SlideShare a Scribd company logo

Threat intelligence solution

A
ARUN REDDY M

Turnkey Solution on premises threat intelligence.

Small Business & Entrepreneurship
1 of 14
Download to read offline
2nd Floor, Spline Arcade, Hi-tech city, Hyderabad-500081. email: contact@infomagnum.com
LOG ANALYTICS A SOLUTION TO IDENTIFY YOUR THREATS… Log’s are stepping stones to success.
AGENDA  Introduction to InfoMagnum Security Service  Logging everything  Features and possibilities  Process and implementation  Q&A
LOGGING EVERYTHING We Support below Devices and Applications Devices: - Cisco ISR, ASA, and PIX series - ISS Proventia - Fortinet - Checkpoint VPN-1 Pro and VPN-Edge Series, Firewall-1 Express - Juniper NetScreen Applications: - Windows, Linux, HPUX, AIX logs - Apache, mySQL, ftp, and more.
REASONS TO STEPIN • Detect/Prevent Unauthorized Access and insider Abuse • Meet Regulatory Requirement • Forensic Analysis and Correlation • Ensure Regulatory Compliance • Track Suspicious Behavior • IT Troubleshooting and Network Operation • Monitor User Activity • Best Practices/Frameworks such as COBIT, ISO, ITIL, etc. • Measure Application Performance • Achieve ROI or Cost Reduction in System Maintenance
BASIC FEATURES • Organizational Intelligence. • Enables analysts to rapidly generate actionable intelligence from massive amounts of continuous Syslog data. • Intuitive processes for visualizing data minimizes the time between data acquisition and analysis. • Analysts’ Advantage • Reduces the amount of time and effort to analyze in pointing problems in sets automatically. • Increase the IQ of analysts without subject matter expertise. • Provides simple visualizations for different facets of the same data, thereby replacing clutter and information overload. • Data Center foot printing and problem identification. • System Problem diagnostics and failure detection. • Cyber Threat Intelligence using system logged IP’s, url’s, dns and more atomics.
TECHNOLOGY Powered Technologies • Syslog-NG • Python - ETL • Indexing Elasticsearch or infuxDB • Algorithms – Many (Clustering, SVM, Regression) • AngularJS or Kibana. • Cyber Security threat intel. • Rediss
Anomaly detection methods a. Supervised : • Finger Printing Datacenter : identifying performance crises. • Failure Diagnostics – using decision b. Unsupervised: • Problem Identification and detection with minimal SME, Next version features: • Predictions and alerting will be implemented along with this services. DIFFERENTIATORS
STREAMING PROCESS • Syslog Platform • Device identification and topology review of logged data • Extraction of logs from syslog server to process pipeline server • Transformation at process pipeline server • Replacing/Pairing/Identify Invariants • Templatization • Parsing and pattern detection • Indexing parsed ETL for further analysis and machine learning • Applying periodic and correlation scripts to indexed data and calibration/correction the results before indexing • Representing graphs for the mentioned features
USE CASES
CHALLENGES • Lots of workload • Real-time performance monitoring metrics from many sources • Easy to identify bottlenecks • Easy to identify and co-relate any bottlenecks caused for further system performance tuning • Real-time centralized logs from many sources • Real-time suspicious & intrusion logs • Lots of Users • Many Sources of Logs
CHALLENGE #1 LOG ANALYSIS 1. The Firewall did it?  Did the Firewall Block something it shouldn’t have?  Got Bypassed !!! 2. What did the Intruder do? IDS, IPS, AX, etc.. Events 3. Phished, who clicked it? 4. What happened to the device 3Months ago? CPU NETWORK MEMORY DISK PROCESS EVENTS Integrative Scalable Administrative Secure
CHALLENGE #2 PERFORMANCE ANALYSIS HEAP MEM THREADS BUFFER CACHE NON HEAP METRICS
THANK YOU Queries arun@infomagnum.com contactus@infomagnum.com www.infomagnum.com

Recommended

Monitoring
MonitoringMonitoring
Monitoringstrikr .
 
DBOps
DBOpsDBOps
DBOpsstrikr .
 
