A quick overview of MangeEngine EventLog Analyzer, the most cost-effective Log Management, Compliance Reporting software for Security Information and Event Management (SIEM). Using this Log Analyzer software, organizations can automate the entire process of managing terabytes of machine generated logs by collecting, analyzing, searching, reporting, and archiving from one central location. This event log analyzer software helps to mitigate security threats, archive data for conducting log forensics analysis, root cause analysis & more at http://www.manageengine.com/products/eventlog/
Injustice - Developers Among Us (SciFiDevCon 2024)
Log Management and Compliance Reporting Software
1. Click to edit Master title style
Log Management and
Compliance Reporting for SIEM
2. 2
About ManageEngine
EventLog Analyzer – An Intro
Why EventLog Analyzer (ELA)?
The problems it solves
Few use cases
Product Uniqueness
Customer Speaks
Summary
AGENDA
3. 3
ManageEngine
IT Management Software division of Zoho
Corporation
Established in 2002
ManageEngine covers the complete gamut
of IT solutions
21 Products | 20 Free tools | 2 SAAS offerings
Trusted by over 72,000 customers across
200+ countries
3 out of every 5 Fortune 500 companies
are ManageEngine customers
Introduction
4. 4
Introduction – ManageEngine IT Security solutions
• EventLog Analyzer – Log Management and
Compliance Reporting for SIEM
• AD Audit Plus – AD Auditing and Reporting
• Security Manager Plus – Vulnerability
assessment and patching
• Firewall Analyzer – Periphery Devices
Management
• DeviceExpert – Network Configuration &
Security Management
• Password Manager Pro – Identity access
and Password Management
• Desktop Central – Desktop and Mobile
Device Management
Servers and Applications Security Mgmt. Periphery devices, Network Devices Mgmt.
Password Management
Desktop and Mobile Management
5. 5
Information Security threats are increasing both in sophistication and frequency
across the world.
Protecting data against internal and external security threats has become essential.
Why need a SIEM solution?
Source: Infosecurity-magazine.com, Mcafee.com & Foxbusiness.com
6. 6
Centralizing Logs across IT sources
helps
Audit IT performance and security
Safeguard your network from security
breaches
Achieve operational efficiency
Conduct forensic analysis/ root cause
analysis
Stay compliant with statutory
requirements
Why need a Log Management & SIEM solution?
Auditing is an integral
part of IT security
7. 7
EventLog Analyzer – An Intro
Log Management & Compliance Reporting software for SIEM
Collect data form
log sources
Correlates Events
Alerts Security
incidents
Generates IT
security &
compliance reports
Archive Logs for
Forensic Analysis
8. 8
Supported Log Sources
• Servers (Physical/ Virtual)– Microsoft Windows, VMware
ESX/ ESXi, Linux, HP US, IBM AIX, Solaris & Any Unix flavor
host
• Network Sources – Routers, Switches, Firewalls & Any Syslog
sources
• Applications – MS SQL, IIS (FTP, File Server), Print Server, MS
Exchange, Java, Apache, .Net, Oracle, MySQL & other human
readable formats (ULPI*)
Out-of-the-box Compliance Reports
• PCI DSS, FISMA, HIPAA, SOX, GLBA – Ability to
customize reports as you need
• Create new compliance reports – Viz. ISO 27001,
NERC-CIP& more
Real-time Event correlation
• 50+ out-of-the-box correlation rules
• Real-time alerts and reports to
proactively manage threats
• Customize rules to meet internal
security policies
• Better insights to security incidents
with Intuitive Dashboards
File Integrity Monitoring
• Know what was
accessed/created/modified, who
accessed/created/modified when,
was it accessed/created/modified &
more…
Log Archival & Security
• Encryption & Time Stamping –
Tamper-proof archival, AES
encryption
• User Authentication – Active
Directory and RADIUS
EventLog Analyzer – An Intro
9. 9
The IT office
Grants permission to IT assets and services for
employees, consultants and contractors.
Inadvertently few new administrators created users
with administrator privileges.
Result
Few tech savvy consultants started misusing the
privileges to access critical government documents,
which wasn’t under their purview.
The espionage was caught by real-time
security alerts
Privilege User Access | New user creation| Object
access | Audit policy changes | Audit logs cleared
The problem ELA solves – Audit: Use case 1
A government organization
2700+ employees statewide
Real-time alerts – Internal Security Threat
10. 10
The IT office
One of the drive connected to Exchange server was likely to be
affected by a RAID failure and kept logging the event at ‘System’
entries.
Impact of Failure
If these log entries were left unnoticed for few more days, all the
RAID would get affected due to excessive workload.
Email service would have been down for 2 days at least, since the
vendor shipment has to reach the datacenter.
Real-time security alerts/ remediation
EventLog Analyzer alerted the administrator about the likely failure
of RAID. IT team placed an order with Vendor for RAID
replacement, which took 2 days for shipping.
Temporary load balancing was arranged for mail server.
Decision to upgrade the physical hardware of their MS Exchange
server was made immediately and necessary PO were processed.
The problem ELA solves – Audit: Use case 2
A Leading real-estate service co.
23,000+ employees worldwide
Prevention – Aiding IT Operations
11. 11
The IT office
Had their corporate blogs hosted in Amazon Web Server,
running WordPress installation.
No security monitoring was done, except regular content
back-up.
Result
A professional hacker used the default admin user name
and hacked into the blogs after 300+ login attempts in 3
days span and added all spam contents as comments.
After implementing ManageEngine solution
Configured log-in failures notification along with the user
name.
Configured to run-a-script in the event of such security
incidents to block the user name and mail the admin
after 3 consecutive login failure attempts.
The problem ELA solves – Audit: Use case 3
An online media company
300+ employees
Alert & Prevention – External Security Threat
12. 12
Universal Log Parsing and
Indexing.
Processes any human readable
log formats, generate patterns
for indexing, alerting and
reporting
Import logs automatically on
specified time intervals or on
demand.
EventLog Analyzer – Uniqueness
13. 13
Powerful Search
Helps conduct root cause
analysis and generate forensic
reports in minutes.
Tag complex search queries for
quick reference
Search using Wild-cards,
Phrases and Boolean operators
EventLog Analyzer – Uniqueness
14. 14
Real-time security alerts
Generates alerts when
suspicious activities occur on
the network
Exclusive reports for Privileged
User access information.
Notifications are send in real-
time via Email and SMS
EventLog Analyzer – Uniqueness
15. 15
Secure log archiving
Archive for custom period
Tamper-proof data storage
with encryption and time
stamping
Load archived data to the
product at anytime to generate
compliance reports, conduct
forensic analysis and audit.
EventLog Analyzer – Uniqueness
16. 16
Easy to use and affordable
Intuitive GUI
Easy of deploy & maintenance
Lesser datacenter footprints
Affordable – 100 Hosts
premium edition cost $3195
annual (Pricing starts at $795
for 25 hosts).
EventLog Analyzer – Uniqueness
18. 18
EventLog Analyzer (ELA) is a comprehensive log management and
compliance reporting software for SIEM.
ELA helps
Safeguard your network from security breaches with real-time alerts
Achieve operational efficiency by collecting and centralizing log data across IT resources
Conduct forensic analysis, root cause analysis & helps generate IT audit reports
Stay compliant with statutory requirements out-of-the box for PCI DSS, FISMA, HIPAA,
SOX, GLBA & more…
Easy to deploy, use and maintain
Affordable
A part of ManageEngine’s IT management solutions.
Summary