SlideShare a Scribd company logo
Copyright © Aujas All rights reserved.
Risk Advisory and Security Intelligence Services
Is SIEM Dead or Evolving
Aujas Networks Private Ltd.
“Aujas” in Sanskrit means “Strength & Energy in a Warrior”
Chandra Prakash Suryawanshi
chandra.prakash@aujas.com
Copyright © Aujas All rights reserved.
SIEM is Dead ?
2
• 2 Decade old Technology
• Was great in managing compliance
• Evolved from log management to correlation and providing
single pane of glass
• Reduces signal to noise
• But got soon got reduced to limited sight as attackers tools,
techniques and procedures advanced and became stealthy
• And finally Compliance management is no more risk
management ?
Copyright © Aujas All rights reserved.
And data from monitoring capabilities suggests SIEM is dead
3
Different Threat Actors Have Different Motivations... And Tactics
The Facts states that attackers are getting smarter, targeted and persistent
* Source - Mandiant
Number of US companies
hit by APT
Average compromise time
before discovered
Compromises take minutes
or hours
Number of victims re-
compromised within a year
Intrusions are low difficulty
= no special skills or
resources
83%
78%
38%
84%
9 M
Copyright © Aujas All rights reserved.
So why is SIEM not able to detect advanced threats ?
4
Security Procedures and Agility
Risk Reduction and Compliance Efforts
Volume of Threats and
Vulnerabilities
Speed and
Sophistication of
Attacks
“Mind the Gap”
Security Exposures
Increasing Exponentially
Progression of Adversary and Motive Over Time
Sophistication
 Attack speed and sophistication advancing due to mature underground economy; most attacks
don’t leave logs.
 New Technologies provide new supply of vulnerabilities to be exploited; attackers are
persistent and behave normally that is difficult to detect.
 Old threats don’t always disappear; new threats add to the total threat landscape.
* Source - IBM
Copyright © Aujas All rights reserved.
5
So what is the alternative
• What all patterns have been built and what algorithm the
technology uses for machine learning
• How accurate is the system in detecting anomalies for
malware and behavior
• How does it compare it with other similar products; what
criteria should be used for evaluation.
• Threat Intelligence comes in many forms, difficult to
ingest and requires capabilities and continuous analysis
and actionables
MACHINE LEARNING AND ARTIFICIAL
INTELLIGENCE
SECURITY ANALYTICS – NBAD AND
END POINT AND USER ANALYTICS
THREAT INTELLIGENCE
Copyright © Aujas All rights reserved.
6
Or IS really SIEM Dead – Yes ? / No ?
• SIEM is good at collecting logs from disparate systems and
aid in correlation and compliance but limits the analytical
capability for threat detection and forensics
• SIEM is reactive and driven by rules, wherein the security is
not static that one can implement rules and sleep, the security
is continuous process and evolving
• SIEM cannot provide entire attack vector in a single window,
i.e. the attack behavior?
• Most modern and advanced attacks do not leave logs and in
some cases transaction and other logging is difficult
• Organization still need data aggregation and
correlation
• SIEM provides single pane of glass and forms the
backbone of monitoring capabilities
• One can create better attack and kill chain methods
of use cases to drive behavior to move away from
point security tool detection capabilities
• Automate and integrate multiple technologies with
SIEM for better threat detection
Copyright © Aujas All rights reserved.
SIEM is Evolving as a Platform
7
• Data collection capabilities and compliance benefits of log management,
• The correlation, normalization and analysis capabilities of SIEM (security information and event management)
• The network visibility and advanced threat detection of NBAD (network behavior anomaly detection), and user
behavior anomaly detection by machine learning - User Behavior Analytics
• The ability to reduce breaches and ensure compliance provided by Risk Management,
• The network traffic and application content insight afforded by Network Forensics.
• The automation of Incident Response by Artificial Intelligence / Run Books
• IOC / VM Management by Threat Intelligence
• Reporting and Visualization provided by Presentation Layer
SIEM as a platform should be a truly integrated solution built on a common codebase, with a single data
management architecture and a single user interface.
Copyright © Aujas All rights reserved.
8
SIEM as a Platform
Monitor everything
Logs, network traffic, user activity
Correlate intelligently
Connect the dots of disparate activity
Detect anomalies
Unusual yet hidden behavior
Prioritize for action
Attack high-priority incidents
Threat Intelligence
• Logs
• Contextual Data
• Vulnerability
Assessments
• Asset Inventories
• Reports and Analytics
Internal
• XFORCE
• CrowdStrike
• SecureWorks
• Deepsight
External
Threat Ingestion - Structured Threat
Information eXpression (STIX™)
SIEM
Environment
Single, Unified and
Integrated Management
Console
Machine Learning – Analytics
Artificial Intelligence
Incident Management
Automation
Copyright © Aujas All rights reserved.
9
SIEM Platform: Conceptual Integration Architecture
Email Gateway
Malware Protection IBM IPS
McAfee IPS
Anti Virus
End Point Sec
Full Packet Capture
Proxy
Configuration Mgt
DDOSWirelessIPSAPTSolution
DLP SIEM
SourceFire IPS
IT GRC
Compliance Tool
VulnerabilityMgt
AppSec
1 2
The following figure
(from our prior work)
depicts a “sample”
conceptual integration
architecture for SOC
Copyright © Aujas All rights reserved.
The benefits of a fully integrated Security Intelligence function
Components
SIEM function NOT fully
integrated