Dashboards, widgets, business views & 3D-data centre
Dashboards, widgets, business views & 3D-data centreDashboards, widgets, business views & 3D-data centre
Dashboards, widgets, business views & 3D-data centreManageEngine, Zoho Corporation
 
SplunkLive! Customer Presentation - Hurricane Labs
SplunkLive! Customer Presentation - Hurricane LabsSplunkLive! Customer Presentation - Hurricane Labs
SplunkLive! Customer Presentation - Hurricane LabsSplunk
 
Putting the Sec into DevOps
Putting the Sec into DevOpsPutting the Sec into DevOps
Putting the Sec into DevOpsMaytal Levi
 
Leading American Entertainment Company implements OpManager
Leading American Entertainment Company implements OpManagerLeading American Entertainment Company implements OpManager
Leading American Entertainment Company implements OpManagerManageEngine, Zoho Corporation
 
5 ways you can strengthen and secure your network infrastructure with Firewal...
5 ways you can strengthen and secure your network infrastructure with Firewal...5 ways you can strengthen and secure your network infrastructure with Firewal...
5 ways you can strengthen and secure your network infrastructure with Firewal...ManageEngine, Zoho Corporation
 
5 benefits of OpManager
5 benefits of OpManager5 benefits of OpManager
5 benefits of OpManagerManageEngine, Zoho Corporation
 

Recommended

Monitoring
MonitoringMonitoring
Monitoringstrikr .
 
DBOps
DBOpsDBOps
DBOpsstrikr .
 
Dashboards, widgets, business views & 3D-data centre
Dashboards, widgets, business views & 3D-data centreDashboards, widgets, business views & 3D-data centre
Dashboards, widgets, business views & 3D-data centreManageEngine, Zoho Corporation
 
SplunkLive! Customer Presentation - Hurricane Labs
SplunkLive! Customer Presentation - Hurricane LabsSplunkLive! Customer Presentation - Hurricane Labs
SplunkLive! Customer Presentation - Hurricane LabsSplunk
 
Putting the Sec into DevOps
Putting the Sec into DevOpsPutting the Sec into DevOps
Putting the Sec into DevOpsMaytal Levi
 
Leading American Entertainment Company implements OpManager
Leading American Entertainment Company implements OpManagerLeading American Entertainment Company implements OpManager
Leading American Entertainment Company implements OpManagerManageEngine, Zoho Corporation
 
5 ways you can strengthen and secure your network infrastructure with Firewal...
5 ways you can strengthen and secure your network infrastructure with Firewal...5 ways you can strengthen and secure your network infrastructure with Firewal...
5 ways you can strengthen and secure your network infrastructure with Firewal...ManageEngine, Zoho Corporation
 
5 benefits of OpManager
5 benefits of OpManager5 benefits of OpManager
5 benefits of OpManagerManageEngine, Zoho Corporation
 
Network fault management and IT automation training
Network fault management and IT automation trainingNetwork fault management and IT automation training
Network fault management and IT automation trainingManageEngine, Zoho Corporation
 
Qradar as a SOC core
Qradar as a SOC coreQradar as a SOC core
Qradar as a SOC coreMona Arkhipova
 
Opmanager technical overview
Opmanager technical overviewOpmanager technical overview
Opmanager technical overviewManageEngine, Zoho Corporation
 
Free Netflow analyzer training - diagnosing_and_troubleshooting
Free Netflow analyzer training - diagnosing_and_troubleshootingFree Netflow analyzer training - diagnosing_and_troubleshooting
Free Netflow analyzer training - diagnosing_and_troubleshootingManageEngine, Zoho Corporation
 
5 Ways NCM Can Save You From A Disaster
5 Ways NCM Can Save You From A Disaster5 Ways NCM Can Save You From A Disaster
5 Ways NCM Can Save You From A DisasterManageEngine, Zoho Corporation
 
World's Largest Space Research Organization Implements OpManager Plus
World's Largest Space Research Organization Implements OpManager PlusWorld's Largest Space Research Organization Implements OpManager Plus
World's Largest Space Research Organization Implements OpManager PlusManageEngine, Zoho Corporation
 
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solutionAlgosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solutionMaytal Levi
 
Top-Down Approach to Monitoring
Top-Down Approach to MonitoringTop-Down Approach to Monitoring
Top-Down Approach to MonitoringBigPanda
 
Ransomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respondRansomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respondAlgoSec
 
Server and application monitoring webinars [Applications Manager] - Part 3
Server and application monitoring webinars [Applications Manager] - Part 3Server and application monitoring webinars [Applications Manager] - Part 3
Server and application monitoring webinars [Applications Manager] - Part 3ManageEngine, Zoho Corporation
 
