SlideShare a Scribd company logo

Log Management and Compliance Reporting Software

Download as PPTX, PDF
M
ManageEngine EventLog Analyzer

A quick overview of MangeEngine EventLog Analyzer, the most cost-effective Log Management, Compliance Reporting software for Security Information and Event Management (SIEM). Using this Log Analyzer software, organizations can automate the entire process of managing terabytes of machine generated logs by collecting, analyzing, searching, reporting, and archiving from one central location. This event log analyzer software helps to mitigate security threats, archive data for conducting log forensics analysis, root cause analysis & more at http://www.manageengine.com/products/eventlog/

Technology
1 of 19
Click to edit Master title style Log Management and Compliance Reporting for SIEM
2 About ManageEngine EventLog Analyzer – An Intro Why EventLog Analyzer (ELA)? The problems it solves  Few use cases Product Uniqueness Customer Speaks Summary AGENDA
3  ManageEngine  IT Management Software division of Zoho Corporation  Established in 2002  ManageEngine covers the complete gamut of IT solutions  21 Products | 20 Free tools | 2 SAAS offerings  Trusted by over 72,000 customers across 200+ countries  3 out of every 5 Fortune 500 companies are ManageEngine customers Introduction
4 Introduction – ManageEngine IT Security solutions • EventLog Analyzer – Log Management and Compliance Reporting for SIEM • AD Audit Plus – AD Auditing and Reporting • Security Manager Plus – Vulnerability assessment and patching • Firewall Analyzer – Periphery Devices Management • DeviceExpert – Network Configuration & Security Management • Password Manager Pro – Identity access and Password Management • Desktop Central – Desktop and Mobile Device Management Servers and Applications Security Mgmt. Periphery devices, Network Devices Mgmt. Password Management Desktop and Mobile Management
5  Information Security threats are increasing both in sophistication and frequency across the world.  Protecting data against internal and external security threats has become essential. Why need a SIEM solution? Source: Infosecurity-magazine.com, Mcafee.com & Foxbusiness.com
6  Centralizing Logs across IT sources helps  Audit IT performance and security  Safeguard your network from security breaches  Achieve operational efficiency  Conduct forensic analysis/ root cause analysis  Stay compliant with statutory requirements Why need a Log Management & SIEM solution? Auditing is an integral part of IT security
7 EventLog Analyzer – An Intro Log Management & Compliance Reporting software for SIEM Collect data form log sources Correlates Events Alerts Security incidents Generates IT security & compliance reports Archive Logs for Forensic Analysis
8 Supported Log Sources • Servers (Physical/ Virtual)– Microsoft Windows, VMware ESX/ ESXi, Linux, HP US, IBM AIX, Solaris & Any Unix flavor host • Network Sources – Routers, Switches, Firewalls & Any Syslog sources • Applications – MS SQL, IIS (FTP, File Server), Print Server, MS Exchange, Java, Apache, .Net, Oracle, MySQL & other human readable formats (ULPI*) Out-of-the-box Compliance Reports • PCI DSS, FISMA, HIPAA, SOX, GLBA – Ability to customize reports as you need • Create new compliance reports – Viz. ISO 27001, NERC-CIP& more Real-time Event correlation • 50+ out-of-the-box correlation rules • Real-time alerts and reports to proactively manage threats • Customize rules to meet internal security policies • Better insights to security incidents with Intuitive Dashboards File Integrity Monitoring • Know what was accessed/created/modified, who accessed/created/modified when, was it accessed/created/modified & more… Log Archival & Security • Encryption & Time Stamping – Tamper-proof archival, AES encryption • User Authentication – Active Directory and RADIUS EventLog Analyzer – An Intro
