SlideShare a Scribd company logo

SureLog Large-scale SIEM Implementation in a Distributed It Security World

Download as DOCX, PDF
Ertugrul Akbas
Ertugrul Akbas

SureLog Distributed architecture is good for the big organizations where the log sources are located in multiple data centers and/or regions. This architecture is recommended for global and/or distributed environments where there is a need for high throughputs or customer data are located throughout the world or country.

Technology
1 of 3
SureLog Large-scale SIEM Implementation in a Distributed It Security World Dr. Ertuğrul AKBAŞ ertugrul.akbas@anetyazilim.com.tr Today's computer networks produce a huge amount of security log data. The security event correlation scalability has become a major concern for security analysts and IT administrators when considering complex IT infrastructures that need to handle huge amount of security log data. The current correlation capabilities of Security Information and Event Management (SIEM), based on a single node in centralized servers, have proved to be insufficient to process large event streams. Also a network might be highly segmented due to security policies or geographic distribution, mandating specific collection capabilities. Or an organization might be constrained by budget and staffing limitations, requiring an incremental approach to rolling out a deployment. ANET SureLog “Hierarchical Master-Slave Model” manage events in a distributed manner for offloading the processing requirements of the log management system for tasks such as collecting, filtering, normalization, aggregation. This model also is solution for security related issues and incremental approach. The main advantage of “Hierarchical Master-Slave Model” is easily extendable and scalable by adding regional SIEM implementations. This architecture is also good for the big organizations where the log sources are located in multiple data centers and/or regions. This architecture is recommended for global and/or distributed environments where there is a need for high throughputs or customer data are located throughout the world or country. When to consider “Hierarchical Master-Slave Model”?  Measured EPS is bigger than 25,000 events/second (This is NOT a peak rate),  Many separate sites, which are geographically distributed like: US, Europe and Asia; a few datacenters and a few regional offices,  Log source mix is a diverse blend of firewalls, network devices, NIPS, Windows servers, Unix/Linux servers, web proxies, and also web servers and database servers,
SureLogslaves collectand normalizeall thedataandsendthemtoSureLogmasterforcorrelation.Also master SureLog centralize normalized logs for Log archival and incident investigations. Slave Functions  Log collection  Log filtering before normalization  Normalization  Correlation filtering. Filtering unnecessary events for correlation  Sending logs for correlation, logarchival and incident investigations to master  Short term storage SureLogSlave advantage includesthatitisnot justa collector buta logmanager. Master Functions  Correlation  Log archival  Incident investigations.  Long term storage Cutting-edge Security Information and Event Management (SIEM) Technology The automated correlation engine in master SureLog process vast quantities of data about an enormous number of events. They also enable analysts to find patterns and to filter, clean, and analyze all that data. Taxonomy of data is at the center of SIEM correlation system. Slave SureLog instances automatically catalogs information by using signatures. Users can further create TAGS of information based upon simple or complex match patterns. Data is cataloged
(TAGS) based upon specifications consisting of simple keywords, wildcards and regular expressions, logical expressions of wildcards, definitions of regular expressions. This provides a complete flexibility in managing and grouping message data, while still maintaining high data throughputs. Role-Based Access One of the most challenging problems in managing distributed SIEM implementations is the complexity of security administration. Since the roles in an organization are relatively stable, with minimal user turnover and task reassignment, role-based access (RBAC) provides a powerful mechanism for reducing the complexity, cost, and potential for error involved in assigning user permissions within the organization. By using RBAC, a user is limited to a data subset (According to SRC IP, DST IP, Log Source, Username etc..) or SureLog module subset. Limiting by data subset allows the system administrator to create flexible roles that allow users to see only parts of stored data. For instance, roles can be configured so that mail administrators see only mail server data, web administrators see only web server data, etc.

