SlideShare una empresa de Scribd logo

HP ArcSight

Descargar como PPSX, PDF
Mohamed Zohair
Mohamed Zohair

The document discusses security information and event management (SIEM) solutions from HP, including the HP SIRM Platform, ArcSight Logger, ArcSight Connectors, ArcSight ESM, and ArcSight Express. The HP SIRM Platform provides 360 degree security monitoring, proactive security testing, and adaptive network defenses. It integrates security correlation, application security analysis, and network defense mechanisms. ArcSight Logger collects and stores logs from over 350 sources for searching, analysis and retention. ArcSight Connectors automate log collection and normalization into a common format. ArcSight ESM analyzes and correlates events for security monitoring, compliance, and intelligence. ArcSight Express uses a new correlation

Tecnología
1 de 39
Security Information and Event Management (SIEM) Mohamed Zohair Business Development Consultant
Why Security “We now create as much data in just two days as we did from the dawn of man until the year 2003. This means that over 90% of all data that exists today has been created in the last two years alone.” Eric Schmidt, the former CEO of Google
Big Data Challenge
Security Intelligence and Risk Management (SIRM) platform
SIRM Platform Based on market-leading products from ArcSight, Fortify, and TippingPoint, the HP SIRM Platform uniquely enables enterprises to take a proactive approach that integrates security correlation, deep application security analysis, and networklevel defense mechanisms
How the SIRM Platform Protects Your Enterprise • 360° Security Monitoring to Detect Incidents • Proactive Security Testing to Protect Applications • Adaptive Network Defenses to Block Attacks • Platform Integration to Manage Risk
SIRM Solutions
SIEM Overview The HP ArcSight Security Intelligence platform helps safeguard your business by giving you complete visibility into activity across the IT infrastructure including external threats such as malware and hackers, internal threats such as data breaches and fraud.
SIEM Solutions
SIEM Products • • • • • • • • • • HP ArcSight Logger HP ArcSight ESM HP ArcSight Express HP ArcSight Connector HP ArcSight IdentityView HP ArcSight Threat Detector HP ArcSight Threat Response Manager HP Compliance Insight Packages HP EnterpriseView HP Reputation Security Monitor (RepSM)
ArcSight environment Diagram Basic
ArcSight environment Diagram
HP ArcSight Logger
ArcSight Logger • ArcSight Logger you can improve everything from compliance and risk management to security intelligence to IT operations. This universal log management solution collects data from any log generating source and unifies the data for searching, indexing, reporting, analysis, and retention.
ArcSight Logger Key Capabilities • Collect logs from any log generating source through 350+ connectors from any device and in any format • Unify the data across the IT through normalization and categorization, into a common event format (CEF registered) • Search through millions of events using a text-based search tool on a simple interface • Store years' worth of logs and events in an unified format through a high compression ratio at low cost • Automate analysis, alerting, reporting, intelligence of logs and events for IT security, IT operations and log analytics
ArcSight Logger Specifications (SW)
ArcSight Logger Specifications (Appliance)
Logger Snapshoot
HP ArcSight Connector
HP ArcSight Connectors • ArcSight Connectors automate the process of collecting and managing logs from any device and in any format through normalization and categorization of logs into a unified format known as Common Event Format (CEF), • ArcSight Connectors provide universal data collection from over +350 unique devices and event sources without the need to deploy agents across the enterprise.
Common Event Format Each device has its own log format. The data is normalized and categorized into the ArcSight Common Event Format (CEF) for easy correlation and analysis
Correlation Diagram
HP ArcSight Connectors Samples
HP ArcSight Smart Connectors ArcSight Connectors including – Operating Systems, Applications, and Databases – Network Devices (routers, switches), – Network Analyzers (NetFlow data, traffic analyzers), – Security Solutions (IPS/IDS, firewalls, VPNs, vulnerability scanners), – Identity management solutions – Web servers/web-based applications.
HP ArcSight ESM
ArcSight ESM Overview HP ArcSight ESM is the premiere security event manager that analyzes and correlates every event in order to help your IT SOC team with security event monitoring, from compliance and risk management to security intelligence and operations.
ESM Key features • A cost-effective solution for all your regulatory compliance needs • Automated log collection and archiving • Fraud detection • Real-time threat detection • Forensics analysis capabilities for cyber security
ESM Add-on ( Risk Insight ) • HP ArcSight Risk Insight maps key business indicators to IT assets and security events. • HP ArcSight Risk Insight enables the user to understand the business impact of the real-time threats detected by ArcSight SIEM solution.
ESM Snapshoot
HP ArcSight ESM with CORR-Engine Specifications (SW)
HP ArcSight ESM 5.2 Specifications (Appliance)
HP ArcSight Express
ArcSight Express HP ArcSight Express delivers a new technological innovation to address the problem of increased log volumes. This innovation, called the ArcSight Correlation Optimized Retention and Retrieval Engine (CORREngine), moves away from the limits of a relational DBMS. It provides the ability to correlate larger sets of log data faster than ever before, to scale to higher log processing volumes, and to archive larger volumes of log data for extended periods using an efficient data store.
The ArcSight CORR-Engine • The CORR-Engine is a revolutionary solution for high-speed correlation and long-term data retention. • The CORR-Engine uses a highly customized flat file repository with a “write once, read many” approach • The CORR-Engine delivering up to five times the read performance when compared to the previous version of ArcSight running on similar hardware
Key learning Points
ArcSight Key learning Points • • • • • ArcSight Solutions ArcSight Connectors FlexConnectors & Smart Connectors Common Event Format (CEF) CORR Engine
Additional Reading • CA Identity Minder http://www.ca.com/us/identity-and-accessmanagement-resources.aspx • Why and how to calculate your Events Per Second ( Including Sample ) http://eromang.zataz.com/2011/04/12/whyand-howto-calculate-your-events-persecond/
Question For any information or inquires, Please contact me moh.zohair@gmail.com Skype: eng.zohair Linkedin Profile
THANK YOU