9  The IT office  Grants permission to IT assets and services for employees, consultants and contractors.  Inadvertently few new administrators created users with administrator privileges.  Result  Few tech savvy consultants started misusing the privileges to access critical government documents, which wasn’t under their purview.  The espionage was caught by real-time security alerts  Privilege User Access | New user creation| Object access | Audit policy changes | Audit logs cleared The problem ELA solves – Audit: Use case 1 A government organization 2700+ employees statewide Real-time alerts – Internal Security Threat
10  The IT office  One of the drive connected to Exchange server was likely to be affected by a RAID failure and kept logging the event at ‘System’ entries.  Impact of Failure  If these log entries were left unnoticed for few more days, all the RAID would get affected due to excessive workload.  Email service would have been down for 2 days at least, since the vendor shipment has to reach the datacenter.  Real-time security alerts/ remediation  EventLog Analyzer alerted the administrator about the likely failure of RAID. IT team placed an order with Vendor for RAID replacement, which took 2 days for shipping.  Temporary load balancing was arranged for mail server.  Decision to upgrade the physical hardware of their MS Exchange server was made immediately and necessary PO were processed. The problem ELA solves – Audit: Use case 2 A Leading real-estate service co. 23,000+ employees worldwide Prevention – Aiding IT Operations
11  The IT office  Had their corporate blogs hosted in Amazon Web Server, running WordPress installation.  No security monitoring was done, except regular content back-up.  Result  A professional hacker used the default admin user name and hacked into the blogs after 300+ login attempts in 3 days span and added all spam contents as comments.  After implementing ManageEngine solution  Configured log-in failures notification along with the user name.  Configured to run-a-script in the event of such security incidents to block the user name and mail the admin after 3 consecutive login failure attempts. The problem ELA solves – Audit: Use case 3 An online media company 300+ employees Alert & Prevention – External Security Threat
12  Universal Log Parsing and Indexing.  Processes any human readable log formats, generate patterns for indexing, alerting and reporting  Import logs automatically on specified time intervals or on demand. EventLog Analyzer – Uniqueness
13  Powerful Search  Helps conduct root cause analysis and generate forensic reports in minutes.  Tag complex search queries for quick reference  Search using Wild-cards, Phrases and Boolean operators EventLog Analyzer – Uniqueness
14  Real-time security alerts  Generates alerts when suspicious activities occur on the network  Exclusive reports for Privileged User access information.  Notifications are send in real- time via Email and SMS EventLog Analyzer – Uniqueness
15  Secure log archiving  Archive for custom period  Tamper-proof data storage with encryption and time stamping  Load archived data to the product at anytime to generate compliance reports, conduct forensic analysis and audit. EventLog Analyzer – Uniqueness
16  Easy to use and affordable  Intuitive GUI  Easy of deploy & maintenance  Lesser datacenter footprints  Affordable – 100 Hosts premium edition cost $3195 annual (Pricing starts at $795 for 25 hosts). EventLog Analyzer – Uniqueness
17 5,000+ customers across 110+ countries
18  EventLog Analyzer (ELA) is a comprehensive log management and compliance reporting software for SIEM.  ELA helps  Safeguard your network from security breaches with real-time alerts  Achieve operational efficiency by collecting and centralizing log data across IT resources  Conduct forensic analysis, root cause analysis & helps generate IT audit reports  Stay compliant with statutory requirements out-of-the box for PCI DSS, FISMA, HIPAA, SOX, GLBA & more…  Easy to deploy, use and maintain  Affordable  A part of ManageEngine’s IT management solutions. Summary
19 Thank you Support: eventlog-support@manageengine.com Sales: sales@manageengine.com

