This document summarizes a presentation about using AlienVault's Unified Security Management (USM) platform to generate PCI DSS compliance reports. The presentation discusses key logging and reporting requirements of the PCI standard, and how USM can collect log data from systems using its sensors and correlate events to detect threats and anomalies. It demonstrates how pre-configured reports in USM map directly to each PCI requirement and can be automated and scheduled to produce evidence for auditors, showing compliance on an ongoing basis in just minutes.
How to Simplify PCI DSS Compliance with AlienVault USMAlienVault
Demonstrating compliance with PCI DSS is far from a trivial exercise. Those 12 requirements often translate into a lot of manual and labor-intensive tasks, along with the need to access data and reports from many different systems and tools. Join us for this technical demo to learn how AlienVault can simplify PCI DSS compliance and improve your overall security posture.
We'll cover:
Common PCI DSS compliance challenges
Questions to ask as you plan and prepare
Core capabilities needed to demonstrate compliance
How AlienVault Unified Security Management simplifies compliance and threat detection
Core capabilities needed to demonstrate compliance
How to simplify compliance with a unified approach to security
How do we get a SOC 2?” Do those words strike fear and anxiety into your heart as an infosec professional? Do you have visions of being buried under a mountain of fancy risk management software, endless numbers of spreadsheets, and losing sleep for weeks implementing complex audit logging software? Well, take a deep breath and join this talk, in which we break down how to achieve SOC 2 Type II compliance without losing your mind. Your guide today has led many companies of various sizes- but mostly tiny startups- through several years of successful SOC 2 audits, and is here to break it all down. Bring your notebook as we explain why and how.
This talk will not focus on endless checkboxes, or push compliance at the expense of security. Instead, it will be a real world view of how to achieve compliance audit success without wasting your time, creating busy work, undoing your hard work securing your users’ data, and building a resilient architecture. We’ll explore how to automate, what to automate, how to build a control set that fits your organization, and how to come out the SOC 2 hero.
PCI DSS v3.0: How to Adapt Your Compliance StrategyAlienVault
With version 3.0 of PCI DSS now available, it’s time to review your compliance strategy and make a plan for adapting to the revised requirements. While the 12 main requirements remain the same, there are significant changes related to malware defenses, vulnerability assessments and penetration testing. During this 1-hour session, you’ll learn:
*What’s new in PCI DSS version 3.0
*Key considerations for adapting your compliance strategy
*Technology recommendations for addressing new compliance requirements
*How other companies have simplified PCI DSS compliance
To View a Recording of this presentation and interactive Q&A visit. https://www.alienvault.com/resource-center/webcasts/pci-dss-v3-how-to-adapt-your-compliance-strategy?utm_medium=Social&utm_source=SlideShare
PCI DSS Implementation: A Five Step GuideAlienVault
Payment Card Industry Data Security Standard (PCI DSS) compliance can be both hard and expensive. For most small to medium sized organizations, it doesn’t have to be as long you have the right plan and tools in place. In this guide you’ll learn five steps that you can take to implement and maintain PCI DSS compliance at your organization.
AlienVault PCI DSS Compliance:
https://www.alienvault.com/solutions/pci-dss-compliance
Have a question? Ask it in our forum:
http://forums.alienvault.com
More videos: http://www.youtube.com/user/alienvaulttv
AlienVault Blogs: http://www.alienvault.com/blogs
AlienVault: http://www.alienvault.com
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Wendy Knox Everette
ShmooCon 2020
You’ve just been tasked with creating a vendor review management process at your company, but what does that even mean, and how are you going to do this? Do you need to buy a lot of expensive GRC software and hire an army of compliance staffers? This talk will explain what a vendor review process is and walk through setting one up at your company, using nothing more complicated than email, text files, and maybe some Slack and Google Forms.
Tips to Remediate your Vulnerability Management ProgramBeyondTrust
In this presentation from her webinar, renowned cybersecurity expert Paula Januszkiewicz delves into what a truly holistic vulnerability management program should look like. When all parts are correctly established and working together, organizations can dramatically dial down their risk exposure. This presentation covers:
- The key phases and activities of the vulnerability management lifecycle
- The tools you need for an effective vulnerability management program
- How to prioritize your VM needs
- How an effective VM program can help you measurably reduce risk and meet compliance objectives
You can watch the full webinar here: https://www.beyondtrust.com/resources/webinar/tips-remediate-vulnerability-management-program
PCI DSS and Logging: What You Need To Know by Dr. Anton ChuvakinAnton Chuvakin
PCI DSS and Logging: What YOU Need To Know by Dr Anton Chuvakin
Logging is a critical element in your security program, and it features prominently in PCI. Many merchants, including Higher Ed institutions, can have difficulty implementing all the requirements. In this session one of the leading Logging and SEIM experts will map the PCI DSS logging requirements to a set of actionable procedures and tasks that you can use to achieve and maintain compliance. Bring your questions!
How to Simplify PCI DSS Compliance with AlienVault USMAlienVault
Demonstrating compliance with PCI DSS is far from a trivial exercise. Those 12 requirements often translate into a lot of manual and labor-intensive tasks, along with the need to access data and reports from many different systems and tools. Join us for this technical demo to learn how AlienVault can simplify PCI DSS compliance and improve your overall security posture.
We'll cover:
Common PCI DSS compliance challenges
Questions to ask as you plan and prepare
Core capabilities needed to demonstrate compliance
How AlienVault Unified Security Management simplifies compliance and threat detection
Core capabilities needed to demonstrate compliance
How to simplify compliance with a unified approach to security
How do we get a SOC 2?” Do those words strike fear and anxiety into your heart as an infosec professional? Do you have visions of being buried under a mountain of fancy risk management software, endless numbers of spreadsheets, and losing sleep for weeks implementing complex audit logging software? Well, take a deep breath and join this talk, in which we break down how to achieve SOC 2 Type II compliance without losing your mind. Your guide today has led many companies of various sizes- but mostly tiny startups- through several years of successful SOC 2 audits, and is here to break it all down. Bring your notebook as we explain why and how.
