SIEM - Your Complete IT Security Arsenal


Published on

Security information and event management (SIEM) solutions have entered the market to provide security intelligence and automate managing terabytes of log data for IT security. SIEM solutions monitor network systems, devices, and applications in real time, providing security intelligence for IT professionals to mitigate threats, correlate events, identify the root cause of security incidents, and meet compliance requirements.

Most organizations think that SIEM solutions have a steep learning curve and are expensive, complex, and hard to deploy. This claim may be true about many SIEM vendors. However, the right SIEM solution is one that can be easily deployed, is cost-effective, and meets all your IT security needs with a single tool.

ManageEngine's SIEM Expert, Joel Fernandes will discuss on 8 things every IT manager should know about choosing an SIEM Solution.

You'll learn how to:

Choose an SIEM solution
Monitor user activity to curb insider threat
Proactively mitigate sophisticated cyber-attacks
Meet IT Compliance Requirements

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Source:
  • SIEM - Your Complete IT Security Arsenal

    1. 1. SIEM Your Complete IT Security Arsenal 8 Things You Should Know About Choosing an SIEM Solution Joel Fernandes Sr. Product Marketing Analyst SIEM Solutions ManageEngine Speaker
    2. 2. Webinar “Housekeeping” Tips • Use the “question” box in the lower right corner to submit your questions • Questions will be answered during the Q&A session at the end of the webinar • We will do our best to answer as many questions as possible in the allotted time • This webinar is getting recorded and will be shared to you via email
    3. 3. Agenda • About ManageEngine • Log management challenges • What is SIEM? • Why is SIEM necessary? • 2012 Data Breach Analysis • Typical working of an SIEM solution • 8 critical things you should know about choosing an SIEM solution • Business benefits of SIEM solutions • ManageEngine SIEM product offering – Overview • Quick Demo - ManageEngine SIEM product offering • Conclusion • Q&A
    4. 4. About ManageEngine – IT Management Software division of Zoho Corporation – Established in 2002 – ManageEngine covers the complete gamut of IT solutions • 21 Products | 20 Free tools | 2 SAAS offerings – Trusted by over 72,000 customers across 200+ countries – 3 out of every 5 Fortune 500 companies are ManageEngine customers
    5. 5. Log Management Challenges • Analyzing Logs for Relevant Security Intelligence • Centralizing Log Collection • Meeting IT Compliance Requirements • Conducting Effective Root Cause Analysis • Making Log Data More Meaningful • Tracking Suspicious User Behavior
    6. 6. What is SIEM? • The term „SIEM‟ was coined by Mark Nicolett and Amrit Williams (Gartner Analysts) in 2005 • In simple words, SIEM is a combination of two different types of technologies: – SIM (Security Information Management) that focuses on log collection and report generation – SEM (Security Event Manager) that analyzes events in real-time using event correlation and alerting mechanism • SIEM technology provides network security intelligence and real-time monitoring for network devices, systems, and applications
    7. 7. Typical Working of an SIEM Solution
    8. 8. Why is SIEM necessary?  Rise in data breaches due to internal and external threats  Attackers are smart and traditional security tools just don‟t suffice  Mitigate sophisticated cyber-attacks  Manage increasing volumes of logs from multiple sources  Meet stringent compliance requirements Biggest Data Breaches in 2013 Source:
    9. 9. 2012 Data Breach Analysis Source: Verizon 2013 Data Breach Investigations Report Threat categories over timeVictims
    10. 10. 8 Things You Should Know About Choosing an SIEM Solution
    11. 11. #1. Log Collection • Universal Log Collection to collect logs from heterogeneous sources (Windows systems, Unix/Linux systems, applications, databases, routers, switches, and other devices) • Log collection method - agent-based or agentless – Both Recommended • Centralized log collection • Events Per Second (EPS) – Rate at which your IT infrastructure sends events. – If not calculated properly the SIEM solution will start dropping events before they are stored in the database leading to incorrect reports, search results, alerts, and correlation.
    12. 12. #2. User Activity Monitoring • SIEM solutions should have Out-of-the-box user activity monitoring, Privileged user monitoring and audit (PUMA) reporting feature • Ensure that the SIEM solution gives the ‘Complete audit trail’ – Know which user performed the action, what was the result of the action, on what server it happened, and user workstation/device from where the action was triggered.
    13. 13. #3. Real Time Event Correlation • Real-time event correlation is all about proactively dealing with threats • Correlation boosts network security by processing millions of events simultaneously to detect anomalous events on the network • Correlation can be based on log search, rules and alerts – Predefined rules and alerts are not sufficient. Custom rule and alert builder is a must for every SIEM solution. – Ensure that the process of correlating events is easy.
    14. 14. #4. Log Retention • SIEM solutions should automatically archive all log data from systems, devices & applications to a „centralized’ repository • Ensure that the SIEM solution has ‘Tamper Proof’ feature which „encrypts’ and „time stamps’ them for compliance and forensics purposes • Ease of retrieving and analyzing archived log data
    15. 15. #5. IT Compliance Reports • IT compliance is the core of every SIEM solution • Ensure that the SIEM solution has out- of-the-box regulatory compliance reports such as PCI DSS, FISMA, GLBA, SOX, HIPAA, etc. • SIEM solutions should also have the capability to customize and build new compliance reports to comply with future regulatory acts
    16. 16. #6. File Integrity Monitoring • File integrity monitoring helps security professionals in monitoring business critical files and folders. • Ensure that the SIEM solution tracks and reports on all changes happening such as when files and folders are created, accessed, viewed, deleted, modified, renamed and much more. • The SIEM solution should also send real- time alerts when unauthorized users access critical files and folders
    17. 17. #7. Log Forensics • SIEM solutions should allow users to track down a intruder or the event activity using log search capability • The log search capability should be very intuitive and user-friendly, allowing IT administrators to search through the raw log data quickly
    18. 18. #8. Dashboards • Dashboards drive SIEM solutions and help IT administrators take timely action and make the right decisions during network anomalies. • Security data must be presented in a very intuitive and user-friendly manner. • The dashboard must be fully customizable so that IT administrators can configure the security information they wish to see.
    19. 19. 8 Critical Things – At a glance
    20. 20. Business Benefits of SIEM Solutions • Real-time Monitoring – For operational efficiency and IT security purposes • Cost Saving • Compliance • Reporting • Rapid ROI
    21. 21. ManageEngine‟s SIEM Offering – Easy of deploy – Cost-effective – Customizable dashboard with drag and drop widgets – Uses both Agent and Agentless log collection mechanism
    22. 22. Universal Log Collection – Supports heterogeneous log sources – Universal log collection capability helps index any type of log regardless of the format and source – Allows you to index log data and generate reports for custom in- house/proprietary applications
    23. 23. Real Time Event Correlation and Log Forensics – Correlation using Search: Correlate events using log search with Wild- cards, Phrases and Boolean operators – Correlation using Alerts: Correlate events using custom and predefined alerts to mitigate threats in real-time – Notifications are send in real-time via Email and SMS – Conduct root cause analysis by diving into raw logs and generate forensic reports in minutes!
    24. 24. 5,000+ customers across 110+ countries
    25. 25. Get your 30 Day Free Trial Now!
    26. 26. Quick Glance
    27. 27. Conclusion • A SIEM solution can provide enormous security benefits to the company by protecting the network with real-time log analysis. • Most organizations think that SIEM solutions have a steep learning curve and are expensive, complex, and hard to deploy. • This claim may be true about many SIEM vendors. However, the right SIEM solution is one that can be easily deployed, is cost-effective, and meets all your IT security needs with a single tool.
    28. 28. Q&A