Title: Security Information and Event Management (SIEM)
1(No Transcript)
2(No Transcript)
3SIEM
- Introduction
- SIEM combines SIM (Security Information
Management) SEM ( Security event management)
functions into one security management system. - Security Information and Event Management (SIEM),
is a technology that provides real-time analysis
of security alerts generated by network hardware
and applications. - Available as software, appliances or managed
service, SIEM monitoring is also used to log
security data and generate reports for compliance
purposes. - SIEM carries out thorough analysis and continuous
monitoring of all ongoing events. Hence, SIEM
monitoring is necessary because it can be an
automated tool to help an enterprise find
patterns, filter, clean and analyze all the data
that forms the context of a cyber attack. - Continuous monitoring from SIEM includes all
devices, servers, applications, users and
infrastructure components.
4Features
- Intrusion detection
- 7/24/365 monitoring
- Forensic analysis
- Vulnerability risk reporting
- Network host policy auditing
- Anomalous activity alerts
- Rule-based correlation
- Security Threat and incident reporting
5Management
Security Context
6Use Cases with SIEM
- Inbound/outbound suspicious activities
- Event correlation for advanced threats
- DDOS attacks
- Unauthorised remote access
- Critical service monitoring
- Malware monitoring
- IP Reputations
- Risk Compliance
- Security Threats analysis
7Cloud Access SIEM Advantages over Competitors
- Cloud Acces SIEM offers several services , as
compared to most of the SIEM service provider
companies. - Cloud Access SIEM has all inclusive modules , IBM
Qradar doesnt. - CloudAccess has a single pane of glass with many
built-in tools. HP requires third party products
with additional acquisition and integration costs - Integrated set of products
- Cloud access SIEM can be deployed in one day,
custom connectors requires few days - Cloud access is designed for multi-tenancy in
cloud and can be deployed on premise - As compared to IBM , CloudAcess SIEM has a cost
effective supscription and/or perpetual virtual
model - Cloud Access requires a small footprint to
support all features , whereas IBM and HP
Arcsightrequires multiple servers and nodes to
achieve the same feature set. Cloud access SIEM
requires fewer nodes and fewer resources per node
to achieve the same
8- Cloud Access has all integrated modules
- Cloud access SIEM has integrated behavioral
analytics , with users network and applications - CloudAccess SIEM is Easily Customizable
- Integrated Ticketing and Alarms tracking
Tickets and alarms for actions
- IBM Qradar and HP ArcSight uses third party like
Hadoop - IBM Qradar and HP ArcSight provide it only with
networks - BM Qradar and ArcSight customization is known to
be complex - IBM Qradar and HP ArcSight dont provide
integrated ticketing and alarm
9- Cloud Access SIEM provide Integrated
Vulnerability scanning. - Multiple Dashboards are included to enhance at a
glance view. - CloudAccess has full support for both hardware
and virtualized deployments. - CloudAccess SIEM has cost effective subscription
and/or perpetual license models. - CA requires a small footprint to support all
features,
- RSA SA include integrated vulnerability scanning.
- Does not inclued Built- In Dashboard.
- RSA SA has only limited for some features, the
rest require hardware. - RSA SA has high upfront costs and hardware
purchase requirements - SA may requires multiple servers or nodes to
achieve the same feature set
10Awards
- Recognized by Forrester as the emerging company
in SECM market AKA Identity Analytics and
Intelligence
11Case Study Financial Keesler FCU
12Background
Business objectives
- CASE STUDY Largest Car Manufacturer
- Institute real time protection 24/7
- Reduce costs, improve operations
- Ensure compliance audit reports on demand
- Integration of multiple systems, apps
- Protect Brand
- Head office in New Delhi,15 Regional Offices in
all over India. - 12,900 users
- Actively uses more than 200 applications
- 1950 sale points across 1590 cities
- 3254 service points across 1540 cities
- Requires ISO27001 compliance
- US 8.7 billion in annual(2016) revenue
- Total onboarded devices 400
Challenges
Solution
Results
- Complete real-time visibility on network
- Simplified admin with centralized dashboard
- Implementation of Business Use
- Incident Detection
- Forensic Analysis
- Reduced help desk costs by gt50
- Achieved compliance and audit readiness (costs
reduced by 70) - Significant reduction in admin costs
- Reallocated headcount to higher value tasks
- No visibility across network
- No Forensic Analysis
- Easy-to-use single interface
- Incident Detection and Incident Response
- Incident Tracking and Process to record incidents
- Loss of Reputation
- Asset discovery
- Vulnerability assessment
- Behaviural monitoring
- SIEM Log Integrated
- Long Term data storage
- Continuous 24x7 Monitoring
- Safeguard against unallowed patterns of behavior
- Configure and integrate with other security
solutions like existing Firewall DLPs to
deliver better security
13Background
Business objectives
- CASE STUDY India's leading NBFCs
