Your SlideShare is downloading. ×
Active Insight for SIEM (Security Information and Event Management)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Active Insight for SIEM (Security Information and Event Management)

1,227
views

Published on

ActiveInsight provides real-time, value-based detection and reaction to event patterns and behavior. In this presentation we discuss how ActiveInsight helps SIEM deployments detect and react to …

ActiveInsight provides real-time, value-based detection and reaction to event patterns and behavior. In this presentation we discuss how ActiveInsight helps SIEM deployments detect and react to critical application level data and events. For more information see http://www.activeinsight.net

Published in: Technology, Travel, Business

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,227
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
27
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1.  
  • 2. Real-time Detection and Reaction to User Behavior ActiveInsight for SIEM ACTIVE INSIGHT
  • 3. Background
    • Successful SIEM deployments have been collecting data and events from infrastructure and security devices
  • 4. Background
    • Various regulations and business needs require application-level event collection , audit trail and correlation (FISMA, HIPPA, PCI, 357/257, etc.)
  • 5. Background
    • The business application tier is where actual business events occur and where damage can be done
    • “ Application layer monitoring for fraud detection or internal threat management is emerging as a new use case for SIEM technology ”
    • Gartner Magic Quadrant for Security Information and Event Management, 2008.
  • 6. The Business Need
    • Application level audit trail
    • Detailed user-session-application level data
    • Real-time visibility of user behavior and application events
    • Real-time, value-based, event detection and reaction
    • “ Zero-touch” application event detection (no code modifications or complex log configuration and management)
    • “ Zero-impact” on application performance and user experience
    • Quick deployment
  • 7. ACTIVE INSIGHT External Users System Mgmt Risk Mgmt SIEM Fraud Detection Internal Users Device API ACTIVE INSIGHT Detect React
  • 8. ActiveInsight Unique Value Proposition
    • Deeper, richer user-application level data
    • Non-intrusive, event driven architecture
    • Zero-touch, zero-impact deployment
    • Real-time visibility and reactions
    • Minimized integration efforts
    • Multiple feeders for various risk mgmt applications
    • Computational, I/O and log management off-loading
  • 9. Main Technological Challenges
    • Detecting relevant user-application events, in real-time , without harming application performance and availability
    • Reacting to relevant events by feeding SIEM or other security/risk management applications or initiating defensive actions
    • Offloading application servers and provide a central log source bus
    • Providing a simple , flexible and non-intrusive solution that can be deployed without requiring application code changes
  • 10. Technology
    • Distributed, high-performance, extreme transaction processing technology
    • Integrated in-memory distributed data caching
    • Unlimited server scale-out (scalable by design)
    • A-sync or sync (w/o time-out) processing
    • Low latency computational de-coupling
    • Unique and simple, xml based, “behavioral processing language”
    • Asynchronous, multi target feeders
    • Real-time, pattern based, 2-way user interaction
  • 11. Summary
  • 12. Q&A Thank you! http://www. activeinsight .net

×