New OpManager v12
New OpManager v12New OpManager v12
New OpManager v12Inuit AB
 
Security Change Management: Agility vs. Control
Security Change Management: Agility vs. ControlSecurity Change Management: Agility vs. Control
Security Change Management: Agility vs. ControlAlgoSec
 
Automating for NERC CIP-007-5-R1
Automating for NERC CIP-007-5-R1 Automating for NERC CIP-007-5-R1
Automating for NERC CIP-007-5-R1Tripwire
 
Protect & Defend Your Critical Infrastructure
Protect & Defend Your Critical InfrastructureProtect & Defend Your Critical Infrastructure
Protect & Defend Your Critical InfrastructureQ1 Labs
 
Global Airline giant's application performance monitoring solution!
Global Airline giant's application performance monitoring solution!Global Airline giant's application performance monitoring solution!
Global Airline giant's application performance monitoring solution!ManageEngine, Zoho Corporation
 
6. Kepware_IIoT_Solution
6. Kepware_IIoT_Solution6. Kepware_IIoT_Solution
6. Kepware_IIoT_SolutionSteve Lim
 
Managing SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk EnterpriseManaging SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk EnterpriseSplunk
 
Server and application monitoring webinars [Applications Manager] - Part 2
Server and application monitoring webinars [Applications Manager] - Part 2Server and application monitoring webinars [Applications Manager] - Part 2
Server and application monitoring webinars [Applications Manager] - Part 2ManageEngine, Zoho Corporation
 
5 things you didn't know you could do with security policy management
5 things you didn't know you could do with security policy management5 things you didn't know you could do with security policy management
5 things you didn't know you could do with security policy managementAlgoSec
 
Applications Performance Monitoring with Applications Manager part 1
Applications Performance Monitoring with Applications Manager part 1Applications Performance Monitoring with Applications Manager part 1
Applications Performance Monitoring with Applications Manager part 1ManageEngine, Zoho Corporation
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks
 
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...Ryan Hodgin
 

More Related Content

What's hot

Free Netflow analyzer training - diagnosing_and_troubleshooting
Free Netflow analyzer training - diagnosing_and_troubleshootingFree Netflow analyzer training - diagnosing_and_troubleshooting
Free Netflow analyzer training - diagnosing_and_troubleshootingManageEngine, Zoho Corporation
 
World's Largest Space Research Organization Implements OpManager Plus
World's Largest Space Research Organization Implements OpManager PlusWorld's Largest Space Research Organization Implements OpManager Plus
World's Largest Space Research Organization Implements OpManager PlusManageEngine, Zoho Corporation
 
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solutionAlgosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solutionMaytal Levi
 
Top-Down Approach to Monitoring
Top-Down Approach to MonitoringTop-Down Approach to Monitoring
Top-Down Approach to MonitoringBigPanda
 
Ransomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respondRansomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respondAlgoSec
 
Server and application monitoring webinars [Applications Manager] - Part 3
Server and application monitoring webinars [Applications Manager] - Part 3Server and application monitoring webinars [Applications Manager] - Part 3
Server and application monitoring webinars [Applications Manager] - Part 3ManageEngine, Zoho Corporation
 
New OpManager v12
New OpManager v12New OpManager v12
New OpManager v12Inuit AB
 
Security Change Management: Agility vs. Control
Security Change Management: Agility vs. ControlSecurity Change Management: Agility vs. Control
Security Change Management: Agility vs. ControlAlgoSec
 
Automating for NERC CIP-007-5-R1
Automating for NERC CIP-007-5-R1 Automating for NERC CIP-007-5-R1
Automating for NERC CIP-007-5-R1Tripwire
 
Protect & Defend Your Critical Infrastructure
Protect & Defend Your Critical InfrastructureProtect & Defend Your Critical Infrastructure
Protect & Defend Your Critical InfrastructureQ1 Labs
 
Global Airline giant's application performance monitoring solution!
Global Airline giant's application performance monitoring solution!Global Airline giant's application performance monitoring solution!
Global Airline giant's application performance monitoring solution!ManageEngine, Zoho Corporation
 
6. Kepware_IIoT_Solution
6. Kepware_IIoT_Solution6. Kepware_IIoT_Solution
6. Kepware_IIoT_SolutionSteve Lim
 
Managing SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk EnterpriseManaging SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk EnterpriseSplunk
 