Recomendados

ArcSight Basics.ppt
ArcSight Basics.pptArcSight Basics.ppt
ArcSight Basics.pptneoalt
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)hardik soni
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM ArchitectureNishanth Kumar Pathi
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
Q radar architecture deep dive
Q radar architecture deep diveQ radar architecture deep dive
Q radar architecture deep diveKamal Mouline
 
Siem ppt
Siem pptSiem ppt
Siem pptkmehul
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:Anton Chuvakin
 

Recomendados

ArcSight Basics.ppt
ArcSight Basics.pptArcSight Basics.ppt
ArcSight Basics.pptneoalt
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)hardik soni
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM ArchitectureNishanth Kumar Pathi
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
Q radar architecture deep dive
Q radar architecture deep diveQ radar architecture deep dive
Q radar architecture deep diveKamal Mouline
 
Siem ppt
Siem pptSiem ppt
Siem pptkmehul
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:Anton Chuvakin
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
Security Information and Event Managemen
Security Information and Event ManagemenSecurity Information and Event Managemen
Security Information and Event ManagemenS Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SHRIYARAI4
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadarVirginia Fernandez
 
Firewall Monitoring 1.1 Security Use Case Guide
Firewall Monitoring 1.1 Security Use Case Guide Firewall Monitoring 1.1 Security Use Case Guide
Firewall Monitoring 1.1 Security Use Case Guide Protect724manoj
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsAnton Chuvakin
 
Introduction to SIEM.pptx
Introduction to SIEM.pptxIntroduction to SIEM.pptx
Introduction to SIEM.pptxneoalt
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
What is SIEM
What is SIEMWhat is SIEM
What is SIEMPatten John
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhydn|u - The Open Security Community
 
Wazuh Security Platform
Wazuh Security PlatformWazuh Security Platform
Wazuh Security PlatformPituphong Yavirach
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
SIEM (Security Information and Event Management)
SIEM (Security Information and Event Management)SIEM (Security Information and Event Management)
SIEM (Security Information and Event Management)Osama Ellahi
 
