Qradar as a SOC core

•

3 likes•1,468 views

Svetlana Arkhipova presents on QIWI's experience using Qradar as the security operations center (SOC) core. The QIWI SOC processes over 11,000 events per second from over 2,800 log sources and 700,000 network flows per minute. The Qradar deployment includes 45 virtual and 2 physical servers to handle the large volumes of log data. Key challenges include collecting logs from various sources like Windows, databases, and custom in-house applications in a standardized way and tuning the SIEM for internal security scanners. The QIWI SOC also works to automate compliance with standards like PCI, SOX, and national security regulations.

Software

Qradar as a SOC core:
QIWI experience
Svetlana Arkhipova
Head of infrastructure monitoring
and IT security incident response team
QIWI

#WHOAMI
• Head of SOC and OPS monitoring at QIWI group
• Past: Security analyst at GE Capital, independent security
consultant at fintech start-ups, *nix systems and network
administrator
• a.k.a. Mona

QIWI SOC
“Project of the year 2015”
Global CIO award,
February 2016

SOC STATISTICS
Get ready for (over)size
S I E M M E T R I C S
2862 log sources
>11 000 events per second
> 700 000 flows per minute
D A I LY S TAT S
67-145 Gb raw event logs per day
37-53 Gb network communication events
Q R A D A R C O R E
45 virtual servers
2 hardware servers(QFlow)
1 archive server

SIZING DEPLOYMENT
140 vCPU 232 vCPU
272 Gb vRAM 563 Gb vRAM
15 TB vHDD 103 TB vHDD

LOGGING CHALLENGES
S Y S L O G
Standard syslog message
size (RFC 5424)
W I N D O W S
Security logs permissions
on W7/2008+
D ATA B A S E S
What to log?
L O G S AT F S
IIS, Exchange and so on
I N - H O U S E
D E V E L O P M E N T
N O N - S TA D A R D L O G S
Arista, 1C, Wallarm…

STANDARD SOURCES
W I N D O W S * N I X - L I K E D A T A B A S E S N E T W O R K
• Event collectors vs. agents
• Extended system audit
• Non-English logs

STANDARD SOURCES
W I N D O W S * N I X - L I K E D A T A B A S E S N E T W O R K
• Syslog as a standard
• TCP syslog+network issues=pain
(google: “TCP is not reliable”)
• UDP syslog message size
• Auditd – what to log?

STANDARD SOURCES
W I N D O W S * N I X - L I K E D A T A B A S E S N E T W O R K
Is login history enough?
Syslog vs DB connection
IBM Guardium alerts

STANDARD SOURCES
W I N D O W S * N I X - L I K E D A T A B A S E S N E T W O R K
Syslog for device-level events
Qflow, Vflow, Netflow/Jflow

NON-STANDARD SOURCES
N E T W O R K
Exotic network devices
I N T E R N A L
In-house development –
business applications logs
C O U N T R Y- S P E C I F I C
1C and so on
S E C U R I T Y
S Y S T E M S
DBFW, NGFW, DLP, WAF,
honeypots…

INTERNAL SECURITY SCANNERS
“Normal paranormal” activity inside and outside
• A lot of SIEM tuning
• Log or drop events?
• Custom rules set for scanner nodes
• Credentials monitoring
• Balancers
NAT/SNAThttps://f5.com/resources/white-
papers/load-balancing-101-nuts-and-bolts

COMPLIANCE AUTOMATION
QIWI information security is compliant to the most of standards in IT/Financial sector
P C I / PA - D S S
All processing systems are
PCIDSS certified.
QIWI ATM is PADSS certified
S O X
As the member of NASDAQ our
company is audited every year
for SOX compliance
N AT I O N A L S TA N D A R D S
QIWI has successfully passed
audit for 152FZ and Central
Bank audit for 382-P

AUTOPILOT: ON
Automated
detection and
response actions

DOUBLE TROUBLE
Or “what’s happening with core on RedTeam”

QUESTIONS?
Svetlana Arkhipova
Head of infrastructure monitoring and IT security incident response team
M O N A @ Q I W I . C O M Q I W I . C O M / S E C U R I T Y. A C T I O N/ M O N A A R K H I P O VA

What's hot

Technology in ICS environments lags the Enterprise by 10-15yr. This often leads to ICS companies having to stand by while other more nimble institutions are able to take advantage of new technology. What few people realize, is that our industry gets to watch the future happen out on the Internet and then pick and choose the best techniques to adapt and bring back in time. In this session Mr. Kitchel will look at what is new in the IT world and forecast what should and will be applied to OT.

Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...

Digital Bond

Presenter: David Zahn, PAS Industrial control systems represent the brass ring for hackers who want to disrupt plant operations and negatively impact safety and productivity. The problem for cybersecurity professionals is that plants have highly vulnerable proprietary control systems where configuration data is not visible via standard WMI or SNMP calls. Yet, it is this same configuration data, such as I/O cards, firmware, installed software, and more, that hackers work hard to attain as it aids them in gaining control over industrial systems within plants. As the saying goes, “you can’t manage what you can’t measure.” Taking inventory of this hidden configuration data and doing so for all control assets is difficult. Plants as a result fall short of achieving centralized, automated inventory – a cybersecurity best practice and a necessary precursor to effective change management. So how do you address change management when important security data is kept locked within each vendor’s distributed control systems, programmable logic controllers, and remote terminal units? In this session, we’ll explore the types of inventory data that comprise a best practices cyber security plan. Next, we will dive into cost effective, accurate automation opportunities for inventory discovery and maintenance of heterogeneous proprietary and non-proprietary control assets. Finally, we’ll present a case study for implementing best practices for hardening ICS cyber security and automating management of change. Agenda: Building and Maintaining an Accurate ICS Inventory Best Practices in Inventory Automation Case Study

ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...

EnergySec

Cyber attacks have a direct impact on the bottom line, yet most organizations lack the visibility and understanding to manage IT risk from the business perspective. This presentation is from a webcast where a panel of experts examined how to shift from viewing IT risk in bits and bytes to having an impact on critical applications in the data center. - Learn why and how more organizations are beginning to move ownership of IT risk to the business - Understand how to aggregate and score vulnerabilities associated with data center applications and their associated physical or virtual servers - Learn about the integration between Qualys and AlgoSec that enables business stakeholders to “own the risk”

Managing risk and vulnerabilities in a business context

AlgoSec

From the demise of conventional signature-based endpoint technologies have risen next generation solutions. These technologies have cluttered the marketplace introducing a conundrum for endpoint selection. This session will focus on the key requirements for effective security prevention, detection, and remediation. It will introduce a real-world framework for categorizing endpoint capabilities, and enable selection of solutions matching the unmet needs of security programs. The following topics will be covered: • What do i actually need? • Real-world framework to categorize endpoint capabilities • Map vendors into buckets within the framework • Housekeeping, what's needed before you even start? • Cheat sheet of probing questions to ask vendors • Best practices of deploying best of breed solutions

NextGen Endpoint Security for Dummies

Atif Ghauri

For decades, security has essentially remained reactive – looking for the known bad or mitigating the threats after the damage is done. Remember, the attackers are getting smarter every day. So, what can you do? This paper will give you an idea on why data center micro-segmentation using internal firewalls may not be the best way forward, and why a software-defined approach wins. ColorTokens platform-agnostic software-defined security enables enterprises to efficiently secure their dynamic application environments in minutes. For more info, visit www.colortokens.com. Live Demo - http://bit.ly/CTLiveDemo

Micro-Segmentation for Data Centers - Without Using Internal Firewalls

ColorTokens Inc

What Is Next-Generation Endpoint Security and Why Do You Need It?

Priyanka Aash

Time is not on your side when managing security for a global enterprise and facing down a relentless barrage of cyber attacks. So when confronted with multiple suspect alerts flagged by your SIEM solution, you need a way to easily sift through and identify the attacks that will most likely impact key business processes – and quickly take action. Presented by renowned industry expert Prof. Avishai Wool, this new webinar will cover security best practices for introducing business context into your organization’s incident response processes, and prioritizing and automating remediation efforts accordingly. This insight will give you the intelligence you need to reduce the time and cost of mitigating cyber attacks by orders of magnitude. In this webinar Professor Wool will cover how to: - Augment incident triage with critical business context to assess the severity, risk and potential business impact of an attack - Prioritize incident remediation efforts based on business risk - Neutralize impacted systems through zero-touch automation - Limit the lateral movement of an attacker in, out and across your network - Keep all stakeholders involved in the remediation process to reduce disruption to the business

