SlideShare a Scribd company logo

Security Kung Fu: SIEM Solutions

Download as PPTX, PDF
Joshua Berman
Joshua Berman

The Security Kung Fu Series was created as both a thought leadership and awareness campaign which ran from Q1 – Q2 2017. It was meant to educate attendees on the internal and external threats businesses face, and the compliance challenges many must endure. It also served to highlight the need for an array of software solutions from the SolarWinds Core IT Security Portfolio which can assist with these concerns. A primary focus of the event was SolarWinds® Log & Event Manager which can contribute to greater IT security and assist businesses in meeting and maintaining compliance with a variety of compliance regimes. Part 1: SIEM Solutions In Part 1, we took an in-depth look at the cybersecurity climate businesses and currently facing and educated ourselves on the cybercrime industry as a whole. Using the Lockhead Martin Cyber Kill Chain® as an example, we discussed the role SIEM solutions play in identifying security threats and discussed the unique capabilities of such solutions to allow users to go back in time to conduct forensic analysis of security incidents and verified threats. Other Security Kung Fu Events: Part 2: Firewall Logs | http://bit.ly/2ql3l2A Part 3: Active Directory Changes | http://bit.ly/2s5kFFc Part 4: Security vs. Compliance | http://bit.ly/2qXuc3I If you are interested in learning about the impact of this campaign, please visit my LinkedIn Profile for more details or feel free to reach out to me directly over LinkedIn. Acknowledgements I’d like to thank the following individuals for assisting me in the execution of this campaign: Justina Lister, Angeline Kelly, Jamie Hynds, Ian Trump, Destiny Bertucci, Curtis Ingram, Chris Wiley, Ren Penaflor, Allie Eby, Ann Guidry, Rainy Schermerhorn, Kirsten Tanges, Damon Garcia

Software
1 of 18
INTRODUCTION The Security Kung Fu Series is a four-part series intended to guide you in the mastery of the art of Security Kung Fu. As we embarked on creating this series, we always knew that in the back of everyone’s minds were a couple of curious thoughts: Why “Kung Fu?” And, “what does martial arts have to do with how I protect my network?” Well, “Kung Fu” is a Chinese term referring to any study, learning, or practice that requires patience, energy, hard work, discipline and time to complete. So, really, it’s not just martial arts. Perhaps, by this definition, you’re starting to see the parallels we see with IT security, and the vital roles many of you play within your respective organizations. For on demand access to each recording of the series visit the Security Kung Fu Series Page. © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 1
AGENDA • Respect your Security Kung Fu Masters • Discuss the cybersecurity battleground • IT security stances • The need for a layered approach • SIEM solutions - security and compliance • Intro to SolarWinds® Log & Event Manager (LEM) • Q&A © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 2
SECURITY KUNG FU MASTERS © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 3 Curtis Ingram Sales Engineer, SolarWinds Ian Trump Cyber Security Strategist
THE CYBER SECURITY CLIMATE © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 4
THE CYBER SECURITY CLIMATE © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 5 $75 BILLION $170 BILLION $2 TRILLION
CYBER CRIME INDUSTRY • The mature Crime-as-a-Service model underpinning cyber-crime continues to provide tools and services across the entire spectrum of cyber criminality, from entry-level to top-level players, including terrorists. • The boundaries between cyber criminals, Advanced Persistent Threat (APT) style actors and other groups continue to blur. • The availability of cybercrime tools and services, and illicit commodities such as DDoS on the Darknet, provide ample opportunities for traditional crime to become cyber enabled. • Ransomware and banking Trojans remain top malware threats. © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 6 Source: 2016 Internet Organised Crime Threat Assessment (IOCTA), EUROPOL
RECENT EXAMPLE • IAT HONG, BO ZHENG, and CHIN HUNG © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 7 Source: https://www.sec.gov/litigation/litreleases/2016/lr23711.htm
IT SECURITY STANCES © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 8 PROACTIVE DETECTIVE REACTIVE-RECOVERY
PROACTIVE STANCE • 1/3 of the best defense is to prevent breaches altogether o Perimeter security measures like firewalls o Anti-virus, anti-malware, web protection, patch management o Harden endpoints “cyber hygiene” o Policies/Procedures, User Awareness Training © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 9
DETECTIVE STANCE • 2/3 of an effective defense o When cyber criminals are successful; there is a requirement to catch them before data ex-filtration takes place. o Network layer detections, machine heuristics, machine behavior-based metrics o Host Intrusion Detection System o Network Intrusion Detection System © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 10
REACTIVE-RECOVERY STANCE • 3/3 Restore business services o Ransomware is the “simple” threat o APT actors will establish footholds and move latterly o May require Incident Response; PR Legal, etc. o Answer what was taken, how it was taken? © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 11
RECENT EXAMPLES • AUSTRAILIA’S RED CROSS® BLOOD SERVICES © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 12 Source: http://theconversation.com
THE LAYERED SECURITY APPROACH © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 13 Delivery Exploitation Installation C2 Actions WAN to LAN End Point End Point LAN to WAN End Point Lockheed Martin Cyber Kill Chain®
THE NEED FOR SIEM SOLUTIONS • Gives you visibility in an area that is critical to your business “Threat Hunting” • Only solution with forensic feature to go back in time • Required for compliance and providing evidence for security audits • Uncovers unauthorized changes in the environment • Detects insider threats such as data ex-filtration • Provides a record of network layer activity, correlated with machine data and ultimately user behavior © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 14
SOLARWINDS LOG & EVENT MANAGER SolarWinds® Log & Event Manager is an affordable SIEM solution that helps you detect and respond to security threats. • Real-time event correlation for instantaneous detection of malicious and suspicious activity • Automated remediation and advanced search for forensic analysis and troubleshooting • Out-of-the-box compliance rules and reports for HIPAA, PCI, SOX, FISMA, and may more. Download Free Trial | Learn More 5/26/2017 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 15
SECURITY KUNG FU WEBINAR SERIES © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 17 The SolarWinds, SolarWinds & Design, Orion, and Thwack trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.