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Amazon Web Services
 
Incident Response
Incident ResponseIncident Response
Incident ResponseMichaelRodriguesdosS1
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...Precisely
 
Actionable Insights - Thompson
Actionable Insights - ThompsonActionable Insights - Thompson
Actionable Insights - ThompsonProlifics
 

Más contenido relacionado

La actualidad más candente

SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SHRIYARAI4
 
Firewall Monitoring 1.1 Security Use Case Guide
Firewall Monitoring 1.1 Security Use Case Guide Firewall Monitoring 1.1 Security Use Case Guide
Firewall Monitoring 1.1 Security Use Case Guide Protect724manoj
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsAnton Chuvakin
 
Introduction to SIEM.pptx
Introduction to SIEM.pptxIntroduction to SIEM.pptx
Introduction to SIEM.pptxneoalt
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
SIEM (Security Information and Event Management)
SIEM (Security Information and Event Management)SIEM (Security Information and Event Management)
SIEM (Security Information and Event Management)Osama Ellahi
 
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Amazon Web Services
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 

La actualidad más candente (20)

SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
 
Security Information and Event Managemen
Security Information and Event ManagemenSecurity Information and Event Managemen
Security Information and Event Managemen
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
 
Firewall Monitoring 1.1 Security Use Case Guide
Firewall Monitoring 1.1 Security Use Case Guide Firewall Monitoring 1.1 Security Use Case Guide
Firewall Monitoring 1.1 Security Use Case Guide
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and Lessons
 
Introduction to SIEM.pptx
Introduction to SIEM.pptxIntroduction to SIEM.pptx
Introduction to SIEM.pptx
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
What is SIEM
What is SIEMWhat is SIEM
What is SIEM
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhyd
 
Wazuh Security Platform
Wazuh Security PlatformWazuh Security Platform
Wazuh Security Platform
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
SIEM (Security Information and Event Management)
SIEM (Security Information and Event Management)SIEM (Security Information and Event Management)
SIEM (Security Information and Event Management)
 
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
 
Incident Response
Incident ResponseIncident Response
Incident Response
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
 

Similar a HP ArcSight

Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...Precisely
 
Actionable Insights - Thompson
Actionable Insights - ThompsonActionable Insights - Thompson
Actionable Insights - ThompsonProlifics
 
ManageEngine_SIEM_Log360_SOC.pptx
ManageEngine_SIEM_Log360_SOC.pptxManageEngine_SIEM_Log360_SOC.pptx
ManageEngine_SIEM_Log360_SOC.pptxTriLe786508
 
Integrate the AWS Cloud with Responsive Xilinx Machine Learning at the Edge (...
Integrate the AWS Cloud with Responsive Xilinx Machine Learning at the Edge (...Integrate the AWS Cloud with Responsive Xilinx Machine Learning at the Edge (...
Integrate the AWS Cloud with Responsive Xilinx Machine Learning at the Edge (...Amazon Web Services
 
MindSphere: The cloud-based, open IoT operating system. Damiano Manocchia
MindSphere: The cloud-based, open IoT operating system. Damiano ManocchiaMindSphere: The cloud-based, open IoT operating system. Damiano Manocchia
MindSphere: The cloud-based, open IoT operating system. Damiano ManocchiaData Driven Innovation
 
Extending The Enterprise With Office 365 & Azure for the Enterprise
Extending The Enterprise With Office 365 & Azure for the EnterpriseExtending The Enterprise With Office 365 & Azure for the Enterprise
Extending The Enterprise With Office 365 & Azure for the EnterpriseRichard Harbridge
 
Spectrum Scale final
Spectrum Scale finalSpectrum Scale final
Spectrum Scale finalJoe Krotz
 
Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?Sridhar Karnam
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxkarlhennesey
 
APIdays Paris 2019 - How an Integrated Platform Helps to Drive Business with ...
APIdays Paris 2019 - How an Integrated Platform Helps to Drive Business with ...APIdays Paris 2019 - How an Integrated Platform Helps to Drive Business with ...
APIdays Paris 2019 - How an Integrated Platform Helps to Drive Business with ...apidays
 