This talk will not focus on endless checkboxes, or push compliance at the expense of security. Instead, it will be a real world view of how to achieve compliance audit success without wasting your time, creating busy work, undoing your hard work securing your users’ data, and building a resilient architecture. We’ll explore how to automate, what to automate, how to build a control set that fits your organization, and how to come out the SOC 2 hero.
PCI DSS v3.0: How to Adapt Your Compliance StrategyAlienVault
With version 3.0 of PCI DSS now available, it’s time to review your compliance strategy and make a plan for adapting to the revised requirements. While the 12 main requirements remain the same, there are significant changes related to malware defenses, vulnerability assessments and penetration testing. During this 1-hour session, you’ll learn:
*What’s new in PCI DSS version 3.0
*Key considerations for adapting your compliance strategy
*Technology recommendations for addressing new compliance requirements
*How other companies have simplified PCI DSS compliance
To View a Recording of this presentation and interactive Q&A visit. https://www.alienvault.com/resource-center/webcasts/pci-dss-v3-how-to-adapt-your-compliance-strategy?utm_medium=Social&utm_source=SlideShare
PCI DSS Implementation: A Five Step GuideAlienVault
Payment Card Industry Data Security Standard (PCI DSS) compliance can be both hard and expensive. For most small to medium sized organizations, it doesn’t have to be as long you have the right plan and tools in place. In this guide you’ll learn five steps that you can take to implement and maintain PCI DSS compliance at your organization.
AlienVault PCI DSS Compliance:
https://www.alienvault.com/solutions/pci-dss-compliance
Have a question? Ask it in our forum:
http://forums.alienvault.com
More videos: http://www.youtube.com/user/alienvaulttv
AlienVault Blogs: http://www.alienvault.com/blogs
AlienVault: http://www.alienvault.com
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Wendy Knox Everette
ShmooCon 2020
You’ve just been tasked with creating a vendor review management process at your company, but what does that even mean, and how are you going to do this? Do you need to buy a lot of expensive GRC software and hire an army of compliance staffers? This talk will explain what a vendor review process is and walk through setting one up at your company, using nothing more complicated than email, text files, and maybe some Slack and Google Forms.
Tips to Remediate your Vulnerability Management ProgramBeyondTrust
In this presentation from her webinar, renowned cybersecurity expert Paula Januszkiewicz delves into what a truly holistic vulnerability management program should look like. When all parts are correctly established and working together, organizations can dramatically dial down their risk exposure. This presentation covers:
- The key phases and activities of the vulnerability management lifecycle
- The tools you need for an effective vulnerability management program
- How to prioritize your VM needs
- How an effective VM program can help you measurably reduce risk and meet compliance objectives
You can watch the full webinar here: https://www.beyondtrust.com/resources/webinar/tips-remediate-vulnerability-management-program
PCI DSS and Logging: What You Need To Know by Dr. Anton ChuvakinAnton Chuvakin
PCI DSS and Logging: What YOU Need To Know by Dr Anton Chuvakin
Logging is a critical element in your security program, and it features prominently in PCI. Many merchants, including Higher Ed institutions, can have difficulty implementing all the requirements. In this session one of the leading Logging and SEIM experts will map the PCI DSS logging requirements to a set of actionable procedures and tasks that you can use to achieve and maintain compliance. Bring your questions!
Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...Aggregage
The COVID-19 pandemic forced many people into working remotely, opening the floodgates for a host of digital compliance issues. Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. This is especially vital if your workers were (and still are!) using company equipment from home, or are still working remotely.
Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.
In this webinar you will learn:
• What digital compliance looks like for remote, in-office, and hybrid businesses
• What factors to look for when evaluating your company's data privacy and security posture
• The ins and outs of HIPAA/SOC 2 in the context of a transition
• What tools or security measures your company can easily implement
Requirements and Security Assessment Procedure for C7 To Be PCI DSS CompliantOlivia Grey
Here is a detailed analysis of Requirements and Security Assessment Procedures for PCI Data Security. This guide will help in eliminating redundancy between documents, and make both general and specific changes from PCI DSS Security Audit Procedures v1.1. For more information, visit: https://www.c7.com/data-center/compliance-security/
Spirit of PCI DSS by Dr. Anton Chuvakin
PCI compliance is seen by many merchants as “a checklist exercise” which is disconnected from reducing their fraud costs, security risks and other losses. It is sometimes perceived as a painful exercise in futility, enforced by some “higher powers” who don’t care about merchants. This presentation will discuss how to bring back the real spirit of PCI DSS, the spirit of data security, risk reduction and trustworthy business transactions. It will discuss, in particular, how to use the controls of PCI DSS to protect your business from online threats and highly damaging hacker attacks. Moreover, focusing on the spirit of PCI DSS will help merchants to both simplify compliance and improve security, while protecting their customers and their sensitive data and keeping acquirers and brands happy.
Open Source IDS Tools: A Beginner's GuideAlienVault
This SlideShare provides an overview of the various Open Source IDS tools available today. Whether you need to monitor hosts or the networks connecting them to identify the latest threats, these are some great open source intrusion detection (IDS) tools available to you.
Managing Multiple Assessments Using Zero Trust PrinciplesControlCase
ControlCase discusses the following:
•What is “One Audit” for multiple assessments
•Current Research
•Zero Trust Principles for IT security
•Remote Assessment Methodology
SIEM 101: Get a Clue About IT Security Analysis AlienVault
How real-time network sleuthing can help you lock down IT.
Everyone in IT knows that security is a big deal, but did you know that SIEM (security information and event management) can help protect your network from data breaches, even when traditional defenses fail?