Recommended

Connect security to your business with mc afee epo software
Connect security to your business with mc afee epo softwareConnect security to your business with mc afee epo software
Connect security to your business with mc afee epo softwarewardell henley
 
Issues with Ingesting/Staging/Analyzing Data in ConMon Implementation
Issues with Ingesting/Staging/Analyzing Data in ConMon ImplementationIssues with Ingesting/Staging/Analyzing Data in ConMon Implementation
Issues with Ingesting/Staging/Analyzing Data in ConMon ImplementationTieu Luu
 
Protect customer's personal information eng 191018
Protect customer's personal information eng 191018Protect customer's personal information eng 191018
Protect customer's personal information eng 191018sang yoo
 
Hasbe a hierarchical attribute based solution for flexible and scalable acces...
Hasbe a hierarchical attribute based solution for flexible and scalable acces...Hasbe a hierarchical attribute based solution for flexible and scalable acces...
Hasbe a hierarchical attribute based solution for flexible and scalable acces...parry prabhu
 
cloud Resilience
cloud Resilience cloud Resilience
cloud Resilience Integral university, India
 
CIO Cloud Security Checklist
CIO Cloud Security ChecklistCIO Cloud Security Checklist
CIO Cloud Security ChecklistDruva
 
Disaster recovery
Disaster recoveryDisaster recovery
Disaster recoverySameeu Imad
 
Hasbe a hierarchical attribute based solution
Hasbe a hierarchical attribute based solutionHasbe a hierarchical attribute based solution
Hasbe a hierarchical attribute based solutionIMPULSE_TECHNOLOGY
 

Recommended

Connect security to your business with mc afee epo software
Connect security to your business with mc afee epo softwareConnect security to your business with mc afee epo software
Connect security to your business with mc afee epo softwarewardell henley
 
Issues with Ingesting/Staging/Analyzing Data in ConMon Implementation
Issues with Ingesting/Staging/Analyzing Data in ConMon ImplementationIssues with Ingesting/Staging/Analyzing Data in ConMon Implementation
Issues with Ingesting/Staging/Analyzing Data in ConMon ImplementationTieu Luu
 
Protect customer's personal information eng 191018
Protect customer's personal information eng 191018Protect customer's personal information eng 191018
Protect customer's personal information eng 191018sang yoo
 
Hasbe a hierarchical attribute based solution for flexible and scalable acces...
Hasbe a hierarchical attribute based solution for flexible and scalable acces...Hasbe a hierarchical attribute based solution for flexible and scalable acces...
Hasbe a hierarchical attribute based solution for flexible and scalable acces...parry prabhu
 
cloud Resilience
cloud Resilience cloud Resilience
cloud Resilience Integral university, India
 
CIO Cloud Security Checklist
CIO Cloud Security ChecklistCIO Cloud Security Checklist
CIO Cloud Security ChecklistDruva
 
Disaster recovery
Disaster recoveryDisaster recovery
Disaster recoverySameeu Imad
 
Hasbe a hierarchical attribute based solution
Hasbe a hierarchical attribute based solutionHasbe a hierarchical attribute based solution
Hasbe a hierarchical attribute based solutionIMPULSE_TECHNOLOGY
 
Cloud Security_ Unit 4
Cloud Security_ Unit 4Cloud Security_ Unit 4
Cloud Security_ Unit 4Integral university, India
 
ESM_101_6.9.0.pdf
ESM_101_6.9.0.pdfESM_101_6.9.0.pdf
ESM_101_6.9.0.pdfProtect724v2
 
Grid computing components
Grid computing componentsGrid computing components
Grid computing componentsVishal Dutt
 
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...Bryan Borra
 
G05.2013 Security Information and Event Management
G05.2013 Security Information and Event ManagementG05.2013 Security Information and Event Management
G05.2013 Security Information and Event ManagementSatya Harish
 
Data Center Automation - Cisco ASAP Data Center
Data Center Automation - Cisco ASAP Data CenterData Center Automation - Cisco ASAP Data Center
Data Center Automation - Cisco ASAP Data CenterE.S.G. JR. Consulting, Inc.
 
Document fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 ComplianceDocument fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 ComplianceMatt Soseman
 
Seguridad en sql server 2016 y 2017
Seguridad en sql server 2016 y 2017Seguridad en sql server 2016 y 2017
Seguridad en sql server 2016 y 2017Maximiliano Accotto
 
Oscar Cabanillas - Elastic - OSL19
Oscar Cabanillas - Elastic - OSL19Oscar Cabanillas - Elastic - OSL19
Oscar Cabanillas - Elastic - OSL19marketingsyone
 
Are Cloud Applications and Data more Vulnerable to Attacks?
Are Cloud Applications and Data more Vulnerable to Attacks?Are Cloud Applications and Data more Vulnerable to Attacks?
Are Cloud Applications and Data more Vulnerable to Attacks?Sonia Usih, PMP, MCPM, BSc.
 