- Institute real time protection 24/7
- Reduce costs, improve operations
- Ensure compliance audit reports on demand
- Integration of multiple systems, apps
- Non-banking financial company registered with the
Reserve Bank of India - Total Number of employees8000
- 250 regional branches across 22 states in India,
5 Lakh customer - Requires HIPAA, HITRUST compliance
- Reliant on specialized Financial apps
- Total onboarded devices 200
Challenges
Solution
Results
- Complete real-time visibility on network
- Simplified admin with centralized dashboard
- Implementation of Business Use
- Incident Detection
- Forensic Analysis
- Reduced help desk costs by gt50
- Achieved compliance and audit readiness (costs
reduced by 70) - Significant reduction in admin costs
- Reallocated headcount to higher value tasks
- No visibility across network
- No Forensic Analysis
- Easy-to-use single interface
- Incident Detection and Incident Response
- Incident Tracking and Process to record incidents
- Audit requirements on Monthly basis
- Asset discovery
- Vulnerability assessment
- Behavioural monitoring
- SIEM Log Integration
- Long Term data storage
- 24x7 Monitoring to deliver alerts and alarms in
real time - Discussing Privilege Account Security Integration
- Minimal Impact on Infrastructure
- All operations outsourced with no requirement for
additional resources for security and compliance
14Integrated but Modular Cost Effective Unique
Features out of the box Active
Sensor Virtualisation enables for VMWare
Hyper-V Multi-Tenancy Choose your implementation
Mode Ease of Deployment Configuration Integrated
with IAM/IDM
CloudAccess SIEM
15There are many SIEM and Log Management products
(both cloud based and on premise) available for
companies wishing to step up and improve their
security posture. They range in feature sets,
deployment complexity, integration ability and
affordability... HOWEVER
There are many SIEM and security products (cloud
based and on premise) available for companies to
improve their security posture. They range in
feature sets, deployment complexity, integration
ability and affordability... HOWEVER
CHOOSING SIEM
CloudAccess SIEM / Log A cut above
16- You need a technology solution that evens the
odds against the exponential threat landscape. - One that...
- Is proactive, not just reactive
- Analyzes behavior patterns and responds
- Centrally manages all silos of security data
- Is flexible to work like you do...in the cloud
or on premise - Offers a rich set of automated features AND
- Doesn't cost a kings ransom!
- CloudAccess solutions do just that
- You need a technology solution that evens the
odds against the exponential threat landscape. - One that...
- Is proactive, not just reactive
- Analyzes behavior patterns and responds
- Centrally manages all silos of security data
- Is flexible to work like you do...in the cloud
or on premise - Offers a rich set of automated features AND
- Doesn't cost a kings ransom!
- CloudAccess solutions do just that
CHOOSING SIEM
CloudAccess SIEM / Log A cut above
17INTEGRATED BUT MODULAR
CloudAccess SIEM
18SIEM and Log Management are two different
solutions. One manages the collection of raw data
for later review, the other parses out the data,
correlates and scores potential anomalies and
provides security focused reporting. Despite the
advantage, many companies don't use both
solutions together because of the complexity to
integrate, the cost of multiple solutions and the
need for headcount to manage and maintain.
CloudAccess SIEM and Log provides you a single
integrated solution. One license, one low price.
If you already have a SIEM or Log solution we can
deploy the missing piece as a modular add-on that
will easily integrate with your existing
solution.
SIEM and Log Management are two different
solutions. One manages the collection of raw data
for later review, the other parses out the data,
correlates and scores potential anomalies and
provides security focused reporting. Despite the
advantage, many companies don't use both
solutions together because of the complexity to
integrate, the cost of multiple solutions and the
need for headcount to manage and maintain.
CloudAccess SIEM and Log provides you a
single integrated solution. One license, one low
price. If you already have a SIEM or Log solution
we can deploy the missing piece as a modular
add-on that will easily integrate with your
existing solution.
INTEGRATED BUT MODULAR
CloudAccess SIEM / Log A cut above
19COST EFFECTIVE
CloudAccess SIEM
20The higher the cost of a product, the more time
it takes to realize a return on investment. In
addition there are the cost considerations
related to compliance, potential breaches and
your reputation which also factor into an ROI.
Security-as-a-Service creates a proactive
advantage without sacrificing resources. As a
single integrated solution, there is one
price...and it is considerably lower than most
alternatives....plus the value of other included
features. he cost of a product, the more time it
takes to realize a return on investment. In
addition there are the cost considerations
related to compliance, potential breaches and
your reputation which also factor into an ROI. .