Server and application monitoring webinars [Applications Manager] - Part 2
Server and application monitoring webinars [Applications Manager] - Part 2Server and application monitoring webinars [Applications Manager] - Part 2
Server and application monitoring webinars [Applications Manager] - Part 2ManageEngine, Zoho Corporation
 
5 things you didn't know you could do with security policy management
5 things you didn't know you could do with security policy management5 things you didn't know you could do with security policy management
5 things you didn't know you could do with security policy managementAlgoSec
 
Applications Performance Monitoring with Applications Manager part 1
Applications Performance Monitoring with Applications Manager part 1Applications Performance Monitoring with Applications Manager part 1
Applications Performance Monitoring with Applications Manager part 1ManageEngine, Zoho Corporation
 

What's hot (20)

Network fault management and IT automation training
Network fault management and IT automation trainingNetwork fault management and IT automation training
Network fault management and IT automation training
 
Qradar as a SOC core
Qradar as a SOC coreQradar as a SOC core
Qradar as a SOC core
 
Opmanager technical overview
Opmanager technical overviewOpmanager technical overview
Opmanager technical overview
 
Free Netflow analyzer training - diagnosing_and_troubleshooting
Free Netflow analyzer training - diagnosing_and_troubleshootingFree Netflow analyzer training - diagnosing_and_troubleshooting
Free Netflow analyzer training - diagnosing_and_troubleshooting
 
5 Ways NCM Can Save You From A Disaster
5 Ways NCM Can Save You From A Disaster5 Ways NCM Can Save You From A Disaster
5 Ways NCM Can Save You From A Disaster
 
World's Largest Space Research Organization Implements OpManager Plus
World's Largest Space Research Organization Implements OpManager PlusWorld's Largest Space Research Organization Implements OpManager Plus
World's Largest Space Research Organization Implements OpManager Plus
 
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solutionAlgosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution
 
Top-Down Approach to Monitoring
Top-Down Approach to MonitoringTop-Down Approach to Monitoring
Top-Down Approach to Monitoring
 
Ransomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respondRansomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respond
 
Server and application monitoring webinars [Applications Manager] - Part 3
Server and application monitoring webinars [Applications Manager] - Part 3Server and application monitoring webinars [Applications Manager] - Part 3
Server and application monitoring webinars [Applications Manager] - Part 3
 
New OpManager v12
New OpManager v12New OpManager v12
New OpManager v12
 
Security Change Management: Agility vs. Control
Security Change Management: Agility vs. ControlSecurity Change Management: Agility vs. Control
Security Change Management: Agility vs. Control
 
Automating for NERC CIP-007-5-R1
Automating for NERC CIP-007-5-R1 Automating for NERC CIP-007-5-R1
Automating for NERC CIP-007-5-R1
 
Protect & Defend Your Critical Infrastructure
Protect & Defend Your Critical InfrastructureProtect & Defend Your Critical Infrastructure
Protect & Defend Your Critical Infrastructure
 
Global Airline giant's application performance monitoring solution!
Global Airline giant's application performance monitoring solution!Global Airline giant's application performance monitoring solution!
Global Airline giant's application performance monitoring solution!
 
6. Kepware_IIoT_Solution
6. Kepware_IIoT_Solution6. Kepware_IIoT_Solution
6. Kepware_IIoT_Solution
 
Managing SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk EnterpriseManaging SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk Enterprise
 
Server and application monitoring webinars [Applications Manager] - Part 2
Server and application monitoring webinars [Applications Manager] - Part 2Server and application monitoring webinars [Applications Manager] - Part 2
Server and application monitoring webinars [Applications Manager] - Part 2
 
5 things you didn't know you could do with security policy management
5 things you didn't know you could do with security policy management5 things you didn't know you could do with security policy management
5 things you didn't know you could do with security policy management
 
Applications Performance Monitoring with Applications Manager part 1
Applications Performance Monitoring with Applications Manager part 1Applications Performance Monitoring with Applications Manager part 1
Applications Performance Monitoring with Applications Manager part 1
 

Similar to Threat intelligence solution

Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks
 
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...Ryan Hodgin
 
Kaseya Connect 2012 - THE ABC'S OF MONITORING
Kaseya Connect 2012 - THE ABC'S OF MONITORINGKaseya Connect 2012 - THE ABC'S OF MONITORING
Kaseya Connect 2012 - THE ABC'S OF MONITORINGKaseya
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolShah Sheikh
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudPaulo Renato
 
