SORT OUT
YOUR SIEM
w w w. s i e m s t r a t e g y. c o m
16 October 2013

1
AGENDA
• SIEM today
– How are you doing it?
• Why SIEM?
– Business benefits
– IT team benefits

• Introducing SIEM
– What ...
WHY SIEM?
TODAY’S SIEM LANDSCAPE
We find IT leaders tend to operate in one of three ways
when it comes to SIEM:

Ignore it
Seats of ...
WHY SIEM?

Business benefits

•
•
•
•

Service availability / uptime / minimise
downtime
Early warning system
Better secur...
SIEM AS IT
SHOULD BE
SecureData 24x7
Security Operations
Centre

SecureData 24x7 Security
Operations Centre

OPTIMISED SIEM ARCHITECTURE
Report...
WHAT IS SIEM, AND WHAT IS IT NOT?
SIEM is not only:

But it is about:

Storing logs / Logging

Log correlation and
context...
HOW TO ADDRESS SIEM
Four foundations of SIEM:

1

3

Everything in one
place

Making it make sense
– the need for an
exper...
1

2

FOUR FOUNDATIONS FOR SIEM
Everything in one place
•
•

•
•
•
•

•

42% of IT managers see multiple
logging systems a...
3

4

FOUR FOUNDATIONS FOR SIEM
Make it make sense

•Real time interpretation of SIEM
monitoring is critical
•It requires ...
SORTING
OUT SIEM
YOUR OPTIONS FOR SIEM

Hybrid

Internal
•

•
•
•

Design, build,
install
Requires 24/7
resourcing
Great if you
have a SOC ...
AFFINITY
SecureData SIEM-as-a-Service
- Wholly owned SOC across two sites

- 24x7x365 fully-manned operations
- Affinity p...
THE SECUREDATA DIFFERENCE

1
2

Proactive approach to security:

We take a different approach to security, focusing on pro...
THANK YOU
www.siemstrategy.com
For more information, contact:
info@secdata.com
+44 1622 723456
www.secdata.com

16
17
Upcoming SlideShare
Loading in …5
×

SORT OUT YOUR SIEM

1,076 views

Published on

SecureData reveals the four foundations for SIEM

- Everything in one place
- Logs glorious logs
- Make it make sense
- Resourcing for monitoring and threat mitigation

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,076
On SlideShare
0
From Embeds
0
Number of Embeds
35
Actions
Shares
0
Downloads
55
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