SIEM as a Platform Benefits
Technology
 SEM Tool only
 Limited data sets
 SIEM and Big Data Platform
 Data analytics and Visualization tools
 Integration of VM and Threat Intelligence
 Multi-disciplinary data sets
 Incident Response Run books
 Richer visibility into the
environment
 Coverage for unknown / unknown
threats
 Leverage threat intelligence for
proactive response
Process
 Integrated with SOC only
 Implement recommendations to
Detect attacks for SOC (SEM
Tool)
 Integrated with entire Security Program and
cross functional areas
 Operational processes – Incident, escalation,
forensics. governance and foundation
processes fully integrated and workflow driven
with full automation
 Robust method driven
management
 Reduction in costs by reducing
the number of incidents
 Run book automation
Governance /
People
 Number of attacks detected by
SOC due to Security Intelligence
Recommendations
 Cross functional committee only
prioritize projects within SOC’s
scope
 Number of attacks Detected and Prevented by
SOC, Security Controls and Business
Functions due to Security Intelligence
Recommendations
 Apply data breach cost avoidance value for
each attack Prevented
 Cost of Service Quality
 Data breach cost avoidance
 Focus on Cyber Attack metrics
Vs. Compliance metrics
Copyright © Aujas All rights reserved.
11
Client Challenges in Implementing SIEM as a Platform
• Availability of Talent:
• Threat Hunting is a dedicated job and need expertise and breadth of knowledge and expertise in
vulnerability research, IOC Management, reverse malware analysis and business acumen
• Application Integration and business use case building needs application owners buy-in and their
time. It needs parser building and customizations, a different set of talent from programming
background
• For SOC operations - Need minimum 10 people to manage 24*7 coverage with different set of
expertise
• Forensics is specialized skill and difficult to manage, retain and nurture talent.
• Extremely costly to implement the full suite of technologies; Need investment in SIEM platform tools,
consulting services, Threat Intelligence feeds & Infrastructure Management
• Analytics as a function is slow in learning and need large data sets, managing it with right set of data,
fine tuning needs continuous efforts and time
• Need a roadmap to Walk, Crawl and Run and handholding across the programme over its lifecycle.
Copyright © Aujas All rights reserved.
12
HOW CAN
AUJAS
HELP
Copyright © Aujas Information Risk Services
Aujas Service and Value Proposition
13
TOOLS & METHODS
Security
operations
Tools at
Customer
Premise
Security operations
staff
Customer Org
Aujas SAVP platform for SIEM data feed
console integration and parser & API
integration for security point tools
Console monitoring, Incident
workflow, reporting, SIEM
administration & service management
Single console to visualize SLA driven
services, risk and compliance reports
and incident lifecycle metrics
SERVICEPLATFORM
SIEM Policy Management
• Perform updates to existing policy rules;
• Setup correlation rules to process and detect advanced patterns
• Manage SIEM system health; manage users and permissions
Log Source Management
• Verify data collection and log continuity
• Perform device on-boarding and log source addition
Custom Parser Development
• Develop custom parsers and properties and convert customized logs to common
log format for SIEM consumption
Analysis and Reporting
• Generate daily and weekly reports;
• Investigate anomalous data;
• Manage report distribution; and
Dashboard and Visualization
• Provide role based dashboards for Executives,
engineers and resolution teams
• Extend visualization capabilities for security posture
assessment and trending.
SIEM ADMINISTRATION
ANALYSIS, REPORTING AND
DASHBOARD
Monitoring and Notification
• Monitor alerts and policy exceptions
• Validate incidents and eliminate false positives
• Classify security Incidents and manage escalation
Incident Response Management
• Provide remediation/countermeasure
recommendations, if applicable;
• Manage lifecycle of incidents – creating, tracking,
escalation and closure of incident tickets
INCIDENT MANAGEMENT
SERVICES
Copyright © Aujas All rights reserved.
14
Aujas advantage
Co-Managed / Hybrid SOC model advantages:
 Aujas extends its Platform for managing incidents, workflow based escalations and reporting and visualization
 Trained resources with full 24*7 coverage
 Manages entire program; client can also subscribe to on-demand services like Use case build, application integration,
device integration, vulnerability and threat management and forensics support.
 Highly scalable model, adapts well to changing needs
 Strikes balance between In-House / Outsourced service
 Leverage Aujas expertise and best practices like use case accelerators, process kick start, parsers etc.
 Provide access to ongoing training and education
 Low cost to implement
 Quick startup between 30 to 60 days
 Minimizes operating costs
Copyright © Aujas All rights reserved.
15
Aujas Information Risk Services
400+ Customers
served across 22 countries
340+ Employees
globally with more than 190
specialists
290+ Certified employees
across standards, technologies &
industry certifications
Aujas helps organizations manage information security risks by protecting data, software, people and identities in line with
compliance requirements and best practices; we also help strengthen security governance and intelligence frameworks.
Investors:
• Seed Funding
• IDG Ventures – Boston, MA
• Series B Funding
• IDG Ventures – Boston, MA
• IvyCap Ventures – Bay Area, CA
• RVCF - India
Global Presence:
Copyright © Aujas All rights reserved.
16