Typically when choosing a SIEM and/or Log
Management product, you are making two purchases
with two SLAs, and managing the environment
yourself.
COST EFFECTIVE
CloudAccess SIEM / Log A cut above
21UNIQUE FEATURES INCLUDED AND INTEGRATED ON THE
PLATFORM
CloudAccess SIEM
22- CloudAccess includes the following assets that no
other solution provides out of the box
capabilities and integrates into its unique
platform - IT Asset Discovery and Management
- 24/7 security monitoring by CloudAccess added
- Vulnerability Scan
- NetFlow
- IPS/IDS/HIDS
-
UNIQUE FEATURES INCLUDED AND INTEGRATED ON THE
PLATFORM
CloudAccess SIEM / Log A cut above
23ACTIVE SENSOR MODEL
CloudAccess SIEM
24Sensors placed on devices typically collect a
great deal of information. However, most sensors
deployed by a SIEM solution are based on
initiatives that are passive meaning they
collect the data and pass it along. CloudAccess
deploys a proprietary Active Sensor which
collects the necessary data, and runs multiple
relevant services on that data. This creates the
basis of proactive threat intelligence. Some of
the services include intrusion protection/detectio
n, vulnerability scans and several others. And,
the footprint on a device is not that much larger
than a passive sensor. ion. However, most sensors
deployed by a SIEM or Log solution are based on
initiatives that are passive meaning they
collect the data and pass it along. CloudAccess
deploys a proprietary Active Sensor which
collects the necessary data, and runs multiple
relevant services on that data. This creates the
basis of proactive threat intelligence. Some of
the services include intrusion protection/detectio
n, vulnerability scans and several others. And,
the footprint on a device is not that much larger
than a passive sensor.
ACTIVE SENSOR MODEL
CloudAccess SIEM / Log A cut above
25VIRTUALIZATION SUPPORT FOR VMWARE HYPER-V
CloudAccess SIEM
26The modern enterprise is no longer constrained by
large on-premise servers. In fact, most
corporations use virtual servers to host a
variety of data and applications. However, most
SIEM solutions have difficulty supporting virtual
servers. CloudAccess consistently supports
VMWare, Hyper-V and other virtual hosts. This
means our sensors have been successfully
installed and tested on these virtual
environments.
VIRTUALIZATION SUPPORT FOR VMWARE HYPER-V
CloudAccess SIEM / Log A cut above
27MULTI-TENANT ARCHITECTURE
CloudAccess SIEM
28The cloud business-model (Multi-tenant SaaS)
architectures are becoming more and more
prevalent across enterprises. In a multi-tenant
environment, all clients and their users consume
the service from the same technology platform,
sharing all components in the technology stack.
There are proven benefits including cost
affordability, performance, upgrades and
scalability that make this attractive. CloudAcces
s was specially developed as a multi-tenant
solution. Its proven track record of success,
provides an effective security solution that is
sustainable, measurable, cost-effective, securely
delivered and managed from the cloud.
MULTI-TENANT ARCHITECTURE
CloudAccess SIEM / Log A cut above
29CHOOSE YOUR MODEL
CloudAccess SIEM
30Current SIEM solutions are typically offered in
two forms, as an appliance or as a software
solution. However, for most enterprise
environments, one size does not fit all. You need
the flexibility to mix and match form factors
based on your organizations requirements and
enterprise logistics. CloudAccess solutions can
be deployed in and from the cloud, on premise or
a hybrid approach. This gives you the
adaptability to deploy and manage based on your
specific situation and needs.
CHOOSE YOUR MODEL
CloudAccess SIEM / Log A cut above
31One of the most costly and complex aspects of a
security initiative is the deployment and
configuration. For many, this is why enterprise
software investments never get out of Phase 1 and
never reach the envisioned potential. CloudAccess
is typically added to deploy its solutions in a
single day. It's proprietary controls also make
configuration and fine tuning quick and simple.
Customers are able to see results immediately.
EASE OF DEPLOYMENT AND CONFIGURATION
CloudAccess SIEM / Log A cut above
32One of the key vulnerabilities with enterprise
security deployments is that most of the security
components run in parallel. Each does their job
well, but do not easily share information to
expand visibility and provide better context.
Identity Management and Access Management
solutions (IAM) are powerful tools which provide
significant data, but aren't naturally integrated
into a central repository of information . Our
solution seamlessly integrates with your IAM
solutions. We incorporate the data to see
anomalies that would otherwise fall through the
cracks. We also provide an integrated IAM point
solution.
INTEGRATION WITH IDENTITY AND ACCESS MANAGEMENT
CloudAccess SIEM / Log A cut above