EventLog Analyzer - Product overview


Published on

A quick overview of MangeEngine EventLog Analyzer, the most cost-effective Log Management, Compliance Reporting software for Security Information and Event Management (SIEM). Using this Log Analyzer software, organizations can automate the entire process of managing terabytes of machine generated logs by collecting, analyzing, searching, reporting, and archiving from one central location. This event log analyzer software helps to mitigate security threats, archive data for conducting log forensics analysis, root cause analysis & more at http://www.manageengine.com/products/eventlog/

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Sources:

  • EventLog Analyzer - Product overview

    1. 1. Click to edit Master title style Log Management and Compliance Reporting for SIEM
    2. 2. 2 About ManageEngine EventLog Analyzer – An Intro Why EventLog Analyzer (ELA)? The problems it solves  Few use cases Product Uniqueness Customer Speaks Summary AGENDA
    3. 3. 3  ManageEngine  IT Management Software division of Zoho Corporation  Established in 2002  ManageEngine covers the complete gamut of IT solutions  21 Products | 20 Free tools | 2 SAAS offerings  Trusted by over 72,000 customers across 200+ countries  3 out of every 5 Fortune 500 companies are ManageEngine customers Introduction
    4. 4. 4 Introduction – ManageEngine IT Security solutions • EventLog Analyzer – Log Management and Compliance Reporting for SIEM • AD Audit Plus – AD Auditing and Reporting • Security Manager Plus – Vulnerability assessment and patching • Firewall Analyzer – Periphery Devices Management • DeviceExpert – Network Configuration & Security Management • Password Manager Pro – Identity access and Password Management • Desktop Central – Desktop and Mobile Device Management Servers and Applications Security Mgmt. Periphery devices, Network Devices Mgmt. Password Management Desktop and Mobile Management
    5. 5. 5  Information Security threats are increasing both in sophistication and frequency across the world.  Protecting data against internal and external security threats has become essential. Why need a SIEM solution? Source: Infosecurity-magazine.com, Mcafee.com & Foxbusiness.com
    6. 6. 6  Centralizing Logs across IT sources helps  Audit IT performance and security  Safeguard your network from security breaches  Achieve operational efficiency  Conduct forensic analysis/ root cause analysis  Stay compliant with statutory requirements Why need a Log Management & SIEM solution? Auditing is an integral part of IT security
    7. 7. 7 EventLog Analyzer – An Intro Log Management & Compliance Reporting software for SIEM Collect data form log sources Correlates Events Alerts Security incidents Generates IT security & compliance reports Archive Logs for Forensic Analysis
    8. 8. 8 Supported Log Sources • Servers (Physical/ Virtual)– Microsoft Windows, VMware ESX/ ESXi, Linux, HP US, IBM AIX, Solaris & Any Unix flavor host • Network Sources – Routers, Switches, Firewalls & Any Syslog sources • Applications – MS SQL, IIS (FTP, File Server), Print Server, MS Exchange, Java, Apache, .Net, Oracle, MySQL & other human readable formats (ULPI*) Out-of-the-box Compliance Reports • PCI DSS, FISMA, HIPAA, SOX, GLBA – Ability to customize reports as you need • Create new compliance reports – Viz. ISO 27001, NERC-CIP& more Real-time Event correlation • 50+ out-of-the-box correlation rules • Real-time alerts and reports to proactively manage threats • Customize rules to meet internal security policies • Better insights to security incidents with Intuitive Dashboards File Integrity Monitoring • Know what was accessed/created/modified, who accessed/created/modified when, was it accessed/created/modified & more… Log Archival & Security • Encryption & Time Stamping – Tamper-proof archival, AES encryption • User Authentication – Active Directory and RADIUS EventLog Analyzer – An Intro
    9. 9. 9  The IT office  Grants permission to IT assets and services for employees, consultants and contractors.  Inadvertently few new administrators created users with administrator privileges.  Result  Few tech savvy consultants started misusing the privileges to access critical government documents, which wasn’t under their purview.  The espionage was caught by real-time security alerts  Privilege User Access | New user creation| Object access | Audit policy changes | Audit logs cleared The problem ELA solves – Audit: Use case 1 A government organization 2700+ employees statewide Real-time alerts – Internal Security Threat
    10. 10. 10  The IT office  One of the drive connected to Exchange server was likely to be affected by a RAID failure and kept logging the event at ‘System’ entries.  Impact of Failure  If these log entries were left unnoticed for few more days, all the RAID would get affected due to excessive workload.  Email service would have been down for 2 days at least, since the vendor shipment has to reach the datacenter.  Real-time security alerts/ remediation  EventLog Analyzer alerted the administrator about the likely failure of RAID. IT team placed an order with Vendor for RAID replacement, which took 2 days for shipping.  Temporary load balancing was arranged for mail server.  Decision to upgrade the physical hardware of their MS Exchange server was made immediately and necessary PO were processed. The problem ELA solves – Audit: Use case 2 A Leading real-estate service co. 23,000+ employees worldwide Prevention – Aiding IT Operations
    11. 11. 11  The IT office  Had their corporate blogs hosted in Amazon Web Server, running WordPress installation.  No security monitoring was done, except regular content back-up.  Result  A professional hacker used the default admin user name and hacked into the blogs after 300+ login attempts in 3 days span and added all spam contents as comments.  After implementing ManageEngine solution  Configured log-in failures notification along with the user name.  Configured to run-a-script in the event of such security incidents to block the user name and mail the admin after 3 consecutive login failure attempts. The problem ELA solves – Audit: Use case 3 An online media company 300+ employees Alert & Prevention – External Security Threat
    12. 12. 12  Universal Log Parsing and Indexing.  Processes any human readable log formats, generate patterns for indexing, alerting and reporting  Import logs automatically on specified time intervals or on demand. EventLog Analyzer – Uniqueness
    13. 13. 13  Powerful Search  Helps conduct root cause analysis and generate forensic reports in minutes.  Tag complex search queries for quick reference  Search using Wild-cards, Phrases and Boolean operators EventLog Analyzer – Uniqueness
    14. 14. 14  Real-time security alerts  Generates alerts when suspicious activities occur on the network  Exclusive reports for Privileged User access information.  Notifications are send in real- time via Email and SMS EventLog Analyzer – Uniqueness
    15. 15. 15  Secure log archiving  Archive for custom period  Tamper-proof data storage with encryption and time stamping  Load archived data to the product at anytime to generate compliance reports, conduct forensic analysis and audit. EventLog Analyzer – Uniqueness
    16. 16. 16  Easy to use and affordable  Intuitive GUI  Easy of deploy & maintenance  Lesser datacenter footprints  Affordable – 100 Hosts premium edition cost $3195 annual (Pricing starts at $795 for 25 hosts). EventLog Analyzer – Uniqueness
    17. 17. 17 5,000+ customers across 110+ countries
    18. 18. 18  EventLog Analyzer (ELA) is a comprehensive log management and compliance reporting software for SIEM.  ELA helps  Safeguard your network from security breaches with real-time alerts  Achieve operational efficiency by collecting and centralizing log data across IT resources  Conduct forensic analysis, root cause analysis & helps generate IT audit reports  Stay compliant with statutory requirements out-of-the box for PCI DSS, FISMA, HIPAA, SOX, GLBA & more…  Easy to deploy, use and maintain  Affordable  A part of ManageEngine’s IT management solutions. Summary
    19. 19. 19 Thank you Support: eventlog-support@manageengine.com Sales: sales@manageengine.com