Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Security Information and Event Management (SIEM)

851 views

Published on

Leo TechnoSoft SIEM products help's every enterprise with all security threats. Security information and event management software provides real-time visibility.

Published in: Software
  • Be the first to comment

  • Be the first to like this

Security Information and Event Management (SIEM)

  1. 1. SIEM Introduction:  SIEM combines SIM (Security Information Management) & SEM ( Security event management) functions into one security management system.  Security Information and Event Management (SIEM), is a technology that provides real-time analysis of security alerts generated by network hardware and applications.  Available as software, appliances or managed service, SIEM monitoring is also used to log security data and generate reports for compliance purposes.  SIEM carries out thorough analysis and continuous monitoring of all ongoing events. Hence, SIEM monitoring is necessary because it can be an automated tool to help an enterprise find patterns, filter, clean and analyze all the data that forms the context of a cyber attack.  Continuous monitoring from SIEM includes all devices, servers, applications, users and infrastructure components.
  2. 2. Features  Intrusion detection  7/24/365 monitoring  Forensic analysis  Vulnerability & risk reporting  Network host & policy auditing  Anomalous activity alerts  Rule-based correlation  Security Threat and incident reporting
  3. 3. Detection IDS/IPS WIDS HIDS File Integrity Prevention Vulnerability Assessment Threat Assessment Awareness Identity Inventory Resources SIEM Incident Management Risk Intelligence Storage Security Context Management
  4. 4. Use Cases with SIEM  Inbound/outbound suspicious activities  Event correlation for advanced threats  DDOS attacks  Unauthorised remote access  Critical service monitoring  Malware monitoring  IP Reputations  Risk & Compliance  Security Threats analysis
  5. 5. Cloud Access SIEM Advantages over Competitors Cloud Acces SIEM offers several services , as compared to most of the SIEM service provider companies.  Cloud Access SIEM has all inclusive modules , IBM Qradar doesn’t.  CloudAccess has a single pane of glass with many built-in tools. HP requires third party products with additional acquisition and integration costs  Integrated set of products  Cloud access SIEM can be deployed in one day, custom connectors requires few days  Cloud access is designed for multi-tenancy in cloud and can be deployed on premise  As compared to IBM , CloudAcess SIEM has a cost effective supscription and/or perpetual virtual model  Cloud Access requires a small footprint to support all features , whereas IBM and HP Arcsightrequires multiple servers and nodes to achieve the same feature set. Cloud access SIEM requires fewer nodes and fewer resources per node to achieve the same
  6. 6. CloudAccess SIEM  Cloud Access has all integrated modules  Cloud access SIEM has integrated behavioral analytics , with users network and applications  CloudAccess SIEM is Easily Customizable  Integrated Ticketing and Alarms ; tracking Tickets and alarms for actions IBM Qradar & HP ArcSight  IBM Qradar and HP ArcSight uses third party like Hadoop  IBM Qradar and HP ArcSight provide it only with networks  BM Qradar and ArcSight customization is known to be complex  IBM Qradar and HP ArcSight don’t provide integrated ticketing and alarm
  7. 7. Cloud Access SIEM  Cloud Access SIEM provide Integrated Vulnerability scanning.  Multiple Dashboards are included to enhance at a glance view.  CloudAccess has full support for both hardware and virtualized deployments.  CloudAccess SIEM has cost effective subscription and/or perpetual license models.  CA requires a small footprint to support all features, RSA SA SIEM  RSA SA include integrated vulnerability scanning.  Does not inclued Built- In Dashboard.  RSA SA has only limited for some features, the rest require hardware.  RSA SA has high upfront costs and hardware purchase requirements  SA may requires multiple servers or nodes to achieve the same feature set
  8. 8. Recognized by Forrester as the emerging company in SECM market AKA Identity Analytics and Intelligence 10 Awards
  9. 9. Case Study : Financial : Keesler FCU
  10. 10. Background Business objectives CASE STUDY: Largest Car Manufacturer Challenges Solution Results • Head office in New Delhi,15 Regional Offices in all over India. • 12,900 users • Actively uses more than 200 applications • 1950 sale points across 1590 cities • 3254 service points across 1540 cities • Requires ISO27001 compliance • US $8.7 billion in annual(2016) revenue • Total onboarded devices 400+ • Institute real time protection 24/7 • Reduce costs, improve operations • Ensure compliance; audit reports on demand • Integration of multiple systems, apps • Protect Brand • No visibility across network • No Forensic Analysis • Easy-to-use single interface • Incident Detection and Incident Response • Incident Tracking and Process to record incidents • Loss of Reputation • Asset discovery • Vulnerability assessment • Behaviural monitoring • SIEM & Log Integrated • Long Term data storage • Continuous 24x7 Monitoring • Safeguard against unallowed patterns of behavior • Configure and integrate with other security solutions like existing Firewall & DLPs to deliver better security • Complete real-time visibility on network • Simplified admin with centralized dashboard • Implementation of Business Use • Incident Detection • Forensic Analysis • Reduced help desk costs by >50% • Achieved compliance and audit readiness (costs reduced by 70%) • Significant reduction in admin costs • Reallocated headcount to higher value tasks
