Active Insight for SIEM (Security Information and Event Management)

1,572 views

Published on

ActiveInsight provides real-time, value-based detection and reaction to event patterns and behavior. In this presentation we discuss how ActiveInsight helps SIEM deployments detect and react to critical application level data and events. For more information see http://www.activeinsight.net

Published in: Technology, Travel, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,572
On SlideShare
0
From Embeds
0
Number of Embeds
54
Actions
Shares
0
Downloads
28
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Active Insight for SIEM (Security Information and Event Management)

  1. 2. Real-time Detection and Reaction to User Behavior ActiveInsight for SIEM ACTIVE INSIGHT
  2. 3. Background <ul><li>Successful SIEM deployments have been collecting data and events from infrastructure and security devices </li></ul>
  3. 4. Background <ul><li>Various regulations and business needs require application-level event collection , audit trail and correlation (FISMA, HIPPA, PCI, 357/257, etc.) </li></ul>
  4. 5. Background <ul><li>The business application tier is where actual business events occur and where damage can be done </li></ul><ul><li>“ Application layer monitoring for fraud detection or internal threat management is emerging as a new use case for SIEM technology ” </li></ul><ul><li>Gartner Magic Quadrant for Security Information and Event Management, 2008. </li></ul>
  5. 6. The Business Need <ul><li>Application level audit trail </li></ul><ul><li>Detailed user-session-application level data </li></ul><ul><li>Real-time visibility of user behavior and application events </li></ul><ul><li>Real-time, value-based, event detection and reaction </li></ul><ul><li>“ Zero-touch” application event detection (no code modifications or complex log configuration and management) </li></ul><ul><li>“ Zero-impact” on application performance and user experience </li></ul><ul><li>Quick deployment </li></ul>
  6. 7. ACTIVE INSIGHT External Users System Mgmt Risk Mgmt SIEM Fraud Detection Internal Users Device API ACTIVE INSIGHT Detect React
  7. 8. ActiveInsight Unique Value Proposition <ul><li>Deeper, richer user-application level data </li></ul><ul><li>Non-intrusive, event driven architecture </li></ul><ul><li>Zero-touch, zero-impact deployment </li></ul><ul><li>Real-time visibility and reactions </li></ul><ul><li>Minimized integration efforts </li></ul><ul><li>Multiple feeders for various risk mgmt applications </li></ul><ul><li>Computational, I/O and log management off-loading </li></ul>
  8. 9. Main Technological Challenges <ul><li>Detecting relevant user-application events, in real-time , without harming application performance and availability </li></ul><ul><li>Reacting to relevant events by feeding SIEM or other security/risk management applications or initiating defensive actions </li></ul><ul><li>Offloading application servers and provide a central log source bus </li></ul><ul><li>Providing a simple , flexible and non-intrusive solution that can be deployed without requiring application code changes </li></ul>
  9. 10. Technology <ul><li>Distributed, high-performance, extreme transaction processing technology </li></ul><ul><li>Integrated in-memory distributed data caching </li></ul><ul><li>Unlimited server scale-out (scalable by design) </li></ul><ul><li>A-sync or sync (w/o time-out) processing </li></ul><ul><li>Low latency computational de-coupling </li></ul><ul><li>Unique and simple, xml based, “behavioral processing language” </li></ul><ul><li>Asynchronous, multi target feeders </li></ul><ul><li>Real-time, pattern based, 2-way user interaction </li></ul>
  10. 11. Summary
  11. 12. Q&A Thank you! http://www. activeinsight .net

×