SlideShare a Scribd company logo

Sure log full

ANETUSA Software
ANETUSA Software

SureLog is an integrated next-generation SIEM and log management solution that provides security monitoring, log collection, analysis, and reporting. It collects logs from over 155 brands and 350 device types and categorizes logs into over 1,500 groups. SureLog offers comprehensive log management, real-time security monitoring, advanced correlation rules, and reports to help with security investigations and compliance auditing.

Technology
1 of 15
Download to read offline
www.anetusa.net SureLog International Edition //2016 The Easiest Solution for Next-Generation SIEM
page 2SureLog Next - Generation SIEM SureLog International Edition //2016 1. SURELOG: INTEGRATED SIEM AND LOG MANAGEMENT P-3 2. All-in-One IT Security Monitoring P-4 SIEM ...............................................................................................................................................P-4 Correlation Engine ............................................................................................................P-5 Advantages of SureLog Correlation Engine ........................................................................P-5 Simple Correlation Rules ................................................................................................P-6 Advanced Correlation Rules ................................................................................................P-7 Taxonomy ........................................................................................................................P-8 LOG MANAGEMENT ........................................................................................................................P-9 Comprehensive Log Data Collection and Log Management ...........................................P-9 Cross-platform Log Collection ..................................................................................P-10 Windows Event Logs: Agent-less or Agent-based ..........................................................P-10 Syslog .................................................................................................................................P-10 Flat File Logs ......................................................................................................................P-10 Tagging ......................................................................................................................P-11 Scalable Log Centralization ..............................................................................................P-11 Log Archiving and Retrieval ..............................................................................................P-11 Activity Auditing ..........................................................................................................P-11 3. SURELOG ADVANTAGES P-11 What problems does it solve? ..................................................................................P-12 What features does it offer? ..............................................................................................P-12
Chapter 1 SURELOG: INTEGRATED NEXT- GENERATION SIEM AND LOG MANAGEMENT
page 4SureLog Next - Generation SIEM 1. Surelog: Integrated Next Generation SIEM and Log Management ANET Security Informa- tion and Event Management Advanced Correla- tion Engine Security Operati- ons Center Log Management Log Forensics Threat Intelligence Security Reporting Real-Time Alerts Event Correlation & Analysis Compliance Management Rich Taxonomy Protecting Against Insider Attacks ANET SureLog delivers next-generation SIEM, log ma- nagement and intelligent security search in a simple, easyto-install and cost-effective solution that provi- des immediate value for security and compliance to organizations of any size. SureLog has a highly flexible architecture and sup- port for high volume data throughput rates. As well as the flexible architecture, SureLog possesses a superior correlation engine. The system lets you de- fine complex combinations of events that you need to be alerted on by easily creating and customizing correlation rules with a graphical, drag-and-drop rule creator. SureLog supports 155 brands and 350 devices and categorize logs into 1513 groups. The sophisticated threat intelligence management allows SureLog to dynamically collect black lists and update its database. • Multi-Functional Security Management Platform • Integrated Security and Log Management Plat- form • Real-time security management across thousan- ds of devices, including applications as diverse as satellite, cryptography and security devices. • Granular control over any type of event defini- tion, with the ability to collect, normalizes and integrates data from any device, application or service.
Chapter 2 ALL-IN-ONE IT SECURITY MONITORING
page 6SureLog Next - Generation SIEM 2. All-In-One It Security Management ANET Superior SIEM and log management platform that seamlessly combines SIEM, Log Management with Host and Network Forensics, in a unified Security Intelligence Platform. SIEM SureLog is a web based, agent-less, SIEM, log analy- sis and reporting software. The software applicati- on monitors, collects, analyzes, and archives logs and monitoring parameters from enterprise-wide network perimeter security devices, Routers, Swit- ches, SNMP Devices, VM, DHCP servers, Linux or Windows Systems then generate reports. The devi- ces are, Firewalls, Proxy servers, Intrusion Detection System (IDS)/Intrusion Prevention System (IPS), and Virtual Private Networks (VPN), Mail Servers like MS Exchange Servers, Zimbra Mail Servers, Postfix Mail Servers etc.. , distributed Windows hosts, distribu- ted Unix hosts, Routers, Switches, and other SysLog devices, Application like IIS web server, IIS FTP server, MS SQL server, Oracle database server, DHCP Win- dows and Linux servers. The SureLog application generates graphs and reports that help in analyzing system problems with minimal impact on network performance. Two prominent features of the applica- tion are correlation and security reports. CorrelationEngine The Correlation Engine leverages predefined rules to identify attack patterns and malicious behavior. When trying to penetrate a system, attackers often take advantage of the fact that security controls are rarely working together and are rarely monitored. Correlation Engine helps to automate that analysis so that attacks can be quickly identified and breac- hes can be quickly contained. AdvantagesofSureLog CorrelationEngine Below are some advantages of SureLog: • SureLog is fast -Supports 50,000 EPS with thou- sands of rules • SureLog can trace multiple logs with different types within a defined time frame. A sample rule to support this advantage is: Detect an unusual condition where a source has authentication fa- ilures at a host, but is not followed by successful authentication at the same host within 2 hours • SureLog can correlate different logs (Example: Windows User Creation Event and Telnet Event) according to related fields. A sample rule to sup- port this advantage is: Look for a new account being created followed by immediate authenti- cation activity from that same account. It would detect the backdoor account creation followed by the account being used to telnet back into the system • SureLog can trace a log being created with desi- red parameters or not. A sample rule to support this advantage is: Detect an unusual condition where a source has authentication failures at a host, is not followed by a successful authenticati- on at the same host within 2 hours. • SureLog can audit privileged user activity such as new account creation for greater operational transparency • SureLog can correlate privileged user behavior with specific network activity. A sample rule to support this advantage is: Look for a new account being created followed by immediate authenti- cation activity from that same account. It would detect the backdoor account creation followed by the account being used to telnet back into the system • SureLog’s correlation rule editor is simple to use • SureLog supports multiple filtering options • SureLog supports compression-based correlation feature: SureLog can monitor multiple occurren- ces of the same event, removes redundancies, and reports them as a single event
page 7SureLog Next - Generation SIEM 2. All-In-One It Security Management ANET • SureLog supports threshold-based correlation: SureLog has a threshold to trigger a report when a specified number of similar events occur • SureLog supports filter-based correlation: Sure- Log Inspects each event to determine if it matc- hes a pattern defined by a regular expression. If a match is found, an action may be triggered as specified in the rule. • SureLog supports sequence-based correlati- on: SureLog helps establish causality of events. Events can be correlated based on specific sequ- ential relationships. For example, synchronizing multiple events such as “Event A” being followed by “Event B” to trigger an action. • Its time-based correlation is useful for correla- ting events that have specific time-based rela- tionships. Some problems can be determined only through temporal correlation. For example, time-based correlation can be used to implement cleanup rules given a specific interval • SureLog supports rule suspending. Preventing rule firing for a defined time period SimpleCorrelationRules UserAuthentication • Alert on 5 or more failed logins in 1 minute on a single user ID AttacksontheNetwork • Alert on 15 or more Firewall Drop/Reject/Deny Events from a single IP Address in one minute • Alert on 3 or more IPS Alerts from a single IP Address in five minutes. VirusDetection/Removal • Alert when a single host sees an identifiable pie- ce of malware • Alert when a single host fails to clean malware within 1 hour of detection. • Alert when a single host connects to 50 or more unique targets in 1 minute • Alert when 5 or more hosts on the same subnet trigger the same Malware Signature (AV or IPS) within a 1 hour interval. WebServer • Files with executable extensions (cgi, asp, aspx, jar, php, exe, com, cmd, sh, bat), are posted to a web server, from an external source • Black-listed applications • Alert when an unauthorized application (e.g. Teamviewer, LogmeIn, Nmap, Nessus, etc.) is run on any host MonitoredLogSources • Alert when a monitored log source has not sent an event in 1 Hour UserActivityReports • All Active User Accounts (any successful login grouped by account name in the past XX days) • Active User List by Authentication type a) VPN Users b) Active Directory Users c) Infrastructure Device Access (Firewalls, Rou- ters, Switches, IPS) • User Creation, Deletion and Modification (A list of all user accounts created, deleted or modified) • Access by any Default Account – (Guest, Root, Administrator, or other default account usage) • Password resets by admin accounts in the past 7 days. AccessReports • Access to any protected/monitored device by an untrusted network a) VPN Access to Server Zone b) Access by a Foreign Network to Server Zone Malware • A list of host addresses for any identified malwa-
