Leo technosoft for cyber security

About This Presentation

Title:

Description:

Number of Views:29

Slides: 7

Provided by: hardiksoni

Category: Other

Tags: cyber_security | siem

Transcript and Presenter's Notes

Title: Leo technosoft for cyber security

1
(No Transcript)
2
Monitor and Protect Your Critical Systemswith
Host-based IDS

A host-based intrusion detection system (HIDS)
gives you deep visibility of whats happening on
your critical systems.
On its own, host intrusion detection does not
give you a complete picture of your security
posture. You must be able to correlate your HIDS
log data in a SIEM environment with other
critical security data as well as the latest
real-world threat intelligence.
Cloud Access SIEM eases security analysis and
correlation by combining host-based IDS with
other essential security capabilities in a
single, unified security environment.
Detect Changes Threats to Critical Systems
Detect Unauthorized Anomalous Activities
View Attempts to Gain System Access
Protect the Integrity of the Data Collected
Implement File Integrity Monitoring (FIM)
Know When and How Your Files Are Changed
Meet PCI Compliance Requirements Others

4
Detect Changes Threats to Your Critical Systems

With Cloud Access SIEMs host-based IDS, you gain
granular visibility into the systems and services
youre running so you can easily detect
System compromises
Privileged escalations
Unwanted applications
Modification of critical configuration files
(e.g. registry settings, /etc/passwd)
Rootkits
Rogue processes
Critical services that have been stopped
User access to systems
Detect Unauthorized Anomalous Activities
When malicious or anomalous activities occur on a
systemsuch as brute force authentication-based
attacks, rapid file changes, or a user logging
into an unauthorized assetHIDS detects the
activities and sends them to SIEM for analysis.
When an alarm is generated in SIEM, it captures
all you need to know about the incident,
including asset information (OS, software, and
identity), vulnerability data, network
communication, raw log data, and more.

View Failed Attempts To Gain Access
Cloud access SIEMs HIDS generates events on
failed authentication attempts for Windows,
MySQL, remote access, SSH service, as well as SQL
injection, XSS, and multiple failed login
attempts
Protect The Integrity Of The Data Collected
Cloud Access SIEMs HIDS uses a client / server
architecture to protect the data collected by the
HIDS agents. Because an attack could compromise
an agent as it compromises the operating system,
its essential to store the forensic and security
data separately from the host. This safeguard
prevents you from relying on system data that may
have been altered or destroyed on the compromised
system.

6
Implement File Integrity Monitoring (FIM)

File integrity monitoring allows you to track
changes made to sensitive files on your critical
systems.
Cloud Access SIEMs host-based IDS enables you to
do file integrity monitoring (FIM) and registry
integrity monitoring (RIM) efficiently.
Meet Your Compliance Needs with File Integrity
Monitoring
Many regulatory compliance standards require
file integrity monitoring toolseither explicitly
or implicitlyto be in place to pass a compliance
audit.
PCI DSS Requirements 10.5.5 and 11.5
specifically call for a file integrity monitoring
(FIM) system to detect and alert you of
unauthorized changes to critical system files,
configuration files, and content files.
HIPAA Compliance Standard 164.312(c)(2) deals
with data integrity and requires you to ensure
that health information has not been altered or
destroyed in an unauthorized manner.
GLBA The Gramm-Leach-Bliley Act requires
financial institutions to safeguard sensitive
customer data. This includes (314.4 -3)
detecting, preventing and responding to attacks,
intrusions, or other systems failures.

Write a Comment

User Comments (0)

About PowerShow.com

Leo technosoft for cyber security - PowerPoint PPT Presentation