Tying cyber attacks to business processes, for faster mitigation

Maytal Levi

Guardicore - Shrink Your Attack Surface with Micro-Segmentation

CSNP

Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance

AlgoSec

Each SCADA network, in a healthy state, presents a specific quality of service (QoS) which rarely changes given the repetitive process of the IACS operations. The continuous monitoring of QoS parameters of an automation network may anticipate problems such as malware contamination and equipment failures like switches and routers. It is very important to be aware of these changes in behavior in order to receive alerts and promptly handle them, avoiding incidents that could compromise the operation of the network and be financially or environmentally costly. In this session Mr. Branquinho presents the results of tests to measure the performance of a simulated automation network parameters using a small SCADA network sandbox. First, the normal operating parameters of the network were measured. Next, several attacks were launched against the simulated automation network. At the conclusion of the work the graphs of the network in healthy state with the graphs of the network with the security incidents described above. The session will show how the network parameters were affected by each kind of incident and built a table showing the way the main parameters of an automation network were affected by the attacks.

Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...

Digital Bond

2021 01-13 reducing risk-of_ransomware

AlgoSec

“The only thing constant is change” dates back to 500 BC, but it has never rung more true when it comes to managing your network security policy. Bombarded by an onslaught of changes resulting from new applications, emerging threats and network re-architectures, security professionals struggle with manual processes as they sift through hundreds and often thousands of firewall rules and access lists. The result: slow response to business requests, and costly mistakes that cause outages and introduce risk. This presentation covers: · Common risks to avoid when making changes to your network security devices · How to better understand business requirements from the network security perspective · How to accelerate change requests and ensure security and compliance using automation

Shift Happens: Eliminating the Risks of Network Security Policy Changes

AlgoSec

Introducing Savvius Vigil

Savvius, Inc

The Internet of Things presents both a challenge and opportunity for identity management - a challenge because existing mechanisms for authentication & authorization must be extended and adapted for the particular constraints of devices (both legacy and new) and an opportunity because the devices that users more and more carry with them offer new abilities to enable a more seamless authentication experience for those users. Both of these aspects demand a consistent, cohesive and interoperable identity layer across IoT verticals, platforms, and protocols. Critically, we need an identity layer that acknowledges the full continuum of risk (and so appropriate security measures) that the IoT presents. Good security means knowing who entities (both device & user) are and what they should or should not be allowed to do. Good privacy requires that users will be able to control how their devices collect, store and share data. This talk will examine how existing & new tools (like OAuth, UMA, FIDO, and DLTs) may help meet these fundamental requirements for securing the IoT. (Source: RSA Conference USA 2018)

Identity-Based Security and Privacy for the Internet of Things

Priyanka Aash

During this talk we will be discussing hardware reverse engineering and why this is becoming a new way for attackers to compromise company networks. We will discuss how vendors are now leaving potentially malicious code within firmware and how some attackers could exploit these vulnerabilities. We will also discuss why it is important for companies to spend time reviewing hardware for vulnerabilities prior to deploying the systems within your company’s network and outlining a process on how to perform this work. The presenters will outline each phase of the hardware reverse engineering assessment, outlining how to exploit various vulnerabilities that you may discover and provide a list the software and tools that will be needed to support this work. Finally we will talk about how you should be documenting your findings for management and how to properly disclose the findings to the vendor once the test has been completed.

Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...

centralohioissa

Cloud Security Zen: Principles to Meditate On

Samuel Reed

API Training 10 Nov 2014

Digital Bond

Today's fast paced business application deployments and changes require IT, networking and security to be more agile than ever before. Yet this agility often comes at the expense of security, control and accuracy. When facing a barrage of cyber-attacks this is not an option. In this new technical webinar, Anner Kushnir, VP of Technology at AlgoSec will explain how to address these contradicting requirements, and eliminate the tension between the two, through a unique zero-touch approach to security policy management. In this webinar Anner will present: • The challenges and requirements for zero-touch security policy automation • How automation can support business agility while maintaining checks and balances • Defining a policy for pre-approved "more of the same" low risk changes • Handling exceptions, risks and escalation • Maintaining a full audit trail for compliance audits • Tracking SLAs and further fine-tuning business agility