page 8SureLog Next - Generation SIEM 2. All-In-One It Security Management ANET re name • A count of any given malware (grouped by An- ti-Virus Signature), over the past XX days Emailactivity • Top 10 E-mail subjects • Top 10 addresses to send email • Top 10 addresses to receive email • Top 10 addresses to send email with largest total size (MB) • Top 10 addresses to receive email with largest total size (MB) WebContent • Top 10 Destinations by Domain Name • Top 10 Blocked Destinations by Domain • Name • Top 10 Blocked Sources by IP Address • Top 10 Blocked categories • Total sent and received bytes grouped by IP add- resses UserAccountactivity • Top 10 Failed Logins AdvancedCorrelationRules • Attack Followed by Account Change • Scan Followed by an Attack • Detects An Unusual Condition Where A Source Has Authentication Failures At A Host But That Is Not Followed By A Successful Authentication At The Same Host Within 2 Hours • Look for a new account being created followed by immediate authentication activity from that same account would detect the backdoor ac- count creation followed by the account being used to telnet back into the system • Monitor same source having excessive logon failures at distinct hosts, • Check whether the source of an attack was previously the destination of an attack (within 15 minutes) • Check whether there are 5 events from host firewalls with severity 4 or greater in 10 minutes between the same source and destination IP • Look for a new account being created, followed shortly by access/authentication failure activity from the same account • Monitor system access outside of business hours Taxonomy This is a mapping of information from heterogeneo- us sources to a common classification. A taxonomy aids in pattern recognition and also improves the scope and stability of correlation rules. When events from heterogeneous sources are normalized they can be analyzed by a smaller number of correlation rules, which reduces deployment and support labor. In addition, normalized events are easier to work with when developing reports and dashboards
page 9SureLog Next - Generation SIEM 2. All-In-One It Security Management ANET SureLog supports 155 brands and 350 devices. Cate- gorize (Taxonomy) logs into 1513 groups like • Compromised->RemoteControlApp->Response • HealthStatus->Informational->HighAvailability->- LinkStatus->Down • IPTrafficAudit->IP Too many fragments • IPSpoofAccess->ICMP CODE Redirect for the Host • FileTransferTrafficAudit->Authentication Failed • NamingTrafficAudit • Session->Start • ICMP Destination Network is Administratively Prohibited LOG MANAGEMENT SureLog unique log management feature being able to collect log data from across an enterprise regard- less of their source, present the logs in a uniform and consistent manner and manage the state, location and efficient access to those logs is an essential element to any comprehensive Log Management and Log Analysis solution. The SureLog solution was designed to address core log management needs including: • The ability to collect any type of log data regard- less of source • The ability to collect log data with or without ins- talling an agent on the log source device, system or application. • The ability to “normalize” any type of log data for more effective reporting and analysis • The ability to “scale-down” for small deploy- ments and “scale-up” for extremely large envi- ronments • An open architecture allowing direct and secure access to log data via third-party analysis and reporting tools • A role based security model providing user ac- countability and access control • Automated archiving for secure long term reten- tion • Wizard-based retrieval of any archived logs in seconds ComprehensiveLogDataCollection andLogManagement Being able to collect log data from across an enterp- rise regardless of their source, present the logs in a uniform and consistent manner and manage the state, location and efficient access to those logs is an essential element to any comprehensive Log Mana- gement and Log Analysis solution. The SureLog solu- tion was designed to address core log management needs including: • The ability to collect any type of log data regard- less of source • The ability to collect log data with or without ins- talling an agent on the log source device, system or application. • The ability to “normalize” any type of log data for more effective reporting and analysis • The ability to “scale-down” for small deploy- ments and “scale-up” for extremely large envi- ronments • An open architecture allowing direct and secure
page 10SureLog Next - Generation SIEM 2. All-In-One It Security Management ANET access to log data via third-party analysis and repor- ting tools • A role based security model providing user ac- countability and access control • Automated archiving for secure long term reten- tion • Wizard-based retrieval of any archived logs in seconds Cross-platformLogCollection Today’s IT operations require many technologies; routers, firewalls, switches, file servers, and appli- cations to name a few. SureLog has been designed to collect from them all through intelligent use of agent-less and agent-based techniques. Windows Event Logs: Agent-less or Agent-based SureLog can collect all types of Windows Event Logs with or without the use of an agent. Many Windows-based applications write their logs to the Application Event Log or a custom Event Log. Examples of supported log sources that can be colle- cted by SureLog in real time include: • Windows System Event Log • Windows Security Event Log • Windows Application Event Log • Microsoft Exchange Server application logs • Microsoft SQL Server application logs • Windows based ERP and CRM systems applicati- on logs Syslog Many log sources, including most network devices (e.g. routers, switches, firewalls) transmit logs via Syslog. SureLog includes an integrated Syslog server for receiving and processing these messages. Simply point any syslog generating device to SureLog and it will automatically begin collecting and processing those logs. FlatFileLogs SureLog can collect logs written to any ASCII-ba- sed text file. Whether it is a commercial system or homegrown application, SureLog can collect and manage them. Examples of supported log sources using this met- hod include: • Web servers logs (e.g. Apache, IIS) • Linux system logs • Windows Forefront TMG / UAG and ISA Server logs • DNS and DHCP server logs • Host based intrusion detection/prevention sys- tems • Homegrown application logs • MS Exchange message tracking logs Since so much sensitive information resides in da- tabases, it is important to monitor and track access and activity surrounding important databases. The actual and reputational cost of a theft of customer records can be very large. SureLog can help. Su- reLog collects, analyzes, alerts, and reports on logs from Oracle, Microsoft SQL Server. It also captures data from custom audit logs and applications that run on the database. This capability enables custo- mer to use SureLog for real-time database monito- ring to guard against insider and outsider threats. Tagging SureLog brings about the addition of a very powerful event tagging system, which allows individual users as well as teams to tag events with an unlimited number of keywords that may define that various Characteristics of an event (intrusion, financial, departmental and topological). System users can create their own set of custom tags. Tags can be added to events individually as needed or through the automated action system as events are imported and normalized. Searching and reporting by tags is supported and tag statistics displays are included as well.
page 11SureLog Next - Generation SIEM 2. All-In-One It Security Management ANET ScalableLogCentralization SureLog is architected to scale easily and incremen- tally as your needs grow. Whether you need to col- lect 10 million or more than 1 billion logs per day, Su- reLog can handle it. With SureLog you simply deploy the capacity you need when you need it, preserving your initial investment along the way. Deployments can start with a single, turnkey appliance and grow easily by adding incremental log manager appliances as needs expand. With SureLog’s “building blocks” distributed architecture, you can access and analyze logs throughout your deployment with ease. LogArchivingandRetrieval Many businesses have compliance requirements to preserve historic log data and be able to provide it in its original form for legal or investigative purposes. Collecting, maintaining and recovering historic log data can be expensive and difficult. Imagine trying to recover logs from a specific server two years ago. Were the logs archived or saved anywhere. If so, where have the logs been stored? What format are they in? Can the correct archived log files be iden- tified among the tens of thousands (or millions) of other archive files…in a reasonable period of time? With SureLog, the answers to these questions are easy. ActivityAuditing For compliance verification, users’ and administra- tors’ actions within SureLog are logged. SureLog user activity reports provide powerful proof that SureLog is actively used to analyze log data for comp- liance purposes or not for illegal aims..
Chapter 3 SURELOG ADVANTAGES
page 13SureLog Next - Generation SIEM 3. SureLog Advantages ANET • Decision speed: Integrated analysis technology processes highly complex decision logic in real-ti- me – similar to how humans reason. • Continuous learning: We continuously learn the behavior of your environment by cross-corre- lating log information, device availability and performance statistics. • Real-time alerting and historical forensics: Many ready to use rules detect anomalous behavior and events. Comprehensive search and reporting capabilities simplify compliance reporting. CustomerswhohaveusedSURELOG haveexperienced: • Improved productivity. • Higher business operations uptime. • Lower IT costs. • Improved business performance. • Ability to meet Service Level Agreements. • By correlating customer service level commit- ments you will have better visibility to required response times. • Monitor applications. • Monitor ecosystem business services, not just devices. Whatproblemsdoesitsolve? SureLog helps network security administrators & IT Managers for security events monitoring efficiently and real-time alerting. Also the SureLog software generates reports to comply with various regulations such as Health Insurance Portability and Accounta- bility Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SOX), and Payment Card In- dustry Data Security Standards (PCI) and archives logs for the purpose of network auditing and forensic analysis. Whatfeaturesdoesitoffer? Multiple Device/ Vendor Support, Flexible Log Ar- chiving, Capability to view traffic trends and usage patterns, Multi-level drill down into top hosts, proto- cols, web sites and more, VPN/ Squid Proxy Reports, Multi-varied Reporting Capabilities, Centralized event log management, Compliance reporting, Auto- matic alerting, Historical trending, Security analysis, Host grouping, Pre-built event reports, Customizable report profiles, Report scheduling, Multiple report formats. Compliant with Turkish Law 5651 which guaranties that logs cannot be changed and digitally signed.
About ANET Software ANET is privately held software company incorporated in VA, USA and branches in Turkey and new Zealand . Our mission is to build a software company that embraces “open development philosophy” and provides innovati- ve solutions to customer problems in collaboration with customers.  We are a SIEM pioneer with over 250 clients throughout Europe experiencing the ANET difference.
TheMost Important PriorityisYour Satisfaction Contact Us Headquarters: Anet, Inc; PMB# 62 11350 Random Hills Rd Suite 800 Fairfax, VA 22030 +1 (703) 346-1222 Offices: 74 / 2 Asquith Ave Mt Albert Auckland, New Zealand +64021 975 369 Istanbul Technology Development Zone Sanayi Mah. Teknopark Blvd. No: 1 Pendik 34906, Istanbul, Turkey +902163540581 E-5 Karayolu Ankara Asfaltaltı, Soğanlık Sapağı Kartal / Istanbul 34912, Istanbul, Turkey +902163540580 info@anetusa.net www.anetusa.net