Hipaa Compliance With IT
Hipaa Compliance With ITHipaa Compliance With IT
Hipaa Compliance With ITNainil Chheda
 
Final_attribute based encryption in cloud with significant reduction of compu...
Final_attribute based encryption in cloud with significant reduction of compu...Final_attribute based encryption in cloud with significant reduction of compu...
Final_attribute based encryption in cloud with significant reduction of compu...Naveena N
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpointCloudPassage
 
Auditing security of Oracle DB (Karel Miko)
Auditing security of Oracle DB (Karel Miko)Auditing security of Oracle DB (Karel Miko)
Auditing security of Oracle DB (Karel Miko)DCIT, a.s.
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureCloudPassage
 
Correlog Overview Presentation
Correlog Overview PresentationCorrelog Overview Presentation
Correlog Overview PresentationAmeritech Systems Corporation
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESHappiest Minds Technologies
 
Build cost effective Security Data Lake + SIEM
Build cost effective Security Data Lake + SIEMBuild cost effective Security Data Lake + SIEM
Build cost effective Security Data Lake + SIEMRasool Irfan
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxkarlhennesey
 
A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...IJARIIT
 
Optimizing SIEM Performance
Optimizing SIEM PerformanceOptimizing SIEM Performance
Optimizing SIEM PerformanceJoseph DeFever
 
Defensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive sDefensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive sLinaCovington707
 

More Related Content

What's hot

Grid computing components
Grid computing componentsGrid computing components
Grid computing componentsVishal Dutt
 
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...Bryan Borra
 
G05.2013 Security Information and Event Management
G05.2013 Security Information and Event ManagementG05.2013 Security Information and Event Management
G05.2013 Security Information and Event ManagementSatya Harish
 
Document fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 ComplianceDocument fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 ComplianceMatt Soseman
 
Seguridad en sql server 2016 y 2017
Seguridad en sql server 2016 y 2017Seguridad en sql server 2016 y 2017
Seguridad en sql server 2016 y 2017Maximiliano Accotto
 
Oscar Cabanillas - Elastic - OSL19
Oscar Cabanillas - Elastic - OSL19Oscar Cabanillas - Elastic - OSL19
Oscar Cabanillas - Elastic - OSL19marketingsyone
 
Are Cloud Applications and Data more Vulnerable to Attacks?
Are Cloud Applications and Data more Vulnerable to Attacks?Are Cloud Applications and Data more Vulnerable to Attacks?
Are Cloud Applications and Data more Vulnerable to Attacks?Sonia Usih, PMP, MCPM, BSc.
 
Hipaa Compliance With IT
Hipaa Compliance With ITHipaa Compliance With IT
Hipaa Compliance With ITNainil Chheda
 
Final_attribute based encryption in cloud with significant reduction of compu...
Final_attribute based encryption in cloud with significant reduction of compu...Final_attribute based encryption in cloud with significant reduction of compu...
Final_attribute based encryption in cloud with significant reduction of compu...Naveena N
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpointCloudPassage
 
Auditing security of Oracle DB (Karel Miko)
Auditing security of Oracle DB (Karel Miko)Auditing security of Oracle DB (Karel Miko)
Auditing security of Oracle DB (Karel Miko)DCIT, a.s.
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureCloudPassage
 

What's hot (16)

Cloud Security_ Unit 4
Cloud Security_ Unit 4Cloud Security_ Unit 4
Cloud Security_ Unit 4
 
ESM_101_6.9.0.pdf
ESM_101_6.9.0.pdfESM_101_6.9.0.pdf
ESM_101_6.9.0.pdf
 
Grid computing components
Grid computing componentsGrid computing components
Grid computing components
 
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...
 