Recommended

IDS
IDSIDS
IDSMvalkova
 
Event log analyzer by me
Event log analyzer by me Event log analyzer by me
Event log analyzer by me ER Swapnil Raut
 
IBM QRadar BB & Rules
IBM QRadar BB & RulesIBM QRadar BB & Rules
IBM QRadar BB & RulesMuhammad Abdel Aal
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)Hussein Al-Sanabani
 
IBM Qradar
IBM QradarIBM Qradar
IBM QradarCoenraad Smith
 
Cloud security
Cloud securityCloud security
Cloud securityFrançois Boucher
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 

Recommended

IDS
IDSIDS
IDSMvalkova
 
Event log analyzer by me
Event log analyzer by me Event log analyzer by me
Event log analyzer by me ER Swapnil Raut
 
IBM QRadar BB & Rules
IBM QRadar BB & RulesIBM QRadar BB & Rules
IBM QRadar BB & RulesMuhammad Abdel Aal
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)Hussein Al-Sanabani
 
IBM Qradar
IBM QradarIBM Qradar
IBM QradarCoenraad Smith
 
Cloud security
Cloud securityCloud security
Cloud securityFrançois Boucher
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)hardik soni
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure SentinelRobert Crane
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Introduction to QRadar
Introduction to QRadarIntroduction to QRadar
Introduction to QRadarPencilData
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Cyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedSounil Yu
 
What is SIEM
What is SIEMWhat is SIEM
What is SIEMPatten John
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)Netwax Lab
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Iftikhar Ali Iqbal
 
UTM Unified Threat Management
UTM Unified Threat ManagementUTM Unified Threat Management
UTM Unified Threat ManagementLokesh Sharma
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewnazeer325
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Application Security
Application SecurityApplication Security
Application SecurityReggie Niccolo Santos
 
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSDISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSiQHub
 
Proactive Threat Detection and Safeguarding of Data for Enhanced Cyber resili...
Proactive Threat Detection and Safeguarding of Data for Enhanced Cyber resili...Proactive Threat Detection and Safeguarding of Data for Enhanced Cyber resili...
Proactive Threat Detection and Safeguarding of Data for Enhanced Cyber resili...Sandeep Patil
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
ManageEngine EventLog Analyzer v7. 2
ManageEngine EventLog Analyzer v7. 2ManageEngine EventLog Analyzer v7. 2
ManageEngine EventLog Analyzer v7. 2Ragavan Seetharaman
 
Presentation crafting your active security management strategy 3 keys and 4...
Presentation crafting your active security management strategy 3 keys and 4...Presentation crafting your active security management strategy 3 keys and 4...
Presentation crafting your active security management strategy 3 keys and 4...xKinAnx
 

More Related Content

What's hot

Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)hardik soni
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure SentinelRobert Crane
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
Introduction to QRadar
Introduction to QRadarIntroduction to QRadar
Introduction to QRadarPencilData
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Cyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedSounil Yu
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)Netwax Lab
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Iftikhar Ali Iqbal
 
UTM Unified Threat Management
UTM Unified Threat ManagementUTM Unified Threat Management
UTM Unified Threat ManagementLokesh Sharma
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewnazeer325
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSDISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSiQHub
 
Proactive Threat Detection and Safeguarding of Data for Enhanced Cyber resili...
Proactive Threat Detection and Safeguarding of Data for Enhanced Cyber resili...Proactive Threat Detection and Safeguarding of Data for Enhanced Cyber resili...
Proactive Threat Detection and Safeguarding of Data for Enhanced Cyber resili...Sandeep Patil
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 

What's hot (20)

Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Introduction to QRadar
Introduction to QRadarIntroduction to QRadar
Introduction to QRadar
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
Cyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: Reloaded
 
What is SIEM
What is SIEMWhat is SIEM
What is SIEM
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)
 
UTM Unified Threat Management
UTM Unified Threat ManagementUTM Unified Threat Management
UTM Unified Threat Management
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overview
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Application Security
Application SecurityApplication Security
Application Security
 
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSDISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
 
Proactive Threat Detection and Safeguarding of Data for Enhanced Cyber resili...
Proactive Threat Detection and Safeguarding of Data for Enhanced Cyber resili...Proactive Threat Detection and Safeguarding of Data for Enhanced Cyber resili...
Proactive Threat Detection and Safeguarding of Data for Enhanced Cyber resili...
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
 

Viewers also liked

ManageEngine EventLog Analyzer v7. 2
ManageEngine EventLog Analyzer v7. 2ManageEngine EventLog Analyzer v7. 2
ManageEngine EventLog Analyzer v7. 2Ragavan Seetharaman
 
Presentation crafting your active security management strategy 3 keys and 4...
Presentation crafting your active security management strategy 3 keys and 4...Presentation crafting your active security management strategy 3 keys and 4...
Presentation crafting your active security management strategy 3 keys and 4...xKinAnx
 
Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3CTIN
 
The Oldest Club in English Football uses ManageEngine EventLog Analyzer to Co...
The Oldest Club in English Football uses ManageEngine EventLog Analyzer to Co...The Oldest Club in English Football uses ManageEngine EventLog Analyzer to Co...
The Oldest Club in English Football uses ManageEngine EventLog Analyzer to Co...ManageEngine EventLog Analyzer
 

Viewers also liked (7)

ManageEngine EventLog Analyzer v7. 2
ManageEngine EventLog Analyzer v7. 2ManageEngine EventLog Analyzer v7. 2
ManageEngine EventLog Analyzer v7. 2
 
Presentation crafting your active security management strategy 3 keys and 4...
Presentation crafting your active security management strategy 3 keys and 4...Presentation crafting your active security management strategy 3 keys and 4...
Presentation crafting your active security management strategy 3 keys and 4...
 
EventLog Analyzer 6 Features
EventLog Analyzer 6 FeaturesEventLog Analyzer 6 Features
EventLog Analyzer 6 Features
 
Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3
 
Eventlog
EventlogEventlog
Eventlog
 
The Oldest Club in English Football uses ManageEngine EventLog Analyzer to Co...
The Oldest Club in English Football uses ManageEngine EventLog Analyzer to Co...The Oldest Club in English Football uses ManageEngine EventLog Analyzer to Co...
The Oldest Club in English Football uses ManageEngine EventLog Analyzer to Co...
 
OpManager Technical Overview
OpManager Technical OverviewOpManager Technical Overview
OpManager Technical Overview
 

Similar to Log Management and Compliance Reporting Software

Introduction to SIEM.pptx
Introduction to SIEM.pptxIntroduction to SIEM.pptx
Introduction to SIEM.pptxneoalt
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsOWASP Delhi
 
iSecurity Data Sheet March 2016
iSecurity Data Sheet March 2016iSecurity Data Sheet March 2016
iSecurity Data Sheet March 2016Raz-Lee Security
 
Security Information Event Management Security Information Event Management
Security Information Event Management Security Information Event ManagementSecurity Information Event Management Security Information Event Management
Security Information Event Management Security Information Event Managementkarthikvcyber
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxkarlhennesey
 
First Responders Course - Session 6 - Detection Systems [2004]
First Responders Course - Session 6 - Detection Systems [2004]First Responders Course - Session 6 - Detection Systems [2004]
First Responders Course - Session 6 - Detection Systems [2004]Phil Huggins FBCS CITP
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunk
 
IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostPrecisely
 
Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)Shahar Geiger Maor
 
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Andris Soroka
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMIftikhar Ali Iqbal
 
Mailjet Security Presentation 2017
Mailjet Security Presentation 2017Mailjet Security Presentation 2017
Mailjet Security Presentation 2017Mailjet
 
Enterprise Security in Mainframe-Connected Environments
Enterprise Security in Mainframe-Connected EnvironmentsEnterprise Security in Mainframe-Connected Environments
Enterprise Security in Mainframe-Connected EnvironmentsPrecisely
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementNovell
 

Similar to Log Management and Compliance Reporting Software (20)

Introduction to SIEM.pptx
Introduction to SIEM.pptxIntroduction to SIEM.pptx
Introduction to SIEM.pptx
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur Vats
 
iSecurity Data Sheet March 2016
iSecurity Data Sheet March 2016iSecurity Data Sheet March 2016
iSecurity Data Sheet March 2016
 
SIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalSIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security Arsenal
 
Security Information Event Management Security Information Event Management
Security Information Event Management Security Information Event ManagementSecurity Information Event Management Security Information Event Management
Security Information Event Management Security Information Event Management
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVault
 
ISACA -Threat Hunting using Native Windows tools .pdf
ISACA -Threat Hunting using Native Windows tools .pdfISACA -Threat Hunting using Native Windows tools .pdf
ISACA -Threat Hunting using Native Windows tools .pdf
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout Session
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docx
 