Security Change Management: Agility vs. Control

AlgoSec

Web Application Security: Beyond PEN Testing

Robert Grupe, CSSLP CISSP PE PMP

One of the biggest concerns for info security professionals and business executives right now is ransomware attacks. It has prompted many organizations urgently assess what they need to do to contain and limit their exposure to this threat. Presented by renowned industry expert Prof. Avishai Wool, this new technical webinar will provide some best practices and tips to help organizations prevent, contain and respond to a ransomware attack. In this webinar Professor Wool will discuss: • The different methods used by cyber criminals to penetrate the network security perimeter • Best practices for reducing cyber criminals’ lateral movements across the network • How to augment incident triage with critical business context to assess the severity, risk and potential business impact of an attack • Prioritizing incident remediation efforts based on business risk, and neutralizing impacted systems through zero-touch automation • The impact of a ransomware on regulatory compliance

Ransomware Attack: Best Practices to proactively prevent contain and respond

AlgoSec

What's hot (20)

Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...

ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...

Managing risk and vulnerabilities in a business context

NextGen Endpoint Security for Dummies

Micro-Segmentation for Data Centers - Without Using Internal Firewalls

What Is Next-Generation Endpoint Security and Why Do You Need It?

Tying cyber attacks to business processes, for faster mitigation

Guardicore - Shrink Your Attack Surface with Micro-Segmentation

Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance

Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...

2021 01-13 reducing risk-of_ransomware

Shift Happens: Eliminating the Risks of Network Security Policy Changes

Introducing Savvius Vigil

Identity-Based Security and Privacy for the Internet of Things

Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...

Cloud Security Zen: Principles to Meditate On

API Training 10 Nov 2014

Security Change Management: Agility vs. Control

Web Application Security: Beyond PEN Testing

Ransomware Attack: Best Practices to proactively prevent contain and respond

Viewers also liked

[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova

OWASP Russia

Melbourne Office 365 User Group - February 2015 What's New? Much has changed since our November meeting. We will give you an update about the recent Office 365 news and features. Office 365 Australia Late in 2014 Microsoft announced the arrival of Office 365 to Australian Data Centres. This will affect both new and existing customers in Australia, so we will explore what this means for both groups and take a look at when you can start using the local service. http://www.meetup.com/Melbourne-Office-365-Meetup

Melbourne Office 365 User Group - February 2015

Michael Frank

TLS monitoring, David Ordyan and Mikhail Aksenov

OWASP Russia

Web Application Firewalls: Advanced analysis of detection logic mechanisms, V...

OWASP Russia

Qradar ibm partner_enablement_220212_final

Arrow ECS UK

View ondemand webinar: https://securityintelligence.com/events/qradar-investment-2016/ Helping you stay ahead of cybercriminals means our work at IBM Security is never done. With data coming from every direction to collect, you need real time and historical analytics to discover anomalistic conditions that often provide the early warning signs of an attacker’s presence. Join us to hear about new features in IBM Security QRadar that can provide you with better visibility into what’s happening on your network and new integrations that will help you multiply your investment and help speed your remediation efforts.

5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016

IBM Security

Ведущие: Денис Макрушин и Юрий Наместников Среди прочих мер, направленных на защиту корпоративной инфраструктуры от злоумышленников, специалисты по безопасности полагаются на строгую политику ограничения доступа приложений к интернету. Защита информационных систем предприятия основана главным образом на принципе «запретить все, что не разрешено». Тем временем угрозы безопасности притаились в недрах корпоративных сетей и ждут, когда у сотрудников закончится рабочий день. Мы расскажем вам, как с наступлением темноты киберпреступники используют Notepad, AutoCAD, Tomcat и SQL Server в своих целях.

Город никогда не спит / The City Never Sleeps

Positive Hack Days

BGA SOME/SOC Etkinliği - Kurumsal SOME’ler için SOC Modeli Nasıl Olmalı?

BGA Cyber Security

HP ArcSight

Mohamed Zohair

File Transfer Protocol

guest029bcd

Andy Malone - Microsoft office 365 security deep dive

Nordic Infrastructure Conference

44CON 2014: Using hadoop for malware, network, forensics and log analysis

Michael Boman

EyePyramid and other .NET malware. How to analyze them?

