3. AGENDA
Introduction to InfoMagnum Security Service
Logging everything
Features and possibilities
Process and implementation
Q&A
4. LOGGING EVERYTHING
We Support below Devices and Applications
Devices:
- Cisco ISR, ASA, and PIX series
- ISS Proventia
- Fortinet
- Checkpoint VPN-1 Pro and VPN-Edge Series, Firewall-1 Express
- Juniper NetScreen
Applications:
- Windows, Linux, HPUX, AIX logs
- Apache, mySQL, ftp, and more.
5. REASONS TO STEPIN
• Detect/Prevent Unauthorized Access and insider Abuse
• Meet Regulatory Requirement
• Forensic Analysis and Correlation
• Ensure Regulatory Compliance
• Track Suspicious Behavior
• IT Troubleshooting and Network Operation
• Monitor User Activity
• Best Practices/Frameworks such as COBIT, ISO, ITIL, etc.
• Measure Application Performance
• Achieve ROI or Cost Reduction in System Maintenance
6. BASIC FEATURES
• Organizational Intelligence.
• Enables analysts to rapidly generate actionable intelligence from massive amounts of
continuous Syslog data.
• Intuitive processes for visualizing data minimizes the time between data acquisition
and analysis.
• Analysts’ Advantage
• Reduces the amount of time and effort to analyze in pointing problems in sets
automatically.
• Increase the IQ of analysts without subject matter expertise.
• Provides simple visualizations for different facets of the same data, thereby replacing
clutter and information overload.
• Data Center foot printing and problem identification.
• System Problem diagnostics and failure detection.
• Cyber Threat Intelligence using system logged IP’s, url’s, dns and more atomics.
8. Anomaly detection methods
a. Supervised :
• Finger Printing Datacenter : identifying performance crises.
• Failure Diagnostics – using decision
b. Unsupervised:
• Problem Identification and detection with minimal SME,
Next version features:
• Predictions and alerting will be implemented along with this services.
DIFFERENTIATORS
9. STREAMING PROCESS
• Syslog Platform
• Device identification and topology review of logged data
• Extraction of logs from syslog server to process pipeline server
• Transformation at process pipeline server
• Replacing/Pairing/Identify Invariants
• Templatization
• Parsing and pattern detection
• Indexing parsed ETL for further analysis and machine learning
• Applying periodic and correlation scripts to indexed data and
calibration/correction the results before indexing
• Representing graphs for the mentioned features
11. CHALLENGES
• Lots of workload
• Real-time performance
monitoring metrics from many
sources
• Easy to identify bottlenecks
• Easy to identify and co-relate
any bottlenecks caused for
further system performance
tuning
• Real-time centralized logs from
many sources
• Real-time suspicious & intrusion
logs
• Lots of Users
• Many Sources of Logs
12. CHALLENGE #1 LOG ANALYSIS
1. The Firewall did it?
Did the Firewall Block something it shouldn’t have?
Got Bypassed !!!
2. What did the Intruder do?
IDS, IPS, AX, etc.. Events
3. Phished, who clicked it?
4. What happened to the device 3Months ago?
CPU NETWORK MEMORY DISK PROCESS
EVENTS
Integrative
Scalable
Administrative
Secure