Security Information and Event Management (SIEM)... - PowerPoint PPT Presentation

About This Presentation
Title:

Security Information and Event Management (SIEM)...

Description:

Security Information and Event Management (SIEM), is a technology that provides real-time analysis of security alerts generated by network hardware and applications. – PowerPoint PPT presentation

Number of Views:4686
Slides: 33
Provided by: hardiksoni
Category: Other

less

Transcript and Presenter's Notes

Title: Security Information and Event Management (SIEM)...


1
Unified SIEM Product Strategy and Positioning
Copyright CloudAccess, Inc. 2016, Confidential
2
CloudAccess Unified SIEM
3
  • Unification of SIEM
  • and Security Context Technologies
  • delivered in a single product

4
Unification of Technologies
Management
Unified SIEM
5
  • How?
  • 3 Components

Monitoring Management Intelligent
Correlation Security Dashboard
2. Logger
1. SIEM
1.SIEM
2. Logger
Security Information
Transaction Data
3. Sensor
6
Why Unified SIEM?
7
1. Intelligence
  • Security Intelligence comes from Context
    information Processing

CONTEXT
8
1. Intelligence
  • SIEM products have achieved great intelligence,
  • but they are rarely fed with the information to
    use it

False Positive Cleaning
Prioritization
30
50
Effective Impact Analysis
100
20
9
2. Compliance
  • All security technologies required by Compliance
    Regulations

SOX, ISO, PCI
PCI 12.9 respond immediately to breach
SOX 304 PCI 10.5 Secure audit trails
PCI 11.2 quarterly vulnerability scans
FISMA, HIPAA, ISO 12.6 periodic security testing
PCI 11.4 requires NIDS/ IPS deployment
PCI 1.1.5, PCI WG, ISO 7.1.1 require asset
inventoty
PCI 11.1 WIDS and Rogue AP detection
PCI 11.4 requires HIDS PCI 11.5 File integrity
PCI 6.2 identify new threats
ISO 10.10 requires monitoring system resources
10
3. Time
Effective Security Posture and Analysis delivered
in 300 seconds
Threats
Attacks
Inventory
100
300
1
second
second
second
11
4. Cost
  • Dramatic reductions

Up to 90 Cost Reduction
12
Competitive Positioning
13
CloudAccess Unified SIEM vs Pure SIEM
Management
Unified SIEM
14
The Sensor Advantage
  • Fast - Customer Security Posture from the first
    second
  • Stealthy Will not break the customers network
  • Complete Provide all security services in a
    single box

Out-of-the-box full Security Visibility
15
Customer Profile
inspire
SIEM in the Cloud Elastic SaaS
Customer Profile
16
CloudAccess
Lowest Barrier of Entry with Elastic Scaling in
Performance and Complexity
Cloud
  • SaaS Web Services
  • Elastic
  • Performance Scaling
  • Multi-tier hybrid Architectures Scaling

Customer Premises



17
Hybrid Architecture
Cloud
Function Deploy Lev
1 Analysis Cloud
2 Storage Cloud CP
3 Vulnerability Mgmt A. External B. Internal Cloud CP
4 Detection Awareness CP
Customer Premise
18
CloudAccess Flexible Architecture - Examples
Customer1 has no on-site gear, sends logs to
CloudAccess
Collection
Customer2 is using Managed IDS service,
CloudAccess Sensor on Customer Premise
Detection Awareness
Customer3 is using Local Vulnerability Scanning,
CloudAccess Sensor on Customer Premise
Tiered 2nd Level
Local Vulnerability Scan
Customer4 has complete CloudAccess solution on
premise, Managed by CloudAccess
19
Introducing CloudAccess Unified SIEM Version 3
20
Unified Situational Awareness Autodiscovery
Function Technology Function Technology
Identity Monitoring Active Directory LDAP Authentication logs
Network Auto-Discovery
Topology Map Recurrent snmp scans
Inventory Passive fingerprinting Active fingerprinting Host agent WMI
Profiling Time-Service-Usage profiling
Resource Monitoring
Network Monitoring Flows
Network Availability Snmp
Host Resources Snmp
Anomaly detection Any resource
21
Out-of the-box PCI Wireless Compliance
PCI Requirement Solution PCI Requirement Solution PCI Requirement Solution
11.1 Deploy a WIDS/WIPS CloudAccess Sensor includes a WIDS/WIPS
WG Maintain an up-to-date wireless hardware inventory Automatically done by Situational Awareness
WG Detect Rogue AP and unauthorized wireless connections Correlate information between WIDS and Inventory
4.1.1 Ensure strong cryptography .. WEP is prohibited Monitored by WIDS default
22
Other Features and Enhancements
Enhancements in all areas of function
  • Vulnerability Assessment
  • Asset Management
  • Network Monitoring
  • User Management
  • Network Discovery
  • Dashboards
  • Usability
  • Performance
  • Policy Management
  • Visualization
  • Compliance
  • Reporting
  • Detection/analytics
  • Integration
  • Incident Response
  • Host Security

23
Unified Management
1 unique Login
1 unique Asset Structure
1 unique User Structure
24
SIEM
25
Log Management
26
Unified Vulnerability Scanner
27
Unified WIDS
28
Unified HIDS
29
Unified Situational Awareness
30
Unified Reporting
31
Summary
  • CloudAccess Unified SIEM 3.0 is a unique offering
    in the market
  • Compliance, Time and Cost advantages make
    CloudAccess Unified SIEM 3.0 the most competitive
    solution
  • CloudAccess enables broad Enterprise adoption

CloudAccess Unified SIEM 3.0 changes the game for
SIEM customers.
32
Thank You
Write a Comment
User Comments (0)
About PowerShow.com