CloudAccess SIEM provides security information and event management capabilities through a single integrated platform. It combines security information management, security event management, and log management functions. Some key features include intrusion detection, 24/7 monitoring, forensic analysis, vulnerability reporting, and anomalous activity alerts. CloudAccess SIEM can be deployed as software, an appliance, or a managed service. It provides real-time analysis of security alerts from network devices and applications.
A Secure and Reliable Document Management System is Essential.docx
Security Information and Event Management (SIEM)
1.
2.
3. SIEM
Introduction:
SIEM combines SIM (Security Information Management) & SEM ( Security event
management) functions into one security management system.
Security Information and Event Management (SIEM), is a technology that provides
real-time analysis of security alerts generated by network hardware and
applications.
Available as software, appliances or managed service, SIEM monitoring is also used
to log security data and generate reports for compliance purposes.
SIEM carries out thorough analysis and continuous monitoring of all ongoing
events. Hence, SIEM monitoring is necessary because it can be an automated tool
to help an enterprise find patterns, filter, clean and analyze all the data that forms
the context of a cyber attack.
Continuous monitoring from SIEM includes all devices, servers, applications, users
and infrastructure components.
6. Use Cases with SIEM
Inbound/outbound suspicious activities
Event correlation for advanced threats
DDOS attacks
Unauthorised remote access
Critical service monitoring
Malware monitoring
IP Reputations
Risk & Compliance
Security Threats analysis
7. Cloud Access SIEM Advantages over Competitors
Cloud Acces SIEM offers several services , as compared to most of the SIEM service
provider companies.
Cloud Access SIEM has all inclusive modules , IBM Qradar doesn’t.
CloudAccess has a single pane of glass with many built-in tools. HP requires third
party products with additional acquisition and integration costs
Integrated set of products
Cloud access SIEM can be deployed in one day, custom connectors requires few
days
Cloud access is designed for multi-tenancy in cloud and can be deployed on
premise
As compared to IBM , CloudAcess SIEM has a cost effective supscription and/or
perpetual virtual model
Cloud Access requires a small footprint to support all features , whereas IBM and
HP Arcsightrequires multiple servers and nodes to achieve the same feature set.
Cloud access SIEM requires fewer nodes and fewer resources per node to achieve
the same
8. CloudAccess SIEM
Cloud Access has all integrated modules
Cloud access SIEM has integrated
behavioral analytics , with users network
and applications
CloudAccess SIEM is Easily Customizable
Integrated Ticketing and Alarms ; tracking
Tickets and alarms for actions
IBM Qradar & HP ArcSight
IBM Qradar and HP ArcSight uses third
party like Hadoop
IBM Qradar and HP ArcSight provide it
only with networks
BM Qradar and ArcSight customization is
known to be complex
IBM Qradar and HP ArcSight don’t provide
integrated ticketing and alarm
9. Cloud Access SIEM
Cloud Access SIEM provide Integrated
Vulnerability scanning.
Multiple Dashboards are included to
enhance at a glance view.
CloudAccess has full support for both
hardware and virtualized
deployments.
CloudAccess SIEM has cost effective
subscription and/or perpetual license
models.
CA requires a small footprint to
support all features,
RSA SA SIEM
RSA SA include integrated
vulnerability scanning.
Does not inclued Built- In Dashboard.
RSA SA has only limited for some
features, the rest require hardware.
RSA SA has high upfront costs and
hardware purchase requirements
SA may requires multiple servers or
nodes to achieve the same feature
set
10. Recognized by Forrester as the emerging company in SECM market AKA
Identity Analytics and Intelligence
10
Awards
12. Background Business objectives
CASE STUDY: Largest Car Manufacturer
Challenges Solution Results
• Head office in New Delhi,15 Regional
Offices in all over India.