Antonio Parata

Viewers also liked (13)

[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova

Melbourne Office 365 User Group - February 2015

TLS monitoring, David Ordyan and Mikhail Aksenov

Web Application Firewalls: Advanced analysis of detection logic mechanisms, V...

Qradar ibm partner_enablement_220212_final

5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016

Город никогда не спит / The City Never Sleeps

BGA SOME/SOC Etkinliği - Kurumsal SOME’ler için SOC Modeli Nasıl Olmalı?

HP ArcSight

File Transfer Protocol

Andy Malone - Microsoft office 365 security deep dive

44CON 2014: Using hadoop for malware, network, forensics and log analysis

EyePyramid and other .NET malware. How to analyze them?

Similar to Qradar as a SOC core

Needlesand haystacks i360-dublin

Derek King

A long time ago, in a galaxy far far away, AV was invented. Then firewalls and IDS and SIEM and NAC and DLP and on and on. With all these products, it seems like a career in information security is really more about managing tools than defeating a galactic empire of hackers and miscreants. But like the Rebel Alliance, you can take back your enterprise, because many of our existing monitoring systems and network devices also have security functionality. Moreover, there are many excellent open source applications that work just as well as commercial ones.

Ending the Tyranny of Expensive Security Tools

SolarWinds

Ending the Tyranny of Expensive Security Tools

Michele Chubirka

SplunkSummit 2015 - Splunk User Behavioral Analytics

Splunk

Security defined routing_cybergamut_v1_1

Joel W. King

Mohammad Tahir_CV

Mohammad Tahir Shaikh

What's Next : A Trillion Event Logs, A Million Security Threat

Alan Yau Ti Dun

Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr

Georg Knon

PLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadków

PROIDEA

A modern approach to safeguarding your ICS and SCADA systems

Alane Moran

The age of cloud computing presents the software architects with a unique set of opportunities as well as a unique set of challenges. Designing, building, and operating applications at cloud scale has changed the very nature of software architecture discipline to accommodate a much larger set of objectives and skills. Prior to the cloud era, software architecture was primarily about fulfilling functional requirements while maintaining code modularity and meeting a narrow set of non-functional requirements, such as performance. The cloud-era architect needs to accommodate not only functional requirements and customer-defined throughput and performance requirements, but also a large set of non-functional requirements related to cyber security, compliance, and most notably also the financial/cost characteristics, which at cloud scale can make or break a software-as-a-service company. The whole discipline of software architecture just became not only wider to accommodate all the above aspects, but also deeper as cloud-scale architecture spans all layers of software all the way down to operating system kernel tuning and in the case of private cloud also requires hardware know-how and hardware assembly design closely aligned with high-level application workload requirements to achieve reasonable performance and economics at cloud scale.

Software Architecture in the age of Cloud Computing

Jaroslav Gergic

How to over-engineer things and have fun? Building a modern, distributed real...

Oto Brglez

SplunkLive! London - Splunk App for Stream & MINT Breakout

Splunk

This presentation will encompass the following: • An overview of the OWASP IoT Top 10: Understanding IoT Vulnerabilities and Risks to Offices / Homes • Smart home wireless communication standards and their weaknesses: Bluetooth, Z-Wave, ZigBee, Wi-Fi, NFC, RFID • Exploiting vulnerable networked smart devices (e.g. smart TVs, refrigerators, etc.) as a means to get foot in the door and attack core infrastructure (laptops, workstations, servers) • Attacks against smart products connected to your network or controlled directly via your mobile device • Performing security evaluations of smart products using frameworks like the OWASP Application Security Verification Standard (ASVS) • Tools and resources for securing smart devices and their implementations • DEMOs – vulnerabilities and most common issues in smart devices – real examples of the OWASP IoT Top 10 • Exploiting smart devices, such as: TVs, media streaming devices, refrigerators, thermostats, smart plugs, security locks and cameras, health/fitness devices, wearables, office smart hubs, home automation products, and more… Originally presented at IT Audits & Control Conference 2015.