Recommended

ANET SureLog International Edition Main Advantages
ANET SureLog International Edition Main AdvantagesANET SureLog International Edition Main Advantages
ANET SureLog International Edition Main Advantages
Murat Korucu
 
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Ertugrul Akbas
 
Cheatsheet for your cloud project
Cheatsheet for your cloud projectCheatsheet for your cloud project
Cheatsheet for your cloud project
Petteri Heino
 
Infocyte Mid-market Threat and Incident Response Report Webinar
Infocyte Mid-market Threat and Incident Response Report WebinarInfocyte Mid-market Threat and Incident Response Report Webinar
Infocyte Mid-market Threat and Incident Response Report Webinar
Infocyte
 
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
NoNameCon
 
OSSIM Overview
OSSIM OverviewOSSIM Overview
OSSIM Overview
n|u - The Open Security Community
 
Integrated Tools in OSSIM
Integrated Tools in OSSIMIntegrated Tools in OSSIM
Integrated Tools in OSSIM
AlienVault
 
ExpertsLiveNL - Post Breach Security with ATA or ATP
ExpertsLiveNL - Post Breach Security with ATA or ATPExpertsLiveNL - Post Breach Security with ATA or ATP
ExpertsLiveNL - Post Breach Security with ATA or ATP
Tim De Keukelaere
 

Recommended

ANET SureLog International Edition Main Advantages
ANET SureLog International Edition Main AdvantagesANET SureLog International Edition Main Advantages
ANET SureLog International Edition Main Advantages
Murat Korucu
 
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Ertugrul Akbas
 
Cheatsheet for your cloud project
Cheatsheet for your cloud projectCheatsheet for your cloud project
Cheatsheet for your cloud project
Petteri Heino
 