Government Agencies Using Splunk: Is Your Critical Data Missing?
Government Agencies Using Splunk: Is Your Critical Data Missing?Government Agencies Using Splunk: Is Your Critical Data Missing?
Government Agencies Using Splunk: Is Your Critical Data Missing?Precisely
 
From sensor data processing to proactive alerting and ai software ag - misja ...
From sensor data processing to proactive alerting and ai software ag - misja ...From sensor data processing to proactive alerting and ai software ag - misja ...
From sensor data processing to proactive alerting and ai software ag - misja ...Capgemini
 
Discussing strategies for building the next gen data centre
Discussing strategies for building the next gen data centreDiscussing strategies for building the next gen data centre
Discussing strategies for building the next gen data centreICT-Partners
 
SIEM - Varolan Verilerin Anlamı
SIEM - Varolan Verilerin AnlamıSIEM - Varolan Verilerin Anlamı
SIEM - Varolan Verilerin AnlamıBGA Cyber Security
 
Build cost effective Security Data Lake + SIEM
Build cost effective Security Data Lake + SIEMBuild cost effective Security Data Lake + SIEM
Build cost effective Security Data Lake + SIEMRasool Irfan
 
360-Degree View of IT Infrastructure with IT Operations Analytics
360-Degree View of IT Infrastructure with IT Operations Analytics360-Degree View of IT Infrastructure with IT Operations Analytics
360-Degree View of IT Infrastructure with IT Operations AnalyticsPrecisely
 

Similar a HP ArcSight (20)

Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...
 
Actionable Insights - Thompson
Actionable Insights - ThompsonActionable Insights - Thompson
Actionable Insights - Thompson
 
ManageEngine_SIEM_Log360_SOC.pptx
ManageEngine_SIEM_Log360_SOC.pptxManageEngine_SIEM_Log360_SOC.pptx
ManageEngine_SIEM_Log360_SOC.pptx
 
inmation Presentation
inmation Presentationinmation Presentation
inmation Presentation
 
Integrate the AWS Cloud with Responsive Xilinx Machine Learning at the Edge (...
Integrate the AWS Cloud with Responsive Xilinx Machine Learning at the Edge (...Integrate the AWS Cloud with Responsive Xilinx Machine Learning at the Edge (...
Integrate the AWS Cloud with Responsive Xilinx Machine Learning at the Edge (...
 
MindSphere: The cloud-based, open IoT operating system. Damiano Manocchia
MindSphere: The cloud-based, open IoT operating system. Damiano ManocchiaMindSphere: The cloud-based, open IoT operating system. Damiano Manocchia
MindSphere: The cloud-based, open IoT operating system. Damiano Manocchia
 
Extending The Enterprise With Office 365 & Azure for the Enterprise
Extending The Enterprise With Office 365 & Azure for the EnterpriseExtending The Enterprise With Office 365 & Azure for the Enterprise
Extending The Enterprise With Office 365 & Azure for the Enterprise
 
Spectrum Scale final
Spectrum Scale finalSpectrum Scale final
Spectrum Scale final
 
Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?
 
GE iFIX
GE iFIXGE iFIX
GE iFIX
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docx
 
Correlog Overview Presentation
Correlog Overview PresentationCorrelog Overview Presentation
Correlog Overview Presentation
 
APIdays Paris 2019 - How an Integrated Platform Helps to Drive Business with ...
APIdays Paris 2019 - How an Integrated Platform Helps to Drive Business with ...APIdays Paris 2019 - How an Integrated Platform Helps to Drive Business with ...
APIdays Paris 2019 - How an Integrated Platform Helps to Drive Business with ...
 
Government Agencies Using Splunk: Is Your Critical Data Missing?
Government Agencies Using Splunk: Is Your Critical Data Missing?Government Agencies Using Splunk: Is Your Critical Data Missing?
Government Agencies Using Splunk: Is Your Critical Data Missing?
 