G05.2013 Security Information and Event Management
G05.2013 Security Information and Event ManagementG05.2013 Security Information and Event Management
G05.2013 Security Information and Event Management
 
Data Center Automation - Cisco ASAP Data Center
Data Center Automation - Cisco ASAP Data CenterData Center Automation - Cisco ASAP Data Center
Data Center Automation - Cisco ASAP Data Center
 
Document fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 ComplianceDocument fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 Compliance
 
Seguridad en sql server 2016 y 2017
Seguridad en sql server 2016 y 2017Seguridad en sql server 2016 y 2017
Seguridad en sql server 2016 y 2017
 
Oscar Cabanillas - Elastic - OSL19
Oscar Cabanillas - Elastic - OSL19Oscar Cabanillas - Elastic - OSL19
Oscar Cabanillas - Elastic - OSL19
 
Are Cloud Applications and Data more Vulnerable to Attacks?
Are Cloud Applications and Data more Vulnerable to Attacks?Are Cloud Applications and Data more Vulnerable to Attacks?
Are Cloud Applications and Data more Vulnerable to Attacks?
 
Hipaa Compliance With IT
Hipaa Compliance With ITHipaa Compliance With IT
Hipaa Compliance With IT
 
Final_attribute based encryption in cloud with significant reduction of compu...
Final_attribute based encryption in cloud with significant reduction of compu...Final_attribute based encryption in cloud with significant reduction of compu...
Final_attribute based encryption in cloud with significant reduction of compu...
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
 
Auditing security of Oracle DB (Karel Miko)
Auditing security of Oracle DB (Karel Miko)Auditing security of Oracle DB (Karel Miko)
Auditing security of Oracle DB (Karel Miko)
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
 
Correlog Overview Presentation
Correlog Overview PresentationCorrelog Overview Presentation
Correlog Overview Presentation
 

Similar to SureLog Large-scale SIEM Implementation in a Distributed It Security World

Build cost effective Security Data Lake + SIEM
Build cost effective Security Data Lake + SIEMBuild cost effective Security Data Lake + SIEM
Build cost effective Security Data Lake + SIEMRasool Irfan
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxkarlhennesey
 
A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...IJARIIT
 
Optimizing SIEM Performance
Optimizing SIEM PerformanceOptimizing SIEM Performance
Optimizing SIEM PerformanceJoseph DeFever
 
Defensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive sDefensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive sLinaCovington707
 
Revocation based De-duplication Systems for Improving Reliability in Cloud St...
Revocation based De-duplication Systems for Improving Reliability in Cloud St...Revocation based De-duplication Systems for Improving Reliability in Cloud St...
Revocation based De-duplication Systems for Improving Reliability in Cloud St...IRJET Journal
 
Titles with Abstracts_2023-2024_Cloud Computing.pdf
Titles with Abstracts_2023-2024_Cloud Computing.pdfTitles with Abstracts_2023-2024_Cloud Computing.pdf
Titles with Abstracts_2023-2024_Cloud Computing.pdfinfo751436
 
IRJET- Secure Data Deduplication and Auditing for Cloud Data Storage
IRJET- Secure Data Deduplication and Auditing for Cloud Data StorageIRJET- Secure Data Deduplication and Auditing for Cloud Data Storage
IRJET- Secure Data Deduplication and Auditing for Cloud Data StorageIRJET Journal
 
ALTR Company Overview 2023
ALTR Company Overview 2023ALTR Company Overview 2023
ALTR Company Overview 2023Kim Cook
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSridhar Karnam
 
Effective Information Flow Control as a Service: EIFCaaS
Effective Information Flow Control as a Service: EIFCaaSEffective Information Flow Control as a Service: EIFCaaS
Effective Information Flow Control as a Service: EIFCaaSIRJET Journal
 
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3Bloombase
 
The EMC Isilon Scale-Out Data Lake
The EMC Isilon Scale-Out Data LakeThe EMC Isilon Scale-Out Data Lake
The EMC Isilon Scale-Out Data LakeEMC
 
IRJET- Mutual Key Oversight Procedure for Cloud Security and Distribution of ...
IRJET- Mutual Key Oversight Procedure for Cloud Security and Distribution of ...IRJET- Mutual Key Oversight Procedure for Cloud Security and Distribution of ...
IRJET- Mutual Key Oversight Procedure for Cloud Security and Distribution of ...IRJET Journal
 
Building Secure Services in the Cloud
Building Secure Services in the CloudBuilding Secure Services in the Cloud
Building Secure Services in the CloudSumo Logic
 

Similar to SureLog Large-scale SIEM Implementation in a Distributed It Security World (20)

SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKES
 
Build cost effective Security Data Lake + SIEM
Build cost effective Security Data Lake + SIEMBuild cost effective Security Data Lake + SIEM
Build cost effective Security Data Lake + SIEM
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docx
 
A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...
 