• 12,900 users
• Actively uses more than 200 applications
• 1950 sale points across 1590 cities
• 3254 service points across 1540 cities
• Requires ISO27001 compliance
• US $8.7 billion in annual(2016) revenue
• Total onboarded devices 400+
• Institute real time protection 24/7
• Reduce costs, improve operations
• Ensure compliance; audit reports on
demand
• Integration of multiple systems, apps
• Protect Brand
• No visibility across network
• No Forensic Analysis
• Easy-to-use single interface
• Incident Detection and Incident
Response
• Incident Tracking and Process to record
incidents
• Loss of Reputation
• Asset discovery
• Vulnerability assessment
• Behaviural monitoring
• SIEM & Log Integrated
• Long Term data storage
• Continuous 24x7 Monitoring
• Safeguard against unallowed patterns of
behavior
• Configure and integrate with other
security solutions like existing Firewall &
DLPs to deliver better security
• Complete real-time visibility on
network
• Simplified admin with centralized
dashboard
• Implementation of Business Use
• Incident Detection
• Forensic Analysis
• Reduced help desk costs by >50%
• Achieved compliance and audit
readiness (costs reduced by 70%)
• Significant reduction in admin costs
• Reallocated headcount to higher value
tasks
13. Background Business objectives
CASE STUDY: India's leading NBFCs
Challenges Solution Results
• Non-banking financial company
registered with the Reserve Bank of India
• Total Number of employees:8000
• 250+ regional branches across 22 states
in India, 5+ Lakh customer
• Requires HIPAA, HITRUST compliance
• Reliant on specialized Financial apps
• Total onboarded devices 200+
• Institute real time protection 24/7
• Reduce costs, improve operations
• Ensure compliance; audit reports on
demand
• Integration of multiple systems, apps
• No visibility across network
• No Forensic Analysis
• Easy-to-use single interface
• Incident Detection and Incident
Response
• Incident Tracking and Process to record
incidents
• Audit requirements on Monthly basis
• Asset discovery
• Vulnerability assessment
• Behavioural monitoring
• SIEM & Log Integration
• Long Term data storage
• 24x7 Monitoring to deliver alerts and
alarms in real time
• Discussing Privilege Account Security
Integration
• Minimal Impact on Infrastructure
• All operations outsourced with no
requirement for additional resources for
security and compliance
• Complete real-time visibility on
network
• Simplified admin with centralized
dashboard
• Implementation of Business Use
• Incident Detection
• Forensic Analysis
• Reduced help desk costs by >50%
• Achieved compliance and audit
readiness (costs reduced by 70%)
• Significant reduction in admin costs
• Reallocated headcount to higher value
tasks
14. CloudAccess SIEM
Integrated but Modular
Cost Effective
Unique Features – out of the box
Active Sensor
Virtualisation enables for VMWare & Hyper-V
Multi-Tenancy
Choose your implementation Mode
Ease of Deployment & Configuration
Integrated with IAM/IDM
15. There are many SIEM and Log Management
products (both cloud based and on premise)
available for companies wishing to step up and
improve their security posture. They range in
feature sets, deployment complexity, integration
ability and affordability...
HOWEVER…
CloudAccess SIEM / Log:
A cut above
CHOOSING SIEM
There are many SIEM and security products
(cloud based and on premise) available for
companies to improve their security posture.
They range in feature sets, deployment
complexity, integration ability and affordability...
HOWEVER…
16. You need a technology solution that “evens the
odds” against the exponential threat landscape.
One that...
• Is proactive, not just reactive
• Analyzes behavior patterns and responds
• Centrally manages all silos of security data
• Is flexible to work like you do...in the cloud
or on premise
• Offers a rich set of automated features AND
• Doesn't cost a kings ransom!
CloudAccess solutions do just that…
CHOOSING SIEM
CloudAccess SIEM / Log:
A cut above
You need a technology solution that “evens the odds”
against the exponential threat landscape.
One that...
• Is proactive, not just reactive
• Analyzes behavior patterns and responds
• Centrally manages all silos of security data
• Is flexible to work like you do...in the cloud
or on premise
• Offers a rich set of automated features AND
• Doesn't cost a kings ransom!
CloudAccess solutions do just that…
18. SIEM and Log Management are two different solutions. One
manages the collection of raw data for later review, the
other parses out the data, correlates and scores potential
anomalies and provides security focused reporting. Despite
the advantage, many companies don't use both solutions
together because of the complexity to integrate, the cost of
multiple solutions and the need for headcount to manage
and maintain.
CloudAccess SIEM and Log provides you a single
integrated solution. One license, one low price. If
you already have a SIEM or Log solution we can
deploy the missing piece as a modular add-on that
will easily integrate with your existing solution.
INTEGRATED BUT
MODULAR
CloudAccess SIEM / Log:
A cut above
SIEM and Log Management are two different
solutions. One manages the collection of raw
data for later review, the other parses out the
data, correlates and scores potential anomalies
and provides security focused reporting.
Despite the advantage, many companies don't
use both solutions together because of the
complexity to integrate, the cost of multiple
solutions and the need for headcount to
manage and maintain.
CloudAccess SIEM and Log provides you a
single integrated solution. One license,
one low price. If you already have a SIEM
or Log solution we can deploy the
missing piece as a modular add-on that
will easily integrate with your existing
solution.
20. The higher the cost of a product, the more time it takes to
realize a return on investment. In addition there are the
cost considerations related to compliance, potential
breaches and your reputation which also factor into an
ROI.