First Responders Course - Session 6 - Detection Systems [2004]
First Responders Course - Session 6 - Detection Systems [2004]First Responders Course - Session 6 - Detection Systems [2004]
First Responders Course - Session 6 - Detection Systems [2004]
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for Security
 
Logicalis Security Conference
Logicalis Security ConferenceLogicalis Security Conference
Logicalis Security Conference
 
IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter Most
 
Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)
 
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEM
 
Mailjet Security Presentation 2017
Mailjet Security Presentation 2017Mailjet Security Presentation 2017
Mailjet Security Presentation 2017
 
Enterprise Security in Mainframe-Connected Environments
Enterprise Security in Mainframe-Connected EnvironmentsEnterprise Security in Mainframe-Connected Environments
Enterprise Security in Mainframe-Connected Environments
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log Management
 
Manage Engine Log 360
Manage Engine Log 360Manage Engine Log 360
Manage Engine Log 360
 

Recently uploaded

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Recently uploaded (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

Log Management and Compliance Reporting Software

  • 1. Click to edit Master title style Log Management and Compliance Reporting for SIEM
  • 2. 2 About ManageEngine EventLog Analyzer – An Intro Why EventLog Analyzer (ELA)? The problems it solves  Few use cases Product Uniqueness Customer Speaks Summary AGENDA
  • 3. 3  ManageEngine  IT Management Software division of Zoho Corporation  Established in 2002  ManageEngine covers the complete gamut of IT solutions  21 Products | 20 Free tools | 2 SAAS offerings  Trusted by over 72,000 customers across 200+ countries  3 out of every 5 Fortune 500 companies are ManageEngine customers Introduction
  • 4. 4 Introduction – ManageEngine IT Security solutions • EventLog Analyzer – Log Management and Compliance Reporting for SIEM • AD Audit Plus – AD Auditing and Reporting • Security Manager Plus – Vulnerability assessment and patching • Firewall Analyzer – Periphery Devices Management • DeviceExpert – Network Configuration & Security Management • Password Manager Pro – Identity access and Password Management • Desktop Central – Desktop and Mobile Device Management Servers and Applications Security Mgmt. Periphery devices, Network Devices Mgmt. Password Management Desktop and Mobile Management
  • 5. 5  Information Security threats are increasing both in sophistication and frequency across the world.  Protecting data against internal and external security threats has become essential. Why need a SIEM solution? Source: Infosecurity-magazine.com, Mcafee.com & Foxbusiness.com
  • 6. 6  Centralizing Logs across IT sources helps  Audit IT performance and security  Safeguard your network from security breaches  Achieve operational efficiency  Conduct forensic analysis/ root cause analysis  Stay compliant with statutory requirements Why need a Log Management & SIEM solution? Auditing is an integral part of IT security
  • 7. 7 EventLog Analyzer – An Intro Log Management & Compliance Reporting software for SIEM Collect data form log sources Correlates Events Alerts Security incidents Generates IT security & compliance reports Archive Logs for Forensic Analysis
  • 8. 8 Supported Log Sources • Servers (Physical/ Virtual)– Microsoft Windows, VMware ESX/ ESXi, Linux, HP US, IBM AIX, Solaris & Any Unix flavor host • Network Sources – Routers, Switches, Firewalls & Any Syslog sources • Applications – MS SQL, IIS (FTP, File Server), Print Server, MS Exchange, Java, Apache, .Net, Oracle, MySQL & other human readable formats (ULPI*) Out-of-the-box Compliance Reports • PCI DSS, FISMA, HIPAA, SOX, GLBA – Ability to customize reports as you need • Create new compliance reports – Viz. ISO 27001, NERC-CIP& more Real-time Event correlation • 50+ out-of-the-box correlation rules • Real-time alerts and reports to proactively manage threats • Customize rules to meet internal security policies • Better insights to security incidents with Intuitive Dashboards File Integrity Monitoring • Know what was accessed/created/modified, who accessed/created/modified when, was it accessed/created/modified & more… Log Archival & Security • Encryption & Time Stamping – Tamper-proof archival, AES encryption • User Authentication – Active Directory and RADIUS EventLog Analyzer – An Intro