Infocyte Mid-market Threat and Incident Response Report Webinar
Infocyte Mid-market Threat and Incident Response Report WebinarInfocyte Mid-market Threat and Incident Response Report Webinar
Infocyte Mid-market Threat and Incident Response Report Webinar
Infocyte
 
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
NoNameCon
 
OSSIM Overview
OSSIM OverviewOSSIM Overview
OSSIM Overview
n|u - The Open Security Community
 
Integrated Tools in OSSIM
Integrated Tools in OSSIMIntegrated Tools in OSSIM
Integrated Tools in OSSIM
AlienVault
 
ExpertsLiveNL - Post Breach Security with ATA or ATP
ExpertsLiveNL - Post Breach Security with ATA or ATPExpertsLiveNL - Post Breach Security with ATA or ATP
ExpertsLiveNL - Post Breach Security with ATA or ATP
Tim De Keukelaere
 
20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the Cloud
NetStandard
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & Response
AlienVault
 
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?
AlienVault
 
Improve Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesImprove Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation Directives
AlienVault
 
Check point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitiveCheck point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitive
Moti Sagey מוטי שגיא
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics
NetworkCollaborators
 
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
NetworkCollaborators
 
Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud Alert Logic
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
Infocyte
 
Cyber Resiliency
Cyber ResiliencyCyber Resiliency
Cyber Resiliency
Alert Logic
 
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte
 
Extending the 20 critical security controls to gap assessments and security m...
Extending the 20 critical security controls to gap assessments and security m...Extending the 20 critical security controls to gap assessments and security m...
Extending the 20 critical security controls to gap assessments and security m...
John M. Willis
 
How to expose shortcuts in competitive poc
How to expose shortcuts in competitive pocHow to expose shortcuts in competitive poc
How to expose shortcuts in competitive poc
Moti Sagey מוטי שגיא
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM Installation
AlienVault
 
Security Framework from SANS
Security Framework from SANSSecurity Framework from SANS
Security Framework from SANS
Jeffrey Reed
 
Presentacion demo mc afee siem
Presentacion demo mc afee siemPresentacion demo mc afee siem
Presentacion demo mc afee siem
victor bueno
 
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
AlienVault
 
How to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall AuditHow to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall Audit
keyuradmin
 
presentacion Demo McAfee SIEM
presentacion Demo McAfee SIEMpresentacion Demo McAfee SIEM
presentacion Demo McAfee SIEMvictor bueno
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
AlienVault
 
Acuerdos de convivencia y consecuencias
Acuerdos de convivencia y consecuenciasAcuerdos de convivencia y consecuencias
Acuerdos de convivencia y consecuencias
Jr. Estrella
 
La divina comedia de dante
La divina comedia de danteLa divina comedia de dante
La divina comedia de dante
angie paola parra mosos
 

More Related Content

What's hot

20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the Cloud
NetStandard
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & Response
AlienVault
 
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?
AlienVault
 
Improve Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesImprove Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation Directives
AlienVault
 
Check point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitiveCheck point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitive
Moti Sagey מוטי שגיא
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics
NetworkCollaborators
 
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
NetworkCollaborators
 
Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud Alert Logic
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
Infocyte
 
Cyber Resiliency
Cyber ResiliencyCyber Resiliency
Cyber Resiliency
Alert Logic
 
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte
 
Extending the 20 critical security controls to gap assessments and security m...
Extending the 20 critical security controls to gap assessments and security m...Extending the 20 critical security controls to gap assessments and security m...
Extending the 20 critical security controls to gap assessments and security m...
John M. Willis
 
How to expose shortcuts in competitive poc
How to expose shortcuts in competitive pocHow to expose shortcuts in competitive poc
How to expose shortcuts in competitive poc
Moti Sagey מוטי שגיא
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM Installation
AlienVault
 
Security Framework from SANS
Security Framework from SANSSecurity Framework from SANS
Security Framework from SANS
Jeffrey Reed
 
Presentacion demo mc afee siem
Presentacion demo mc afee siemPresentacion demo mc afee siem
Presentacion demo mc afee siem
victor bueno
 
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
AlienVault
 
How to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall AuditHow to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall Audit
keyuradmin
 
presentacion Demo McAfee SIEM
presentacion Demo McAfee SIEMpresentacion Demo McAfee SIEM
presentacion Demo McAfee SIEMvictor bueno
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
AlienVault
 

What's hot (20)

20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the Cloud
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & Response
 
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?
 
Improve Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesImprove Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation Directives
 
Check point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitiveCheck point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitive
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics
 
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
 
Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
 
Cyber Resiliency
Cyber ResiliencyCyber Resiliency
Cyber Resiliency
 
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
 
Extending the 20 critical security controls to gap assessments and security m...
Extending the 20 critical security controls to gap assessments and security m...Extending the 20 critical security controls to gap assessments and security m...
Extending the 20 critical security controls to gap assessments and security m...
 
How to expose shortcuts in competitive poc
How to expose shortcuts in competitive pocHow to expose shortcuts in competitive poc
How to expose shortcuts in competitive poc
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM Installation
 
Security Framework from SANS
Security Framework from SANSSecurity Framework from SANS
Security Framework from SANS
 
Presentacion demo mc afee siem
Presentacion demo mc afee siemPresentacion demo mc afee siem
Presentacion demo mc afee siem
 
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
 
How to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall AuditHow to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall Audit
 
presentacion Demo McAfee SIEM
presentacion Demo McAfee SIEMpresentacion Demo McAfee SIEM
presentacion Demo McAfee SIEM
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
 

Viewers also liked

Acuerdos de convivencia y consecuencias
Acuerdos de convivencia y consecuenciasAcuerdos de convivencia y consecuencias
Acuerdos de convivencia y consecuencias
Jr. Estrella
 
La divina comedia de dante
La divina comedia de danteLa divina comedia de dante
La divina comedia de dante
angie paola parra mosos
 
Presentacion cambio climatico en paramos
Presentacion cambio climatico en paramosPresentacion cambio climatico en paramos
Presentacion cambio climatico en paramos
Frank Celis
 
Historia Del Computador
Historia Del ComputadorHistoria Del Computador
Historia Del Computador
Ruben Gomez Mejia
 
3Com 1.012.0904-B
3Com 1.012.0904-B3Com 1.012.0904-B
3Com 1.012.0904-B
savomir
 
Dictadura monarquia democracia_teocracia
Dictadura monarquia democracia_teocraciaDictadura monarquia democracia_teocracia
Dictadura monarquia democracia_teocracia
Lervin Loyo
 
Otros tipos de estado
Otros tipos de estadoOtros tipos de estado
Otros tipos de estado
Lervin Loyo
 
Tipos de estado
Tipos de estadoTipos de estado
Tipos de estado
Lervin Loyo
 
Coates Hire - Water Treatment Engineering Solutions
Coates Hire - Water Treatment Engineering Solutions Coates Hire - Water Treatment Engineering Solutions
Coates Hire - Water Treatment Engineering Solutions
Rafi Tchopourian
 