Security-as-a-Service creates a proactive advantage
without sacrificing resources. As a single integrated
solution, there is one price...and it is considerably
lower than most alternatives....plus the value of
other included features.
he cost of a product, the more time it takes to realize a
return on investment. In addition there are the cost
considerations related to compliance, potential breaches
and your reputation which also factor into an ROI. .
Typically when choosing a SIEM and/or Log Management
product, you are making two purchases with two SLAs,
and managing the environment yourself.CloudAccess SIEM / Log:
A cut above
COST EFFECTIVE
22. CloudAccess includes the following assets that no
other solution provides out of the box capabilities
and integrates into its unique platform:
• IT Asset Discovery and Management
• 24/7 security monitoring by CloudAccess added
• Vulnerability Scan
• NetFlow
• IPS/IDS/HIDS
CloudAccess SIEM / Log:
A cut above
UNIQUE
FEATURES
INCLUDED AND
INTEGRATED ON
THE PLATFORM
24. Sensors placed on devices typically collect a great deal of
information. However, most sensors deployed by a SIEM
solution are based on initiatives that are passive; meaning they
collect the data and pass it along.
CloudAccess deploys a proprietary Active Sensor
which collects the necessary data, and runs multiple
relevant services on that data. This creates the basis of
proactive threat intelligence. Some of the services
include intrusion protection/detection, vulnerability
scans and several others. And, the footprint on a
device is not that much larger than a passive sensor.
ion. However, most sensors deployed by a SIEM or Log
solution are based on initiatives that are passive; meaning
they collect the data and pass it along.
CloudAccess deploys a proprietary Active Sensor
which collects the necessary data, and runs
multiple relevant services on that data. This
creates the basis of proactive threat intelligence.
Some of the services include intrusion
protection/detection, vulnerability scans and
several others. And, the footprint on a device is
ACTIVE SENSOR
MODEL
CloudAccess SIEM / Log:
A cut above
26. The modern enterprise is no longer constrained
by large on-premise servers. In fact, most
corporations use virtual servers to host a variety
of data and applications. However, most SIEM
solutions have difficulty supporting virtual
servers.
CloudAccess consistently supports VMWare,
Hyper-V and other virtual hosts. This means our
sensors have been successfully installed and
tested on these virtual environments.
VIRTUALIZATION
SUPPORT FOR
VMWARE &
HYPER-V
CloudAccess SIEM / Log:
A cut above
28. The cloud business-model (Multi-tenant SaaS)
architectures are becoming more and more prevalent
across enterprises. In a multi-tenant environment, all
clients and their users consume the service from the same
technology platform, sharing all components in the
technology stack. There are proven benefits including cost
affordability, performance, upgrades and scalability that
make this attractive.
CloudAccess was specially developed as a multi-
tenant solution. Its proven track record of
success, provides an effective security solution
that is sustainable, measurable, cost-effective,
securely delivered and managed from the cloud.
MULTI-TENANT
ARCHITECTURE
CloudAccess SIEM / Log:
A cut above
30. Current SIEM solutions are typically offered in two forms, as
an appliance or as a software solution. However, for most
enterprise environments, one size does not fit all. You need
the flexibility to mix and match form factors based on your
organization’s requirements and enterprise logistics.
CloudAccess solutions can be deployed in and
from the cloud, on premise or a hybrid
approach. This gives you the adaptability to
deploy and manage based on your specific
situation and needs.
CHOOSE YOUR
MODEL
CloudAccess SIEM / Log:
A cut above
31. One of the most costly and complex aspects of a
security initiative is the deployment and configuration.
For many, this is why enterprise software investments
never get out of Phase 1 and never reach the
envisioned potential.
CloudAccess is typically added to deploy its
solutions in a single day. It's proprietary controls
also make configuration and fine tuning quick
and simple. Customers are able to see results
immediately.
CloudAccess SIEM / Log:
A cut above
EASE OF
DEPLOYMENT
AND
CONFIGURATION
32. One of the key vulnerabilities with enterprise security
deployments is that most of the security components run in
parallel. Each does their job well, but do not easily share
information to expand visibility and provide better context.
Identity Management and Access Management solutions
(IAM) are powerful tools which provide significant data, but
aren't naturally integrated into a central repository of
information .
Our solution seamlessly integrates with your
IAM solutions. We incorporate the data to see
anomalies that would otherwise fall through the
cracks. We also provide an integrated IAM point
solution.
CloudAccess SIEM / Log:
A cut above
INTEGRATION
WITH IDENTITY
AND ACCESS
MANAGEMENT