Successfully reported this slideshow.

DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & Logging


Published on

Presentation from Riga, Latvia. "Data Security Solutions" Ltd. ITSEC Conference.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & Logging

  1. 1. BalaBit IT SecurityThe logging company
  2. 2. External Challenges: Security Breaches
  3. 3. External Challenges:Compliance Pressure to Monitor Users PCI-DSS ISO27002 SOX→ COBIT Chapter 7, 8 A.10.2 Third-party serviceDS5.5 Implement Strong mngmnt HIPAA, BaselSecurity monitoring Access Control A.10.10 II, GPG13…DS9.2 Chapter 10 Audit Access to Monitoring user SimilarConfig.changes Cardholder Data activities requirements!DS11.6 Chapter 12 A.13.2Securing Data Maintain Mgmt of Security sec.policy for Incidents personnel
  4. 4. Internal Challenges: „Superuser” Fraud Source: BalaBit IT professionals survey, 2011
  5. 5. How to control?• Identity-management• Logging• Activity monitoring
  6. 6. BalaBit IT Security „The syslog-ng company”• 2011 revenue: $10.3 M (35% annual growth)• Number of employees: 120• Number of customers - global: – commercial customers: 800 – open source users: 850.000• 12 years experience in IT Security• Global partner network, 80+ partners in 30+ countries• Awarded to Deloitte Technology Fast 500 and Fast 50 Lists (2010)
  7. 7. syslog-ng Description• IT environments constantly generate important data in log messages• syslog-ng • Collects • Filters • Classifies • Normalizes • Stores • Transfers• syslog-ng is not a log analysis tool but it is essential to analysis 8
  8. 8. Product Family• syslog-ng Open Source Edition • Leader since 1998, de facto standard in 2001 • Large, world-wide community• syslog-ng Premium Edition • Commercial version • Additional features • Professional support• syslog-ng Store Box • Turnkey appliance • Index, search, reporting • Professional support 9
  9. 9. syslog-ng Open Source Edition• Key Features • Flexible message filtering and re-writing • Pattern-based classification • Secure log transfer via SSL/TLS • Flow-control – adaptive message rate control • High speed processing > 650k/sec• Community • 100,000s of users worldwide • Well know by system admins • Included in 3rd party devices • Custom add-ons 10
  10. 10. syslog-ng Premium Edition• Additional Features • Zero Message Loss • Reliable Log Transfer Protocol (RLTP) • Client side failover • Disk buffer • Encrypted log storage • SQL source and destination support • Windows support • Support for more than 50 server platforms• Professional Support 11
  11. 11. Customers
  12. 12. Logging is not enough…1. Several security events are not logged! The User Monitoring „Pyramid”2. Logs typically do not show what was done.3. Logs often show only obscure techn. details. Activity Records - security camera System logs - snapshots
  13. 13. Key questions to answer…Can you ensure the accountability of your IT staff? Can you monitor the actions of your „superusers”? Can you reliably control your outsourcing partners? Do you really know „who access what” on servers? Can you conduct quick and cheap audits at your company? Can you present bullet-proof evidence in legal proceedings?Are you sure you’d pass audits concerning user monitoring?
  14. 14. IT Staff Privileged Activity Monitoring by Shell Control BoxOutsourcingpartnersManagers • Firewall,VDI users • Network devices, • Databases, • Web/file servers, • Citrix server…
  15. 15. Privileged Activity Monitoring by BalaBit Shell Control BoxShell Control Box (SCB) is anappliance that controls privilegedaccess to remote systems andrecords the activities into searchableand re-playable movie-like audittrails.
  16. 16. Access ControlSecurity & compliance benefits:• Central access control gateway• Multi-protocol support - SSH, RDP, VNC, Telnet, Citrix, etc.• Sub-channel control (e.g. file transfer)• Access by time policy• 4-eyes authorization• Real-time access monitoringKey Benefit: GRANULAR ACCESS POLICY ENFORCEMENT!
  17. 17. Real-time alerting (& blocking)Security & compliance benefits:• Alerts for monitoring tools• Alerts for supervisorsComing in :• Terminates session if risky action• Risky actions are customizable (e.g. failed login, program execution, credit card number…)Key Benefit: IMMIDIATE REACTION ON CRITICAL EVENTS!
  18. 18. Audit & ForensicsSecurity & compliance benefits:• Real-time activity monitoring• Tamper-proof, HQ audit trails• Movie-like playback & search• File transfer audit• Independent, transparent audit deviceKey Benefit: INDEPENDENT TOOL FOR QUICK AUDITS & FORENSICS!
  19. 19. Big SCB Users
  20. 20. Conclusion Benefits for businessFaster ROI• Faster and higher quality audits• Lower troubleshooting and forensics costs• Centralized authentication & access control• Complete solution for user monitoringLower risk• Improved regulatory and industry compliance• Better employee/partner control• Improved accountability of staff• Bullet-proof evidence in legal proceedings• Setting technical and psychological barrier
  21. 21. Thank you for your attention! Gábor Paróczi Sales Manager 25