Security Information and Event Management (SIEM) (1)

1
(No Transcript)
2
(No Transcript)
3
SIEM

• Introduction
• SIEM combines SIM (Security Information
  Management) SEM ( Security event management)
  functions into one security management system.
• Security Information and Event Management (SIEM),
  is a technology that provides real-time analysis
  of security alerts generated by network hardware
  and applications.
• Available as software, appliances or managed
  service, SIEM monitoring is also used to log
  security data and generate reports for compliance
  purposes.
• SIEM carries out thorough analysis and continuous
  monitoring of all ongoing events. Hence, SIEM
  monitoring is necessary because it can be an
  automated tool to help an enterprise find
  patterns, filter, clean and analyze all the data
  that forms the context of a cyber attack.
• Continuous monitoring from SIEM includes all
  devices, servers, applications, users and
  infrastructure components.

4
Features

• Intrusion detection
• 7/24/365 monitoring
• Forensic analysis
• Vulnerability risk reporting
• Network host policy auditing
• Anomalous activity alerts
• Rule-based correlation
• Security Threat and incident reporting

5
Management
Security Context
6
Use Cases with SIEM

• Inbound/outbound suspicious activities
• Event correlation for advanced threats
• DDOS attacks
• Unauthorised remote access
• Critical service monitoring
• Malware monitoring
• IP Reputations
• Risk Compliance
• Security Threats analysis

7
Cloud Access SIEM Advantages over Competitors

• Cloud Acces SIEM offers several services , as
  compared to most of the SIEM service provider
  companies.
• Cloud Access SIEM has all inclusive modules , IBM
  Qradar doesnt.
• CloudAccess has a single pane of glass with many
  built-in tools. HP requires third party products
  with additional acquisition and integration costs
• Integrated set of products
• Cloud access SIEM can be deployed in one day,
  custom connectors requires few days
• Cloud access is designed for multi-tenancy in
  cloud and can be deployed on premise
• As compared to IBM , CloudAcess SIEM has a cost
  effective supscription and/or perpetual virtual
  model
• Cloud Access requires a small footprint to
  support all features , whereas IBM and HP
  Arcsightrequires multiple servers and nodes to
  achieve the same feature set. Cloud access SIEM
  requires fewer nodes and fewer resources per node
  to achieve the same

8

• CloudAccess SIEM

• IBM Qradar HP ArcSight

• Cloud Access has all integrated modules
• Cloud access SIEM has integrated behavioral
  analytics , with users network and applications
• CloudAccess SIEM is Easily Customizable
• Integrated Ticketing and Alarms tracking
  Tickets and alarms for actions

• IBM Qradar and HP ArcSight uses third party like
  Hadoop
• IBM Qradar and HP ArcSight provide it only with
  networks
• BM Qradar and ArcSight customization is known to
  be complex
• IBM Qradar and HP ArcSight dont provide
  integrated ticketing and alarm

9

• Cloud Access SIEM

• RSA SA SIEM

• Cloud Access SIEM provide Integrated
  Vulnerability scanning.
• Multiple Dashboards are included to enhance at a
  glance view.
• CloudAccess has full support for both hardware
  and virtualized deployments.
• CloudAccess SIEM has cost effective subscription
  and/or perpetual license models.
• CA requires a small footprint to support all
  features,

• RSA SA include integrated vulnerability scanning.
• Does not inclued Built- In Dashboard.
• RSA SA has only limited for some features, the
  rest require hardware.
• RSA SA has high upfront costs and hardware
  purchase requirements
• SA may requires multiple servers or nodes to
  achieve the same feature set

10
Awards

• Recognized by Forrester as the emerging company
  in SECM market AKA Identity Analytics and
  Intelligence

11
Case Study Financial Keesler FCU
12
Background
Business objectives

• CASE STUDY Largest Car Manufacturer

• Institute real time protection 24/7
• Reduce costs, improve operations
• Ensure compliance audit reports on demand
• Integration of multiple systems, apps
• Protect Brand

• Head office in New Delhi,15 Regional Offices in
  all over India.
• 12,900 users
• Actively uses more than 200 applications
• 1950 sale points across 1590 cities
• 3254 service points across 1540 cities
• Requires ISO27001 compliance
• US 8.7 billion in annual(2016) revenue
• Total onboarded devices 400

Challenges
Solution
Results

• Complete real-time visibility on network
• Simplified admin with centralized dashboard
• Implementation of Business Use
• Incident Detection
• Forensic Analysis
• Reduced help desk costs by gt50
• Achieved compliance and audit readiness (costs
  reduced by 70)
• Significant reduction in admin costs
• Reallocated headcount to higher value tasks

• No visibility across network
• No Forensic Analysis
• Easy-to-use single interface
• Incident Detection and Incident Response
• Incident Tracking and Process to record incidents
• Loss of Reputation