More Related Content

What's hot

SplunkLive! Zurich 2018: The Evolution of Splunk at Helvetia Insurance
SplunkLive! Zurich 2018: The Evolution of Splunk at Helvetia InsuranceSplunkLive! Zurich 2018: The Evolution of Splunk at Helvetia Insurance
SplunkLive! Zurich 2018: The Evolution of Splunk at Helvetia Insurance
Splunk
 
Using a Cognitive Analytic Approach to Enhance Cybersecurity on Oil and Gas O...
Using a Cognitive Analytic Approach to Enhance Cybersecurity on Oil and Gas O...Using a Cognitive Analytic Approach to Enhance Cybersecurity on Oil and Gas O...
Using a Cognitive Analytic Approach to Enhance Cybersecurity on Oil and Gas O...
SparkCognition
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
Splunk
 
Its Not You Its Me MSSP Couples Counseling
Its Not You Its Me   MSSP Couples CounselingIts Not You Its Me   MSSP Couples Counseling
Its Not You Its Me MSSP Couples Counseling
Atif Ghauri
 
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRT
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRTSplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRT
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRT
Splunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
 
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
Splunk
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk
 
Security Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriSecurity Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif Ghauri
Atif Ghauri
 
Big Data For Threat Detection & Response
Big Data For Threat Detection & ResponseBig Data For Threat Detection & Response
Big Data For Threat Detection & Response
Harry McLaren
 
Splunk for Security-Hands On
Splunk for Security-Hands OnSplunk for Security-Hands On
Splunk for Security-Hands On
Splunk
 
Splunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk
 
FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...
FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...
FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...
Jon Papp
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session
Splunk
 
Splunk - Verwandeln Sie Datensilos in Operational Intelligence
Splunk - Verwandeln Sie Datensilos in Operational IntelligenceSplunk - Verwandeln Sie Datensilos in Operational Intelligence
Splunk - Verwandeln Sie Datensilos in Operational Intelligence
Splunk
 
Enterprise Security Guided Tour
Enterprise Security Guided TourEnterprise Security Guided Tour
Enterprise Security Guided Tour
Splunk
 
Sophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringSophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity Monitoring
Imperva
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not LostNetwork Forensics Exposes Today's Advanced Security Thr...All Hope is Not LostNetwork Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
Savvius, Inc
 
NextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesNextGen Endpoint Security for Dummies
NextGen Endpoint Security for Dummies
Atif Ghauri
 
IBM QRadar Xforce
IBM QRadar XforceIBM QRadar Xforce
IBM QRadar Xforce
sreenivas1591
 

What's hot (20)