Recommended

Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSecurity Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSolarWinds
 
Security Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsSecurity Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsJoshua Berman
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?marketingunitrends
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
How to Take the Ransom Out of Ransomware
How to Take the Ransom Out of RansomwareHow to Take the Ransom Out of Ransomware
How to Take the Ransom Out of Ransomwaremarketingunitrends
 
Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.marketingunitrends
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky
 

Recommended

Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSecurity Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSolarWinds
 
Security Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsSecurity Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsJoshua Berman
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?marketingunitrends
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
How to Take the Ransom Out of Ransomware
How to Take the Ransom Out of RansomwareHow to Take the Ransom Out of Ransomware
How to Take the Ransom Out of Ransomwaremarketingunitrends
 
Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.marketingunitrends
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky
 
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)Priyanka Aash
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chainAnkita Ganguly
 
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessWebinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessStorage Switzerland
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016InfinIT - Innovationsnetværket for it
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016InfinIT - Innovationsnetværket for it
 
Zymr Cybersecurity
Zymr Cybersecurity Zymr Cybersecurity
Zymr Cybersecurity Zymr Cloud
 
Behavior-Based Defense in ICS
Behavior-Based Defense in ICSBehavior-Based Defense in ICS
Behavior-Based Defense in ICSDragos, Inc.
 
Web hacking using Cyber range
Web hacking using Cyber rangeWeb hacking using Cyber range
Web hacking using Cyber rangePriyanka Aash
 
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateInsider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateFidelis Cybersecurity
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016InfinIT - Innovationsnetværket for it
 
Darren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile World
Darren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile WorldDarren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile World
Darren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile WorldPro Mrkt
 
The Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesThe Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesKaspersky
 
The Current State of Cybersecurity
The Current State of CybersecurityThe Current State of Cybersecurity
The Current State of CybersecurityTruShield Security Solutions
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetWatcher
 
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...TruShield Security Solutions
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyVeriato
 
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Cristian Garcia G.
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterSpanning Cloud Apps
 
INTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSINTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSSylvain Martinez
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYSylvain Martinez
 
Security Kung Fu: Security vs Compliance
Security Kung Fu: Security vs ComplianceSecurity Kung Fu: Security vs Compliance
Security Kung Fu: Security vs ComplianceSolarWinds
 
Security Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceSecurity Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceJoshua Berman
 

More Related Content

What's hot

Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)Priyanka Aash
 
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessWebinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessStorage Switzerland
 
Zymr Cybersecurity
Zymr Cybersecurity Zymr Cybersecurity
Zymr Cybersecurity Zymr Cloud
 
Behavior-Based Defense in ICS
Behavior-Based Defense in ICSBehavior-Based Defense in ICS
Behavior-Based Defense in ICSDragos, Inc.
 
