SANS Log Management 2
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

SANS Log Management 2

  • 663 views
Uploaded on

SANS Sixth Annual Log Management Survey ...

SANS Sixth Annual Log Management Survey
Part II Deriving More Value From Data

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
663
On Slideshare
663
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
18
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. !"#!$!%&'($"))*+,$-./$ 0+)+/121)'$!*3415 6+3'$778$913%4%)/$0.31$ :+,*1$;3.2$0.31$9+'+ <1335$!(1)=$ !3>$!"#!$+)+,5?' @ AAA>?+)?>.3/
  • 2. B'( "))*+,$-./$0+)+/121)'$!*3415 !"#$%&"'&()*+,- .*#/0&1*"2*,%%&"'&$"2&3#4#2,3,45& 647)%5*- 87,456'-&1*"9$,3%&)%,*%&#*,&:#+642 ;"*,&<"2&=#5# <"2&%,*+,*&64/*,#%,% <"2&%")*/,&64/*,#%,% ;"*,&>%,% ;"*,&1,"1$,&'647642&$"2%&)%,')$ 2 @ AAA>?+)?>.3/
  • 3. -./$!13413$7)C31+?1? 3 @ AAA>?+)?>.3/
  • 4. -./$!.*3C1$7)C31+?1? D%31A+,,?E$3.*'13?E$?A%'C(1?E$ 79!F76!E$1'C> !13413? "GG,%C+'%.)? 9+'+H+?1? 7I1)'%'5$!.*3C1? 91?='.G? 6(5?%C+,$I14%C1?$ J:"KE$H+I/1$ +CC1??E$G,+)'$C.)'3., 4 @ AAA>?+)?>.3/
  • 5. L1+?.)?$;.3$K.,,1C'%)/ 5 @ AAA>?+)?>.3/
  • 6. -./$9+'+$M?1;*,)1?? 6 @ AAA>?+)?>.3/
  • 7. K(+,,1)/1? 7 @ AAA>?+)?>.3/
  • 8. L1+?.)?$;.3$K.,,1C'%)/ 8 @ AAA>?+)?>.3/
  • 9. N(+'$:1)I.3?$#11I$'.$9. K.)?%?'1)C5$%)$-./$9+'+$O*'G*' ?:#42,%&9,5@,,4&+,*%6"4% ?"4%6%5,4/-&64&1*"7)/5&$64, 01+)%)/;*,E$6+3?+H,1$01??+/1? ')4/56"4&#47&#&+#*6#9$,&$6%5 ?"4%6%5,45&$#-")5 OG'%.)?$;.3$P).*/($9+'+ =,9)2&$,+,$&$"22642&6%&#&46/,&"156"4 9 @ AAA>?+)?>.3/
  • 10. N(+'$-./$0+)+/121)'$:1)I.3?$ #11I$'.$9. L1G.3'%)/$+)I$")+,5?%? !1+3C(%)/ ",,.A$P+?5$!*GG.3'$.;$K*?'.2$ 914%C1? N%)I.A?$-./? 10 @ AAA>?+)?>.3/
  • 11. N(+'$M?13?$#11I$'.$9. L14%1A$-./?$9+%,5 !'+3'$QPDOLP$R(131$%?$+$63.H,12 S1''%)/$?'+3'1I >%,&7#5#&*,7)/56"4&5,/:46A),% BC/$)7,&7#5#&64&%,#*/:,% D4"@&-")*&7#5# D4"@&-")*&$"2% N+'C($D.3$!*3415$#1&'$T1+3 E,&*,#7&5:,&/"33,45% 11 @ AAA>?+)?>.3/
  • 12. !*22+35 0.31$K.2G+)%1?$K.,,1C'%)/$-./? 0.31$914%C1? 0.31$M?1;*, R.G$K(+,,1)/1$ L1G.3'%)/$+)I$ ")+,5?%? 12 @ AAA>?+)?>.3/
  • 13. !"#$"%&'()*%$'"#%'# +',+',$* !"(-#.'&&$/# 0$&1*%'&#'2#3&'()*%#.4&51%$", 6 7778/4"/8'&,
  • 14. 9:1#+',#.4"4,1;1"%#<#="%1>>$,1"*1# ?';@4"- .451&/#'2C H01H01"+&I(,*&H01&J'*'1,2,*%&<)'%30#2& H01H01"+&K02()"'*+,&J'*'1,#& H01H01"+&B,+4#"%8&@7,*%&J'*'1,# A'&>(#B$&/%/C H01H01"+&L'%'.'$,&B,+4#"%8&J'*'1,# !"#$%&'(()"'*+,-.'$,/&)01&2'*'1,2,*%&()'%30#2 !"#$%&/,/"+'%,/&)01&2'*'1,2,*%&(#0/4+%$&30#&$(,+"3"+&+02()"'*+,&2'*/'%,$ !"#$%&+02()"'*+,&50#63)05&'4%02'%"0*&30#&4$,#&'+%"7"%8&#,7",5 !"#$%&%0&/,)"7,#&4*"7,#$')&)01&(#0+,$$"*1&30#&6*05*&'*/&4*6*05*&/'%' !"#$%&%0&/,)"7,#&34))-%,9%&"*/,9&.'$,/&)01&$,'#+:&'*/&#,(0#%$ !"#$%&0(,*&)01-(05,#,/&;<= !"#$%&/,7,)0(,#&+0224*"%8&30#&)01&'*/&$,+4#"%8&2'*'1,2,*% !"#$%&%0&/,)"7,#&.,:'7"0#')&'),#%$&.'$,/&0*&)01&/'%' !"#$%&%0&+02."*,&"*/,9,/&$,'#+:&5"%:&*0#2')">,/&#,(0#%"*1 !"#$%&?