Cloud-native application monitoring powered by Riverbed and Elasticsearch
Cloud-native application monitoring powered by Riverbed and ElasticsearchCloud-native application monitoring powered by Riverbed and Elasticsearch
Cloud-native application monitoring powered by Riverbed and ElasticsearchRichard Juknavorian
 
Agile infrastructure
Agile infrastructureAgile infrastructure
Agile infrastructureTarun Rajput
 
The differing ways to monitor and instrument
The differing ways to monitor and instrumentThe differing ways to monitor and instrument
The differing ways to monitor and instrumentJonah Kowall
 
Industrial Control Systems Cybersecurity Technology Selection
Industrial Control Systems Cybersecurity Technology SelectionIndustrial Control Systems Cybersecurity Technology Selection
Industrial Control Systems Cybersecurity Technology SelectionDragos, Inc.
 
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...NetworkCollaborators
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics NetworkCollaborators
 
Splunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk App for Stream for Enhanced Operational Intelligence from Wire DataSplunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk App for Stream for Enhanced Operational Intelligence from Wire DataSplunk
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
 
Achieving Defendable Architectures Via Threat Driven Methodologies
Achieving Defendable Architectures Via Threat Driven MethodologiesAchieving Defendable Architectures Via Threat Driven Methodologies
Achieving Defendable Architectures Via Threat Driven MethodologiesPriyanka Aash
 
People Counting: Internet of Things in Motion at JavaOne 2013
People Counting: Internet of Things in Motion at JavaOne 2013People Counting: Internet of Things in Motion at JavaOne 2013
People Counting: Internet of Things in Motion at JavaOne 2013Eurotech
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
Pass4sure 640-554 Cisco IOS Network Security
Pass4sure 640-554 Cisco IOS Network SecurityPass4sure 640-554 Cisco IOS Network Security
Pass4sure 640-554 Cisco IOS Network SecurityHecrocro
 
Presentation database security audit vault & database firewall
Presentation database security audit vault & database firewallPresentation database security audit vault & database firewall
Presentation database security audit vault & database firewallxKinAnx
 
network-management Web base.ppt
network-management Web base.pptnetwork-management Web base.ppt
network-management Web base.pptAssadLeo1
 

Similar to Threat intelligence solution (20)

Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-Sheet
 
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...
 
Kaseya Connect 2012 - THE ABC'S OF MONITORING
Kaseya Connect 2012 - THE ABC'S OF MONITORINGKaseya Connect 2012 - THE ABC'S OF MONITORING
Kaseya Connect 2012 - THE ABC'S OF MONITORING
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrol
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
 
Cloud-native application monitoring powered by Riverbed and Elasticsearch
Cloud-native application monitoring powered by Riverbed and ElasticsearchCloud-native application monitoring powered by Riverbed and Elasticsearch
Cloud-native application monitoring powered by Riverbed and Elasticsearch
 
Agile infrastructure
Agile infrastructureAgile infrastructure
Agile infrastructure
 
The differing ways to monitor and instrument
The differing ways to monitor and instrumentThe differing ways to monitor and instrument
The differing ways to monitor and instrument
 
Industrial Control Systems Cybersecurity Technology Selection
Industrial Control Systems Cybersecurity Technology SelectionIndustrial Control Systems Cybersecurity Technology Selection
Industrial Control Systems Cybersecurity Technology Selection
 
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics
 
Resume
ResumeResume
Resume
 
Splunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk App for Stream for Enhanced Operational Intelligence from Wire DataSplunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk App for Stream for Enhanced Operational Intelligence from Wire Data
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
 
Achieving Defendable Architectures Via Threat Driven Methodologies
Achieving Defendable Architectures Via Threat Driven MethodologiesAchieving Defendable Architectures Via Threat Driven Methodologies
Achieving Defendable Architectures Via Threat Driven Methodologies
 
People Counting: Internet of Things in Motion at JavaOne 2013
People Counting: Internet of Things in Motion at JavaOne 2013People Counting: Internet of Things in Motion at JavaOne 2013
People Counting: Internet of Things in Motion at JavaOne 2013
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk
 
Pass4sure 640-554 Cisco IOS Network Security
Pass4sure 640-554 Cisco IOS Network SecurityPass4sure 640-554 Cisco IOS Network Security
Pass4sure 640-554 Cisco IOS Network Security
 