SplunkLive! Zurich 2018: The Evolution of Splunk at Helvetia Insurance
SplunkLive! Zurich 2018: The Evolution of Splunk at Helvetia InsuranceSplunkLive! Zurich 2018: The Evolution of Splunk at Helvetia Insurance
SplunkLive! Zurich 2018: The Evolution of Splunk at Helvetia Insurance
 
Using a Cognitive Analytic Approach to Enhance Cybersecurity on Oil and Gas O...
Using a Cognitive Analytic Approach to Enhance Cybersecurity on Oil and Gas O...Using a Cognitive Analytic Approach to Enhance Cybersecurity on Oil and Gas O...
Using a Cognitive Analytic Approach to Enhance Cybersecurity on Oil and Gas O...
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
 
Its Not You Its Me MSSP Couples Counseling
Its Not You Its Me   MSSP Couples CounselingIts Not You Its Me   MSSP Couples Counseling
Its Not You Its Me MSSP Couples Counseling
 
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRT
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRTSplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRT
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRT
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
 
Security Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriSecurity Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif Ghauri
 
Big Data For Threat Detection & Response
Big Data For Threat Detection & ResponseBig Data For Threat Detection & Response
Big Data For Threat Detection & Response
 
Splunk for Security-Hands On
Splunk for Security-Hands OnSplunk for Security-Hands On
Splunk for Security-Hands On
 
Splunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breaches
 
FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...
FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...
FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session
 
Splunk - Verwandeln Sie Datensilos in Operational Intelligence
Splunk - Verwandeln Sie Datensilos in Operational IntelligenceSplunk - Verwandeln Sie Datensilos in Operational Intelligence
Splunk - Verwandeln Sie Datensilos in Operational Intelligence
 
Enterprise Security Guided Tour
Enterprise Security Guided TourEnterprise Security Guided Tour
Enterprise Security Guided Tour
 
Sophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringSophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity Monitoring
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not LostNetwork Forensics Exposes Today's Advanced Security Thr...All Hope is Not LostNetwork Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
 
NextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesNextGen Endpoint Security for Dummies
NextGen Endpoint Security for Dummies
 
IBM QRadar Xforce
IBM QRadar XforceIBM QRadar Xforce
IBM QRadar Xforce
 

Similar to Is SIEM really Dead ? OR Can it evolve into a Platform ?

PKI.pptx
PKI.pptxPKI.pptx
PKI.pptx
Ajit Wadhawan
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
Ajit Wadhawan
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and Challenges
Happiest Minds Technologies
 
Changing the Security Monitoring Status Quo
Changing the Security Monitoring Status QuoChanging the Security Monitoring Status Quo
Changing the Security Monitoring Status Quo
EMC
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
Quick Heal Technologies Ltd.
 
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013   SIEM based …Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013   SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Andris Soroka
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
Infocyte
 
Tips on SIEM Ops 2015
Tips on SIEM Ops 2015Tips on SIEM Ops 2015
Tips on SIEM Ops 2015
Anton Chuvakin
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series  SEIM Log AnalysisCybersecurity Series  SEIM Log Analysis
Cybersecurity Series SEIM Log Analysis
Jim Kaplan CIA CFE
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 
Cloud monitoring - An essential Platform Service
Cloud monitoring  - An essential Platform ServiceCloud monitoring  - An essential Platform Service
Cloud monitoring - An essential Platform Service
Soumitra Bhattacharyya
 
Siem tools-monitor-your-network
Siem tools-monitor-your-networkSiem tools-monitor-your-network
Siem tools-monitor-your-network
hardik soni
 
Generic siem how_2017
Generic siem how_2017Generic siem how_2017
Generic siem how_2017
Anton Chuvakin
 
Protecting microservices using secure design patterns 1.0
Protecting microservices using secure design patterns 1.0Protecting microservices using secure design patterns 1.0
Protecting microservices using secure design patterns 1.0
Trupti Shiralkar, CISSP
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)
abhimanyubhogwan
 
The Pros and Cons of Different Security Detection Technologies.pdf
The Pros and Cons of Different Security Detection Technologies.pdfThe Pros and Cons of Different Security Detection Technologies.pdf
The Pros and Cons of Different Security Detection Technologies.pdf
SecurityDetectionSol
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Angeloluca Barba
 
How To Secure MIS
How To Secure MISHow To Secure MIS
How To Secure MIS
AaDi Malik
 
Whitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceWhitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security Intelligence
Camilo Fandiño Gómez
 

Similar to Is SIEM really Dead ? OR Can it evolve into a Platform ? (20)

PKI.pptx
PKI.pptxPKI.pptx
PKI.pptx
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and Challenges
 
Changing the Security Monitoring Status Quo
Changing the Security Monitoring Status QuoChanging the Security Monitoring Status Quo
Changing the Security Monitoring Status Quo
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013   SIEM based …Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013   SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
 
Tips on SIEM Ops 2015
Tips on SIEM Ops 2015Tips on SIEM Ops 2015
Tips on SIEM Ops 2015
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series  SEIM Log AnalysisCybersecurity Series  SEIM Log Analysis
Cybersecurity Series SEIM Log Analysis
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
Cloud monitoring - An essential Platform Service
Cloud monitoring  - An essential Platform ServiceCloud monitoring  - An essential Platform Service
Cloud monitoring - An essential Platform Service
 
Siem tools-monitor-your-network
Siem tools-monitor-your-networkSiem tools-monitor-your-network
Siem tools-monitor-your-network
 
Generic siem how_2017
Generic siem how_2017Generic siem how_2017
Generic siem how_2017
 
Protecting microservices using secure design patterns 1.0
Protecting microservices using secure design patterns 1.0Protecting microservices using secure design patterns 1.0
Protecting microservices using secure design patterns 1.0
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)
 
The Pros and Cons of Different Security Detection Technologies.pdf
The Pros and Cons of Different Security Detection Technologies.pdfThe Pros and Cons of Different Security Detection Technologies.pdf
The Pros and Cons of Different Security Detection Technologies.pdf
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
How To Secure MIS
How To Secure MISHow To Secure MIS
How To Secure MIS
 
Whitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceWhitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security Intelligence
 

Recently uploaded

Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024
Kirill Klimov
 
How MJ Global Leads the Packaging Industry.pdf
How MJ Global Leads the Packaging Industry.pdfHow MJ Global Leads the Packaging Industry.pdf
How MJ Global Leads the Packaging Industry.pdf
MJ Global
 
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta MatkaDpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
Industrial Tech SW: Category Renewal and Creation
Industrial Tech SW:  Category Renewal and CreationIndustrial Tech SW:  Category Renewal and Creation
Industrial Tech SW: Category Renewal and Creation
Christian Dahlen
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
techboxsqauremedia
 
Authentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto RicoAuthentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto Rico
Corey Perlman, Social Media Speaker and Consultant
 
Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024
FelixPerez547899
 
Chapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .pptChapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .ppt
ssuser567e2d
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
marketing317746
 
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Kalyan Satta Matka Guessing Matka Result Main Bazar chart
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
LuanWise
 
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
bosssp10
 
Easily Verify Compliance and Security with Binance KYC
Easily Verify Compliance and Security with Binance KYCEasily Verify Compliance and Security with Binance KYC
Easily Verify Compliance and Security with Binance KYC
Any kyc Account
 
Part 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 SlowdownPart 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 Slowdown
jeffkluth1
 
Lundin Gold Corporate Presentation - June 2024
Lundin Gold Corporate Presentation - June 2024Lundin Gold Corporate Presentation - June 2024
Lundin Gold Corporate Presentation - June 2024
Adnet Communications
 
Innovation Management Frameworks: Your Guide to Creativity & Innovation
Innovation Management Frameworks: Your Guide to Creativity & InnovationInnovation Management Frameworks: Your Guide to Creativity & Innovation
Innovation Management Frameworks: Your Guide to Creativity & Innovation
Operational Excellence Consulting
 
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Neil Horowitz
 
The Genesis of BriansClub.cm Famous Dark WEb Platform
The Genesis of BriansClub.cm Famous Dark WEb PlatformThe Genesis of BriansClub.cm Famous Dark WEb Platform
The Genesis of BriansClub.cm Famous Dark WEb Platform
SabaaSudozai
 
Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431
ecamare2
 
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
hartfordclub1
 

Recently uploaded (20)

Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024
 
How MJ Global Leads the Packaging Industry.pdf
How MJ Global Leads the Packaging Industry.pdfHow MJ Global Leads the Packaging Industry.pdf
How MJ Global Leads the Packaging Industry.pdf
 
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta MatkaDpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
 
Industrial Tech SW: Category Renewal and Creation
Industrial Tech SW:  Category Renewal and CreationIndustrial Tech SW:  Category Renewal and Creation
Industrial Tech SW: Category Renewal and Creation
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
 
Authentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto RicoAuthentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto Rico
 
Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024
 
Chapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .pptChapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .ppt
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
 
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
 
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
 
Easily Verify Compliance and Security with Binance KYC
Easily Verify Compliance and Security with Binance KYCEasily Verify Compliance and Security with Binance KYC
Easily Verify Compliance and Security with Binance KYC
 
Part 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 SlowdownPart 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 Slowdown
 
Lundin Gold Corporate Presentation - June 2024
Lundin Gold Corporate Presentation - June 2024Lundin Gold Corporate Presentation - June 2024
Lundin Gold Corporate Presentation - June 2024
 
Innovation Management Frameworks: Your Guide to Creativity & Innovation
Innovation Management Frameworks: Your Guide to Creativity & InnovationInnovation Management Frameworks: Your Guide to Creativity & Innovation
Innovation Management Frameworks: Your Guide to Creativity & Innovation
 
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
 
The Genesis of BriansClub.cm Famous Dark WEb Platform
The Genesis of BriansClub.cm Famous Dark WEb PlatformThe Genesis of BriansClub.cm Famous Dark WEb Platform
The Genesis of BriansClub.cm Famous Dark WEb Platform
 
Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431
 
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
 

Is SIEM really Dead ? OR Can it evolve into a Platform ?

  • 1. Copyright © Aujas All rights reserved. Risk Advisory and Security Intelligence Services Is SIEM Dead or Evolving Aujas Networks Private Ltd. “Aujas” in Sanskrit means “Strength & Energy in a Warrior” Chandra Prakash Suryawanshi chandra.prakash@aujas.com
  • 2. Copyright © Aujas All rights reserved. SIEM is Dead ? 2 • 2 Decade old Technology • Was great in managing compliance • Evolved from log management to correlation and providing single pane of glass • Reduces signal to noise • But got soon got reduced to limited sight as attackers tools, techniques and procedures advanced and became stealthy • And finally Compliance management is no more risk management ?
  • 3. Copyright © Aujas All rights reserved. And data from monitoring capabilities suggests SIEM is dead 3 Different Threat Actors Have Different Motivations... And Tactics The Facts states that attackers are getting smarter, targeted and persistent * Source - Mandiant Number of US companies hit by APT Average compromise time before discovered Compromises take minutes or hours Number of victims re- compromised within a year Intrusions are low difficulty = no special skills or resources 83% 78% 38% 84% 9 M
  • 4. Copyright © Aujas All rights reserved. So why is SIEM not able to detect advanced threats ? 4 Security Procedures and Agility Risk Reduction and Compliance Efforts Volume of Threats and Vulnerabilities Speed and Sophistication of Attacks “Mind the Gap” Security Exposures Increasing Exponentially Progression of Adversary and Motive Over Time Sophistication  Attack speed and sophistication advancing due to mature underground economy; most attacks don’t leave logs.  New Technologies provide new supply of vulnerabilities to be exploited; attackers are persistent and behave normally that is difficult to detect.  Old threats don’t always disappear; new threats add to the total threat landscape. * Source - IBM
  • 5. Copyright © Aujas All rights reserved. 5 So what is the alternative • What all patterns have been built and what algorithm the technology uses for machine learning • How accurate is the system in detecting anomalies for malware and behavior • How does it compare it with other similar products; what criteria should be used for evaluation. • Threat Intelligence comes in many forms, difficult to ingest and requires capabilities and continuous analysis and actionables MACHINE LEARNING AND ARTIFICIAL INTELLIGENCE SECURITY ANALYTICS – NBAD AND END POINT AND USER ANALYTICS THREAT INTELLIGENCE
  • 6. Copyright © Aujas All rights reserved. 6 Or IS really SIEM Dead – Yes ? / No ? • SIEM is good at collecting logs from disparate systems and aid in correlation and compliance but limits the analytical capability for threat detection and forensics • SIEM is reactive and driven by rules, wherein the security is not static that one can implement rules and sleep, the security is continuous process and evolving • SIEM cannot provide entire attack vector in a single window, i.e. the attack behavior? • Most modern and advanced attacks do not leave logs and in some cases transaction and other logging is difficult • Organization still need data aggregation and correlation • SIEM provides single pane of glass and forms the backbone of monitoring capabilities • One can create better attack and kill chain methods of use cases to drive behavior to move away from point security tool detection capabilities • Automate and integrate multiple technologies with SIEM for better threat detection
  • 7. Copyright © Aujas All rights reserved. SIEM is Evolving as a Platform 7 • Data collection capabilities and compliance benefits of log management, • The correlation, normalization and analysis capabilities of SIEM (security information and event management) • The network visibility and advanced threat detection of NBAD (network behavior anomaly detection), and user behavior anomaly detection by machine learning - User Behavior Analytics • The ability to reduce breaches and ensure compliance provided by Risk Management, • The network traffic and application content insight afforded by Network Forensics. • The automation of Incident Response by Artificial Intelligence / Run Books • IOC / VM Management by Threat Intelligence • Reporting and Visualization provided by Presentation Layer SIEM as a platform should be a truly integrated solution built on a common codebase, with a single data management architecture and a single user interface.
  • 8. Copyright © Aujas All rights reserved. 8 SIEM as a Platform Monitor everything Logs, network traffic, user activity Correlate intelligently Connect the dots of disparate activity Detect anomalies Unusual yet hidden behavior Prioritize for action Attack high-priority incidents Threat Intelligence • Logs • Contextual Data • Vulnerability Assessments • Asset Inventories • Reports and Analytics Internal • XFORCE • CrowdStrike • SecureWorks • Deepsight External Threat Ingestion - Structured Threat Information eXpression (STIX™) SIEM Environment Single, Unified and Integrated Management Console Machine Learning – Analytics Artificial Intelligence Incident Management Automation