Parcial calificado 5 relaciones internacionales ldb
Parcial calificado 5 relaciones internacionales ldbParcial calificado 5 relaciones internacionales ldb
Parcial calificado 5 relaciones internacionales ldb
Leidy Dueñas Barahona
 
Access
AccessAccess
Access
Ana Gastelum
 
NACIONALIZACION ESTATIZACION PRIVATIZACION Y EXPROPIACION
NACIONALIZACION ESTATIZACION PRIVATIZACION Y EXPROPIACIONNACIONALIZACION ESTATIZACION PRIVATIZACION Y EXPROPIACION
NACIONALIZACION ESTATIZACION PRIVATIZACION Y EXPROPIACION
Lervin Loyo
 
Politicas petroleras en_venezuela
Politicas petroleras en_venezuelaPoliticas petroleras en_venezuela
Politicas petroleras en_venezuela
Lervin Loyo
 
Higiene y seguridad industrial
Higiene y seguridad industrialHigiene y seguridad industrial
Higiene y seguridad industrial
kengy carrillo
 
3行ラベリング 事例9-pdca
3行ラベリング 事例9-pdca3行ラベリング 事例9-pdca
3行ラベリング 事例9-pdca
Mizuhiro Kaimai
 
Surelog Detail
Surelog DetailSurelog Detail
Surelog Detail
ANETUSA Software
 
Judith leyster
Judith leysterJudith leyster
Judith leyster
getafista
 
March 26, 2017
March 26, 2017March 26, 2017
March 26, 2017
triumphantlife
 
Historia y la_evolución_del_computador
Historia y la_evolución_del_computadorHistoria y la_evolución_del_computador
Historia y la_evolución_del_computador
Sandrid Vanesa
 
Ct
CtCt
Ct
Dejee Dejidmaa
 

Viewers also liked (20)

Acuerdos de convivencia y consecuencias
Acuerdos de convivencia y consecuenciasAcuerdos de convivencia y consecuencias
Acuerdos de convivencia y consecuencias
 
La divina comedia de dante
La divina comedia de danteLa divina comedia de dante
La divina comedia de dante
 
Presentacion cambio climatico en paramos
Presentacion cambio climatico en paramosPresentacion cambio climatico en paramos
Presentacion cambio climatico en paramos
 
Historia Del Computador
Historia Del ComputadorHistoria Del Computador
Historia Del Computador
 
3Com 1.012.0904-B
3Com 1.012.0904-B3Com 1.012.0904-B
3Com 1.012.0904-B
 
Dictadura monarquia democracia_teocracia
Dictadura monarquia democracia_teocraciaDictadura monarquia democracia_teocracia
Dictadura monarquia democracia_teocracia
 
Otros tipos de estado
Otros tipos de estadoOtros tipos de estado
Otros tipos de estado
 
Tipos de estado
Tipos de estadoTipos de estado
Tipos de estado
 
Coates Hire - Water Treatment Engineering Solutions
Coates Hire - Water Treatment Engineering Solutions Coates Hire - Water Treatment Engineering Solutions
Coates Hire - Water Treatment Engineering Solutions
 
Parcial calificado 5 relaciones internacionales ldb
Parcial calificado 5 relaciones internacionales ldbParcial calificado 5 relaciones internacionales ldb
Parcial calificado 5 relaciones internacionales ldb
 
Access
AccessAccess
Access
 
NACIONALIZACION ESTATIZACION PRIVATIZACION Y EXPROPIACION
NACIONALIZACION ESTATIZACION PRIVATIZACION Y EXPROPIACIONNACIONALIZACION ESTATIZACION PRIVATIZACION Y EXPROPIACION
NACIONALIZACION ESTATIZACION PRIVATIZACION Y EXPROPIACION
 
Politicas petroleras en_venezuela
Politicas petroleras en_venezuelaPoliticas petroleras en_venezuela
Politicas petroleras en_venezuela
 
Higiene y seguridad industrial
Higiene y seguridad industrialHigiene y seguridad industrial
Higiene y seguridad industrial
 
3行ラベリング 事例9-pdca
3行ラベリング 事例9-pdca3行ラベリング 事例9-pdca
3行ラベリング 事例9-pdca
 
Surelog Detail
Surelog DetailSurelog Detail
Surelog Detail
 
Judith leyster
Judith leysterJudith leyster
Judith leyster
 
March 26, 2017
March 26, 2017March 26, 2017
March 26, 2017
 
Historia y la_evolución_del_computador
Historia y la_evolución_del_computadorHistoria y la_evolución_del_computador
Historia y la_evolución_del_computador
 
Ct
CtCt
Ct
 

Similar to Sure log full

Why SureLog?
Why SureLog?Why SureLog?
Why SureLog?
Ertugrul Akbas
 
ANET SureLog SIEM IntelligentResponse
ANET SureLog SIEM IntelligentResponseANET SureLog SIEM IntelligentResponse
ANET SureLog SIEM IntelligentResponse
Ertugrul Akbas
 
Crypto sim_cryptolog_cryptospot_v3
Crypto sim_cryptolog_cryptospot_v3Crypto sim_cryptolog_cryptospot_v3
Crypto sim_cryptolog_cryptospot_v3
Mustafa Kuğu
 
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Deepak Mishra
 
Open service risk correlation
Open service risk correlationOpen service risk correlation
Open service risk correlation
frantzyv
 
The correlation advantages of ANET SURELOG International Edition SIEM product
The correlation advantages of ANET SURELOG International Edition SIEM product The correlation advantages of ANET SURELOG International Edition SIEM product
The correlation advantages of ANET SURELOG International Edition SIEM product
Ertugrul Akbas
 
SureLog intelligent response
SureLog intelligent responseSureLog intelligent response
SureLog intelligent response
Ertugrul Akbas
 
Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...
Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...
Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...Deepak Mishra
 
Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018
Sumo Logic
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system security
Gary Mendonca
 
Use Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiencyUse Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiency
JonathanPritchard12
 
Part 3 ApplicationEnd-User Security Recommendations.docx
Part 3 ApplicationEnd-User Security Recommendations.docxPart 3 ApplicationEnd-User Security Recommendations.docx
Part 3 ApplicationEnd-User Security Recommendations.docx
danhaley45372
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docx
karlhennesey
 
First Responders Course - Session 6 - Detection Systems [2004]
First Responders Course - Session 6 - Detection Systems [2004]First Responders Course - Session 6 - Detection Systems [2004]
First Responders Course - Session 6 - Detection Systems [2004]
Phil Huggins FBCS CITP
 
PKI.pptx
PKI.pptxPKI.pptx
PKI.pptx
Ajit Wadhawan
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
Ajit Wadhawan
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself Alert Logic
 
Enterprise Security Monitoring, And Log Management.
Enterprise Security Monitoring, And Log Management.Enterprise Security Monitoring, And Log Management.
Enterprise Security Monitoring, And Log Management.
Boni Yeamin
 
security onion
security onionsecurity onion
security onion
Boni Yeamin
 

Similar to Sure log full (20)

Why SureLog?
Why SureLog?Why SureLog?
Why SureLog?
 