If SIEM a mystery to you, lets grab Colonel Mustard, the candlestick and head to the library because this mystery is about to be solved. We'll be giving out more than just clues in this webinar: you'll discover explanations of security concepts, tools, tips and tricks as we unravel the mystery of how to better protect your network. Bring your magnifying glass, because you’ll also learn about event correlation, EPS, normalization and other things that will surely impress your friends.
Sign up now to learn from our chief gumshoe and noted SIEM Enthusiast Joe Schreiber. He’ll explain the reasons that SIEM exists, how it works, and most importantly - what you can do with it.
IT WAS MR. BODDY ALL ALONG!!!
A detailed analysis on the Security Standard goals and requirements. Examples of companies that failed to comply, with emphasis on which part of the security standards they violated and the fines that resulted as a result of their non-compliance.
Effective Cyber Defense Using CIS Critical Security ControlsBSides Delhi
The CIS Critical Security Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to stop today’s most pervasive and dangerous attacks. They are developed, renewed, validated, and supported by a large volunteer community of security experts under the stewardship of the Center for Internet Security (www.cisecurity.org). Contributors, adopters, and supporters are found around the world and come from all types of roles, backgrounds, missions, and businesses. State and local governments, power distributors, transportation agencies, academic institutions, nancial services, federal government, and defense contractors are among the hundreds of organizations that have adopted the Controls. They have all implemented the Controls to address the key question: “What needs to be done right now to protect my organization from advanced and
targeted attacks?”
NetStandard CTO John Leek presents 20 Critical Security Controls for the Cloud at Interface Kansas City. This presentation is based on controls set forth by the SANS Institute. Learn more at http://www.netstandard.com.
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte
Join Infocyte co-founder and Chief Product Officer, Chris Gerritz, for a two-hour digital forensics and incident response (DFIR) training session.
During this presentation, Chris shows participants how to set up Infocyte's managed detection and response (MDR) platform and how to leverage Infocyte to detect, investigate, isolate, and eliminate sophisticated cyber threats. Additionally, Infocyte helps enterprise cyber security teams eliminate hidden IT risks, improve security hygiene, maintain compliance, and streamline security operations—including improving the capabilities of existing endpoint security tools.
Using Infocyte's new extensions, participants are encouraged to custom create their own collection (detection and analysis) and action (incident response) extensions.
Improve Threat Detection with OSSEC and AlienVault USMAlienVault
Host-based IDS systems, or HIDS, work by monitoring activity that is occurring internally on a host. HIDS look for unusual or nefarious activity by examining logs created by the operating system, looking for changes made to key system files, tracking installed software, and sometimes examining the network connections a host makes. AlienVault USM features a complete integration of OSSEC, one of the most popular and effective open source HIDS tools.
In this live demo, we'll show you how USM helps you get more out of OSSEC with:
Remote agent deployment, configuration and management
Behavioral monitoring of OSSEC clients
Logging and reporting for PCI compliance
Data correlation with IP reputation data, vulnerability scans and more
We'll finish up by showing a demo of how OSSEC alert correlation can be used to detect brute force attacks with USM
PCI DSS Simplified: What You Need to KnowAlienVault
Maintaining, verifying, and demonstrating PCI DSS compliance is far from a trivial exercise. Those 12 requirements often translate into a lot of manual and labor-intensive tasks – chasing down discrepancies in asset inventory spreadsheets, removing false positives from network vulnerability assessment reports, and weeding through log data trying to make sense of it all. In fact, you may need to consult at least a dozen different tools for those dozen requirements.
Thankfully, there’s a simpler alternative. AlienVault Unified Security Management (USM) consolidates the five essential capabilities you need for PCI DSS compliance. As a nearly complete PCI compliance solution, AlienVault’s USM delivers the security visibility you need in a single pane-of-glass. And it solves more than the single purpose PCI DSS compliance software alternatives do. During this webcast, you will learn how to:
Achieve, demonstrate and maintain PCI DSS compliance
Consolidate and simplify SIEM, log management, vulnerability assessment, IDS, and file integrity monitoring in a single platform
Implement effective incident response with emerging threat intelligence
Plus, you'll see how quickly and easily you can simplify and accelerate PCI DSS compliance. Register Now to secure your spot.
Did you suffer a data breach in 2014? Even if you avoided
a breach, it’s likely that you saw an increase in the number
of security incidents — according to PwC research, since
2009 the volume has grown at an average of 66% per
year.1 It seems that it’s only retailers and entertainment
companies that make the headlines, but organizations
of all kinds are affected. In this report we look at how
well prepared companies are to withstand attacks and
mitigate the impact of breaches, and recommend how
you can improve.
Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...Aggregage
The COVID-19 pandemic forced many people into working remotely, opening the floodgates for a host of digital compliance issues. Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. This is especially vital if your workers were (and still are!) using company equipment from home, or are still working remotely.
Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.
In this webinar you will learn:
• What digital compliance looks like for remote, in-office, and hybrid businesses
• What factors to look for when evaluating your company's data privacy and security posture
• The ins and outs of HIPAA/SOC 2 in the context of a transition
• What tools or security measures your company can easily implement
Requirements and Security Assessment Procedure for C7 To Be PCI DSS CompliantOlivia Grey
Here is a detailed analysis of Requirements and Security Assessment Procedures for PCI Data Security. This guide will help in eliminating redundancy between documents, and make both general and specific changes from PCI DSS Security Audit Procedures v1.1. For more information, visit: https://www.c7.com/data-center/compliance-security/
Spirit of PCI DSS by Dr. Anton Chuvakin
PCI compliance is seen by many merchants as “a checklist exercise” which is disconnected from reducing their fraud costs, security risks and other losses. It is sometimes perceived as a painful exercise in futility, enforced by some “higher powers” who don’t care about merchants. This presentation will discuss how to bring back the real spirit of PCI DSS, the spirit of data security, risk reduction and trustworthy business transactions. It will discuss, in particular, how to use the controls of PCI DSS to protect your business from online threats and highly damaging hacker attacks. Moreover, focusing on the spirit of PCI DSS will help merchants to both simplify compliance and improve security, while protecting their customers and their sensitive data and keeping acquirers and brands happy.
