Decrypting the security mystery with SIEM (Part 1)
Download as PPTX, PDF•1 like•459 views
The document discusses the importance of deploying a Security Information and Event Management (SIEM) solution to address various security threats, including insider attacks and compliance issues. It emphasizes the need for comprehensive user session monitoring, log analysis, and the generation of compliance reports to safeguard data across physical, virtual, and cloud environments. The document outlines the challenges security professionals face due to the overwhelming number of alerts and the necessity of contextual understanding in identifying genuine threats.
Decrypting the security mystery with SIEM (Part 1)
- 1. EventLog Analyzer Your complete security arsenal Nitin Devanand
- 2. • Need for a SIEM solution • EventLog Analyzer – quick overview • Security attacks - use cases -Brute force -Stopping the rise of ransomware -SQL injection -Insider threat -Monitoring privileged user activities -Securing physical ,virtual and cloud environment -Compliance • Q & A Agenda
- 4. Collect data from log sources Correlate events Alert IT about security incidents Generate IT security and compliance reports Archive logs for forensic analysis
- 6. Sealing security loopholes • To protect from security attacks, it is essential for a company to deploy various security solutions such as vulnerability scanners, endpoint security protection tools, perimeter security devices and so forth. • This leaves security administrators overwhelmed with the number of security alerts they get each day. • Problem faced - lack of contextual understanding of security information required to distinguish an actual threat from the false positives.
- 19. Dealing insider attacks More than 40% of attacks are from malicious insiders in any organization. Therefore, every organization must keep the same level of security policies for insiders too. • Insider threat detection • Forensic analysis of scope of foot print of the former employee Source-http://resources.infosecinstitute.com/top-6-seim-use-cases/#gref
- 20. User session monitoring Provides a complete user audit trial from log on to log off Answers who did what, when, and from where Reconstruct any network incident with the help of the user activity timeline.
- 21. Securing physical, virtual and cloud environments • Apart from data security, there are numerous challenges like network forensics, troubleshooting, fault monitoring, and compliance. • To overcome these challenges, IT security professionals need to monitor and analyze the log data generated by their cloud infrastructure.
- 22. Results of compliance fail.. Banks suddenly asks its 3.2 million users to change their debit cards 2.6 million card data is onVisa and MasterCard and 600k is on RuPay platform The data theft happened because of malware introduction on the PoS supplied by Hitachi Payment Systems
- 23. Integrated compliance management • Out of the box compliance reports for PCI DSS, FISMA, GLBA, HIPPA, ISO 27001, and more • Compliance reports for both Windows event logs and Linux/Unix syslogs • Generate compliance reports from a centralized location • Get compliance reports in multiple formats: HTML, PDF, or CSV • Schedule compliance reports to run periodically, and get emailed to multiple administrators