  11. 11. Background Business objectives CASE STUDY: India's leading NBFCs Challenges Solution Results • Non-banking financial company registered with the Reserve Bank of India • Total Number of employees:8000 • 250+ regional branches across 22 states in India, 5+ Lakh customer • Requires HIPAA, HITRUST compliance • Reliant on specialized Financial apps • Total onboarded devices 200+ • Institute real time protection 24/7 • Reduce costs, improve operations • Ensure compliance; audit reports on demand • Integration of multiple systems, apps • No visibility across network • No Forensic Analysis • Easy-to-use single interface • Incident Detection and Incident Response • Incident Tracking and Process to record incidents • Audit requirements on Monthly basis • Asset discovery • Vulnerability assessment • Behavioural monitoring • SIEM & Log Integration • Long Term data storage • 24x7 Monitoring to deliver alerts and alarms in real time • Discussing Privilege Account Security Integration • Minimal Impact on Infrastructure • All operations outsourced with no requirement for additional resources for security and compliance • Complete real-time visibility on network • Simplified admin with centralized dashboard • Implementation of Business Use • Incident Detection • Forensic Analysis • Reduced help desk costs by >50% • Achieved compliance and audit readiness (costs reduced by 70%) • Significant reduction in admin costs • Reallocated headcount to higher value tasks
  12. 12. CloudAccess SIEM Integrated but Modular Cost Effective Unique Features – out of the box Active Sensor Virtualisation enables for VMWare & Hyper-V Multi-Tenancy Choose your implementation Mode Ease of Deployment & Configuration Integrated with IAM/IDM
  13. 13. There are many SIEM and Log Management products (both cloud based and on premise) available for companies wishing to step up and improve their security posture. They range in feature sets, deployment complexity, integration ability and affordability... HOWEVER… CloudAccess SIEM / Log: A cut above CHOOSING SIEM There are many SIEM and security products (cloud based and on premise) available for companies to improve their security posture. They range in feature sets, deployment complexity, integration ability and affordability... HOWEVER…
  14. 14. You need a technology solution that “evens the odds” against the exponential threat landscape. One that... • Is proactive, not just reactive • Analyzes behavior patterns and responds • Centrally manages all silos of security data • Is flexible to work like you do...in the cloud or on premise • Offers a rich set of automated features AND • Doesn't cost a kings ransom! CloudAccess solutions do just that… CHOOSING SIEM CloudAccess SIEM / Log: A cut above You need a technology solution that “evens the odds” against the exponential threat landscape. One that... • Is proactive, not just reactive • Analyzes behavior patterns and responds • Centrally manages all silos of security data • Is flexible to work like you do...in the cloud or on premise • Offers a rich set of automated features AND • Doesn't cost a kings ransom! CloudAccess solutions do just that…
  15. 15. INTEGRATED BUT MODULAR CloudAccess SIEM
  16. 16. SIEM and Log Management are two different solutions. One manages the collection of raw data for later review, the other parses out the data, correlates and scores potential anomalies and provides security focused reporting. Despite the advantage, many companies don't use both solutions together because of the complexity to integrate, the cost of multiple solutions and the need for headcount to manage and maintain. CloudAccess SIEM and Log provides you a single integrated solution. One license, one low price. If you already have a SIEM or Log solution we can deploy the missing piece as a modular add-on that will easily integrate with your existing solution. INTEGRATED BUT MODULAR CloudAccess SIEM / Log: A cut above SIEM and Log Management are two different solutions. One manages the collection of raw data for later review, the other parses out the data, correlates and scores potential anomalies and provides security focused reporting. Despite the advantage, many companies don't use both solutions together because of the complexity to integrate, the cost of multiple solutions and the need for headcount to manage and maintain. CloudAccess SIEM and Log provides you a single integrated solution. One license, one low price. If you already have a SIEM or Log solution we can deploy the missing piece as a modular add-on that will easily integrate with your existing solution.
  17. 17. CloudAccess SIEM COST EFFECTIVE
