Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Next generation SIEM 2012 (global #1 Q1Labs)


Published on

Data Security Solutions made a presentation about new #1 technology by Gartner in SIEM market in the world at headtechnology Baltics annual IT Security conference "Headlight2012" (22nd of May, Riga, Latvia) regarding innovations in IT Security market.

Published in: Technology
  • D0WNL0AD FULL ▶ ▶ ▶ ▶ ◀ ◀ ◀ ◀
    Are you sure you want to  Yes  No
    Your message goes here

Next generation SIEM 2012 (global #1 Q1Labs)

  1. 1. Together with
  2. 2. “Data Security Solutions” brief introSpecialization – IT Security IT Security consulting (vulnerability assessment tests, security audit, new systems integration, HR training, technical support) Innovative & selected software / hardware & hybrid solutions from leading technology vendors from over 10 different countries
  3. 3. Agenda Introduction - threats, technology era, definitions Business drivers for log management and SIEM(Security Information and Events Management) Market analysis, critical capabilities of solutions Selected Q1 Labs solutions for Your review for - SEM (Log management) SEM (Wider scope) SIEM
  4. 4. Global figures - cybercrime 2011 – 431 million people affected, with more than 114 million USD directly and another 274 million USD related to direct loss (Source: Symantec, Dec 2011) Cybercrime costs the world significantly more thanthe global black market of marijuana, cocaine and heroincombined ($228 million world wide)
  5. 5. Attack Type Bethesda Software SQL Injection URL Tampering Northrop Italy Grumman IMF PM Fox News Site Spear Phishing X-Factor 3rd Party SW Citigroup Spanish Nat. Sega DDoS Police Secure ID Gmail Booz Accounts Epsilon PBS Allen Hamilton Unknown Vanguard Sony PBS SOCA Defense Monsanto Malaysian Gov. Site Peru HB Gary RSA Lockheed Special Police Martin Nintendo Brazil Gov. L3 SK Communications Sony BMG CommunicationsSize of circle estimates relative Greece Turkish Government Koreaimpact of breach AZ Police US Senate NATO Feb Mar April May June July Aug IBM Security X-Force® 2011 Midyear Trend and Risk Report September 2011
  6. 6. SaaS PaaSIaaS VoI P Big data mgmt.Mobility Security as a Service
  7. 7. Security today - Financially motivated Bank Accounts Identity theft Insiders Intellectual Property Theft “Hacktivists” Denial of Service Reputation Damage Customer data
  8. 8. Around 1500 IT Security vendors for Endpoint Security Platforms and point solutions Data Security DLP suites and point solutions Network Security Gateway solutions NAC, visibility, NBA Authentication, authorization etc. Traditional and next generation’s Identity protection Virtualization and cloud security IT Security governance Operational management & Security Mobile Security
  9. 9. Do You have one, centralsolutions for collecting ALLevents (logs), correlate them Operational IT & Network Identity Governance & Security Operations Management Complianceand have real time intelligent Log Logvisibility? ? Tool Silo ? ? ? ? ? ??? Do You monitor the ? ? ?? ?? ???business processes instead ? ? ? ? ? ??? ? ? ? ??? Log Jam ?of network? ? ? ? ? ?? ? ???? ?? ? ? LOGS Do You monitor identities,applications, information and ???their context instead of just IP Network Servers ?? Databases Homegrown ? Applicationsaddresses, OS’s anddevices? If not – You are vulnerable!!!
  10. 10. Failed Logon User and System Activity Privileges Assigned/ Security Breach ChangedFile Up/Download Credit Card Data Access 50%? Runaway Application Customer Transaction Information Leak Email BCC
  11. 11. What logs – From where - Audit logs Firewalls / Intrusion Transaction logs prevention Intrusion logs Routers / Switches Connection logs Intrusion detection System performance Servers, desktops, records mainframes User activity logs Business applications Different systems alerts Databases and different other systems Antivirus software messages VPN’sThere is no standard format, transportation method for logs, there are more than 800 log file formats used..
  12. 12. EU directives Such as for data protection Critical infrastructure protection CooperationIndustry standards and regulations Banks, Insurance Health organizations etc.NATO directives Security, military orgs Related to NATO workIT Security ISO 2700XLocal laws and regulations Personal data protection IT Security policy
  13. 13. Definitions from IT Security solutions / technologies – SEM – Security Events Management (Correlation – events relation together for security benefits) SIM – Security Information Management (Log management – e.g. collecting the events of the applications and operational systems.) SIEM (Security Information And Event Management) You cannot control what You cannot see!