Open Source IDS Tools: A Beginner's GuideAlienVault
This SlideShare provides an overview of the various Open Source IDS tools available today. Whether you need to monitor hosts or the networks connecting them to identify the latest threats, these are some great open source intrusion detection (IDS) tools available to you.
Managing Multiple Assessments Using Zero Trust PrinciplesControlCase
ControlCase discusses the following:
•What is “One Audit” for multiple assessments
•Current Research
•Zero Trust Principles for IT security
•Remote Assessment Methodology
SIEM 101: Get a Clue About IT Security Analysis AlienVault
How real-time network sleuthing can help you lock down IT.
Everyone in IT knows that security is a big deal, but did you know that SIEM (security information and event management) can help protect your network from data breaches, even when traditional defenses fail?
If SIEM a mystery to you, lets grab Colonel Mustard, the candlestick and head to the library because this mystery is about to be solved. We'll be giving out more than just clues in this webinar: you'll discover explanations of security concepts, tools, tips and tricks as we unravel the mystery of how to better protect your network. Bring your magnifying glass, because you’ll also learn about event correlation, EPS, normalization and other things that will surely impress your friends.
Sign up now to learn from our chief gumshoe and noted SIEM Enthusiast Joe Schreiber. He’ll explain the reasons that SIEM exists, how it works, and most importantly - what you can do with it.
IT WAS MR. BODDY ALL ALONG!!!
A detailed analysis on the Security Standard goals and requirements. Examples of companies that failed to comply, with emphasis on which part of the security standards they violated and the fines that resulted as a result of their non-compliance.
Effective Cyber Defense Using CIS Critical Security ControlsBSides Delhi
The CIS Critical Security Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to stop today’s most pervasive and dangerous attacks. They are developed, renewed, validated, and supported by a large volunteer community of security experts under the stewardship of the Center for Internet Security (www.cisecurity.org). Contributors, adopters, and supporters are found around the world and come from all types of roles, backgrounds, missions, and businesses. State and local governments, power distributors, transportation agencies, academic institutions, nancial services, federal government, and defense contractors are among the hundreds of organizations that have adopted the Controls. They have all implemented the Controls to address the key question: “What needs to be done right now to protect my organization from advanced and
targeted attacks?”
NetStandard CTO John Leek presents 20 Critical Security Controls for the Cloud at Interface Kansas City. This presentation is based on controls set forth by the SANS Institute. Learn more at http://www.netstandard.com.
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte
Join Infocyte co-founder and Chief Product Officer, Chris Gerritz, for a two-hour digital forensics and incident response (DFIR) training session.
During this presentation, Chris shows participants how to set up Infocyte's managed detection and response (MDR) platform and how to leverage Infocyte to detect, investigate, isolate, and eliminate sophisticated cyber threats. Additionally, Infocyte helps enterprise cyber security teams eliminate hidden IT risks, improve security hygiene, maintain compliance, and streamline security operations—including improving the capabilities of existing endpoint security tools.
Using Infocyte's new extensions, participants are encouraged to custom create their own collection (detection and analysis) and action (incident response) extensions.
Improve Threat Detection with OSSEC and AlienVault USMAlienVault
Host-based IDS systems, or HIDS, work by monitoring activity that is occurring internally on a host. HIDS look for unusual or nefarious activity by examining logs created by the operating system, looking for changes made to key system files, tracking installed software, and sometimes examining the network connections a host makes. AlienVault USM features a complete integration of OSSEC, one of the most popular and effective open source HIDS tools.
In this live demo, we'll show you how USM helps you get more out of OSSEC with:
Remote agent deployment, configuration and management
Behavioral monitoring of OSSEC clients
Logging and reporting for PCI compliance
Data correlation with IP reputation data, vulnerability scans and more
We'll finish up by showing a demo of how OSSEC alert correlation can be used to detect brute force attacks with USM
PCI DSS Simplified: What You Need to KnowAlienVault
Maintaining, verifying, and demonstrating PCI DSS compliance is far from a trivial exercise. Those 12 requirements often translate into a lot of manual and labor-intensive tasks – chasing down discrepancies in asset inventory spreadsheets, removing false positives from network vulnerability assessment reports, and weeding through log data trying to make sense of it all. In fact, you may need to consult at least a dozen different tools for those dozen requirements.
Thankfully, there’s a simpler alternative. AlienVault Unified Security Management (USM) consolidates the five essential capabilities you need for PCI DSS compliance. As a nearly complete PCI compliance solution, AlienVault’s USM delivers the security visibility you need in a single pane-of-glass. And it solves more than the single purpose PCI DSS compliance software alternatives do. During this webcast, you will learn how to:
Achieve, demonstrate and maintain PCI DSS compliance
Consolidate and simplify SIEM, log management, vulnerability assessment, IDS, and file integrity monitoring in a single platform
Implement effective incident response with emerging threat intelligence
Plus, you'll see how quickly and easily you can simplify and accelerate PCI DSS compliance. Register Now to secure your spot.
Did you suffer a data breach in 2014? Even if you avoided
a breach, it’s likely that you saw an increase in the number
of security incidents — according to PwC research, since
2009 the volume has grown at an average of 66% per
year.1 It seems that it’s only retailers and entertainment
companies that make the headlines, but organizations
of all kinds are affected. In this report we look at how
well prepared companies are to withstand attacks and
mitigate the impact of breaches, and recommend how
you can improve.
This is the presentation from Null/OWASP/g4h Bangalore October MeetUp by Manasdeep.
http://technology.inmobi.com/events/null-october-meetup
This talk will focus on the general overview of the PCI-DSS standard and how does it help to protect the cardholder data. Changes introduced in the new PCI DSS v3.0 standard will further explore how it safeguards the Cardholder data environment for the various entities.
Talk Outline:
- PCI DSS v3 : An Overview
- PCI DSS: How it is different from other similar standards?