  18. 18. The higher the cost of a product, the more time it takes to realize a return on investment. In addition there are the cost considerations related to compliance, potential breaches and your reputation which also factor into an ROI. Security-as-a-Service creates a proactive advantage without sacrificing resources. As a single integrated solution, there is one price...and it is considerably lower than most alternatives....plus the value of other included features. he cost of a product, the more time it takes to realize a return on investment. In addition there are the cost considerations related to compliance, potential breaches and your reputation which also factor into an ROI. . Typically when choosing a SIEM and/or Log Management product, you are making two purchases with two SLAs, and managing the environment yourself.CloudAccess SIEM / Log: A cut above COST EFFECTIVE
  19. 19. UNIQUE FEATURES INCLUDED AND INTEGRATED ON THE PLATFORM CloudAccess SIEM
  20. 20. CloudAccess includes the following assets that no other solution provides out of the box capabilities and integrates into its unique platform: • IT Asset Discovery and Management • 24/7 security monitoring by CloudAccess added • Vulnerability Scan • NetFlow • IPS/IDS/HIDS CloudAccess SIEM / Log: A cut above UNIQUE FEATURES INCLUDED AND INTEGRATED ON THE PLATFORM
  21. 21. ACTIVE SENSOR MODEL CloudAccess SIEM
  22. 22. Sensors placed on devices typically collect a great deal of information. However, most sensors deployed by a SIEM solution are based on initiatives that are passive; meaning they collect the data and pass it along. CloudAccess deploys a proprietary Active Sensor which collects the necessary data, and runs multiple relevant services on that data. This creates the basis of proactive threat intelligence. Some of the services include intrusion protection/detection, vulnerability scans and several others. And, the footprint on a device is not that much larger than a passive sensor. ion. However, most sensors deployed by a SIEM or Log solution are based on initiatives that are passive; meaning they collect the data and pass it along. CloudAccess deploys a proprietary Active Sensor which collects the necessary data, and runs multiple relevant services on that data. This creates the basis of proactive threat intelligence. Some of the services include intrusion protection/detection, vulnerability scans and several others. And, the footprint on a device is ACTIVE SENSOR MODEL CloudAccess SIEM / Log: A cut above
  23. 23. VIRTUALIZATION SUPPORT FOR VMWARE & HYPER-V CloudAccess SIEM
  24. 24. The modern enterprise is no longer constrained by large on-premise servers. In fact, most corporations use virtual servers to host a variety of data and applications. However, most SIEM solutions have difficulty supporting virtual servers. CloudAccess consistently supports VMWare, Hyper-V and other virtual hosts. This means our sensors have been successfully installed and tested on these virtual environments. VIRTUALIZATION SUPPORT FOR VMWARE & HYPER-V CloudAccess SIEM / Log: A cut above
  25. 25. MULTI-TENANT ARCHITECTURE CloudAccess SIEM
  26. 26. The cloud business-model (Multi-tenant SaaS) architectures are becoming more and more prevalent across enterprises. In a multi-tenant environment, all clients and their users consume the service from the same technology platform, sharing all components in the technology stack. There are proven benefits including cost affordability, performance, upgrades and scalability that make this attractive. CloudAccess was specially developed as a multi- tenant solution. Its proven track record of success, provides an effective security solution that is sustainable, measurable, cost-effective, securely delivered and managed from the cloud. MULTI-TENANT ARCHITECTURE CloudAccess SIEM / Log: A cut above
  27. 27. CHOOSE YOUR MODEL CloudAccess SIEM
  28. 28. Current SIEM solutions are typically offered in two forms, as an appliance or as a software solution. However, for most enterprise environments, one size does not fit all. You need the flexibility to mix and match form factors based on your organization’s requirements and enterprise logistics. CloudAccess solutions can be deployed in and from the cloud, on premise or a hybrid approach. This gives you the adaptability to deploy and manage based on your specific situation and needs. CHOOSE YOUR MODEL CloudAccess SIEM / Log: A cut above
  29. 29. One of the most costly and complex aspects of a security initiative is the deployment and configuration. For many, this is why enterprise software investments never get out of Phase 1 and never reach the envisioned potential. CloudAccess is typically added to deploy its solutions in a single day. It's proprietary controls also make configuration and fine tuning quick and simple. Customers are able to see results immediately. CloudAccess SIEM / Log: A cut above EASE OF DEPLOYMENT AND CONFIGURATION
  30. 30. One of the key vulnerabilities with enterprise security deployments is that most of the security components run in parallel. Each does their job well, but do not easily share information to expand visibility and provide better context. Identity Management and Access Management solutions (IAM) are powerful tools which provide significant data, but aren't naturally integrated into a central repository of information . Our solution seamlessly integrates with your IAM solutions. We incorporate the data to see anomalies that would otherwise fall through the cracks. We also provide an integrated IAM point solution. CloudAccess SIEM / Log: A cut above INTEGRATION WITH IDENTITY AND ACCESS MANAGEMENT

×