Accel Ops Csobc Sans Webcast 090210.Ppt

1,360 views
1,286 views

Published on

SANS webcast on SIEM Best Practices

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,360
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
34
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Accel Ops Csobc Sans Webcast 090210.Ppt

  1. 1. SANS “ASK THE EXPERT” Putting the Top 10 SIEM Best Practices To Work x Process, Metrics and Technologies Also visit: WWW.ACCELOPS.NET/SIEMtop10.php Sponsors: AccelOps, Inc. CSO Breakfast Club © 2010 AccelOps, Inc. September 2, 2010
  2. 2. Roundtable Participants   Bill Sieglein   President, CSO Breakfast Club   Dr. Anton Chuvakin   Author/Blog @ Security Warrior   Tim Mather CISSP, CISM   I4, former Chief Security Strategist at RSA, former CSO Symantec   Randolph Barr, CISSP   CSO Qualys, former CSO at WebEx Comm.   Jamie Sanbower, CISSP   Cyber Security Director @ Force3   Scott Gordon CISSP   Vice President, AccelOps (c) 2010 AccelOps- Putting the Top 10 SIEM Best Practices To Work 09.02.10 2
  3. 3. Ask the Experts:   What is a SIEM? (rhetorical)   A solution that aggregates, normalizes, filters, correlates and manages security and other operational event / log data to monitor, alert, report, analyze and manage security and compliance-relevant information.   Send us your questions…   CHAT to moderators   Tweet Top10SIEMbpract   Email siemtop10@accelops.net (c) 2010 AccelOps- Putting the Top 10 SIEM Best Practices To Work 09.02.10 3
  4. 4. Ask the Experts:   Monitoring and Reporting Requirements   Establish key monitoring and reporting requirements prior to deployment, including objective, targets, compliance controls, implementation and workflow. (c) 2010 AccelOps- Putting the Top 10 SIEM Best Practices To Work 09.02.10 4
  5. 5. Ask the Experts:   Infrastructure audit activations   Determine the scope of implementation, infrastructure audit targets, necessary credentials and verbosity, activation phases and activation. (c) 2010 AccelOps- Putting the Top 10 SIEM Best Practices To Work 09.02.10 5
  6. 6. Ask the Experts:   Audit data requirements   Identify and assure adherence to audit data requirements including accessibility, integrity, retention, evidentiary requisites, disposal and storage considerations. (c) 2010 AccelOps- Putting the Top 10 SIEM Best Practices To Work 09.02.10 6
  7. 7. Ask the Experts:   Access Controls   Monitor, respond to and report on key status, violations and anomalous access to critical resources. (c) 2010 AccelOps- Putting the Top 10 SIEM Best Practices To Work 09.02.10 7
  8. 8. Ask the Experts:   Perimeter Defenses   Monitor, respond to and report on key status, configuration changes, violations/attacks and anomalous activity associated with perimeter defenses. (c) 2010 AccelOps- Putting the Top 10 SIEM Best Practices To Work 09.02.10 8
  9. 9. Ask the Experts:   Network and host defenses   Monitor, respond to and report on key status, configuration changes, violations/attacks and anomalous activity associated with internal network and host defenses. (c) 2010 AccelOps- Putting the Top 10 SIEM Best Practices To Work 09.02.10 9
  10. 10. Ask the Experts:   Network and system resource integrity   Monitor, respond to and report on key status, configuration changes, patches, vulnerabilities, threats and anomalous activity affecting network and system resources. (c) 2010 AccelOps- Putting the Top 10 SIEM Best Practices To Work 09.02.10 10
  11. 11. Ask the Experts:   Malware Control   Monitor, respond to and report on key status, threats, issues, violations and activity supporting malware controls. (c) 2010 AccelOps- Putting the Top 10 SIEM Best Practices To Work 09.02.10 11
  12. 12. Ask the Experts:   Access management and acceptable use   Monitor, respond to and report on key status, configuration changes, violations and anomalous activity affecting access management, user management and acceptable use of resources (c) 2010 AccelOps- Putting the Top 10 SIEM Best Practices To Work 09.02.10 12
  13. 13. Ask the Experts:   Application defenses   Monitor, respond to and report on key status, configuration changes, violations and anomalous activity with regard to web, database and other application defenses. (c) 2010 AccelOps- Putting the Top 10 SIEM Best Practices To Work 09.02.10 13
  14. 14. Webcast Sponsor: Challenges Integrated Data Center Monitoring Complex Threats and Environment Monitoring, Search & Reporting Scope Implementation and Scale Difficulty   Single pane of glass – Intelligence at your fingertips Timely & Extensive   End-to-end visibility – service, performance, availability, security, Device Support change and compliance management   SOC/NOC convergence – extensive operational visibility IT Service   Efficiency – proactive monitoring, expedited root-cause analysis, Awareness & Priority flexible search/reporting   Value – easy to use, implement and scale with rich feature set Budget for Isolated   Virtual Appliance or SaaS – out of the box use and readily scale Security Tools (c) 2010 AccelOps- Putting the Top 10 SIEM Best Practices To Work 09.02.10 14
  15. 15. Ask the Experts:   In Conclusion   Map your requirements; output, audience, functional   Scope implementation; size, deployment, activation   Determine operating norms; what will you do with the information, incident workflow, escalation…   One size does not fit all; dovetail your infosec policy with best practices that works best for your organization   For more detailed and on-going contribution to SIEM best practices visit: www.accelops.net.SIEMtop10.php (c) 2010 AccelOps- Putting the Top 10 SIEM Best Practices To Work 09.02.10 15
  16. 16. Ask the Experts:   For a more extensive, on-going set of Top 10 SIEM Best Practices visit: WWW.ACCELOPS.NET/SIEMtop10.php   Released under a Creative Commons 3.0 Attribution license: http://creativecommons.org/licenses/by/3.0/   Thanks to content contribution from:   Scott Gordon CISSP   Randolph Barr, CISSP   Dr. Anton Chuvakin   Jamie Sanbower, CISSP   Tim Mather CISSP, CISM   Bill Sieglein CISSP   SANS.org in reference to…   Top Cyber Security Risks   20 Critical Security Controls   April Russo (number graphics) (c) 2010 AccelOps- Putting the Top 10 SIEM Best Practices To Work 09.02.10 16

×