Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Destacado
Destacado (20)
Similar a 8 Things to Know When Choosing a SIEM Solution
Similar a 8 Things to Know When Choosing a SIEM Solution (20)
Último
Último (20)
8 Things to Know When Choosing a SIEM Solution
- 1. SIEM Your Complete IT Security Arsenal 8 Things You Should Know About Choosing an SIEM Solution Joel Fernandes Sr. Product Marketing Analyst SIEM Solutions ManageEngine joeljohn.f@manageengine.com Speaker
- 2. Webinar “Housekeeping” Tips • Use the “question” box in the lower right corner to submit your questions • Questions will be answered during the Q&A session at the end of the webinar • We will do our best to answer as many questions as possible in the allotted time • This webinar is getting recorded and will be shared to you via email
- 3. Agenda • About ManageEngine • Log management challenges • What is SIEM? • Why is SIEM necessary? • 2012 Data Breach Analysis • Typical working of an SIEM solution • 8 critical things you should know about choosing an SIEM solution • Business benefits of SIEM solutions • ManageEngine SIEM product offering – Overview • Quick Demo - ManageEngine SIEM product offering • Conclusion • Q&A
- 4. About ManageEngine – IT Management Software division of Zoho Corporation – Established in 2002 – ManageEngine covers the complete gamut of IT solutions • 21 Products | 20 Free tools | 2 SAAS offerings – Trusted by over 72,000 customers across 200+ countries – 3 out of every 5 Fortune 500 companies are ManageEngine customers
- 5. Log Management Challenges • Analyzing Logs for Relevant Security Intelligence • Centralizing Log Collection • Meeting IT Compliance Requirements • Conducting Effective Root Cause Analysis • Making Log Data More Meaningful • Tracking Suspicious User Behavior
- 6. What is SIEM? • The term „SIEM‟ was coined by Mark Nicolett and Amrit Williams (Gartner Analysts) in 2005 • In simple words, SIEM is a combination of two different types of technologies: – SIM (Security Information Management) that focuses on log collection and report generation – SEM (Security Event Manager) that analyzes events in real-time using event correlation and alerting mechanism • SIEM technology provides network security intelligence and real-time monitoring for network devices, systems, and applications
- 7. Typical Working of an SIEM Solution
- 8. Why is SIEM necessary? Rise in data breaches due to internal and external threats Attackers are smart and traditional security tools just don‟t suffice Mitigate sophisticated cyber-attacks Manage increasing volumes of logs from multiple sources Meet stringent compliance requirements Biggest Data Breaches in 2013 Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
- 9. 2012 Data Breach Analysis Source: Verizon 2013 Data Breach Investigations Report Threat categories over timeVictims
- 10. 8 Things You Should Know About Choosing an SIEM Solution
- 11. #1. Log Collection • Universal Log Collection to collect logs from heterogeneous sources (Windows systems, Unix/Linux systems, applications, databases, routers, switches, and other devices) • Log collection method - agent-based or agentless – Both Recommended • Centralized log collection • Events Per Second (EPS) – Rate at which your IT infrastructure sends events. – If not calculated properly the SIEM solution will start dropping events before they are stored in the database leading to incorrect reports, search results, alerts, and correlation.
- 12. #2. User Activity Monitoring • SIEM solutions should have Out-of-the-box user activity monitoring, Privileged user monitoring and audit (PUMA) reporting feature • Ensure that the SIEM solution gives the ‘Complete audit trail’ – Know which user performed the action, what was the result of the action, on what server it happened, and user workstation/device from where the action was triggered.
- 13. #3. Real Time Event Correlation • Real-time event correlation is all about proactively dealing with threats • Correlation boosts network security by processing millions of events simultaneously to detect anomalous events on the network • Correlation can be based on log search, rules and alerts – Predefined rules and alerts are not sufficient. Custom rule and alert builder is a must for every SIEM solution. – Ensure that the process of correlating events is easy.
- 14. #4. Log Retention • SIEM solutions should automatically archive all log data from systems, devices & applications to a „centralized’ repository • Ensure that the SIEM solution has ‘Tamper Proof’ feature which „encrypts’ and „time stamps’ them for compliance and forensics purposes • Ease of retrieving and analyzing archived log data
- 15. #5. IT Compliance Reports • IT compliance is the core of every SIEM solution • Ensure that the SIEM solution has out- of-the-box regulatory compliance reports such as PCI DSS, FISMA, GLBA, SOX, HIPAA, etc. • SIEM solutions should also have the capability to customize and build new compliance reports to comply with future regulatory acts
- 16. #6. File Integrity Monitoring • File integrity monitoring helps security professionals in monitoring business critical files and folders. • Ensure that the SIEM solution tracks and reports on all changes happening such as when files and folders are created, accessed, viewed, deleted, modified, renamed and much more. • The SIEM solution should also send real- time alerts when unauthorized users access critical files and folders
- 17. #7. Log Forensics • SIEM solutions should allow users to track down a intruder or the event activity using log search capability • The log search capability should be very intuitive and user-friendly, allowing IT administrators to search through the raw log data quickly
- 18. #8. Dashboards • Dashboards drive SIEM solutions and help IT administrators take timely action and make the right decisions during network anomalies. • Security data must be presented in a very intuitive and user-friendly manner. • The dashboard must be fully customizable so that IT administrators can configure the security information they wish to see.
- 19. 8 Critical Things – At a glance
- 20. Business Benefits of SIEM Solutions • Real-time Monitoring – For operational efficiency and IT security purposes • Cost Saving • Compliance • Reporting • Rapid ROI
- 21. ManageEngine‟s SIEM Offering – Easy of deploy – Cost-effective – Customizable dashboard with drag and drop widgets – Uses both Agent and Agentless log collection mechanism
- 22. Universal Log Collection – Supports heterogeneous log sources – Universal log collection capability helps index any type of log regardless of the format and source – Allows you to index log data and generate reports for custom in- house/proprietary applications
- 23. Real Time Event Correlation and Log Forensics – Correlation using Search: Correlate events using log search with Wild- cards, Phrases and Boolean operators – Correlation using Alerts: Correlate events using custom and predefined alerts to mitigate threats in real-time – Notifications are send in real-time via Email and SMS – Conduct root cause analysis by diving into raw logs and generate forensic reports in minutes!
- 24. 5,000+ customers across 110+ countries
- 25. Get your 30 Day Free Trial Now! www.eventloganalyzer.com
- 26. Quick Glance
- 27. Conclusion • A SIEM solution can provide enormous security benefits to the company by protecting the network with real-time log analysis. • Most organizations think that SIEM solutions have a steep learning curve and are expensive, complex, and hard to deploy. • This claim may be true about many SIEM vendors. However, the right SIEM solution is one that can be easily deployed, is cost-effective, and meets all your IT security needs with a single tool.
- 28. Q&A
Notas del editor
- Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/