From sensor data processing to proactive alerting and ai software ag - misja ...
From sensor data processing to proactive alerting and ai software ag - misja ...From sensor data processing to proactive alerting and ai software ag - misja ...
From sensor data processing to proactive alerting and ai software ag - misja ...
 
Discussing strategies for building the next gen data centre
Discussing strategies for building the next gen data centreDiscussing strategies for building the next gen data centre
Discussing strategies for building the next gen data centre
 
SIEM - Varolan Verilerin Anlamı
SIEM - Varolan Verilerin AnlamıSIEM - Varolan Verilerin Anlamı
SIEM - Varolan Verilerin Anlamı
 
Build cost effective Security Data Lake + SIEM
Build cost effective Security Data Lake + SIEMBuild cost effective Security Data Lake + SIEM
Build cost effective Security Data Lake + SIEM
 
ESM_101_6.9.0.pdf
ESM_101_6.9.0.pdfESM_101_6.9.0.pdf
ESM_101_6.9.0.pdf
 
360-Degree View of IT Infrastructure with IT Operations Analytics
360-Degree View of IT Infrastructure with IT Operations Analytics360-Degree View of IT Infrastructure with IT Operations Analytics
360-Degree View of IT Infrastructure with IT Operations Analytics
 

Más de Mohamed Zohair

ADD: New itil implementation approach
ADD: New itil implementation approachADD: New itil implementation approach
ADD: New itil implementation approachMohamed Zohair
 
Tackling ITIL Implementation Challenges
Tackling ITIL Implementation ChallengesTackling ITIL Implementation Challenges
Tackling ITIL Implementation ChallengesMohamed Zohair
 
Tackling ITIL Implementation Challenges
Tackling ITIL Implementation ChallengesTackling ITIL Implementation Challenges
Tackling ITIL Implementation ChallengesMohamed Zohair
 
How to select A good itsm tool
How to select A good itsm toolHow to select A good itsm tool
How to select A good itsm toolMohamed Zohair
 
ITIL Foundation card Game
ITIL Foundation card GameITIL Foundation card Game
ITIL Foundation card GameMohamed Zohair
 

Más de Mohamed Zohair (6)

ADD: New itil implementation approach
ADD: New itil implementation approachADD: New itil implementation approach
ADD: New itil implementation approach
 
How to Calculate WACC
How to Calculate WACCHow to Calculate WACC
How to Calculate WACC
 
Tackling ITIL Implementation Challenges
Tackling ITIL Implementation ChallengesTackling ITIL Implementation Challenges
Tackling ITIL Implementation Challenges
 
Tackling ITIL Implementation Challenges
Tackling ITIL Implementation ChallengesTackling ITIL Implementation Challenges
Tackling ITIL Implementation Challenges
 
How to select A good itsm tool
How to select A good itsm toolHow to select A good itsm tool
How to select A good itsm tool
 
ITIL Foundation card Game
ITIL Foundation card GameITIL Foundation card Game
ITIL Foundation card Game
 