@AB&+02()"'*%&)01&'*/&$,+4#"%8&2'*'1,2,*% !"#$%&%0&,9+,,/&CDEDDD&)01&2,$$'1,&(,#&$,+0*/&+0)),+%"0*&0*&'&$"*1),&'(()"'*+, !"#$%&%0&(#07"/,&+,*%#')">,/&)01&$,'#+:&'*/&#,(0#%"*1&'+#0$$&2'*8&'(()"'*+,$ !"#$%&7"$4')&:,%,#01,*,04$&*,%50#6&$,+4#"%8&(0)"+8&+0*3"14#'%"0* !"#$%&30+4$,/&$,+4#"%8&2'*'1,2,*%&7,*/0#&%0&,9+,,/&FEDDD&+4$%02,#$ !"#$%&,*/&%0&,*/&'4%02'%"+&(0)"+8&1,*,#'%"0*&30#&3"#,5'))$E&#04%,#$E&'*/&$5"%+:,$ !"#$%&$,+4#"%8&#4),&1,*,#'%"0*&.'$,/&0*&1#'(:"+')&#,(#,$,*%'%"0* !"#$%&%0&'4%02'%"+'))8&1,*,#'%,&=<B,+&34))8-2,$:,/&0#&:4.-'*/-$(06,&G<?&+0*3"14#'%"0*$&30#&24)%"-7,*/0#$
  • 15. D)@@'&%$",#EF1&#GHHH#?)/%';1&/ 3 6 7778/4"/8'&,
  • 16. !"#"$%&&'()$*+,$ -(&(,./.&0$1'23.4 5.667.$8/6(9: 1+)'07+&;$-(2<.07&,=$>+3.2&(&9.=$?7;<$(&@$A+/B)7(&9. ?1%=$C:.$1.9'2704$5737;7+&$+D$E-A F GGGH;(&;H+2,
  • 17. ?1%$.&I7;7+&$JF7&F#$1KE-$L)(0D+2/ Simplifying Enhancing Optimizing IT & Compliance Security Network Operations Compliance reports Real-time security IT monitoring across for regulations and alerting and analysis the infrastructure internal policy Alert / Reporting Auditing Forensics Network Visibility correlation baseline Purpose-built database RSA enVision Log Management platform security network applications / physical and storage devices devices databases virtual servers
  • 18. I7;7+&M$N2+/$E3.&0$A+)).907+&$ 0+$O';7&.;;$?.B+207&, Business RSA enVision - Operational Executive Statistics & Detailed Reports Compliance or Security Analyst Archer Business level dashboards Compliance process management Individual log System entries or alerts Administrator 2007 May 16 17:14:21 CDT -04:00 %CDP-4-NVLANMISMATCH:Native vlan mismatch detected on port 5/24 TJ-DC-PSA-FW-204-01: NetScreen device_id=TJ-DC-PSA-FW-204-01 [Root]system-information-00536: IKE<221.239.59.66> Phase 2 msg ID <8d16a105>: Responded to the peer's first message. (Feb 20 00:02:15)<000> J
  • 19. P.)B$8;$P.)B$Q+' !"#$$%&'%()*+ ,-./01(,234567'(4#&#'%/%&1(-*%(8#*%*9 ,%&:(%;/#0$(179 !"#$%&'()(*&$+&,%--(.%&/%$0*112&(,34%1/5/*1 !-<<%&1(=,>(%&?0*07&(8-*17/%<*@(A7*1(0&(1"%(A7<1#$9 "11A955<*#%&B0*07&C$01"0-/C87/51D5E%*1;F<#8108%5.:;A5E%*1F<#8108% G%(H0$$(1%$$(I7-(0J( #&:("7H( =,>(8#&(*7$B%( I7-<(-*%(8#*% 4 F GGGH;(&;H+2,
  • 20. Am I secure right Which of my How do I respond now? assets are at risk? effectively? Am I compliant? Situational Threat/Risk Mitigation Measurement Awareness Asssement & Remediation & Reporting
  • 21. !"#$%&#"''()'&!"# *+,%-*& .(*('-*(")&/+-##%)'%0&()&,%-#1*(.% 2%34/%&0%/4,(*5&*+,%-*&/".6#%7(*5&8+(#%& ()/,%-0()'&,%-/*(")&*(.%&-)3&%99(/(%)/5 :,"$(3%&/".6#%*%&0%/4,(*5&$(0(;(#(*5& 9,".&*+%& 0.-##%0*&",'-)(<-*(")0&*"&*+%&#-,'%0*&%)*%,6,(0%0 !/-#%&1 =99%/*($%#5&9(*&8(*+()&-)5&",'-)(<-*(")0& ()9,-0*,4/*4,%&0(<%&-)3&;43'%*&/")0*,-()*0
  • 22. >,-/5&?4#$%,@&A:&"9&:,"34/*0&-)3&B-,C%*()' *+4#$%,D)%*9",%)0(/0E/". 888E)%*9",%)0(/0E/". FGHEGIGEJKKK