- PCI DSS vs ISO 27001
- Protecting Cardholder data through PCI DSS v3
- Common Myths regarding PCI DSS
- Security vs Compliance
ControlCase discusses the following:
- What is Data Discovery
- Why Data Discovery
- PCI DSS requirements
- Need for Data Discovery in the context of PCI DSS
- Challenges in the Data Discovery space
GrowthStack 2016 — Rapid Response To Mobile FraudGrow.co
App install and engagement fraud cost mobile advertisers up to $350 million this year. Paying for bad installs first and negotiating a refund later means taking only a reactive approach to this massive issue – instead, you need early indicators of fraudulent traffic that you can act on right away. In this session, you’ll learn how Game Circus uses a variety of anti-fraud techniques as well as device-level data to prevent bad installs before they occur.
Marcus Lee, Director, Mobile User Acquisition @ Game Circus
Sunil Bhagwan, Vice President, Sales @ AppsFlyer
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
ControlCase discusses the following:
- What is Log Management and FIM
- PCI DSS, EI3PA, ISO 27001 requirements
- Log Management and regulation requirements/ mapping
- File Integrity
Learn the 6 practical steps every IT admin should take to ensure SIEM success in your environment. The promise of SIEM is clearly an essential one–better security visibility. Aggregate, correlate, and analyze all of the security-relevant information in your environment so that you can:
• Identify exposures
• Investigate incidents
• Manage compliance
• Measure your information security program
Unfortunately, going from installation to insight with a SIEM is a challenge. Join us for this 45-minute session to learn tricks for getting the most out of your SIEM solution in the shortest amount of time.
7 Reasons your existing SIEM is not enoughCloudAccess
For many enterprises, SIEM has evolved into a ubiquitous and useful tool. It is meant to detect, correlate and alert users to potential threats. In fact, it is an excellent tool to collect and aggregate information in real-time from across the enterprise and present an actionable review of security issues... HOWEVER there are several mission critical aspects of the current generation of SIEM that don't meet modern security needs.
• Overview of changes and clarification
• Additional requirements for service providers
• Additional requirements for change control processes
• Multifactor authentication
• Penetration testing changes
• SSL/TLS changes and implications
• Timing of changes
Threat Hunting with Windows Event Forwarding & MITRE ATT&CK Framework
In this talk, you will gain an overview of using Windows Event Forwarding (WEF) for incident detection, with configuration and management workflows guidance. The talk will also provide an introduction to the MITRE ATT&CK Framework.
Best Practices for Configuring Your OSSIM InstallationAlienVault
Because every network environment is different, OSSIM offers flexibile configuration options to adapt to the needs of different environments. Whether you are just getting started with OSSIM, or have been using it for years, thinking through the configuration options availble will help you get the most out of your installation.
Join us for this customer training webcast where our OSSIM experts will walk through:
How to deploy & configure OSSEC agents
Best practices for configuring syslog and enabling plugins
Scanning your network for assets and vulnerabilities
Supporting Contractors with NIST SP 800-171 ComplianceSolarWinds
Contractors are ensuring they comply with NIST SP 800-171, to protect controlled information. SolarWinds solutions offer a range of support, from device discovery, to fulfilling and monitoring security controls. Register and attend to learn more.
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
Watch this on-demand webast to learn how to acheive security compliance with AlienVault Unified Security Management (USM): https://www.alienvault.com/resource-center/webcasts/how-to-solve-your-top-it-security-reporting-challenges-with-alienvault?utm_medium=Social&utm_source=SlideShare&utm_campaign=solve-it-compliance-usm-webinar
Learn how you can take your on-premises and cloud security to the next level with a free online demo at: https://www.alienvault.com/products/usm-anywhere/demo?utm_medium=Social&utm_source=SlideShare&utm_campaign=solve-it-compliance-usm-webinar
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsAlienVault
As you've likely heard, Meltdown and Spectre are vulnerabilities that exist in Intel CPUs built since 1995. Hackers can exploit Meltdown and Spectre to get hold of information stored in the memory of other running programs. This might include passwords stored in a password manager or browser, photos, emails, instant messages and even business-critical documents.
Join us for a technical webcast to learn more about these threats, and how the security controls in AlienVault Unified Security Management (USM) can help you mitigate these threats.
You'll learn:
What the AlienVault Labs security research team has learned about these threats
How to scan your environment (cloud and on-premises) for the vulnerability with AlienVault USM Anywhere
How built-in intrusion detection capabilities of USM Anywhere can detect exploits of these vulnerabilities
How the incident response capabilities in USM Anywhere can help you mitigate attacks
Watch the On-Demand Webcast here: https://www.alienvault.com/resource-center/webcasts/meltdown-and-spectre-how-to-detect-the-vulnerabilities-and-exploits?utm_medium=Social&utm_source=SlideShare&utm_content=meltdown-spectre-webcast
Hosted By
Sacha Dawes
Principal Product Marketing Manager
Sacha joined AlienVault in Feb 2017, where he is responsible for the technical marketing of the AlienVault Unified Security Management (USM) family of solutions. He brings multiple years of experience from product management, product marketing and business management roles at Microsoft, NetIQ, Gemalto and Schlumberger where he has delivered both SaaS-delivered and boxed-product solutions that address the IT security, identity and management space. Originally from the UK, Sacha is based in Austin, TX.
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
Need a crash course on SIEM? No problem. Our security gurus will explain what SIEM is (and isn’t) and how to get up and running with it quickly and painlessly.
You'll learn everything you need to know about:
* Critical information stored in your logs and how to leverage it for better security
*Requirements to effectively perform log collection, log management, and log correlation
*How to integrate multiple data sources
*What features to look for in a SIEM solution
AlienVault Threat Alerts are a simple yet powerful tool that comes built-in with Spiceworks. When a device on your network has been interacting with a known malicious host or suspicious IP, you’ll immediately get an alert in your feed and you’ll get an alert email.