Web hacking using Cyber range
Web hacking using Cyber rangeWeb hacking using Cyber range
Web hacking using Cyber rangePriyanka Aash
 
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateInsider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateFidelis Cybersecurity
 
Darren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile World
Darren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile WorldDarren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile World
Darren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile WorldPro Mrkt
 
The Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesThe Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesKaspersky
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetWatcher
 
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...TruShield Security Solutions
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyVeriato
 
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Cristian Garcia G.
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterSpanning Cloud Apps
 
INTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSINTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSSylvain Martinez
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYSylvain Martinez
 

What's hot (20)

Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
 
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessWebinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
 
Zymr Cybersecurity
Zymr Cybersecurity Zymr Cybersecurity
Zymr Cybersecurity
 
Behavior-Based Defense in ICS
Behavior-Based Defense in ICSBehavior-Based Defense in ICS
Behavior-Based Defense in ICS
 
Web hacking using Cyber range
Web hacking using Cyber rangeWeb hacking using Cyber range
Web hacking using Cyber range
 
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateInsider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
 
Darren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile World
Darren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile WorldDarren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile World
Darren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile World
 
The Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesThe Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-Adversaries
 
The Current State of Cybersecurity
The Current State of CybersecurityThe Current State of Cybersecurity
The Current State of Cybersecurity
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
 
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your Company
 
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware Disaster
 
INTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSINTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICS
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITY
 

Similar to Security Kung Fu: SIEM Solutions

Security Kung Fu: Security vs Compliance
Security Kung Fu: Security vs ComplianceSecurity Kung Fu: Security vs Compliance
Security Kung Fu: Security vs ComplianceSolarWinds
 
Security Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceSecurity Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceJoshua Berman
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
 
Security Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsSecurity Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsSolarWinds
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItResilient Systems
 
Cyber security event
Cyber security eventCyber security event
Cyber security eventTryzens
 
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...NetworkCollaborators
 
Carbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksCarbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksMighty Guides, Inc.
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation SecurityCisco Canada
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Decisions
 
Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsCisco Canada
 
Cisco Connect 2018 Singapore - Cisco Incident Response Services
Cisco Connect 2018 Singapore - Cisco Incident Response ServicesCisco Connect 2018 Singapore - Cisco Incident Response Services
Cisco Connect 2018 Singapore - Cisco Incident Response ServicesNetworkCollaborators
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Decisions
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019Ulf Mattsson
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopMichele Chubirka
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAPNIC
 

Similar to Security Kung Fu: SIEM Solutions (20)

Security Kung Fu: Security vs Compliance
Security Kung Fu: Security vs ComplianceSecurity Kung Fu: Security vs Compliance
Security Kung Fu: Security vs Compliance
 
Security Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceSecurity Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. Compliance
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
Security Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsSecurity Kung Fu: Firewall Logs
Security Kung Fu: Firewall Logs
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About It
 
Cyber security event
Cyber security eventCyber security event
Cyber security event
 
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
 
Carbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksCarbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down Attacks
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
 
Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced Threats
 
Cisco Connect 2018 Singapore - Cisco Incident Response Services
Cisco Connect 2018 Singapore - Cisco Incident Response ServicesCisco Connect 2018 Singapore - Cisco Incident Response Services
Cisco Connect 2018 Singapore - Cisco Incident Response Services
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
 
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SCCyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security Checklist
 

Recently uploaded

GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 

Recently uploaded (20)

GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 

Security Kung Fu: SIEM Solutions

  • 1.
  • 2. INTRODUCTION The Security Kung Fu Series is a four-part series intended to guide you in the mastery of the art of Security Kung Fu. As we embarked on creating this series, we always knew that in the back of everyone’s minds were a couple of curious thoughts: Why “Kung Fu?” And, “what does martial arts have to do with how I protect my network?” Well, “Kung Fu” is a Chinese term referring to any study, learning, or practice that requires patience, energy, hard work, discipline and time to complete. So, really, it’s not just martial arts. Perhaps, by this definition, you’re starting to see the parallels we see with IT security, and the vital roles many of you play within your respective organizations. For on demand access to each recording of the series visit the Security Kung Fu Series Page. © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 1
  • 3. AGENDA • Respect your Security Kung Fu Masters • Discuss the cybersecurity battleground • IT security stances • The need for a layered approach • SIEM solutions - security and compliance • Intro to SolarWinds® Log & Event Manager (LEM) • Q&A © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 2
  • 4. SECURITY KUNG FU MASTERS © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 3 Curtis Ingram Sales Engineer, SolarWinds Ian Trump Cyber Security Strategist
  • 5. THE CYBER SECURITY CLIMATE © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 4
  • 6. THE CYBER SECURITY CLIMATE © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 5 $75 BILLION $170 BILLION $2 TRILLION
  • 7. CYBER CRIME INDUSTRY • The mature Crime-as-a-Service model underpinning cyber-crime continues to provide tools and services across the entire spectrum of cyber criminality, from entry-level to top-level players, including terrorists. • The boundaries between cyber criminals, Advanced Persistent Threat (APT) style actors and other groups continue to blur. • The availability of cybercrime tools and services, and illicit commodities such as DDoS on the Darknet, provide ample opportunities for traditional crime to become cyber enabled. • Ransomware and banking Trojans remain top malware threats. © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 6 Source: 2016 Internet Organised Crime Threat Assessment (IOCTA), EUROPOL
  • 8. RECENT EXAMPLE • IAT HONG, BO ZHENG, and CHIN HUNG © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 7 Source: https://www.sec.gov/litigation/litreleases/2016/lr23711.htm
  • 9. IT SECURITY STANCES © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 8 PROACTIVE DETECTIVE REACTIVE-RECOVERY
  • 10. PROACTIVE STANCE • 1/3 of the best defense is to prevent breaches altogether o Perimeter security measures like firewalls o Anti-virus, anti-malware, web protection, patch management o Harden endpoints “cyber hygiene” o Policies/Procedures, User Awareness Training © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 9
  • 11. DETECTIVE STANCE • 2/3 of an effective defense o When cyber criminals are successful; there is a requirement to catch them before data ex-filtration takes place. o Network layer detections, machine heuristics, machine behavior-based metrics o Host Intrusion Detection System o Network Intrusion Detection System © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 10
  • 12. REACTIVE-RECOVERY STANCE • 3/3 Restore business services o Ransomware is the “simple” threat o APT actors will establish footholds and move latterly o May require Incident Response; PR Legal, etc. o Answer what was taken, how it was taken? © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 11
  • 13. RECENT EXAMPLES • AUSTRAILIA’S RED CROSS® BLOOD SERVICES © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 12 Source: http://theconversation.com
  • 14. THE LAYERED SECURITY APPROACH © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 13 Delivery Exploitation Installation C2 Actions WAN to LAN End Point End Point LAN to WAN End Point Lockheed Martin Cyber Kill Chain®
  • 15. THE NEED FOR SIEM SOLUTIONS • Gives you visibility in an area that is critical to your business “Threat Hunting” • Only solution with forensic feature to go back in time • Required for compliance and providing evidence for security audits • Uncovers unauthorized changes in the environment • Detects insider threats such as data ex-filtration • Provides a record of network layer activity, correlated with machine data and ultimately user behavior © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 14
  • 16. SOLARWINDS LOG & EVENT MANAGER SolarWinds® Log & Event Manager is an affordable SIEM solution that helps you detect and respond to security threats. • Real-time event correlation for instantaneous detection of malicious and suspicious activity • Automated remediation and advanced search for forensic analysis and troubleshooting • Out-of-the-box compliance rules and reports for HIPAA, PCI, SOX, FISMA, and may more. Download Free Trial | Learn More 5/26/2017 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 15
  • 17.
  • 18. SECURITY KUNG FU WEBINAR SERIES © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 17 The SolarWinds, SolarWinds & Design, Orion, and Thwack trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.