Optimizing SIEM Performance
Optimizing SIEM PerformanceOptimizing SIEM Performance
Optimizing SIEM Performance
 
Defensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive sDefensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive s
 
Revocation based De-duplication Systems for Improving Reliability in Cloud St...
Revocation based De-duplication Systems for Improving Reliability in Cloud St...Revocation based De-duplication Systems for Improving Reliability in Cloud St...
Revocation based De-duplication Systems for Improving Reliability in Cloud St...
 
Titles with Abstracts_2023-2024_Cloud Computing.pdf
Titles with Abstracts_2023-2024_Cloud Computing.pdfTitles with Abstracts_2023-2024_Cloud Computing.pdf
Titles with Abstracts_2023-2024_Cloud Computing.pdf
 
In-Memory Data Grids: Explained...
In-Memory Data Grids: Explained...In-Memory Data Grids: Explained...
In-Memory Data Grids: Explained...
 
IRJET- Secure Data Deduplication and Auditing for Cloud Data Storage
IRJET- Secure Data Deduplication and Auditing for Cloud Data StorageIRJET- Secure Data Deduplication and Auditing for Cloud Data Storage
IRJET- Secure Data Deduplication and Auditing for Cloud Data Storage
 
ALTR Company Overview 2023
ALTR Company Overview 2023ALTR Company Overview 2023
ALTR Company Overview 2023
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWP
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Effective Information Flow Control as a Service: EIFCaaS
Effective Information Flow Control as a Service: EIFCaaSEffective Information Flow Control as a Service: EIFCaaS
Effective Information Flow Control as a Service: EIFCaaS
 
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
 
The EMC Isilon Scale-Out Data Lake
The EMC Isilon Scale-Out Data LakeThe EMC Isilon Scale-Out Data Lake
The EMC Isilon Scale-Out Data Lake
 
IRJET- Mutual Key Oversight Procedure for Cloud Security and Distribution of ...
IRJET- Mutual Key Oversight Procedure for Cloud Security and Distribution of ...IRJET- Mutual Key Oversight Procedure for Cloud Security and Distribution of ...
IRJET- Mutual Key Oversight Procedure for Cloud Security and Distribution of ...
 
Sqrrl and Accumulo
Sqrrl and AccumuloSqrrl and Accumulo
Sqrrl and Accumulo
 
BR_U_UA8.0
BR_U_UA8.0BR_U_UA8.0
BR_U_UA8.0
 
Building Secure Services in the Cloud
Building Secure Services in the CloudBuilding Secure Services in the Cloud
Building Secure Services in the Cloud
 

More from Ertugrul Akbas

BDDK, SPK, TCMB, Cumhurbaşkanlığı Dijital Dönüşüm Ofisi ve ISO27001 Denetiml...
BDDK, SPK, TCMB, Cumhurbaşkanlığı Dijital Dönüşüm Ofisi ve ISO27001 Denetiml...BDDK, SPK, TCMB, Cumhurbaşkanlığı Dijital Dönüşüm Ofisi ve ISO27001 Denetiml...
BDDK, SPK, TCMB, Cumhurbaşkanlığı Dijital Dönüşüm Ofisi ve ISO27001 Denetiml...Ertugrul Akbas
 
Olay Müdahale İçin Canlı Kayıtların Saklanmasının Önemi
Olay Müdahale İçin Canlı Kayıtların Saklanmasının ÖnemiOlay Müdahale İçin Canlı Kayıtların Saklanmasının Önemi
Olay Müdahale İçin Canlı Kayıtların Saklanmasının ÖnemiErtugrul Akbas
 
SOC ve SIEM Çözümlerinde Korelasyon
SOC ve SIEM Çözümlerinde KorelasyonSOC ve SIEM Çözümlerinde Korelasyon
SOC ve SIEM Çözümlerinde KorelasyonErtugrul Akbas
 