Último

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 

Último (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

HP ArcSight

  • 1. Security Information and Event Management (SIEM) Mohamed Zohair Business Development Consultant
  • 2. Why Security “We now create as much data in just two days as we did from the dawn of man until the year 2003. This means that over 90% of all data that exists today has been created in the last two years alone.” Eric Schmidt, the former CEO of Google
  • 4. Security Intelligence and Risk Management (SIRM) platform
  • 5. SIRM Platform Based on market-leading products from ArcSight, Fortify, and TippingPoint, the HP SIRM Platform uniquely enables enterprises to take a proactive approach that integrates security correlation, deep application security analysis, and networklevel defense mechanisms
  • 6. How the SIRM Platform Protects Your Enterprise • 360° Security Monitoring to Detect Incidents • Proactive Security Testing to Protect Applications • Adaptive Network Defenses to Block Attacks • Platform Integration to Manage Risk
  • 8. SIEM Overview The HP ArcSight Security Intelligence platform helps safeguard your business by giving you complete visibility into activity across the IT infrastructure including external threats such as malware and hackers, internal threats such as data breaches and fraud.
  • 10. SIEM Products • • • • • • • • • • HP ArcSight Logger HP ArcSight ESM HP ArcSight Express HP ArcSight Connector HP ArcSight IdentityView HP ArcSight Threat Detector HP ArcSight Threat Response Manager HP Compliance Insight Packages HP EnterpriseView HP Reputation Security Monitor (RepSM)
  • 14. ArcSight Logger • ArcSight Logger you can improve everything from compliance and risk management to security intelligence to IT operations. This universal log management solution collects data from any log generating source and unifies the data for searching, indexing, reporting, analysis, and retention.
  • 15. ArcSight Logger Key Capabilities • Collect logs from any log generating source through 350+ connectors from any device and in any format • Unify the data across the IT through normalization and categorization, into a common event format (CEF registered) • Search through millions of events using a text-based search tool on a simple interface • Store years' worth of logs and events in an unified format through a high compression ratio at low cost • Automate analysis, alerting, reporting, intelligence of logs and events for IT security, IT operations and log analytics
  • 20. HP ArcSight Connectors • ArcSight Connectors automate the process of collecting and managing logs from any device and in any format through normalization and categorization of logs into a unified format known as Common Event Format (CEF), • ArcSight Connectors provide universal data collection from over +350 unique devices and event sources without the need to deploy agents across the enterprise.
  • 21. Common Event Format Each device has its own log format. The data is normalized and categorized into the ArcSight Common Event Format (CEF) for easy correlation and analysis
  • 24. HP ArcSight Smart Connectors ArcSight Connectors including – Operating Systems, Applications, and Databases – Network Devices (routers, switches), – Network Analyzers (NetFlow data, traffic analyzers), – Security Solutions (IPS/IDS, firewalls, VPNs, vulnerability scanners), – Identity management solutions – Web servers/web-based applications.
  • 26. ArcSight ESM Overview HP ArcSight ESM is the premiere security event manager that analyzes and correlates every event in order to help your IT SOC team with security event monitoring, from compliance and risk management to security intelligence and operations.
  • 27. ESM Key features • A cost-effective solution for all your regulatory compliance needs • Automated log collection and archiving • Fraud detection • Real-time threat detection • Forensics analysis capabilities for cyber security
  • 28. ESM Add-on ( Risk Insight ) • HP ArcSight Risk Insight maps key business indicators to IT assets and security events. • HP ArcSight Risk Insight enables the user to understand the business impact of the real-time threats detected by ArcSight SIEM solution.
  • 30. HP ArcSight ESM with CORR-Engine Specifications (SW)
  • 31. HP ArcSight ESM 5.2 Specifications (Appliance)
  • 33. ArcSight Express HP ArcSight Express delivers a new technological innovation to address the problem of increased log volumes. This innovation, called the ArcSight Correlation Optimized Retention and Retrieval Engine (CORREngine), moves away from the limits of a relational DBMS. It provides the ability to correlate larger sets of log data faster than ever before, to scale to higher log processing volumes, and to archive larger volumes of log data for extended periods using an efficient data store.
  • 34. The ArcSight CORR-Engine • The CORR-Engine is a revolutionary solution for high-speed correlation and long-term data retention. • The CORR-Engine uses a highly customized flat file repository with a “write once, read many” approach • The CORR-Engine delivering up to five times the read performance when compared to the previous version of ArcSight running on similar hardware
  • 36. ArcSight Key learning Points • • • • • ArcSight Solutions ArcSight Connectors FlexConnectors & Smart Connectors Common Event Format (CEF) CORR Engine
  • 37. Additional Reading • CA Identity Minder http://www.ca.com/us/identity-and-accessmanagement-resources.aspx • Why and how to calculate your Events Per Second ( Including Sample ) http://eromang.zataz.com/2011/04/12/whyand-howto-calculate-your-events-persecond/
  • 38. Question For any information or inquires, Please contact me moh.zohair@gmail.com Skype: eng.zohair Linkedin Profile