OWASP – Internet of Things (IoT) – Top 10 Vulnerabilities List

Bishop Fox

Big Data Approaches to Cloud Security

Paul Morse

Software-defined networking has come onto the scene and changed the way we think about moving packets throughout a network. But it has also morphed into multiple definitions and approaches, driven by both vendors and enterprise customers. But how does security fit into this picture? This talk will discuss the convergence of SDN and security and will try to make sense of them both. Learning Objectives: 1: Understand all types of SDN. 2: Understand SDN and security. 3: Understand how a secure SDN makes a network safer. (Source: RSA Conference USA 2018)

SDN and Security: A Marriage Made in Heaven. Or Not.

Priyanka Aash

RISC-V 30946 manuel_offenberg_v3_notes

RISC-V International

Data trustworthiness at the edge

RISC-V International

Splunk App for Stream

Splunk

Технологии ЦОД. Virtual Chassis Fabric

TERMILAB. Интернет - лаборатория

Similar to Qradar as a SOC core (20)

Needlesand haystacks i360-dublin

Ending the Tyranny of Expensive Security Tools

SplunkSummit 2015 - Splunk User Behavioral Analytics

Security defined routing_cybergamut_v1_1

Mohammad Tahir_CV

What's Next : A Trillion Event Logs, A Million Security Threat

Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr

PLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadków

A modern approach to safeguarding your ICS and SCADA systems

Software Architecture in the age of Cloud Computing

How to over-engineer things and have fun? Building a modern, distributed real...

SplunkLive! London - Splunk App for Stream & MINT Breakout

OWASP – Internet of Things (IoT) – Top 10 Vulnerabilities List

Big Data Approaches to Cloud Security

SDN and Security: A Marriage Made in Heaven. Or Not.

RISC-V 30946 manuel_offenberg_v3_notes

Data trustworthiness at the edge

Splunk App for Stream

Технологии ЦОД. Virtual Chassis Fabric

Recently uploaded

Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have. For more Tendenci AMS events, check out www.tendenci.com/events

Corporate Management | Session 3 of 3 | Tendenci AMS

Tendenci - The Open Source AMS (Association Management Software)

In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey. Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience. Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system. Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.

Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL

Natan Silnitsky

Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...

informapgpstrackings

Petr Matuska, Sales & Sales Engineering Lead, GraphAware Western Australia Police Force’s adoption of Neo4j and the GraphAware Hume graph analytics platform marks a significant advancement in data-driven policing. Facing the challenges of growing volumes of valuable data scattered in disconnected silos, the organisation successfully implemented Neo4j database and Hume, consolidating data from various sources into a dynamic knowledge graph. The result was a connected view of intelligence, making it easier for analysts to solve crime faster. The partnership between Neo4j and GraphAware in this project demonstrates the transformative impact of graph technology on law enforcement’s ability to leverage growing volumes of valuable data to prevent crime and protect communities.

GraphAware - Transforming policing with graph-based intelligence analysis

Neo4j

This presentation emphasizes the importance of data security and legal compliance for Nidhi companies in India. It highlights how online Nidhi software solutions, like Vector Nidhi Software, offer advanced features tailored to these needs. Key aspects include encryption, access controls, and audit trails to ensure data security. The software complies with regulatory guidelines from the MCA and RBI and adheres to Nidhi Rules, 2014. With customizable, user-friendly interfaces and real-time features, these Nidhi software solutions enhance efficiency, support growth, and provide exceptional member services. The presentation concludes with contact information for further inquiries.

top nidhi software solution freedownload

vrstrong314

Studiovity film pre-production and screenwriting software

info611746

Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...

Abortion Clinic

WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation

WSO2

Skilrock is an igaming technology platform & lottery software provider to the Global Lottery & Gaming Industry with a strong presence across continents. As part of the $2.4 billion SUGAL & DAMANI GROUP, Skilrock leverages the group's extensive domain experience to offer the INFINITI gaming platform - a true Omni-Channel, Omni-Gaming Platform that can serve any lottery or gaming operator anywhere in the world. INFINITI serves Retail, iGaming & Self Service Channels with equal ease and at the same time supports a wide variety of games like Lotto, Keno, Bingo, Instant, Sports, Poker, Rummy, Casino and Slots. Our popular solutions are Scratch Lottery, Retail Lottery, Instant Lottery and other igaming and lottery solutions.

iGaming Platform & Lottery Solutions by Skilrock

Skilrock Technologies

AI/ML Infra Meetup May. 23, 2024 Organized by Alluxio For more Alluxio Events: https://www.alluxio.io/events/ Speaker: - Eric Wang (Software Engineer, @Uber) Uber has numerous deep learning models, most of which are highly complex with many layers and a vast number of features. Understanding how these models work is challenging and demands significant resources to experiment with various training algorithms and feature sets. With ML explainability, the ML team aims to bring transparency to these models, helping to clarify their predictions and behavior. This transparency also assists the operations and legal teams in explaining the reasons behind specific prediction outcomes. In this talk, Eric Wang will discuss the methods Uber used for explaining deep learning models and how we integrated these methods into the Uber AI Michelangelo ecosystem to support offline explaining.