SIEM den Maksimum Fayda Almak
SIEM den Maksimum Fayda AlmakSIEM den Maksimum Fayda Almak
SIEM den Maksimum Fayda AlmakErtugrul Akbas
 
SureLog SIEM Fast Edition Özellikleri ve Fiyatı
SureLog SIEM Fast Edition Özellikleri ve FiyatıSureLog SIEM Fast Edition Özellikleri ve Fiyatı
SureLog SIEM Fast Edition Özellikleri ve FiyatıErtugrul Akbas
 
SureLog SIEM Fast Edition
SureLog SIEM Fast EditionSureLog SIEM Fast Edition
SureLog SIEM Fast EditionErtugrul Akbas
 
SureLog intelligent response
SureLog intelligent responseSureLog intelligent response
SureLog intelligent responseErtugrul Akbas
 
SureLog SIEM Has The Best On-Line Log Retention Time (Hot Storage).
SureLog SIEM Has The Best On-Line Log Retention Time (Hot Storage).SureLog SIEM Has The Best On-Line Log Retention Time (Hot Storage).
SureLog SIEM Has The Best On-Line Log Retention Time (Hot Storage).Ertugrul Akbas
 
Detecting attacks with SureLog SIEM
Detecting attacks with SureLog SIEMDetecting attacks with SureLog SIEM
Detecting attacks with SureLog SIEMErtugrul Akbas
 
SIEM ve KVKK Teknik Tedbirlerinin ANET SureLog SIEM ile uygulanması
SIEM ve KVKK Teknik Tedbirlerinin ANET SureLog SIEM ile uygulanması SIEM ve KVKK Teknik Tedbirlerinin ANET SureLog SIEM ile uygulanması
SIEM ve KVKK Teknik Tedbirlerinin ANET SureLog SIEM ile uygulanması Ertugrul Akbas
 

More from Ertugrul Akbas (20)

BDDK, SPK, TCMB, Cumhurbaşkanlığı Dijital Dönüşüm Ofisi ve ISO27001 Denetiml...
BDDK, SPK, TCMB, Cumhurbaşkanlığı Dijital Dönüşüm Ofisi ve ISO27001 Denetiml...BDDK, SPK, TCMB, Cumhurbaşkanlığı Dijital Dönüşüm Ofisi ve ISO27001 Denetiml...
BDDK, SPK, TCMB, Cumhurbaşkanlığı Dijital Dönüşüm Ofisi ve ISO27001 Denetiml...
 
Olay Müdahale İçin Canlı Kayıtların Saklanmasının Önemi
Olay Müdahale İçin Canlı Kayıtların Saklanmasının ÖnemiOlay Müdahale İçin Canlı Kayıtların Saklanmasının Önemi
Olay Müdahale İçin Canlı Kayıtların Saklanmasının Önemi
 
SOC ve SIEM Çözümlerinde Korelasyon
SOC ve SIEM Çözümlerinde KorelasyonSOC ve SIEM Çözümlerinde Korelasyon
SOC ve SIEM Çözümlerinde Korelasyon
 
SIEM den Maksimum Fayda Almak
SIEM den Maksimum Fayda AlmakSIEM den Maksimum Fayda Almak
SIEM den Maksimum Fayda Almak
 
SureLog SIEM Fast Edition Özellikleri ve Fiyatı
SureLog SIEM Fast Edition Özellikleri ve FiyatıSureLog SIEM Fast Edition Özellikleri ve Fiyatı
SureLog SIEM Fast Edition Özellikleri ve Fiyatı
 
Neden SureLog?
Neden SureLog?Neden SureLog?
Neden SureLog?
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
 
SureLog SIEM Fast Edition
SureLog SIEM Fast EditionSureLog SIEM Fast Edition
SureLog SIEM Fast Edition
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
 
SureLog intelligent response
SureLog intelligent responseSureLog intelligent response
SureLog intelligent response
 
SureLog SIEM Has The Best On-Line Log Retention Time (Hot Storage).
SureLog SIEM Has The Best On-Line Log Retention Time (Hot Storage).SureLog SIEM Has The Best On-Line Log Retention Time (Hot Storage).
SureLog SIEM Has The Best On-Line Log Retention Time (Hot Storage).
 