  • 9. Copyright © Aujas All rights reserved. 9 SIEM Platform: Conceptual Integration Architecture Email Gateway Malware Protection IBM IPS McAfee IPS Anti Virus End Point Sec Full Packet Capture Proxy Configuration Mgt DDOSWirelessIPSAPTSolution DLP SIEM SourceFire IPS IT GRC Compliance Tool VulnerabilityMgt AppSec 1 2 The following figure (from our prior work) depicts a “sample” conceptual integration architecture for SOC
  • 10. Copyright © Aujas All rights reserved. The benefits of a fully integrated Security Intelligence function Components SIEM function NOT fully integrated SIEM as a Platform Benefits Technology  SEM Tool only  Limited data sets  SIEM and Big Data Platform  Data analytics and Visualization tools  Integration of VM and Threat Intelligence  Multi-disciplinary data sets  Incident Response Run books  Richer visibility into the environment  Coverage for unknown / unknown threats  Leverage threat intelligence for proactive response Process  Integrated with SOC only  Implement recommendations to Detect attacks for SOC (SEM Tool)  Integrated with entire Security Program and cross functional areas  Operational processes – Incident, escalation, forensics. governance and foundation processes fully integrated and workflow driven with full automation  Robust method driven management  Reduction in costs by reducing the number of incidents  Run book automation Governance / People  Number of attacks detected by SOC due to Security Intelligence Recommendations  Cross functional committee only prioritize projects within SOC’s scope  Number of attacks Detected and Prevented by SOC, Security Controls and Business Functions due to Security Intelligence Recommendations  Apply data breach cost avoidance value for each attack Prevented  Cost of Service Quality  Data breach cost avoidance  Focus on Cyber Attack metrics Vs. Compliance metrics
  • 11. Copyright © Aujas All rights reserved. 11 Client Challenges in Implementing SIEM as a Platform • Availability of Talent: • Threat Hunting is a dedicated job and need expertise and breadth of knowledge and expertise in vulnerability research, IOC Management, reverse malware analysis and business acumen • Application Integration and business use case building needs application owners buy-in and their time. It needs parser building and customizations, a different set of talent from programming background • For SOC operations - Need minimum 10 people to manage 24*7 coverage with different set of expertise • Forensics is specialized skill and difficult to manage, retain and nurture talent. • Extremely costly to implement the full suite of technologies; Need investment in SIEM platform tools, consulting services, Threat Intelligence feeds & Infrastructure Management • Analytics as a function is slow in learning and need large data sets, managing it with right set of data, fine tuning needs continuous efforts and time • Need a roadmap to Walk, Crawl and Run and handholding across the programme over its lifecycle.
  • 12. Copyright © Aujas All rights reserved. 12 HOW CAN AUJAS HELP
  • 13. Copyright © Aujas Information Risk Services Aujas Service and Value Proposition 13 TOOLS & METHODS Security operations Tools at Customer Premise Security operations staff Customer Org Aujas SAVP platform for SIEM data feed console integration and parser & API integration for security point tools Console monitoring, Incident workflow, reporting, SIEM administration & service management Single console to visualize SLA driven services, risk and compliance reports and incident lifecycle metrics SERVICEPLATFORM SIEM Policy Management • Perform updates to existing policy rules; • Setup correlation rules to process and detect advanced patterns • Manage SIEM system health; manage users and permissions Log Source Management • Verify data collection and log continuity • Perform device on-boarding and log source addition Custom Parser Development • Develop custom parsers and properties and convert customized logs to common log format for SIEM consumption Analysis and Reporting • Generate daily and weekly reports; • Investigate anomalous data; • Manage report distribution; and Dashboard and Visualization • Provide role based dashboards for Executives, engineers and resolution teams • Extend visualization capabilities for security posture assessment and trending. SIEM ADMINISTRATION ANALYSIS, REPORTING AND DASHBOARD Monitoring and Notification • Monitor alerts and policy exceptions • Validate incidents and eliminate false positives • Classify security Incidents and manage escalation Incident Response Management • Provide remediation/countermeasure recommendations, if applicable; • Manage lifecycle of incidents – creating, tracking, escalation and closure of incident tickets INCIDENT MANAGEMENT SERVICES
  • 14. Copyright © Aujas All rights reserved. 14 Aujas advantage Co-Managed / Hybrid SOC model advantages:  Aujas extends its Platform for managing incidents, workflow based escalations and reporting and visualization  Trained resources with full 24*7 coverage  Manages entire program; client can also subscribe to on-demand services like Use case build, application integration, device integration, vulnerability and threat management and forensics support.  Highly scalable model, adapts well to changing needs  Strikes balance between In-House / Outsourced service  Leverage Aujas expertise and best practices like use case accelerators, process kick start, parsers etc.  Provide access to ongoing training and education  Low cost to implement  Quick startup between 30 to 60 days  Minimizes operating costs
  • 15. Copyright © Aujas All rights reserved. 15 Aujas Information Risk Services 400+ Customers served across 22 countries 340+ Employees globally with more than 190 specialists 290+ Certified employees across standards, technologies & industry certifications Aujas helps organizations manage information security risks by protecting data, software, people and identities in line with compliance requirements and best practices; we also help strengthen security governance and intelligence frameworks. Investors: • Seed Funding • IDG Ventures – Boston, MA • Series B Funding • IDG Ventures – Boston, MA • IvyCap Ventures – Bay Area, CA • RVCF - India Global Presence:
  • 16. Copyright © Aujas All rights reserved. 16