Security operations center 5 security controlsAlienVault
An effective Security Operation Center provides the information necessary for organizations to efficiently detect threats and subsequently contain them. While eliminating the threats we face is an impossible goal, reducing the time it takes to respond and contain them is certainly achievable. Learn 5 security controls for an effective security operations center.
Improve threat detection with hids and alien vault usmAlienVault
Host-based intrusion dection systems (HIDS) work by monitoring activity that is occurring internally on a host. HIDS look for unusual or nefarious activity by examining logs created by the operating system, looking for changes made to key system files, tracking installed software, and sometimes examining the network connections a host makes. AlienVault USM integrates HIDS with other key security controls to help you get the most out of HIDS, including:
Analyzing system behavior and configuration status to track user access and activity
Detecting system compromise, modification of critical configuration files (e.g. registry settings, /etc/passwd), common rootkits, and rogue processes
Correlating HIDS data with known IP reputation, vulnerability scans and more
Logging and reporting for PCI compliance
The State of Incident Response - INFOGRAPHICAlienVault
Incident Response (IR) teams are designed to detect, investigate and, when necessary, perform remediation in the event of a critical incident. The results of the 2015 SANS Incident Response Survey provides a picture of what IR teams are up against today—the types of attacks they see, what defenses they have in place to detect and respond to these threats, and their perceived effectiveness and obstacles to incident handling.
Some key challenges reported by responders to the survey were:
66% cited a skills shortage as being an impediment to effective IR:
54% cited budgetary shortages for tools and technology
45% noted lack of visibility into system or domain events
41% noted a lack of procedural reviews and practice
37% have trouble distinguishing malicious events from nonevents
Do these challenges sound familiar? Download the full survey to learn more about how other organizations are approaching incident response, along with best practices and advice. Visit http://ow.ly/R3Cr0
Incident response live demo slides finalAlienVault
So, you've got an alarm - or 400 alarms maybe, now what? Security incident investigations can take many paths leading to incident response, a false positive or something else entirely. Join this webcast to see security experts from AlienVault and Castra Consulting work on real security events (well, real at one point), and perform real investigations, using AlienVault USM as the investigative tool. Process or art form? Yes.
You'll learn:
Tips for assessing context for the investigation
How to spend your time doing the right things
How to to classify alarms, rule out false positives and improve tuning
The value of documentation for effective incident response and security controls
How to speed security incident investigation and response with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMAlienVault
Securing your network from threats is a constantly evolving challenge, especially for federal government agencies with much valuable data to protect, and where IT security resources are often limited. AlienVault has helped many government organizations get complete security visbility for effective threat detection and response, without breaking the bank.
Join us for a live demo to see how AlienVault USM addresses these key IT security needs:
Discover all IP-enabled assets to get an accurate picture of attack surface
Identify vulnerabilities like insecure configurations and unpatched software
Improve situational awareness with real-time threat detection and alerting
Speed incident containment & response with built-in remediation guidance for every alert
Investigate anomalies in protocol usage, privilege escalation, host behavior and more
Generate fast & accurate reports for compliance & management
Improve Security Visibility with AlienVault USM Correlation DirectivesAlienVault
At the heart of SIEM is ability to correlate events from one or many sources into actionable alarms based on your security policies. AlienVault USM provides over 2100 correlation directives developed by the AlienVault Labs team, plus the ability to create your own custom rules.
Join us for this customer training session covering how to:
Ensure you are using the latest and greatest built-in correlation directives from AlienVault Labs
Write your own correlation directives based on events from one or more sources
Turn correlation information into actionable alarms
Use correlations to enforce your security policies
With malware accounting for at least 40% of all breaches, knowing how malware works can be an extremely valuable asset in your threat detection cache – especially for the incident responder. According to Verizon’s 2013 Data Breach Investigations Report, “Malware and hacking still rank as the most common [threat] actions”. In general, malware can range from being simple annoyances like pop-up advertising to causing serious damage like stealing passwords and data or infecting other machines on the network.
Malware is as old as software itself and although there are new types of malware constantly under development, they generally fall into a few broad categories. Check out this SlideShare to learn how malware works, and what we believe are the most common types of malware you should be prepared for.
By learning how malware works and recognizing its different types, you’ll understand:
- How they find their way into your network
- How attackers control them remotely
- How they use your systems for nefarious purposes
- And most importantly, the security controls you need to effectively defend against and detect malware infections. (Hint: you need more than antivirus!)
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverAlienVault
AlienVault Unified Security Management™ (USM) integrates SIEM/event correlation with built-in tools for intrusion detection, asset discovery, vulnerability assessment and behavioral monitoring to give you a unified, real-time view of threats in your environment. NEW v5.0 (available 4/20) makes it faster and easier than ever to get the insights you need, starting on Day 1.
Join us for a live demo to see how new USM v5.0 makes it easier than ever to accomplish these key tasks:
Discover all IP-enabled assets on your network
Identify vulnerabilities like unpatched software or insecure configurations
Detect network scans and malware like botnets, trojans & rootkits
Speed incident response with built-in remediation guidance for every alert
Generate accurate compliance reports for PCI DSS, HIPAA and more
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than EverAlienVault
With a focus on simplifying asset management, OSSIM v5.0 (available 4/20) makes it faster and easier than ever to get the insights you need. Join us for this user training to learn how to get the most out of these new enhancements:
Assign custom labels for assets, groups and networks
Search, filter and group assets by OS, IP address, device type, custom labels and more
Run vulnerability and asset scans on custom asset groups with one click
Filter by asset groups in alarms, security events and raw logs
Update configuration, sensor assignment, asset value and more on multiple assets and groups of assets at once
...and more!