ANET SureLog SIEM IntelligentResponse
ANET SureLog SIEM IntelligentResponseANET SureLog SIEM IntelligentResponse
ANET SureLog SIEM IntelligentResponse
 
Crypto sim_cryptolog_cryptospot_v3
Crypto sim_cryptolog_cryptospot_v3Crypto sim_cryptolog_cryptospot_v3
Crypto sim_cryptolog_cryptospot_v3
 
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
 
Open service risk correlation
Open service risk correlationOpen service risk correlation
Open service risk correlation
 
Leveraging Log Management to provide business value
Leveraging Log Management to provide business valueLeveraging Log Management to provide business value
Leveraging Log Management to provide business value
 
The correlation advantages of ANET SURELOG International Edition SIEM product
The correlation advantages of ANET SURELOG International Edition SIEM product The correlation advantages of ANET SURELOG International Edition SIEM product
The correlation advantages of ANET SURELOG International Edition SIEM product
 
SureLog intelligent response
SureLog intelligent responseSureLog intelligent response
SureLog intelligent response
 
Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...
Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...
Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...
 
Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system security
 
Use Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiencyUse Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiency
 
Part 3 ApplicationEnd-User Security Recommendations.docx
Part 3 ApplicationEnd-User Security Recommendations.docxPart 3 ApplicationEnd-User Security Recommendations.docx
Part 3 ApplicationEnd-User Security Recommendations.docx
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docx
 
First Responders Course - Session 6 - Detection Systems [2004]
First Responders Course - Session 6 - Detection Systems [2004]First Responders Course - Session 6 - Detection Systems [2004]
First Responders Course - Session 6 - Detection Systems [2004]
 
PKI.pptx
PKI.pptxPKI.pptx
PKI.pptx
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
Enterprise Security Monitoring, And Log Management.
Enterprise Security Monitoring, And Log Management.Enterprise Security Monitoring, And Log Management.
Enterprise Security Monitoring, And Log Management.
 
security onion
security onionsecurity onion
security onion
 

Recently uploaded

Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
Abida Shariff
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 

Recently uploaded (20)

Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 

Sure log full

  • 2. page 2SureLog Next - Generation SIEM SureLog International Edition //2016 1. SURELOG: INTEGRATED SIEM AND LOG MANAGEMENT P-3 2. All-in-One IT Security Monitoring P-4 SIEM ...............................................................................................................................................P-4 Correlation Engine ............................................................................................................P-5 Advantages of SureLog Correlation Engine ........................................................................P-5 Simple Correlation Rules ................................................................................................P-6 Advanced Correlation Rules ................................................................................................P-7 Taxonomy ........................................................................................................................P-8 LOG MANAGEMENT ........................................................................................................................P-9 Comprehensive Log Data Collection and Log Management ...........................................P-9 Cross-platform Log Collection ..................................................................................P-10 Windows Event Logs: Agent-less or Agent-based ..........................................................P-10 Syslog .................................................................................................................................P-10 Flat File Logs ......................................................................................................................P-10 Tagging ......................................................................................................................P-11 Scalable Log Centralization ..............................................................................................P-11 Log Archiving and Retrieval ..............................................................................................P-11 Activity Auditing ..........................................................................................................P-11 3. SURELOG ADVANTAGES P-11 What problems does it solve? ..................................................................................P-12 What features does it offer? ..............................................................................................P-12
  • 4. page 4SureLog Next - Generation SIEM 1. Surelog: Integrated Next Generation SIEM and Log Management ANET Security Informa- tion and Event Management Advanced Correla- tion Engine Security Operati- ons Center Log Management Log Forensics Threat Intelligence Security Reporting Real-Time Alerts Event Correlation & Analysis Compliance Management Rich Taxonomy Protecting Against Insider Attacks ANET SureLog delivers next-generation SIEM, log ma- nagement and intelligent security search in a simple, easyto-install and cost-effective solution that provi- des immediate value for security and compliance to organizations of any size. SureLog has a highly flexible architecture and sup- port for high volume data throughput rates. As well as the flexible architecture, SureLog possesses a superior correlation engine. The system lets you de- fine complex combinations of events that you need to be alerted on by easily creating and customizing correlation rules with a graphical, drag-and-drop rule creator. SureLog supports 155 brands and 350 devices and categorize logs into 1513 groups. The sophisticated threat intelligence management allows SureLog to dynamically collect black lists and update its database. • Multi-Functional Security Management Platform • Integrated Security and Log Management Plat- form • Real-time security management across thousan- ds of devices, including applications as diverse as satellite, cryptography and security devices. • Granular control over any type of event defini- tion, with the ability to collect, normalizes and integrates data from any device, application or service.
  • 6. page 6SureLog Next - Generation SIEM 2. All-In-One It Security Management ANET Superior SIEM and log management platform that seamlessly combines SIEM, Log Management with Host and Network Forensics, in a unified Security Intelligence Platform. SIEM SureLog is a web based, agent-less, SIEM, log analy- sis and reporting software. The software applicati- on monitors, collects, analyzes, and archives logs and monitoring parameters from enterprise-wide network perimeter security devices, Routers, Swit- ches, SNMP Devices, VM, DHCP servers, Linux or Windows Systems then generate reports. The devi- ces are, Firewalls, Proxy servers, Intrusion Detection System (IDS)/Intrusion Prevention System (IPS), and Virtual Private Networks (VPN), Mail Servers like MS Exchange Servers, Zimbra Mail Servers, Postfix Mail Servers etc.. , distributed Windows hosts, distribu- ted Unix hosts, Routers, Switches, and other SysLog devices, Application like IIS web server, IIS FTP server, MS SQL server, Oracle database server, DHCP Win- dows and Linux servers. The SureLog application generates graphs and reports that help in analyzing system problems with minimal impact on network performance. Two prominent features of the applica- tion are correlation and security reports. CorrelationEngine The Correlation Engine leverages predefined rules to identify attack patterns and malicious behavior. When trying to penetrate a system, attackers often take advantage of the fact that security controls are rarely working together and are rarely monitored. Correlation Engine helps to automate that analysis so that attacks can be quickly identified and breac- hes can be quickly contained. AdvantagesofSureLog CorrelationEngine Below are some advantages of SureLog: • SureLog is fast -Supports 50,000 EPS with thou- sands of rules • SureLog can trace multiple logs with different types within a defined time frame. A sample rule to support this advantage is: Detect an unusual condition where a source has authentication fa- ilures at a host, but is not followed by successful authentication at the same host within 2 hours • SureLog can correlate different logs (Example: Windows User Creation Event and Telnet Event) according to related fields. A sample rule to sup- port this advantage is: Look for a new account being created followed by immediate authenti- cation activity from that same account. It would detect the backdoor account creation followed by the account being used to telnet back into the system • SureLog can trace a log being created with desi- red parameters or not. A sample rule to support this advantage is: Detect an unusual condition where a source has authentication failures at a host, is not followed by a successful authenticati- on at the same host within 2 hours. • SureLog can audit privileged user activity such as new account creation for greater operational transparency • SureLog can correlate privileged user behavior with specific network activity. A sample rule to support this advantage is: Look for a new account being created followed by immediate authenti- cation activity from that same account. It would detect the backdoor account creation followed by the account being used to telnet back into the system • SureLog’s correlation rule editor is simple to use • SureLog supports multiple filtering options • SureLog supports compression-based correlation feature: SureLog can monitor multiple occurren- ces of the same event, removes redundancies, and reports them as a single event
  • 7. page 7SureLog Next - Generation SIEM 2. All-In-One It Security Management ANET • SureLog supports threshold-based correlation: SureLog has a threshold to trigger a report when a specified number of similar events occur • SureLog supports filter-based correlation: Sure- Log Inspects each event to determine if it matc- hes a pattern defined by a regular expression. If a match is found, an action may be triggered as specified in the rule. • SureLog supports sequence-based correlati- on: SureLog helps establish causality of events. Events can be correlated based on specific sequ- ential relationships. For example, synchronizing multiple events such as “Event A” being followed by “Event B” to trigger an action. • Its time-based correlation is useful for correla- ting events that have specific time-based rela- tionships. Some problems can be determined only through temporal correlation. For example, time-based correlation can be used to implement cleanup rules given a specific interval • SureLog supports rule suspending. Preventing rule firing for a defined time period SimpleCorrelationRules UserAuthentication • Alert on 5 or more failed logins in 1 minute on a single user ID AttacksontheNetwork • Alert on 15 or more Firewall Drop/Reject/Deny Events from a single IP Address in one minute • Alert on 3 or more IPS Alerts from a single IP Address in five minutes. VirusDetection/Removal • Alert when a single host sees an identifiable pie- ce of malware • Alert when a single host fails to clean malware within 1 hour of detection. • Alert when a single host connects to 50 or more unique targets in 1 minute • Alert when 5 or more hosts on the same subnet trigger the same Malware Signature (AV or IPS) within a 1 hour interval. WebServer • Files with executable extensions (cgi, asp, aspx, jar, php, exe, com, cmd, sh, bat), are posted to a web server, from an external source • Black-listed applications • Alert when an unauthorized application (e.g. Teamviewer, LogmeIn, Nmap, Nessus, etc.) is run on any host MonitoredLogSources • Alert when a monitored log source has not sent an event in 1 Hour UserActivityReports • All Active User Accounts (any successful login grouped by account name in the past XX days) • Active User List by Authentication type a) VPN Users b) Active Directory Users c) Infrastructure Device Access (Firewalls, Rou- ters, Switches, IPS) • User Creation, Deletion and Modification (A list of all user accounts created, deleted or modified) • Access by any Default Account – (Guest, Root, Administrator, or other default account usage) • Password resets by admin accounts in the past 7 days. AccessReports • Access to any protected/monitored device by an untrusted network a) VPN Access to Server Zone b) Access by a Foreign Network to Server Zone Malware • A list of host addresses for any identified malwa-