Editor's Notes

  1. The World of SIEM has changed, it is a 2 decade old technology Was great in managing compliance evolved from log management to correlation and providing single pane of glass reduces signal to noise But got soon got reduced to limited sight due to its limitations
  2. I was surprised to see the report from Mandiant that states the following facts - 100% of the breaches had updated Anti-Virus software 63% of the breaches were reported by third parties It took 243 days to detect an attack
  3. Situation Continued: The number and variety of new adversaries and threats continues to grow Adversary’s continue to get more sophisticated in their attacks due to the proliferation of cyber weapons in the underground economy. Vulnerabilities and exploits available to attackers continue to increase as company’s leverage Mobile, Cloud and the Internet of Everything. This provides adversary’s an almost unlimited supply of attack scenarios to achieve an objective Complication: Traditional SOCs are not equipped (agile enough) to deal with the volume and advancement in cyber attacks
  4. Machine learning systems automatically learn programs from data” (*) You don’t really code the program, but it is inferred from data. Instead of trying to mimic the way the brain learns: that's where terms like artificial intelligence come from. We are drowning in information, but starved for knowledge So much noise that finding the signal is difficult Limitation Adversaries - Exploiting the learning process (Understand the model, understand the machine, and you can circumvent it) Any predictive model on InfoSec will be pushed to the limit e.g. think how the SPAM engines evolved.
  5. SIEM is dead because Reactive and driven by rules, wherein the security is not static that one can implement rules and sleep, the security is continuous process and evolving It might collect logs from desperate sources but most attacks and malware do not leave logs/ logging is difficult; one may not monitor transactional logs or limitation of collecting logs from end points other than Host FW/IPS/DLP Cannot provide information about attack vector but only detect SIEM is rapidly losing trust because of its inability to adapt to address new APT challenges