Detecting attacks with SureLog SIEM
Detecting attacks with SureLog SIEMDetecting attacks with SureLog SIEM
Detecting attacks with SureLog SIEM
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
 
Siem tools
Siem toolsSiem tools
Siem tools
 
KVKK
KVKKKVKK
KVKK
 
SIEM ve KVKK Teknik Tedbirlerinin ANET SureLog SIEM ile uygulanması
SIEM ve KVKK Teknik Tedbirlerinin ANET SureLog SIEM ile uygulanması SIEM ve KVKK Teknik Tedbirlerinin ANET SureLog SIEM ile uygulanması
SIEM ve KVKK Teknik Tedbirlerinin ANET SureLog SIEM ile uygulanması
 

Recently uploaded

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Recently uploaded (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

SureLog Large-scale SIEM Implementation in a Distributed It Security World

  • 1. SureLog Large-scale SIEM Implementation in a Distributed It Security World Dr. Ertuğrul AKBAŞ ertugrul.akbas@anetyazilim.com.tr Today's computer networks produce a huge amount of security log data. The security event correlation scalability has become a major concern for security analysts and IT administrators when considering complex IT infrastructures that need to handle huge amount of security log data. The current correlation capabilities of Security Information and Event Management (SIEM), based on a single node in centralized servers, have proved to be insufficient to process large event streams. Also a network might be highly segmented due to security policies or geographic distribution, mandating specific collection capabilities. Or an organization might be constrained by budget and staffing limitations, requiring an incremental approach to rolling out a deployment. ANET SureLog “Hierarchical Master-Slave Model” manage events in a distributed manner for offloading the processing requirements of the log management system for tasks such as collecting, filtering, normalization, aggregation. This model also is solution for security related issues and incremental approach. The main advantage of “Hierarchical Master-Slave Model” is easily extendable and scalable by adding regional SIEM implementations. This architecture is also good for the big organizations where the log sources are located in multiple data centers and/or regions. This architecture is recommended for global and/or distributed environments where there is a need for high throughputs or customer data are located throughout the world or country. When to consider “Hierarchical Master-Slave Model”?  Measured EPS is bigger than 25,000 events/second (This is NOT a peak rate),  Many separate sites, which are geographically distributed like: US, Europe and Asia; a few datacenters and a few regional offices,  Log source mix is a diverse blend of firewalls, network devices, NIPS, Windows servers, Unix/Linux servers, web proxies, and also web servers and database servers,
  • 2. SureLogslaves collectand normalizeall thedataandsendthemtoSureLogmasterforcorrelation.Also master SureLog centralize normalized logs for Log archival and incident investigations. Slave Functions  Log collection  Log filtering before normalization  Normalization  Correlation filtering. Filtering unnecessary events for correlation  Sending logs for correlation, logarchival and incident investigations to master  Short term storage SureLogSlave advantage includesthatitisnot justa collector buta logmanager. Master Functions  Correlation  Log archival  Incident investigations.  Long term storage Cutting-edge Security Information and Event Management (SIEM) Technology The automated correlation engine in master SureLog process vast quantities of data about an enormous number of events. They also enable analysts to find patterns and to filter, clean, and analyze all that data. Taxonomy of data is at the center of SIEM correlation system. Slave SureLog instances automatically catalogs information by using signatures. Users can further create TAGS of information based upon simple or complex match patterns. Data is cataloged
  • 3. (TAGS) based upon specifications consisting of simple keywords, wildcards and regular expressions, logical expressions of wildcards, definitions of regular expressions. This provides a complete flexibility in managing and grouping message data, while still maintaining high data throughputs. Role-Based Access One of the most challenging problems in managing distributed SIEM implementations is the complexity of security administration. Since the roles in an organization are relatively stable, with minimal user turnover and task reassignment, role-based access (RBAC) provides a powerful mechanism for reducing the complexity, cost, and potential for error involved in assigning user permissions within the organization. By using RBAC, a user is limited to a data subset (According to SRC IP, DST IP, Log Source, Username etc..) or SureLog module subset. Limiting by data subset allows the system administrator to create flexible roles that allow users to see only parts of stored data. For instance, roles can be configured so that mail administrators see only mail server data, web administrators see only web server data, etc.