Presentation database security audit vault & database firewall
Presentation database security audit vault & database firewallPresentation database security audit vault & database firewall
Presentation database security audit vault & database firewall
 
network-management Web base.ppt
network-management Web base.pptnetwork-management Web base.ppt
network-management Web base.ppt
 

Recently uploaded

(8264348440) 🔝 Call Girls In Babarpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Babarpur 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Babarpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Babarpur 🔝 Delhi NCRsoniya singh
 
Product Catalog Bandung Home Decor Design Furniture
Product Catalog Bandung Home Decor Design FurnitureProduct Catalog Bandung Home Decor Design Furniture
Product Catalog Bandung Home Decor Design Furniturem3resolve
 
Report about the AHIABGA-UnityNet UNDRIPDay / Earth-Day 2024 Gathering in Mar...
Report about the AHIABGA-UnityNet UNDRIPDay / Earth-Day 2024 Gathering in Mar...Report about the AHIABGA-UnityNet UNDRIPDay / Earth-Day 2024 Gathering in Mar...
Report about the AHIABGA-UnityNet UNDRIPDay / Earth-Day 2024 Gathering in Mar...LHelferty
 
Entrepreneur street first Edition is now out
Entrepreneur street first Edition is now outEntrepreneur street first Edition is now out
Entrepreneur street first Edition is now outentrepreneur street
 
(8264348440) 🔝 Call Girls In Safdarjung Enclave 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Safdarjung Enclave 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Safdarjung Enclave 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Safdarjung Enclave 🔝 Delhi NCRsoniya singh
 
(8264348440) 🔝 Call Girls In Khanpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Khanpur 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Khanpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Khanpur 🔝 Delhi NCRsoniya singh
 
About Entrepreneur ELON MUSK .pptx...
About Entrepreneur ELON MUSK .pptx...About Entrepreneur ELON MUSK .pptx...
About Entrepreneur ELON MUSK .pptx...lahiruherath654
 
Call Girls At-( Nearby )-Bhikaji Cama Place, Delhi | ⑧③77⓿⑧76⓿7
Call Girls At-( Nearby )-Bhikaji Cama Place, Delhi | ⑧③77⓿⑧76⓿7Call Girls At-( Nearby )-Bhikaji Cama Place, Delhi | ⑧③77⓿⑧76⓿7
Call Girls At-( Nearby )-Bhikaji Cama Place, Delhi | ⑧③77⓿⑧76⓿7dollysharma2066
 
CATALOGO MF 650 COMPLETO COM PEÇAS DE TRANSMISSAO
CATALOGO MF 650 COMPLETO COM PEÇAS DE TRANSMISSAOCATALOGO MF 650 COMPLETO COM PEÇAS DE TRANSMISSAO
CATALOGO MF 650 COMPLETO COM PEÇAS DE TRANSMISSAOTMTerraplanagem
 
TDC Health Limited Nigeria Business Plan Opportunity Presentation 2024
TDC Health Limited Nigeria Business Plan Opportunity Presentation 2024TDC Health Limited Nigeria Business Plan Opportunity Presentation 2024
TDC Health Limited Nigeria Business Plan Opportunity Presentation 2024Fikrie Omar
 
Smart Traffic Management System presentation
Smart Traffic Management System presentationSmart Traffic Management System presentation
Smart Traffic Management System presentationFareeyaFaisal
 
Gurgaon Rajiv Chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...
Gurgaon Rajiv Chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...Gurgaon Rajiv Chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...
Gurgaon Rajiv Chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...soniya singh
 
(8264348440) 🔝 Call Girls In Sriniwaspuri 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Sriniwaspuri 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Sriniwaspuri 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Sriniwaspuri 🔝 Delhi NCRsoniya singh
 
Guwahati Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Guwahati Call Girls 7001305949 WhatsApp Number 24x7 Best ServicesGuwahati Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Guwahati Call Girls 7001305949 WhatsApp Number 24x7 Best Servicesnajka9823
 

Recently uploaded (20)

(8264348440) 🔝 Call Girls In Babarpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Babarpur 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Babarpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Babarpur 🔝 Delhi NCR
 
Pakistani Jumeirah Call Girls # +971559085003 # Pakistani Call Girls In Jumei...
Pakistani Jumeirah Call Girls # +971559085003 # Pakistani Call Girls In Jumei...Pakistani Jumeirah Call Girls # +971559085003 # Pakistani Call Girls In Jumei...
Pakistani Jumeirah Call Girls # +971559085003 # Pakistani Call Girls In Jumei...
 