• Asset discovery
• Vulnerability assessment
• Behaviural monitoring
• SIEM Log Integrated
• Long Term data storage
• Continuous 24x7 Monitoring
• Safeguard against unallowed patterns of behavior
• Configure and integrate with other security
  solutions like existing Firewall DLPs to
  deliver better security

13
Background
Business objectives

• CASE STUDY India's leading NBFCs

• Institute real time protection 24/7
• Reduce costs, improve operations
• Ensure compliance audit reports on demand
• Integration of multiple systems, apps

• Non-banking financial company registered with the
  Reserve Bank of India
• Total Number of employees8000
• 250 regional branches across 22 states in India,
  5 Lakh customer
• Requires HIPAA, HITRUST compliance
• Reliant on specialized Financial apps
• Total onboarded devices 200

Challenges
Solution
Results

• Complete real-time visibility on network
• Simplified admin with centralized dashboard
• Implementation of Business Use
• Incident Detection
• Forensic Analysis
• Reduced help desk costs by gt50
• Achieved compliance and audit readiness (costs
  reduced by 70)
• Significant reduction in admin costs
• Reallocated headcount to higher value tasks

• No visibility across network
• No Forensic Analysis
• Easy-to-use single interface
• Incident Detection and Incident Response
• Incident Tracking and Process to record incidents
• Audit requirements on Monthly basis

• Asset discovery
• Vulnerability assessment
• Behavioural monitoring
• SIEM Log Integration
• Long Term data storage
• 24x7 Monitoring to deliver alerts and alarms in
  real time
• Discussing Privilege Account Security Integration
  
• Minimal Impact on Infrastructure
• All operations outsourced with no requirement for
  additional resources for security and compliance

14
Integrated but Modular Cost Effective Unique
Features out of the box Active
Sensor Virtualisation enables for VMWare
Hyper-V Multi-Tenancy Choose your implementation
Mode Ease of Deployment Configuration Integrated
with IAM/IDM
CloudAccess SIEM
15
There are many SIEM and Log Management products
(both cloud based and on premise) available for
companies wishing to step up and improve their
security posture. They range in feature sets,
deployment complexity, integration ability and
affordability... HOWEVER
There are many SIEM and security products (cloud
based and on premise) available for companies to
improve their security posture. They range in
feature sets, deployment complexity, integration
ability and affordability... HOWEVER
CHOOSING SIEM
CloudAccess SIEM / Log A cut above
16

• You need a technology solution that evens the
  odds against the exponential threat landscape.
• One that...
• Is proactive, not just reactive
• Analyzes behavior patterns and responds
• Centrally manages all silos of security data
• Is flexible to work like you do...in the cloud
  or on premise
• Offers a rich set of automated features AND
• Doesn't cost a kings ransom!
• CloudAccess solutions do just that

• You need a technology solution that evens the
  odds against the exponential threat landscape.
• One that...
• Is proactive, not just reactive
• Analyzes behavior patterns and responds
• Centrally manages all silos of security data
• Is flexible to work like you do...in the cloud
  or on premise
• Offers a rich set of automated features AND
• Doesn't cost a kings ransom!
• CloudAccess solutions do just that

CHOOSING SIEM
CloudAccess SIEM / Log A cut above
17
INTEGRATED BUT MODULAR
CloudAccess SIEM
18
SIEM and Log Management are two different
solutions. One manages the collection of raw data
for later review, the other parses out the data,
correlates and scores potential anomalies and
provides security focused reporting. Despite the
advantage, many companies don't use both
solutions together because of the complexity to
integrate, the cost of multiple solutions and the
need for headcount to manage and maintain.
CloudAccess SIEM and Log provides you a single
integrated solution. One license, one low price.
If you already have a SIEM or Log solution we can
deploy the missing piece as a modular add-on that
will easily integrate with your existing
solution.
SIEM and Log Management are two different
solutions. One manages the collection of raw data
for later review, the other parses out the data,
correlates and scores potential anomalies and
provides security focused reporting. Despite the
advantage, many companies don't use both
solutions together because of the complexity to
integrate, the cost of multiple solutions and the
need for headcount to manage and maintain.
CloudAccess SIEM and Log provides you a
single integrated solution. One license, one low
price. If you already have a SIEM or Log solution
we can deploy the missing piece as a modular
add-on that will easily integrate with your
existing solution.
INTEGRATED BUT MODULAR
CloudAccess SIEM / Log A cut above
19
COST EFFECTIVE
CloudAccess SIEM
20
The higher the cost of a product, the more time
it takes to realize a return on investment. In
addition there are the cost considerations
related to compliance, potential breaches and
your reputation which also factor into an ROI.
Security-as-a-Service creates a proactive
advantage without sacrificing resources. As a
single integrated solution, there is one
price...and it is considerably lower than most
alternatives....plus the value of other included
features. he cost of a product, the more time it
takes to realize a return on investment. In
addition there are the cost considerations
related to compliance, potential breaches and
your reputation which also factor into an ROI. .
Typically when choosing a SIEM and/or Log
Management product, you are making two purchases
with two SLAs, and managing the environment
yourself.
COST EFFECTIVE
CloudAccess SIEM / Log A cut above
21
UNIQUE FEATURES INCLUDED AND INTEGRATED ON THE
PLATFORM
CloudAccess SIEM
22