  14. 14. Collect Alert Store ReportTime-stamping and Alerts based on real time As much as you want, Should have reasy tosecure collection of log forensics according to as little as your compliance configure and report.100% of all log data, policies. According to needs dictate. Automated, Should be easy-to-use100% of the time, from anomalies, incidents. In secure storage and templates and moreany device, including any possible alerting way. archival of critical log data. than 10K customnetwork, storage, Maintain chain of custody. reports. Packaged SOX,servers, applications! PCI reporting + more. Process Integration & Information Share
  15. 15. Security Intelligence --noun 1. the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the IT security and risk posture of an enterpriseSecurity Intelligence provides actionable and comprehensive insightfor managing risks and threats from protection and detectionthrough remediation.
  16. 16. Scope of usage and quality control SIEM – A must to have! Log and context data collection (SIM) Normalization and categorization (SIM) Correlation (SEM) Notification / Alerting (SEM) Prioritization (SEM) Dashboards and visualization Reporting and reports delivery (SIM) Security roles workflow SIEM – next generation solutions work looking at level of – File integrity Monitoring Database Activity Monitoring Application Monitoring Identity Monitoring User Activity Monitoring Plug & Play functionality
  17. 17. Clear & concise delivery of the most relevant information … What was the attack? Was it Who was successful? responsible? Where do I find them? How valuable are How many they to the business? targets involved? Are any of them vulnerable? Where is all the evidence?
  18. 18. Q1 Labs (IBM Group company): – Innovative Security Intelligence software company – Largest independent SIEM vendor – Leader in Gartner 2011, 2010 and 2009 Magic QuadrantsAward winning solutions: – Family of next-generation Risk Management, Log Management, SIEM, security intelligence solutionsExecuting, growing rapidly: – Thousands of customers worldwide – Five-year average revenue growth +70% – North America, EMEA and Asia Pacific
  19. 19. Exceed Regulation MandatesDetect DetectThreats InsiderOthers Fraud Miss Predict Consolidate Risk Data Silos
  20. 20. Auto-discovery of log Asset-based prioritizationsources, applications and Auto-update of threatsassets Auto-responseAsset auto-grouping Monitor Analyze Directed remediationCentralized log mgmt.Automated configurationaudits Act Auto-tuning Auto-detect threats Thousands of pre-defined rules and role based reports Easy-to-use event filtering Advanced security analytics
  21. 21. • Turnkey log managementLog Management One Console Security • SME to Enterprise • Upgradeable to enterprise SIEM • Integrated log, threat, risk & compliance mgmt. • Sophisticated event analytics SIEM • Asset profiling and flow analytics • Offense management and workflow • Predictive threat modeling & simulation Risk • Scalable configuration monitoring and audit • Advanced threat visualization and impact analysis ManagementNetwork Activity • Network analytics & Anomaly • Behavior and anomaly detection • Fully integrated with SIEM Detection Network and Built on a Single Data Architecture • Layer 7 application monitoring • Content capture Application • Physical and virtual environments Visibility
  22. 22. •••••••
  23. 23. Potential Botnet Detected? This is as far as traditional SIEM can go. IRC on port 80? QFlow enables detection of a covert channel.Irrefutable Botnet CommunicationLayer 7 data contains botnet command and controlinstructions.
  24. 24. Authentication FailuresPerhaps a user who forgot theirpassword? Brute Force Password AttackNumerous failed login attempts againstdifferent user accounts. Host CompromisedAll this followed by a successful login.Automatically detected, no customtuning required.
  25. 25. Sounds Nasty… But how to we know this? The evidence is a single click away.Network Scan Buffer OverflowDetected by QFlow Exploit attempt seen by Snort Total VisibilityTargeted Host Vulnerable Convergence of Network, Event and Vulnerability data.Detected by Nessus
  26. 26. Potential Data Loss?Who? What? Where? Who? An internal user What? Oracle data Where? Gmail
  27. 27. Increased Awareness and Accuracy Prevent advanced threats with real-time intelligence correlation across security domains Increase situational awareness by leveraging real-time feeds of X-Force Research and Global Threat Intelligence across IBM security products, such as QRadar SIEM and Network Security appliances Conduct complete incident investigations with unified identity, database, network and endpoint activity monitoring and log managementEase of Management Simplify risk management and decision-making with automated reporting though a unified console Enhance auditing and access capabilities by sharing Identity context across multiple IBM security products Build automated, customized application protection policies by feeding AppScan results into IBM Network Intrusion Prevention SystemsReduced Cost and Complexity Deliver faster deployment, increased value and lower TCO by working with a single strategic partner
  28. 28. 2 9162784