AWS Security Best Practices for Effective Threat Detection & ResponseAlienVault
In this SlideShare, we’ll share the AWS Security Best Practices for securing AWS environments, as well as some of the trends our research has shown with regard to attacks on those environments. We'll also introduce the key capabilities needed for a modern threat detection & incident response program customized for AWS, and other AWS Security Best Practices including:
-Asset Discovery - creating an inventory of running instances
-Vulnerability Assessment - conducting scans to assess exposure to attack, and prioritize risks
-Change Management - detect changes in your AWS environment and insecure network access control configurations
-S3 & ELB Access Log Monitoring - Monitor access logs of hosted content and data directed at your instance
-CloudTrail Monitoring and Alerting - Monitor the CloudTrail service for abnormal behavior
-Windows Event Monitoring - Analyze system level behavior to detect advanced threats
With more IT environments moving data and applications to AWS, the motivation for hackers to target AWS environments is also increasing. We believe these AWS Security Best Practices will be a valuable addition to every security practitioner’s playbook.
We'll finish up with a demo of NEW AlienVault USM for AWS, which delivers all of the above capabilities, plus log management & event correlation to help you detect threats quickly and comply with regulatory requirements.
IDS for Security Analysts: How to Get Actionable Insights from your IDSAlienVault
The fun with IDS doesn't stop after installation, in fact, that's really where the fun starts. Join our panel of IDS experts for an educational discussion that will help you make sense of your IDS data, starting from Day 1. We will discuss signature manipulation, event output and the three "P's" - policy, procedure and process. We won't stop there either! You will find out the meaning behind the terms all the cool kids are using like "False Positives" and "Baselining". We'll round it out with more information about how IDS interacts with the rest of your IT applications and infrastructure. If you installed an IDS and are wondering what to do next then signup now!
Insider Threats: How to Spot Trouble Quickly with AlienVault USMAlienVault
There's always a need to stop bad stuff from coming in, but it's important to remember that those inside the firewall can pose an even bigger risk to your network security. Whether its unsuspecting users clicking on phishing e-mails, someone running bit torrent in your datacenter, or a truly malicious user out to sabotage the network, insider threats can really keep you up at night.
Join us for this technical demo showing how USM can help you detect:
Malware infections on end-user machines
Insiders misusing network resources
Privileged users engaging in suspicious behaviors
Alien vault sans cyber threat intelligenceAlienVault
Over the last several years, we have seen that attackers are innovating much faster than defenders are. This trend is steering many companies to look towards cyber threat intelligence (CTI) to help them navigate today’s threatening landscape. SANS conducted a survey this year to explore who is using cyber threat intelligence and how they are using it. The survey collected responses from 326 IT professionals working in a variety of industries, in all sizes and from many different regions. 69% of the respondents reported implementing CTI to some extent, with only 16% planning not to pursue CTI in their environments. Which side of this percentage do you fall into? The infographic below provides some of the key questions to ask when getting started with threat intelligence, along with data from the SANS survey to show you how others are using threat intelligence.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
3. @AlienVault@AlienVault
Key reporting requirements of the PCI DSS standard
Security technologies needed to collect the required
data
How AlienVault USM generates these reports in
minutes, not days
How to use your audit reports to improve security on
an on-going basis
Agenda
6. @AlienVault
Make an audit trail—follow the user
10.1 Establish a process for linking all access to system components
(especially access done with administrative privileges such as root)
to each individual user.
10.2 Implement automated audit trails for all system components to
reconstruct the following events:
• 10.2.2 All actions taken by any individual with root or administrative
privileges
• 10.2.4 Invalid logical access attempts
• 10.2.5 Use of identification and authentication mechanisms
• 10.2.7 Creation and deletion of system level objects
7. @AlienVault
Make an audit trail—and protect it
10.2.3 Verify that access to all audit trails is logged.
10.2.6 Verify that initialization of audit logs is logged.
10.5.1 Verify that only individuals who have a job-related
need can view audit trail files.
10.5.2 Verify that current audit trail files are protected
from unauthorized modifications
10.5.5 Verify the use of file-integrity monitoring or
change-detection software for logs
8. @AlienVault
Stuff to record
10.3.1 User identification
10.3.2 Type of event
10.3.3 Date and time
• Time must be synchronized across all systems—10.4
10.3.4 Success or failure indication
10.3.5 Origination of event
10.3.6 Identity or name of affected data, system
component, or resource.
10. @AlienVault
Gather ye log records while ye may
10.5.3 Promptly back up audit trail files to a centralized
log server or media that is difficult to alter.
10.5.4 Write logs for external-facing technologies onto a
log server on the internal LAN.
10.7 Retain audit trail history for at least one year, with a
minimum of three months immediately available for
analysis.
12. @AlienVault
Gaze upon your log records
10.6 Review logs for all system components at least daily. Log reviews
must include those servers that perform security functions like
intrusion-detection system (IDS) and authentication, authorization, and
accounting protocol (AAA) servers (for example, RADIUS).
This is tough for a human to do. It’s been compared to drinking from
a fire hose.
Acquire a Security Information and Event Management tool and/or
service.
Its purpose is to continually analyze log records across all the systems.
If it detects anomalous behavior, it will send a signal to someone.
14. @AlienVault
Pay attention to the bat signal
12.5.2 Monitor and analyze security alerts and information, and
distribute to appropriate personnel.
That’s it—there’s no requirement to have a documented process to
handle the alert.
12.5.3 Establish, document, and distribute security incident
response and escalation procedures to ensure timely and effective
handling of all situations.
How does an alert become an incident?
17. @AlienVault
Pay better attention to the bat signal
The PCI Security Standards Council is concerned that logs are used more for
forensics after an attack instead of detecting and blocking the attack.
They wanted to improve the “slow detection of compromise”.
Version 3 of the PCI Data Security Standard provides more guidance on log reviews.
New sub-requirement 10.6.3.a requires that procedures are defined for following up
on exceptions and anomalies identified during the review process.
New sub-requirement 11.5.1 requires the implementation of a process to respond to
any alerts generated by the change-detection mechanism
Revised sub-requirements 12.5.2–3 requires that
• responsibilities are assigned for monitoring and analyzing security alerts and for
informing the people responding to those alerts; and that the,
• responsibility for establishing, documenting, and distributing the procedures to
handle those alerts are also assigned.