• CloudAccess includes the following assets that no
  other solution provides out of the box
  capabilities and integrates into its unique
  platform
• IT Asset Discovery and Management
• 24/7 security monitoring by CloudAccess added
• Vulnerability Scan
• NetFlow
• IPS/IDS/HIDS

UNIQUE FEATURES INCLUDED AND INTEGRATED ON THE
PLATFORM
CloudAccess SIEM / Log A cut above
23
ACTIVE SENSOR MODEL
CloudAccess SIEM
24
Sensors placed on devices typically collect a
great deal of information. However, most sensors
deployed by a SIEM solution are based on
initiatives that are passive meaning they
collect the data and pass it along. CloudAccess
deploys a proprietary Active Sensor which
collects the necessary data, and runs multiple
relevant services on that data. This creates the
basis of proactive threat intelligence. Some of
the services include intrusion protection/detectio
n, vulnerability scans and several others. And,
the footprint on a device is not that much larger
than a passive sensor. ion. However, most sensors
deployed by a SIEM or Log solution are based on
initiatives that are passive meaning they
collect the data and pass it along. CloudAccess
deploys a proprietary Active Sensor which
collects the necessary data, and runs multiple
relevant services on that data. This creates the
basis of proactive threat intelligence. Some of
the services include intrusion protection/detectio
n, vulnerability scans and several others. And,
the footprint on a device is not that much larger
than a passive sensor.
ACTIVE SENSOR MODEL
CloudAccess SIEM / Log A cut above
25
VIRTUALIZATION SUPPORT FOR VMWARE HYPER-V
CloudAccess SIEM
26
The modern enterprise is no longer constrained by
large on-premise servers. In fact, most
corporations use virtual servers to host a
variety of data and applications. However, most
SIEM solutions have difficulty supporting virtual
servers. CloudAccess consistently supports
VMWare, Hyper-V and other virtual hosts. This
means our sensors have been successfully
installed and tested on these virtual
environments.
VIRTUALIZATION SUPPORT FOR VMWARE HYPER-V
CloudAccess SIEM / Log A cut above
27
MULTI-TENANT ARCHITECTURE
CloudAccess SIEM
28
The cloud business-model (Multi-tenant SaaS)
architectures are becoming more and more
prevalent across enterprises. In a multi-tenant
environment, all clients and their users consume
the service from the same technology platform,
sharing all components in the technology stack.
There are proven benefits including cost
affordability, performance, upgrades and
scalability that make this attractive. CloudAcces
s was specially developed as a multi-tenant
solution. Its proven track record of success,
provides an effective security solution that is
sustainable, measurable, cost-effective, securely
delivered and managed from the cloud.
MULTI-TENANT ARCHITECTURE
CloudAccess SIEM / Log A cut above
29
CHOOSE YOUR MODEL
CloudAccess SIEM
30
Current SIEM solutions are typically offered in
two forms, as an appliance or as a software
solution. However, for most enterprise
environments, one size does not fit all. You need
the flexibility to mix and match form factors
based on your organizations requirements and
enterprise logistics. CloudAccess solutions can
be deployed in and from the cloud, on premise or
a hybrid approach. This gives you the
adaptability to deploy and manage based on your
specific situation and needs.
CHOOSE YOUR MODEL
CloudAccess SIEM / Log A cut above
31
One of the most costly and complex aspects of a
security initiative is the deployment and
configuration. For many, this is why enterprise
software investments never get out of Phase 1 and
never reach the envisioned potential. CloudAccess
is typically added to deploy its solutions in a
single day. It's proprietary controls also make
configuration and fine tuning quick and simple.
Customers are able to see results immediately.
EASE OF DEPLOYMENT AND CONFIGURATION
CloudAccess SIEM / Log A cut above
32
One of the key vulnerabilities with enterprise
security deployments is that most of the security
components run in parallel. Each does their job
well, but do not easily share information to
expand visibility and provide better context.
Identity Management and Access Management
solutions (IAM) are powerful tools which provide
significant data, but aren't naturally integrated
into a central repository of information . Our
solution seamlessly integrates with your IAM
solutions. We incorporate the data to see
anomalies that would otherwise fall through the
cracks. We also provide an integrated IAM point
solution.
INTEGRATION WITH IDENTITY AND ACCESS MANAGEMENT
CloudAccess SIEM / Log A cut above