Cheap Rate ➥8448380779 ▻Call Girls In Sector 54 Gurgaon
Cheap Rate ➥8448380779 ▻Call Girls In Sector 54 GurgaonCheap Rate ➥8448380779 ▻Call Girls In Sector 54 Gurgaon
Cheap Rate ➥8448380779 ▻Call Girls In Sector 54 Gurgaon
 
Product Catalog Bandung Home Decor Design Furniture
Product Catalog Bandung Home Decor Design FurnitureProduct Catalog Bandung Home Decor Design Furniture
Product Catalog Bandung Home Decor Design Furniture
 
Presentation on Paytm mobile application
Presentation on Paytm mobile applicationPresentation on Paytm mobile application
Presentation on Paytm mobile application
 
Report about the AHIABGA-UnityNet UNDRIPDay / Earth-Day 2024 Gathering in Mar...
Report about the AHIABGA-UnityNet UNDRIPDay / Earth-Day 2024 Gathering in Mar...Report about the AHIABGA-UnityNet UNDRIPDay / Earth-Day 2024 Gathering in Mar...
Report about the AHIABGA-UnityNet UNDRIPDay / Earth-Day 2024 Gathering in Mar...
 
young call girls in kailash Nagar, 🔝 9953056974 🔝 escort Service
young call girls in kailash Nagar, 🔝 9953056974 🔝 escort Serviceyoung call girls in kailash Nagar, 🔝 9953056974 🔝 escort Service
young call girls in kailash Nagar, 🔝 9953056974 🔝 escort Service
 
Entrepreneur street first Edition is now out
Entrepreneur street first Edition is now outEntrepreneur street first Edition is now out
Entrepreneur street first Edition is now out
 
Cheap Rate ➥8448380779 ▻Call Girls In Sector 56 Gurgaon
Cheap Rate ➥8448380779 ▻Call Girls In Sector 56 GurgaonCheap Rate ➥8448380779 ▻Call Girls In Sector 56 Gurgaon
Cheap Rate ➥8448380779 ▻Call Girls In Sector 56 Gurgaon
 
(8264348440) 🔝 Call Girls In Safdarjung Enclave 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Safdarjung Enclave 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Safdarjung Enclave 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Safdarjung Enclave 🔝 Delhi NCR
 
(8264348440) 🔝 Call Girls In Khanpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Khanpur 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Khanpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Khanpur 🔝 Delhi NCR
 
About Entrepreneur ELON MUSK .pptx...
About Entrepreneur ELON MUSK .pptx...About Entrepreneur ELON MUSK .pptx...
About Entrepreneur ELON MUSK .pptx...
 
Call Girls At-( Nearby )-Bhikaji Cama Place, Delhi | ⑧③77⓿⑧76⓿7
Call Girls At-( Nearby )-Bhikaji Cama Place, Delhi | ⑧③77⓿⑧76⓿7Call Girls At-( Nearby )-Bhikaji Cama Place, Delhi | ⑧③77⓿⑧76⓿7
Call Girls At-( Nearby )-Bhikaji Cama Place, Delhi | ⑧③77⓿⑧76⓿7
 
CATALOGO MF 650 COMPLETO COM PEÇAS DE TRANSMISSAO
CATALOGO MF 650 COMPLETO COM PEÇAS DE TRANSMISSAOCATALOGO MF 650 COMPLETO COM PEÇAS DE TRANSMISSAO
CATALOGO MF 650 COMPLETO COM PEÇAS DE TRANSMISSAO
 
TDC Health Limited Nigeria Business Plan Opportunity Presentation 2024
TDC Health Limited Nigeria Business Plan Opportunity Presentation 2024TDC Health Limited Nigeria Business Plan Opportunity Presentation 2024
TDC Health Limited Nigeria Business Plan Opportunity Presentation 2024
 
Hot Sexy call girls in Rajouri Garden🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rajouri Garden🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rajouri Garden🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rajouri Garden🔝 9953056974 🔝 Delhi escort Service
 
Smart Traffic Management System presentation
Smart Traffic Management System presentationSmart Traffic Management System presentation
Smart Traffic Management System presentation
 
Gurgaon Rajiv Chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...
Gurgaon Rajiv Chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...Gurgaon Rajiv Chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...
Gurgaon Rajiv Chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...
 
