Siem Overview 2009
Upcoming SlideShare
Loading in...5
×
 

Siem Overview 2009

on

  • 586 views

Current overview of Boxing Oranges Managed SIEM Offering

Current overview of Boxing Oranges Managed SIEM Offering

Statistics

Views

Total Views
586
Views on SlideShare
583
Embed Views
3

Actions

Likes
1
Downloads
24
Comments
0

2 Embeds 3

http://www.linkedin.com 2
http://www.slideshare.net 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Siem Overview 2009 Siem Overview 2009 Presentation Transcript

  • Security Information and Event Management: Know Your Stuff
  • What is SIEM? Security and Compliance Challenges Cost Benefits Benefits of Automated Security Analysis
  • MORE Hackers, Malware, and Attacks MORE Penalties LESS Headcount What you need
  • Rolling the Dice on The “Unlucky Seven” Bot, Worm, and Virus Attacks VPN Sneak Attacks Hacker Detection System and User Impact Bandwidth Hogs and Policy Violations Failed Audits, Fines and Penalties UnauthorisedApplication Access MORE Penalties LESS Headcount
  • Corporate HQ Public Network Home VPN Wireless Hot-Spot Public VPN Branch Office Remote Workers What malware is infiltrating my environment, and how is it propagating? Is my AntiVirus system able to mitigate malware threats?
  • Corporate HQ Public Network Home VPN Wireless Hot-Spot Public VPN Branch Office Remote Workers Who is attacking me and where are they attacking from? Which of my internal systems are they attacking?
  • Corporate HQ Public Network Mobile Users Home VPN Wireless Hot-Spot Public VPN Branch Office Remote Workers What internal systems are used most, and from where? Who is using the most bandwidth and what protocols, services or applications are they accessing?
  • Corporate HQ Public Network Mobile Users Home VPN Wireless Hot-Spot Public VPN Branch Office Remote Workers Which systems have suspicious access/ application activity? Are terminated accounts still being used? Which accounts are being used from suspicious locations?
  • Which systems have suspicious access/ application activity? Are terminated accounts still being used? Which accounts are being used from suspicious locations?
  • Corporate HQ Public Network Mobile Users Home VPN Wireless Hot-Spot Public VPN Branch Office Remote Workers Where are my remote users coming from, what are they accessing? Are the remote computers coming in remotely secure and up to date?
  • What users and equipment are affected? What is the level of degradation in my environment?
  • Definition of SIM / SEM / SIEM Four major functions of SIEM Log Consolidation Threat Correlation Incident Management Reporting
  • Information from Rules, Intelligence, 26 Firewalls 10 IDS / IPS 271 Servers / Other Scanning, Trending & Auditing 510,618,423 events & ESM Platform BO Connector Negative Normalization Positive Anomaly Filter Filter Filter & Aggregation 506,813,197 3,803,598 1628 Remaining Events of Interest 3,805,226 Event Consolidation 207,499 Rules/Logic/Correlation Engines 5633 Incident Handling Process: Aggregate, Correlate, Categorize, Assess Threat, and Respond Security Event Security Event Security Event BO People & Security Event Worm - Client Suspicious System / Benign Process Not Vulnerable Activity Application 1 Incident 3 Incidents 1 Incident 5532 Events (21 Events) (32 Events) (48 Events) Incident is logged for future Incident requires near term Incident requires immediate correlation and reporting, but intervention by incident intervention by incident response no further action required. response team and/or the team and the client to prevent client to prevent availability or and/or remediate availability or security issue in progress. security issue. Medium Threat High Threat Low Threat Inform Client
  • Bot, Worm and Virus Attack Visibility and Alerting • What malware is infiltrating my environment, and how is it propagating? • Is my Anti-Virus infrastructure able to handle malware? Hacker Detection • Who is attacking me? • What are they attacking? Bandwidth Hogs and Policy Violations • What users are bandwidth hogs? • What protocols, services and applications are they accessing? Application Access Monitoring • Which Systems have suspicious access/application activity? • Are terminated accounts still being used? • Which accounts are being used from suspicious locations?
  • Remote Access • Where are my remote users coming from and what are they accessing? • Are the remote computers coming in secure and up to date? System and User Impact • What users and equipment are compromised? • How much degradation is there in my IT environment? Are my compliance controls working? • Will I pass my next audit? • Am I subject to fines and penalties?
  • Better Collection Fits all IT environments Stronger Correlation Catches all incidents Automated Expertise Requires less resources
  • Software as a Service Platform Industry Industry Leading Leading SIEM 24x7 SOC Platform Boxing Orange SIEM Service 8 years of delivering Managed Security Services 24hr Security Operations Centre Innovative Security Solutions and Service Highly skilled professional services team & support analysts Wide experience in multi vendor environments PCI:SSC ASV accredited
  • Thank You