SORT OUT YOUR SIEM

  1. 1. SORT OUT YOUR SIEM w w w. s i e m s t r a t e g y. c o m 16 October 2013 1
  2. 2. AGENDA • SIEM today – How are you doing it? • Why SIEM? – Business benefits – IT team benefits • Introducing SIEM – What it is, and what it isn’t • Four foundations for SIEM – Everything in place – Platform approach – Expert security contextualisation – Resourcing for 24/7 monitoring • Sorting out your SIEM – In-house – SIEM-as-a-Service 2
  3. 3. WHY SIEM?
  4. 4. TODAY’S SIEM LANDSCAPE We find IT leaders tend to operate in one of three ways when it comes to SIEM: Ignore it Seats of the pants security Do the minimum Log collation and reporting for compliance Functioning SIEM • • Platform approach Proactive threat detection 4
  5. 5. WHY SIEM? Business benefits • • • • Service availability / uptime / minimise downtime Early warning system Better security intelligence More ‘known’ risks IT benefits • • • • • Proactive threat detection prevents incidents and the need for fire-fighting Efficient – data logs from the entire network are viewed via a single dashboard All IT teams have full visibility of all logs to find the root cause faster Reduce spend on security hardware by getting more from your existing infrastructure Optimise IT resources on valuecreation project 5
  6. 6. SIEM AS IT SHOULD BE
  7. 7. SecureData 24x7 Security Operations Centre SecureData 24x7 Security Operations Centre OPTIMISED SIEM ARCHITECTURE Reports Alerts Reports WAN SecureData Cloud Data Centre Events Event Manager and Advanced Intelligence Logging Managers INTERNET Customer Data Centre n Customer Data Centre 1 Agent Agent Firewalls Firewalls Applications Applications Switches Switches Database Database Routers Routers 7
  8. 8. WHAT IS SIEM, AND WHAT IS IT NOT? SIEM is not only: But it is about: Storing logs / Logging Log correlation and contextualisation PCI or Compliance Security intelligence Reports Real time information Real time information Ability to view historical logs in a structured and targeted way Device logs All IT logs – physical access systems, coffee machines etc Logs Traffic flow, process information, file monitoring 8
  9. 9. HOW TO ADDRESS SIEM Four foundations of SIEM: 1 3 Everything in one place Making it make sense – the need for an expert eye 2 4 Logs glorious logsthink platform, not just devices Resourcing for monitoring and threat mitigation 9
  10. 10. 1 2 FOUR FOUNDATIONS FOR SIEM Everything in one place • • • • • • • 42% of IT managers see multiple logging systems as a security risk Centralise logs for real time correlation & analysis All logs, not just security devices logs Use automation tools Benchmark alarms for your organisational norms Provide full network visibility through one pane of glass to identify the root cause Enable faster diagnostics and mitigation Logs glorious logs • Take a platform or a ‘big data’ approach to log correlation •Set the platform up in the right way •Pull in contextual data such as traffic, packet analysis, traffic flow, file management etc •Track security behaviour across the whole of the network •40% of IT managers have serious concerns about the time it takes to analyse data and logs 10
  11. 11. 3 4 FOUR FOUNDATIONS FOR SIEM Make it make sense •Real time interpretation of SIEM monitoring is critical •It requires an expert, human interface •It’s important to distinguish the line between information and intelligence •Security experts need to review the alarms and alerts to determine the action in context of the organisation Resourcing for monitoring and threat mitigation •SIEM needs 24/7/365 monitoring •Security skills on a continuous basis are expensive and under-utilised on monitoring •Outputting a report each week is redundant practice in threat management •SIEM can free-up rather than use-up resources by acting as an early warning system •More time to mitigate threats enable resource planning and optimisation •Reduce the need to ‘drop everything’ for attack fire fighting 11
  12. 12. SORTING OUT SIEM
  13. 13. YOUR OPTIONS FOR SIEM Hybrid Internal • • • • Design, build, install Requires 24/7 resourcing Great if you have a SOC / NOC Security experts are expensive • • Fully managed SIEM by SecureData(so me, or all) Equipment located on customer site SIEM as a service • • Monitoring: log correlation, remote service monitoring, notifications Managed: remote diagnostics and assistance, remote vulnerability scans, remote system updates 13
  14. 14. AFFINITY SecureData SIEM-as-a-Service - Wholly owned SOC across two sites - 24x7x365 fully-manned operations - Affinity platform for complete security monitoring 14
  15. 15. THE SECUREDATA DIFFERENCE 1 2 Proactive approach to security: We take a different approach to security, focusing on proactive monitoring and management to minimise business disruption for our clients. We offer the complete security spectrum from assessing risk to detecting threats, protecting valuable assets and responding to breaches when the happen. Excellent customer service and support We offer independent consultancy through dedicated account managers and technical guardians to recommend business security solutions built on the leading security vendors in the industry. We work hard to partner with customers, and we offer flexibility to develop customised processes that fit with the customer. Our highly accredited technical staff give customers first-class support and fast resolution time with the desire to do the best possible job every time. 3 24/7 security operations platform We operate our own support teams and SOC providing global reach with full responsibility for 24/7 security monitoring and management for customers. Owning the SOC enables us to better synthesise information, intelligence and transactions to proactively mitigate more threats before they impact the customer. 15
  16. 16. THANK YOU www.siemstrategy.com For more information, contact: info@secdata.com +44 1622 723456 www.secdata.com 16
  17. 17. 17

×