18. @AlienVault
One more thing about logging
AlienVault USM can only operate on the log records provided.
10.2.1 [Implement automated audit trails for all system components to
reconstruct] All individual accesses to cardholder data
User access to cardholder data (CHD) is typically implemented as follows:
• User is authenticated
• User’s request is processed by one or more intermediate applications.
• These applications are well known, e.g. WebLogic, bespoke, or legacy.
• Those applications send commands, typically SQL, to access the
database and potentially CHD.
Each of these components must generate log records that link the identity of
the user to the specific CHD accessed.
19. @AlienVault
Looking for bad stuff
Look for unauthorized wireless access points
• 11.1.d If automated monitoring is utilized (for example, wireless IDS/IPS,
NAC, etc.), verify the configuration will generate alerts to personnel.
11.2 Run internal and external network vulnerability scans at least quarterly
and after any significant change in the network …
• 11.2.1 Perform quarterly internal vulnerability scans.
• 11.2.1.c [The scan must be] performed by a qualified internal resource(s)
or qualified external third party, and if applicable, organizational
independence of the tester exists (not required to be a QSA or ASV).
20. @AlienVault
What you need from a SIEM
You need to be told if a critical event has been detected.
You need reports to help manage the environment.
You need reports to be provided as evidence to an auditor.
34. @AlienVault@AlienVault
AlienVault Server to
aggregate data and
manage the
deployment
AlienVault Sensor to
collect data from the
infrastructure
AlienVault
Logger for long
term storage and
reporting
AlienVault All-in-One
to collect, aggregate,
and store data as well
as manage
Three components
35. @AlienVault@AlienVault
Three components, three form factors
AlienVault Server to
aggregate data and
manage the
deployment
AlienVault Sensor to
collect data from the
infrastructure
AMIVirtual AppliancePhysical Appliance
AlienVault
Logger for long
term storage and
reporting
AlienVault All-in-One
to collect, aggregate,
and store data as well
as manage
40. @AlienVault
Log correlation is critical
Log correlation is about constructing rules that look for sequences and
patterns in log events that are not visible in the individual log sources.
System logs don’t say “Help! I’m being broken into with a compromised
account!”
• They say “Successful Login from Authenticated User”
They describe analysis patterns that would require human interpretation
otherwise, tied together by Logical Operators.
• “IF a new user IS created on the domain AND a new change control ticket IS
NOT created in the change control database”
41. @AlienVault
Why You Need Log Correlation
It monitors incoming logs for logical sequences, patterns and values to identify
events that are invisible to individual systems.
Log correlation:
• Performs analysis that would otherwise be done by repetitive human analysis.
• Identify things happening that are unusual for your business processes.
• Provide more context and certainty as to what is happening on your infrastructure by
comparing events from multiple sources
• Prioritize investigation and analysis work by filtering log events into meaningful alerts
and reports
42. @AlienVault
Different, Everybody is the Same
Log correlation allows for the creation of alerts that represent what is
important to your business processes and security risks.
Done correctly, Log Correlation is the difference between reacting to:
“POSSIBLE-EXPLOIT: mssql improperly formed packet headers”
Or
“User In Accounting Department seen logging into Financial Database from a
workstation in Customer Support Department”
43. @AlienVault@AlienVault
Quickly create groups of assets
• E.g., in-scope devices
Enables, fast, easy analysis
• Run vulnerability scans
against this host group
• Create reports only for hosts
belonging to the host group.
• Review all alarms, events,
other data just for that group
Power of groups
45. @AlienVault@AlienVault
Reports are easily configured and customized.
Key is mapping signatures to requirements.
Using views to limit what you want to see then create
reporting modules.
Insert and group reporting modules together to build a
report with the information you require.
Easily automate and schedule reports.
Reports
46. @AlienVault@AlienVault
AlienVault allows you to quickly generate a report to
track actions taken by AlienVault Web interface users.
Provides accountability.
Value extends out of PCI such as when investigating
sources of activity.
AlienVault User Activity Report – PCI 10.2.3
49. @AlienVault@AlienVault
PCI requirement of 1 year of log retention.
Report will show aggregate count of total logs per
month for 365 days as bar graph.
Allows for quick review of compliance.
New configuration allows for log expiration.
AlienVault Log Retention - PCI 10.7.b
52. @AlienVault@AlienVault
Mapping requirements to modules is key.
One module per requirement to demonstrate compliance.
Can combine modules together to create one report with
pertinent information.
Access Control Report - PCI 10.2.X
55. @AlienVault@AlienVault
Easy to follow, available in different formats.
Preference of PDF versus Excel.
Must have run at least one scan or imported a
previous scan.
Vulnerability Scanning Report 11.X
59. @AlienVault@AlienVault
View date and time, host, what was changed, and
statistics such as size and hash values.
Easy to set up with OSSEC.
OSSEC FIM - PCI 10.5.5
64. @AlienVault@AlienVault
In summary
The evidence the QSA wants What to give the QSA
Logs are held for one year Report showing 12 months of log counts
Modifications of, access to, and actions
on, logs are restricted and reported
AlienVault User Activity report of recent
authentications and actions is example
Recorded events—who had access to
CHD, login success or failure, privileged
access, creation or deletion of system
objects,
User account enabled or created,
Windows Logon Failure and Success,
Log file size reduced, User account
enabled or created, FIM as examples
Each record shows who did what to what,
when, was successful or not
Show any log record like Access Control
Report to demonstrate compliance
Logs reviewed daily with events reported Show example of automated alert that
triggers investigation
66. @AlienVault@AlienVault
Now for some Q&A…
Test Drive AlienVault USM
Download a Free 30-Day Trial
http://www.alienvault.com/free-trial
Try our Interactive Demo Site
http://www.alienvault.com/live-demo-site