(8264348440) 🔝 Call Girls In Sriniwaspuri 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Sriniwaspuri 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Sriniwaspuri 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Sriniwaspuri 🔝 Delhi NCR
 
Guwahati Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Guwahati Call Girls 7001305949 WhatsApp Number 24x7 Best ServicesGuwahati Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Guwahati Call Girls 7001305949 WhatsApp Number 24x7 Best Services
 

Threat intelligence solution

  • 1. 2nd Floor, Spline Arcade, Hi-tech city, Hyderabad-500081. email: contact@infomagnum.com
  • 2. LOG ANALYTICS A SOLUTION TO IDENTIFY YOUR THREATS… Log’s are stepping stones to success.
  • 3. AGENDA  Introduction to InfoMagnum Security Service  Logging everything  Features and possibilities  Process and implementation  Q&A
  • 4. LOGGING EVERYTHING We Support below Devices and Applications Devices: - Cisco ISR, ASA, and PIX series - ISS Proventia - Fortinet - Checkpoint VPN-1 Pro and VPN-Edge Series, Firewall-1 Express - Juniper NetScreen Applications: - Windows, Linux, HPUX, AIX logs - Apache, mySQL, ftp, and more.
  • 5. REASONS TO STEPIN • Detect/Prevent Unauthorized Access and insider Abuse • Meet Regulatory Requirement • Forensic Analysis and Correlation • Ensure Regulatory Compliance • Track Suspicious Behavior • IT Troubleshooting and Network Operation • Monitor User Activity • Best Practices/Frameworks such as COBIT, ISO, ITIL, etc. • Measure Application Performance • Achieve ROI or Cost Reduction in System Maintenance
  • 6. BASIC FEATURES • Organizational Intelligence. • Enables analysts to rapidly generate actionable intelligence from massive amounts of continuous Syslog data. • Intuitive processes for visualizing data minimizes the time between data acquisition and analysis. • Analysts’ Advantage • Reduces the amount of time and effort to analyze in pointing problems in sets automatically. • Increase the IQ of analysts without subject matter expertise. • Provides simple visualizations for different facets of the same data, thereby replacing clutter and information overload. • Data Center foot printing and problem identification. • System Problem diagnostics and failure detection. • Cyber Threat Intelligence using system logged IP’s, url’s, dns and more atomics.
  • 7. TECHNOLOGY Powered Technologies • Syslog-NG • Python - ETL • Indexing Elasticsearch or infuxDB • Algorithms – Many (Clustering, SVM, Regression) • AngularJS or Kibana. • Cyber Security threat intel. • Rediss
  • 8. Anomaly detection methods a. Supervised : • Finger Printing Datacenter : identifying performance crises. • Failure Diagnostics – using decision b. Unsupervised: • Problem Identification and detection with minimal SME, Next version features: • Predictions and alerting will be implemented along with this services. DIFFERENTIATORS
  • 9. STREAMING PROCESS • Syslog Platform • Device identification and topology review of logged data • Extraction of logs from syslog server to process pipeline server • Transformation at process pipeline server • Replacing/Pairing/Identify Invariants • Templatization • Parsing and pattern detection • Indexing parsed ETL for further analysis and machine learning • Applying periodic and correlation scripts to indexed data and calibration/correction the results before indexing • Representing graphs for the mentioned features
  • 11. CHALLENGES • Lots of workload • Real-time performance monitoring metrics from many sources • Easy to identify bottlenecks • Easy to identify and co-relate any bottlenecks caused for further system performance tuning • Real-time centralized logs from many sources • Real-time suspicious & intrusion logs • Lots of Users • Many Sources of Logs
  • 12. CHALLENGE #1 LOG ANALYSIS 1. The Firewall did it?  Did the Firewall Block something it shouldn’t have?  Got Bypassed !!! 2. What did the Intruder do? IDS, IPS, AX, etc.. Events 3. Phished, who clicked it? 4. What happened to the device 3Months ago? CPU NETWORK MEMORY DISK PROCESS EVENTS Integrative Scalable Administrative Secure
  • 13. CHALLENGE #2 PERFORMANCE ANALYSIS HEAP MEM THREADS BUFFER CACHE NON HEAP METRICS