AI/ML Infra Meetup | ML explainability in Michelangelo

Alluxio, Inc.

Key takeaways: Challenges of building platforms and the benefits of platformless. Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience. How Choreo enables the platformless experience. How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo. Demo of an end-to-end app built and deployed on Choreo.

Accelerate Enterprise Software Engineering with Platformless

WSO2

Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.

TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR

Tier1 app

AI/ML Infra Meetup | Perspective on Deep Learning Framework

Alluxio, Inc.

The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month. The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies. However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News. Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!

SOCRadar Research Team: Latest Activities of IntelBroker

SOCRadar

Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...

rajkumar669520

Vitthal Shirke Microservices Resume Montevideo

Vitthal Shirke

Data privacy is one of the most critical issues that businesses face. This presentation shares insights on the principles and best practices for ensuring the resilience and security of your workload. Drawing on a real-life project from the HR industry, the various challenges will be demonstrated: data protection, self-healing, business continuity, security, and transparency of data processing. This systematized approach allowed to create a secure AWS cloud infrastructure that not only met strict compliance rules but also exceeded the client's expectations.

Designing for Privacy in Amazon Web Services

KrzysztofKkol1

"Introduction to Windows 7" serves as the foundational chapter in our guide, setting the stage for understanding the key features and functionalities of this operating system. Windows 7, released by Microsoft in 2009, quickly became one of the most popular and widely used versions of Windows due to its user-friendly interface, stability, and performance improvements over its predecessor, Windows Vista. This chapter begins by providing an overview of the Windows 7 operating system, highlighting its key attributes and improvements compared to earlier versions of Windows. It introduces users to the visual enhancements such as Aero Glass, the revamped taskbar (also known as the Superbar), and the redesigned Start menu, which all contribute to a more intuitive and streamlined user experience. Furthermore, "Introduction to Windows 7" delves into the architecture and system requirements of the operating system, helping users understand what hardware specifications are necessary for optimal performance. It covers topics such as processor requirements, RAM, disk space, and graphics capabilities, ensuring that readers have a clear 3 understanding of the hardware prerequisites for running Windows 7 smoothly. Additionally, this chapter explores the various editions of Windows 7, including Home Premium, Professional, Ultimate, and Enterprise, outlining the differences between them and helping users choose the edition that best suits their needs and requirements. Moreover, "Introduction to Windows 7" provides an overview of the installation process, guiding users through the steps required to install or upgrade to Windows 7 on their computers. It covers topics such as preparing for installation, choosing the installation type (upgrade or custom), partitioning disks, and configuring initial settings. In summary, "Introduction to Windows 7" serves as a comprehensive primer for users who are new to the operating system or seeking to refresh their understanding. By familiarizing themselves with the core concepts and features of Windows 7, readers can lay a solid foundation for exploring more advanced topics covered in subsequent chapters of this guide.

Mastering Windows 7 A Comprehensive Guide for Power Users .pdf

mbmh111980

Breaking the Code : A Guide to WhatsApp Business API.pdf

Meon Technology

Les Buildpacks existent depuis plus de 10 ans ! D’abord, ils étaient utilisés pour détecter et construire une application avant de la déployer sur certains PaaS. Ensuite, nous avons pu créer des images Docker (OCI) avec leur dernière génération, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautés les soutiennent et comment ? Venez le découvrir lors de cette session ignite

Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...

Anthony Dahanne

Recently uploaded (20)

Corporate Management | Session 3 of 3 | Tendenci AMS

Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL

Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...

GraphAware - Transforming policing with graph-based intelligence analysis

top nidhi software solution freedownload

Studiovity film pre-production and screenwriting software

Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...

WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation

iGaming Platform & Lottery Solutions by Skilrock

AI/ML Infra Meetup | ML explainability in Michelangelo

Accelerate Enterprise Software Engineering with Platformless

TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR

AI/ML Infra Meetup | Perspective on Deep Learning Framework

SOCRadar Research Team: Latest Activities of IntelBroker

Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...

Vitthal Shirke Microservices Resume Montevideo

Designing for Privacy in Amazon Web Services

Mastering Windows 7 A Comprehensive Guide for Power Users .pdf

Breaking the Code : A Guide to WhatsApp Business API.pdf

Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...

Qradar as a SOC core

1. Qradar as a SOC core: QIWI experience Svetlana Arkhipova Head of infrastructure monitoring and IT security incident response team QIWI

2. #WHOAMI • Head of SOC and OPS monitoring at QIWI group • Past: Security analyst at GE Capital, independent security consultant at fintech start-ups, *nix systems and network administrator • a.k.a. Mona

3. QIWI SOC “Project of the year 2015” Global CIO award, February 2016

4. SOC STATISTICS Get ready for (over)size S I E M M E T R I C S 2862 log sources >11 000 events per second > 700 000 flows per minute D A I LY S TAT S 67-145 Gb raw event logs per day 37-53 Gb network communication events Q R A D A R C O R E 45 virtual servers 2 hardware servers(QFlow) 1 archive server

5. SIEM CORE OVERVIEW

6. SIZING DEPLOYMENT 140 vCPU 232 vCPU 272 Gb vRAM 563 Gb vRAM 15 TB vHDD 103 TB vHDD

7. EVENTS COLLECTION

8. LOGGING CHALLENGES S Y S L O G Standard syslog message size (RFC 5424) W I N D O W S Security logs permissions on W7/2008+ D ATA B A S E S What to log? L O G S AT F S IIS, Exchange and so on I N - H O U S E D E V E L O P M E N T N O N - S TA D A R D L O G S Arista, 1C, Wallarm…

9. STANDARD SOURCES W I N D O W S * N I X - L I K E D A T A B A S E S N E T W O R K • Event collectors vs. agents • Extended system audit • Non-English logs

10. STANDARD SOURCES W I N D O W S * N I X - L I K E D A T A B A S E S N E T W O R K • Syslog as a standard • TCP syslog+network issues=pain (google: “TCP is not reliable”) • UDP syslog message size • Auditd – what to log?

11. STANDARD SOURCES W I N D O W S * N I X - L I K E D A T A B A S E S N E T W O R K Is login history enough? Syslog vs DB connection IBM Guardium alerts

12. STANDARD SOURCES W I N D O W S * N I X - L I K E D A T A B A S E S N E T W O R K Syslog for device-level events Qflow, Vflow, Netflow/Jflow

13. NON-STANDARD SOURCES N E T W O R K Exotic network devices I N T E R N A L In-house development – business applications logs C O U N T R Y- S P E C I F I C 1C and so on S E C U R I T Y S Y S T E M S DBFW, NGFW, DLP, WAF, honeypots…

14. INTERNAL SECURITY SCANNERS “Normal paranormal” activity inside and outside • A lot of SIEM tuning • Log or drop events? • Custom rules set for scanner nodes • Credentials monitoring • Balancers NAT/SNAThttps://f5.com/resources/white- papers/load-balancing-101-nuts-and-bolts

15. COMPLIANCE AUTOMATION QIWI information security is compliant to the most of standards in IT/Financial sector P C I / PA - D S S All processing systems are PCIDSS certified. QIWI ATM is PADSS certified S O X As the member of NASDAQ our company is audited every year for SOX compliance N AT I O N A L S TA N D A R D S QIWI has successfully passed audit for 152FZ and Central Bank audit for 382-P

16. AUTOPILOT: ON Automated detection and response actions

17. DOUBLE TROUBLE Or “what’s happening with core on RedTeam”

18. QUESTIONS? Svetlana Arkhipova Head of infrastructure monitoring and IT security incident response team M O N A @ Q I W I . C O M Q I W I . C O M / S E C U R I T Y. A C T I O N/ M O N A A R K H I P O VA

Qradar as a SOC core

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (13)

Similar to Qradar as a SOC core

Similar to Qradar as a SOC core (20)

Recently uploaded

Recently uploaded (20)

Qradar as a SOC core