Together with
“Data Security Solutions” brief introSpecialization – IT SecurityIT Security consulting(vulnerability assessmenttests, sec...
It doesn’t matter what framework and standard Youare working with as an auditorIt doesn’t matter if You are internal or ex...
AgendaIntroductionSecurity Information and Events Management (SIEM)Use cases of SIEMSIEM based Risk ManagementQ&A
Around 1500 IT Security vendors forEndpoint SecurityPlatforms and point solutionsData Security & EncryptionDLP suites and ...
Network and securityprofessionals focus tends to beon preventing bad things fromhappening on the networkThere is aleready ...
User and System ActivityRunaway ApplicationCustomer TransactionEmail BCCFailed LogonSecurity BreachFile Up/DownloadCredit ...
What logs –Audit logsTransaction logsIntrusion logsConnection logsSystem performancerecordsUser activity logsBusiness syst...
Security Intelligence provides actionable and comprehensive insightfor managing risks and threats from protection and dete...
AnalyzeActMonitorAuto-discovery of logsources, applications andassetsAsset auto-groupingCentralized log mgmt.Automated con...
• Turnkey log management• SME to Enterprise• Upgradeable to enterprise SIEM• Integrated log, threat, risk & compliance mgm...
What was theattack?Who wasresponsible?How manytargetsinvolved?Was itsuccessful?Where do I findthem?Are any of themvulnerab...
IRC on port 80?QFlow enables detection of a covert channel.Irrefutable Botnet CommunicationLayer 7 data contains botnet co...
Authentication FailuresPerhaps a user who forgot theirpassword?Brute Force PasswordAttackNumerous failed login attempts ag...
Sounds Nasty…But how to we know this?The evidence is a single click away.Buffer OverflowExploit attempt seen by SnortNetwo...
Potential Data Loss?Who? What? Where?Who?An internal userWhat?Oracle dataWhere?Gmail
Assessing the risks =Log management +Event management +Network activity monitoring +Configuration +Most successful attacks...
SIEM is a foundation to security management in 21stCentury for provides mostly the post-exploit valueRisk Manager based on...
Prediction & Prevention Reaction & RemediationIBM Security IntelligenceSimulation of incidentsError & anomaly detectionAtt...
PredictRiskDetectInsiderFraudConsolidateData SilosExceedRegulation MandatesDetectThreatsOthersMiss
www.dss.lvandris@dss.lv / raivis@dss.lv
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013   SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013   SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013   SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013   SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013   SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013   SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013   SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013   SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013   SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013   SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013   SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013   SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013   SIEM based …
Upcoming SlideShare
Loading in …5
×

Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …

874 views

Published on

World's #1 SIEM technology in GRC (Governance, Risk, Compliance). QRadar Risk Manager provides organizations with a pre-exploit solution that allows network security professionals to assess what risks exist during and after an attack, while also answering many "What if?" questions ahead of time, which can greatly improve operational efficiency and reduce network security risks.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
874
On SlideShare
0
From Embeds
0
Number of Embeds
12
Actions
Shares
0
Downloads
50
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …

  1. 1. Together with
  2. 2. “Data Security Solutions” brief introSpecialization – IT SecurityIT Security consulting(vulnerability assessmenttests, security audit, newsystems integration, HRtraining, technical support)Innovative & selectedsoftware / hardware & hybridsolutions from leadingtechnology vendors fromover 10 different countries
  3. 3. It doesn’t matter what framework and standard Youare working with as an auditorIt doesn’t matter if You are internal or externalauditor, CSO, CIO, technical or business personAutomated and real time «Security Intelligence» iswhat You need as mandatory for GRC –Risk Assessment & ManagementIT Security Governance & ManagementControl of activities and environmentPerformance measurement and improvementBenefits from better alignment with business(costs saving, efficiency etc.)
  4. 4. AgendaIntroductionSecurity Information and Events Management (SIEM)Use cases of SIEMSIEM based Risk ManagementQ&A
  5. 5. Around 1500 IT Security vendors forEndpoint SecurityPlatforms and point solutionsData Security & EncryptionDLP suites and point solutionsNetwork SecurityGateway solutionsNAC, visibility, NBAAuthentication, authorization etc.Traditional and next generation’sIdentity protectionVirtualization and cloud securityIT Security governanceOperational management & SecurityMobile Security
  6. 6. Network and securityprofessionals focus tends to beon preventing bad things fromhappening on the networkThere is aleready significantamount of spending on toolsdesigned to prevent bad thingsfrom getting in the networkWhen things go bad, it isbecause the network andsecurity practitioner doesn’t knowwhat they don’t know
  7. 7. User and System ActivityRunaway ApplicationCustomer TransactionEmail BCCFailed LogonSecurity BreachFile Up/DownloadCredit CardData AccessInformation LeakPrivileges Assigned/Changed50%?
  8. 8. What logs –Audit logsTransaction logsIntrusion logsConnection logsSystem performancerecordsUser activity logsBusiness systems alertsand different other systemsmessagesFrom where -Firewalls / IntrusionpreventionRouters / SwitchesIntrusion detectionServers, desktops, mainframesBusiness applicationsDatabasesAntivirus softwareVPN’sThere is no standard format, transportation method forlogs, there are more than 800 log file formats used..
  9. 9. Security Intelligence provides actionable and comprehensive insightfor managing risks and threats from protection and detectionthrough remediation. It could be even called as Security Mega-System.Security Intelligence--noun1. the real-time collection, normalization, and analytics of thedata generated by users, applications and infrastructure thatimpacts the IT security and risk posture of an enterprise
  10. 10. AnalyzeActMonitorAuto-discovery of logsources, applications andassetsAsset auto-groupingCentralized log mgmt.Automated configurationauditsAuto-tuningAuto-detect threatsThousands of pre-defined rules androle based reportsEasy-to-use event filteringAdvanced security analyticsAsset-based prioritizationAuto-update of threatsAuto-responseDirected remediation
  11. 11. • Turnkey log management• SME to Enterprise• Upgradeable to enterprise SIEM• Integrated log, threat, risk & compliance mgmt.• Sophisticated event analytics• Asset profiling and flow analytics• Offense management and workflow• Predictive threat modeling & simulation• Scalable configuration monitoring and audit• Advanced threat visualization and impact analysis• Network analytics• Behavior and anomaly detection• Fully integrated with SIEM• Layer 7 application monitoring• Content capture• Physical and virtual environmentsSIEMLog ManagementRiskManagementNetwork Activity& AnomalyDetectionNetwork andApplicationVisibilityOne Console SecurityBuilt on a Single Data Architecture
  12. 12. What was theattack?Who wasresponsible?How manytargetsinvolved?Was itsuccessful?Where do I findthem?Are any of themvulnerable?How valuable arethey to the business?Where is all theevidence?Clear & concise delivery of the most relevant information …
  13. 13. IRC on port 80?QFlow enables detection of a covert channel.Irrefutable Botnet CommunicationLayer 7 data contains botnet command and controlinstructions.Potential Botnet Detected?This is as far as traditional SIEM can go.
  14. 14. Authentication FailuresPerhaps a user who forgot theirpassword?Brute Force PasswordAttackNumerous failed login attempts againstdifferent user accounts.Host CompromisedAll this followed by a successful login.Automatically detected, no customtuning required.
  15. 15. Sounds Nasty…But how to we know this?The evidence is a single click away.Buffer OverflowExploit attempt seen by SnortNetwork ScanDetected by QFlowTargeted Host VulnerableDetected by NessusTotal VisibilityConvergence of Network, Event and Vulnerability data.
  16. 16. Potential Data Loss?Who? What? Where?Who?An internal userWhat?Oracle dataWhere?Gmail
  17. 17. Assessing the risks =Log management +Event management +Network activity monitoring +Configuration +Most successful attacks are result of poorconfigurationConfiguration audits are expensive, labor intensiveand time consumingConfig files are inconsistent accross the vendors andproduct / technology typesCompliance is mandatory in many industriesVulnerability Assessment +VA scanners don’t prioritize based on network contextVulnerability prioritization is historically complex
  18. 18. SIEM is a foundation to security management in 21stCentury for provides mostly the post-exploit valueRisk Manager based on SIEM gives detailed assessment ofnetwork security risk using broad risk indicators such as:WHAT HAS HAPPENED? (from network activity data andbehaviour analysis)WHAT CAN HAPPEN? (from topology and configuration)WHAT HAS BEEN ATTEPMTED? (from events andcontect data)WHAT IS VULNERABLE AND AT RISK? (from scanners)
  19. 19. Prediction & Prevention Reaction & RemediationIBM Security IntelligenceSimulation of incidentsError & anomaly detectionAttack path visualizationCompliance automationRisk AssessmentContinuous real time auditSingle consoleIntegrated IntelligenceVizualizationHighest level of protection
  20. 20. PredictRiskDetectInsiderFraudConsolidateData SilosExceedRegulation MandatesDetectThreatsOthersMiss
  21. 21. www.dss.lvandris@dss.lv / raivis@dss.lv

×