioritized vulnerabilities by applying threat intelligence and full data-enrichment capabilities.  SureLog supports log data from vulnerability scanners such as Nessus, Qualys, OpenVas, and NMAP. VA Reports
  • 31. SureLog Next –Generation SIEM ANET  SureLog supports 500+ log types like: Rich Normalizer Library Apache HTTP Server Cisco IOS Cisco IronPort Cisco PIX Firewall Fortinet FortiGate Security Gateway Juniper Networks Firewall and VPN Linux iptables Firewall Linux OS Microsoft ISA Microsoft SQL Server Microsoft Windows OS Microsoft Windows DHCP&DNS Microsoft Windows IIS Nessus NMAP OpenVas Oracle RDBMS OS Audit Record Qualys Sophos SonicWall UTM/Firewall/VPN Sourcefire Defense Center Symantec Endpoint Protection TippingPoint Intrusion Prevention System Websense
  • 33. SureLog Next –Generation SIEM ANET Custom&Extended Parser API SureLog's simple and XML based parsers API will give the power of parser engine to the developers Developers • Can change the output of the normalization engine with Extended Parser API • Can develop new parser for unparsed log types with Custom Parser API
  • 34. SureLog Next –Generation SIEM ANET Intuitive Browser Based UI SureLog's simple and user friendly interfaces helps you to find your way even in complex definitions like advanced correlation rules or extended event queries. We made every effort to fulfill the requirements and yet be simple and fast. Browser based single UI makes it easy to configure, control and manage all aspects of the system centrally including mobile devices. SureLog is designed for you to have the best user experience from a SIEM solution.
  • 35. SureLog Next –Generation SIEM ANET TAGS SureLog brings about the addition of a very powerful event tagging system, which allows individual users as well as teams to tag events with an unlimited number of keywords that may define that various Characteristics of an event (intrusion, financial, departmental and topological). System users can create their own set of custom tags. Tags can be added to events individually as needed or through the automated action system as events are imported and normalized. Searching and reporting by tags is supported and tag statistics displays are included as well.
  • 36. SureLog Next –Generation SIEM ANET Statistics Reports Traffic and security statistics reports
  • 37. SureLog Next –Generation SIEM ANET Distributed Architecture Supports master-slave mode installation. Hundreds of thousands of EPS capacity and centralized correlation can be achieved.