  • 9. 9  The IT office  Grants permission to IT assets and services for employees, consultants and contractors.  Inadvertently few new administrators created users with administrator privileges.  Result  Few tech savvy consultants started misusing the privileges to access critical government documents, which wasn’t under their purview.  The espionage was caught by real-time security alerts  Privilege User Access | New user creation| Object access | Audit policy changes | Audit logs cleared The problem ELA solves – Audit: Use case 1 A government organization 2700+ employees statewide Real-time alerts – Internal Security Threat
  • 10. 10  The IT office  One of the drive connected to Exchange server was likely to be affected by a RAID failure and kept logging the event at ‘System’ entries.  Impact of Failure  If these log entries were left unnoticed for few more days, all the RAID would get affected due to excessive workload.  Email service would have been down for 2 days at least, since the vendor shipment has to reach the datacenter.  Real-time security alerts/ remediation  EventLog Analyzer alerted the administrator about the likely failure of RAID. IT team placed an order with Vendor for RAID replacement, which took 2 days for shipping.  Temporary load balancing was arranged for mail server.  Decision to upgrade the physical hardware of their MS Exchange server was made immediately and necessary PO were processed. The problem ELA solves – Audit: Use case 2 A Leading real-estate service co. 23,000+ employees worldwide Prevention – Aiding IT Operations
  • 11. 11  The IT office  Had their corporate blogs hosted in Amazon Web Server, running WordPress installation.  No security monitoring was done, except regular content back-up.  Result  A professional hacker used the default admin user name and hacked into the blogs after 300+ login attempts in 3 days span and added all spam contents as comments.  After implementing ManageEngine solution  Configured log-in failures notification along with the user name.  Configured to run-a-script in the event of such security incidents to block the user name and mail the admin after 3 consecutive login failure attempts. The problem ELA solves – Audit: Use case 3 An online media company 300+ employees Alert & Prevention – External Security Threat
  • 12. 12  Universal Log Parsing and Indexing.  Processes any human readable log formats, generate patterns for indexing, alerting and reporting  Import logs automatically on specified time intervals or on demand. EventLog Analyzer – Uniqueness
  • 13. 13  Powerful Search  Helps conduct root cause analysis and generate forensic reports in minutes.  Tag complex search queries for quick reference  Search using Wild-cards, Phrases and Boolean operators EventLog Analyzer – Uniqueness
  • 14. 14  Real-time security alerts  Generates alerts when suspicious activities occur on the network  Exclusive reports for Privileged User access information.  Notifications are send in real- time via Email and SMS EventLog Analyzer – Uniqueness
  • 15. 15  Secure log archiving  Archive for custom period  Tamper-proof data storage with encryption and time stamping  Load archived data to the product at anytime to generate compliance reports, conduct forensic analysis and audit. EventLog Analyzer – Uniqueness
  • 16. 16  Easy to use and affordable  Intuitive GUI  Easy of deploy & maintenance  Lesser datacenter footprints  Affordable – 100 Hosts premium edition cost $3195 annual (Pricing starts at $795 for 25 hosts). EventLog Analyzer – Uniqueness
  • 17. 17 5,000+ customers across 110+ countries
  • 18. 18  EventLog Analyzer (ELA) is a comprehensive log management and compliance reporting software for SIEM.  ELA helps  Safeguard your network from security breaches with real-time alerts  Achieve operational efficiency by collecting and centralizing log data across IT resources  Conduct forensic analysis, root cause analysis & helps generate IT audit reports  Stay compliant with statutory requirements out-of-the box for PCI DSS, FISMA, HIPAA, SOX, GLBA & more…  Easy to deploy, use and maintain  Affordable  A part of ManageEngine’s IT management solutions. Summary

Editor's Notes

  1. Sources: http://www.infosecurity-magazine.com/view/28920/us-considers-preemptive-action-to-prevent-cyber-pearl-harbor- http://www.mcafee.com/us/resources/reports/rp-threat-predictions-2013.pdf http://www.foxbusiness.com/technology/2013/03/12/as-cyber-threats-mount-business-is-booming-in-security-world/