  • 8. page 8SureLog Next - Generation SIEM 2. All-In-One It Security Management ANET re name • A count of any given malware (grouped by An- ti-Virus Signature), over the past XX days Emailactivity • Top 10 E-mail subjects • Top 10 addresses to send email • Top 10 addresses to receive email • Top 10 addresses to send email with largest total size (MB) • Top 10 addresses to receive email with largest total size (MB) WebContent • Top 10 Destinations by Domain Name • Top 10 Blocked Destinations by Domain • Name • Top 10 Blocked Sources by IP Address • Top 10 Blocked categories • Total sent and received bytes grouped by IP add- resses UserAccountactivity • Top 10 Failed Logins AdvancedCorrelationRules • Attack Followed by Account Change • Scan Followed by an Attack • Detects An Unusual Condition Where A Source Has Authentication Failures At A Host But That Is Not Followed By A Successful Authentication At The Same Host Within 2 Hours • Look for a new account being created followed by immediate authentication activity from that same account would detect the backdoor ac- count creation followed by the account being used to telnet back into the system • Monitor same source having excessive logon failures at distinct hosts, • Check whether the source of an attack was previously the destination of an attack (within 15 minutes) • Check whether there are 5 events from host firewalls with severity 4 or greater in 10 minutes between the same source and destination IP • Look for a new account being created, followed shortly by access/authentication failure activity from the same account • Monitor system access outside of business hours Taxonomy This is a mapping of information from heterogeneo- us sources to a common classification. A taxonomy aids in pattern recognition and also improves the scope and stability of correlation rules. When events from heterogeneous sources are normalized they can be analyzed by a smaller number of correlation rules, which reduces deployment and support labor. In addition, normalized events are easier to work with when developing reports and dashboards
  • 9. page 9SureLog Next - Generation SIEM 2. All-In-One It Security Management ANET SureLog supports 155 brands and 350 devices. Cate- gorize (Taxonomy) logs into 1513 groups like • Compromised->RemoteControlApp->Response • HealthStatus->Informational->HighAvailability->- LinkStatus->Down • IPTrafficAudit->IP Too many fragments • IPSpoofAccess->ICMP CODE Redirect for the Host • FileTransferTrafficAudit->Authentication Failed • NamingTrafficAudit • Session->Start • ICMP Destination Network is Administratively Prohibited LOG MANAGEMENT SureLog unique log management feature being able to collect log data from across an enterprise regard- less of their source, present the logs in a uniform and consistent manner and manage the state, location and efficient access to those logs is an essential element to any comprehensive Log Management and Log Analysis solution. The SureLog solution was designed to address core log management needs including: • The ability to collect any type of log data regard- less of source • The ability to collect log data with or without ins- talling an agent on the log source device, system or application. • The ability to “normalize” any type of log data for more effective reporting and analysis • The ability to “scale-down” for small deploy- ments and “scale-up” for extremely large envi- ronments • An open architecture allowing direct and secure access to log data via third-party analysis and reporting tools • A role based security model providing user ac- countability and access control • Automated archiving for secure long term reten- tion • Wizard-based retrieval of any archived logs in seconds ComprehensiveLogDataCollection andLogManagement Being able to collect log data from across an enterp- rise regardless of their source, present the logs in a uniform and consistent manner and manage the state, location and efficient access to those logs is an essential element to any comprehensive Log Mana- gement and Log Analysis solution. The SureLog solu- tion was designed to address core log management needs including: • The ability to collect any type of log data regard- less of source • The ability to collect log data with or without ins- talling an agent on the log source device, system or application. • The ability to “normalize” any type of log data for more effective reporting and analysis • The ability to “scale-down” for small deploy- ments and “scale-up” for extremely large envi- ronments • An open architecture allowing direct and secure
  • 10. page 10SureLog Next - Generation SIEM 2. All-In-One It Security Management ANET access to log data via third-party analysis and repor- ting tools • A role based security model providing user ac- countability and access control • Automated archiving for secure long term reten- tion • Wizard-based retrieval of any archived logs in seconds Cross-platformLogCollection Today’s IT operations require many technologies; routers, firewalls, switches, file servers, and appli- cations to name a few. SureLog has been designed to collect from them all through intelligent use of agent-less and agent-based techniques. Windows Event Logs: Agent-less or Agent-based SureLog can collect all types of Windows Event Logs with or without the use of an agent. Many Windows-based applications write their logs to the Application Event Log or a custom Event Log. Examples of supported log sources that can be colle- cted by SureLog in real time include: • Windows System Event Log • Windows Security Event Log • Windows Application Event Log • Microsoft Exchange Server application logs • Microsoft SQL Server application logs • Windows based ERP and CRM systems applicati- on logs Syslog Many log sources, including most network devices (e.g. routers, switches, firewalls) transmit logs via Syslog. SureLog includes an integrated Syslog server for receiving and processing these messages. Simply point any syslog generating device to SureLog and it will automatically begin collecting and processing those logs. FlatFileLogs SureLog can collect logs written to any ASCII-ba- sed text file. Whether it is a commercial system or homegrown application, SureLog can collect and manage them. Examples of supported log sources using this met- hod include: • Web servers logs (e.g. Apache, IIS) • Linux system logs • Windows Forefront TMG / UAG and ISA Server logs • DNS and DHCP server logs • Host based intrusion detection/prevention sys- tems • Homegrown application logs • MS Exchange message tracking logs Since so much sensitive information resides in da- tabases, it is important to monitor and track access and activity surrounding important databases. The actual and reputational cost of a theft of customer records can be very large. SureLog can help. Su- reLog collects, analyzes, alerts, and reports on logs from Oracle, Microsoft SQL Server. It also captures data from custom audit logs and applications that run on the database. This capability enables custo- mer to use SureLog for real-time database monito- ring to guard against insider and outsider threats. Tagging SureLog brings about the addition of a very powerful event tagging system, which allows individual users as well as teams to tag events with an unlimited number of keywords that may define that various Characteristics of an event (intrusion, financial, departmental and topological). System users can create their own set of custom tags. Tags can be added to events individually as needed or through the automated action system as events are imported and normalized. Searching and reporting by tags is supported and tag statistics displays are included as well.
  • 11. page 11SureLog Next - Generation SIEM 2. All-In-One It Security Management ANET ScalableLogCentralization SureLog is architected to scale easily and incremen- tally as your needs grow. Whether you need to col- lect 10 million or more than 1 billion logs per day, Su- reLog can handle it. With SureLog you simply deploy the capacity you need when you need it, preserving your initial investment along the way. Deployments can start with a single, turnkey appliance and grow easily by adding incremental log manager appliances as needs expand. With SureLog’s “building blocks” distributed architecture, you can access and analyze logs throughout your deployment with ease. LogArchivingandRetrieval Many businesses have compliance requirements to preserve historic log data and be able to provide it in its original form for legal or investigative purposes. Collecting, maintaining and recovering historic log data can be expensive and difficult. Imagine trying to recover logs from a specific server two years ago. Were the logs archived or saved anywhere. If so, where have the logs been stored? What format are they in? Can the correct archived log files be iden- tified among the tens of thousands (or millions) of other archive files…in a reasonable period of time? With SureLog, the answers to these questions are easy. ActivityAuditing For compliance verification, users’ and administra- tors’ actions within SureLog are logged. SureLog user activity reports provide powerful proof that SureLog is actively used to analyze log data for comp- liance purposes or not for illegal aims..
  • 13. page 13SureLog Next - Generation SIEM 3. SureLog Advantages ANET • Decision speed: Integrated analysis technology processes highly complex decision logic in real-ti- me – similar to how humans reason. • Continuous learning: We continuously learn the behavior of your environment by cross-corre- lating log information, device availability and performance statistics. • Real-time alerting and historical forensics: Many ready to use rules detect anomalous behavior and events. Comprehensive search and reporting capabilities simplify compliance reporting. CustomerswhohaveusedSURELOG haveexperienced: • Improved productivity. • Higher business operations uptime. • Lower IT costs. • Improved business performance. • Ability to meet Service Level Agreements. • By correlating customer service level commit- ments you will have better visibility to required response times. • Monitor applications. • Monitor ecosystem business services, not just devices. Whatproblemsdoesitsolve? SureLog helps network security administrators & IT Managers for security events monitoring efficiently and real-time alerting. Also the SureLog software generates reports to comply with various regulations such as Health Insurance Portability and Accounta- bility Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SOX), and Payment Card In- dustry Data Security Standards (PCI) and archives logs for the purpose of network auditing and forensic analysis. Whatfeaturesdoesitoffer? Multiple Device/ Vendor Support, Flexible Log Ar- chiving, Capability to view traffic trends and usage patterns, Multi-level drill down into top hosts, proto- cols, web sites and more, VPN/ Squid Proxy Reports, Multi-varied Reporting Capabilities, Centralized event log management, Compliance reporting, Auto- matic alerting, Historical trending, Security analysis, Host grouping, Pre-built event reports, Customizable report profiles, Report scheduling, Multiple report formats. Compliant with Turkish Law 5651 which guaranties that logs cannot be changed and digitally signed.
  • 14. About ANET Software ANET is privately held software company incorporated in VA, USA and branches in Turkey and new Zealand . Our mission is to build a software company that embraces “open development philosophy” and provides innovati- ve solutions to customer problems in collaboration with customers.  We are a SIEM pioneer with over 250 clients throughout Europe experiencing the ANET difference.
  • 15. TheMost Important PriorityisYour Satisfaction Contact Us Headquarters: Anet, Inc; PMB# 62 11350 Random Hills Rd Suite 800 Fairfax, VA 22030 +1 (703) 346-1222 Offices: 74 / 2 Asquith Ave Mt Albert Auckland, New Zealand +64021 975 369 Istanbul Technology Development Zone Sanayi Mah. Teknopark Blvd. No: 1 Pendik 34906, Istanbul, Turkey +902163540581 E-5 Karayolu Ankara Asfaltaltı, Soğanlık Sapağı Kartal / Istanbul 34912, Istanbul, Turkey +902163540580 info@anetusa.net www.anetusa.net