Leo technosoft for cyber security - PowerPoint PPT Presentation

About This Presentation
Title:

Leo technosoft for cyber security

Description:

This reminds me of Security Operations Centre (SOC) which is integrated Context-aware Security protection platform. It provides and integrates prediction, prevention, detection and response capabilities by leveraging adaptive security framework. I learnt about it here. – PowerPoint PPT presentation

Number of Views:29
Slides: 7
Provided by: hardiksoni
Category: Other

less

Transcript and Presenter's Notes

Title: Leo technosoft for cyber security


1
(No Transcript)
2
Monitor and Protect Your Critical Systemswith
Host-based IDS
  • A host-based intrusion detection system (HIDS)
    gives you deep visibility of whats happening on
    your critical systems.
  • On its own, host intrusion detection does not
    give you a complete picture of your security
    posture. You must be able to correlate your HIDS
    log data in a SIEM environment with other
    critical security data as well as the latest
    real-world threat intelligence.
  • Cloud Access SIEM eases security analysis and
    correlation by combining host-based IDS with
    other essential security capabilities in a
    single, unified security environment.
  • Detect Changes Threats to Critical Systems
  • Detect Unauthorized Anomalous Activities
  • View Attempts to Gain System Access
  • Protect the Integrity of the Data Collected
  • Implement File Integrity Monitoring (FIM)
  • Know When and How Your Files Are Changed
  • Meet PCI Compliance Requirements Others

3
  • Deploy Host IDS in a Unified Security
    Management Platform
  • Asset Discovery Inventory
  • Vulnerability Assessment
  • SIEM Log Management
  • Network IDS
  • Behavioral Monitoring
  • Receive the Latest Threat Intelligence from
    Cloud Access SIEM Labs
  • Cloud Access SIEM Labs Researches Threats for You
  • Threat Intelligence Continuously Delivered
  • Community-powered Threat Information via

4
Detect Changes Threats to Your Critical Systems
  • With Cloud Access SIEMs host-based IDS, you gain
    granular visibility into the systems and services
    youre running so you can easily detect
  • System compromises
  • Privileged escalations
  • Unwanted applications
  • Modification of critical configuration files
    (e.g. registry settings, /etc/passwd)
  • Rootkits
  • Rogue processes
  • Critical services that have been stopped
  • User access to systems
  • Detect Unauthorized Anomalous Activities
  • When malicious or anomalous activities occur on a
    systemsuch as brute force authentication-based
    attacks, rapid file changes, or a user logging
    into an unauthorized assetHIDS detects the
    activities and sends them to SIEM for analysis.
    When an alarm is generated in SIEM, it captures
    all you need to know about the incident,
    including asset information (OS, software, and
    identity), vulnerability data, network
    communication, raw log data, and more.

5
  • View Failed Attempts To Gain Access
  • Cloud access SIEMs HIDS generates events on
    failed authentication attempts for Windows,
    MySQL, remote access, SSH service, as well as SQL
    injection, XSS, and multiple failed login
    attempts
  • Protect The Integrity Of The Data Collected
  • Cloud Access SIEMs HIDS uses a client / server
    architecture to protect the data collected by the
    HIDS agents. Because an attack could compromise
    an agent as it compromises the operating system,
    its essential to store the forensic and security
    data separately from the host. This safeguard
    prevents you from relying on system data that may
    have been altered or destroyed on the compromised
    system.

6
Implement File Integrity Monitoring (FIM)
  • File integrity monitoring allows you to track
    changes made to sensitive files on your critical
    systems.
  • Cloud Access SIEMs host-based IDS enables you to
    do file integrity monitoring (FIM) and registry
    integrity monitoring (RIM) efficiently.
  • Meet Your Compliance Needs with File Integrity
    Monitoring
  • Many regulatory compliance standards require
    file integrity monitoring toolseither explicitly
    or implicitlyto be in place to pass a compliance
    audit.
  • PCI DSS Requirements 10.5.5 and 11.5
    specifically call for a file integrity monitoring
    (FIM) system to detect and alert you of
    unauthorized changes to critical system files,
    configuration files, and content files.
  • HIPAA Compliance Standard 164.312(c)(2) deals
    with data integrity and requires you to ensure
    that health information has not been altered or
    destroyed in an unauthorized manner.
  • GLBA The Gramm-Leach-Bliley Act requires
    financial institutions to safeguard sensitive
    customer data. This includes (314.4 -3)
    detecting, preventing and responding to attacks,
    intrusions, or other systems failures.
Write a Comment
User Comments (0)
About PowerShow.com