SlideShare a Scribd company logo

Security Information Event Management Security Information Event Management

Download as PPTX, PDF
K
karthikvcyber

This document discusses log management and security information and event management (SIEM). It defines log management as collecting, aggregating, retaining, analyzing, searching, and reporting large volumes of computer-generated log messages. SIEM is described as combining security information management and security event management to identify threats, collect audit logs for security and compliance, and conduct investigations. The document outlines typical SIEM features and provides details on SIEM deployment options.

1 of 32
Download to read offline
SECURITY INFORMATION & EVENT MANAGEMENT
Background on Network Components  Router  IPS/IDS  Firewall  Switch (L2 & L3)  Servers (Application, Database, etc.)  Demilitarized Zone (DMZ)  Virtual Private Network 2
Defense in Depth 3
Typical Corporate Environment 4
 Log management (LM) comprises an approach to dealing with large volumes of computer-generated log messages (also known as audit records, audit trails, event-logs, etc.).  LM covers log collection, centralized aggregation, long- term retention, log analysis (in real-time and in bulk after storage) as well as log search and reporting. Log Management 5
Log Management 6
Log Management Challenges  Analyzing Logs for Relevant Security Intelligence  Centralizing Log Collection  Meeting IT Compliance Requirements  Conducting Effective Root Cause Analysis  Making Log Data More Meaningful  Tracking Suspicious User Behavior 7
Introduction to SIEM  Security Information and Event Management (SIEM) is a term for software and products services combining security information management (SIM) and security event manager (SEM).  The acronyms SEM, SIM and SIEM have been sometimes used interchangeably.  The segment of security management that deals with real-time monitoring, correlation of events, notifications and console views is commonly known as Security Event Management (SEM).  The second area provides long-term storage, analysis and reporting of log data and is known as Security Information Management (SIM). 9
Key Objectives  Identify threats and possible breaches  Collect audit logs for security and compliance  Conduct investigations and provide evidence 10
SIEM vs LM Functionality Security Information and Event Management (SIEM) Log Management (LM) Log collection Collect security relevant logs + context data Collect all logs Log pre-processing Parsing, normalization, categorization, enrichment Indexing, parsing or none Log retention Retail parsed and normalized data Retain raw log data Reporting Security focused reporting Broad use reporting Analysis Correlation, threat scoring, event prioritization Full text analysis, tagging Alerting and notification Advanced security focused reporting Simple alerting on all logs Other features Incident management, analyst workflow, context analysis, etc. High scalability of collection and storage 11
Why is SIEM Necessary? Rise in data breaches due to internal and external threats Attackers are smart and traditional security tools just don’t suffice Mitigate sophisticated cyber-attacks Manage increasing volumes of logs from multiple sources Meet stringent compliance requirements 12
Elements of SIEM Monitored Events Event Collection Core Engine User Interface 13
Typical Features of SIEM 14
BIG 3 for SIEM Compliance Security SIEM Operations 15
SIEM Process Flow Data Collection Extract Intelligent Information Add Value Presentation Dashboards & Reports 16
Typical Working of an SIEM Solution 17
System Inputs Event Data Operating Systems Applications Devices Databases Contextual Data Vulnerability Scans User Information Asset Information Threat Intelligence Data Collection Normalization Correlation Logic/Rules Aggregation SIEM System Outputs Analysis Reports Real Time Monitoring SIEMArchitecture 18
Context 19
Adding Context Examples of context  Add geo-location information  Get information from DNS servers  Get User details (Full Name, Job Title & Description) Add context aids in identifying  Access from foreign locations  Suspect data transfer 20
8 Critical Features of SIEM 21
#1. Log Collection  Universal Log Collection  To collect logs from heterogeneous sources (Windows systems, Unix/Linux systems, applications, databases, routers, switches, and other devices).  Log collection method - agent-based or agentless  Both Recommended  Centralized log collection  Events Per Second (EPS) – Rate at which your IT infrastructure sends events  If not calculated properly the SIEM solution will start dropping events before they are stored in the database leading to incorrect reports, search results, alerts, and correlation. 22
#2. User Activity Monitoring  SIEM solutions should have Out-of- the-box user activity monitoring, Privileged user monitoring and audit (PUMA) reporting feature.  Ensure that the SIEM solution gives the „Complete audit trail‟  Know which user performed the action, what was the result of the action, on what server it happened, and user workstation/device from where the action was triggered. 23
#3. Real Time Event Correlation A B C D is all with  Real-time event correlation about proactively dealing threats.  Correlation boosts network security by processing millions of events simultaneously to detect anomalous events on the network.  Correlation can be based on log search, rules and alerts  Predefined rules and alerts are not sufficient. Custom rule and alert builder is a must for every SIEM solution.  Ensure that the process of correlating events is easy. 24
#4. Log Retention  SIEM solutions should automatically archive all log data from systems, devices & applications to a ‘centralized‟ repository.  Ensure that the SIEM solution has „Tamper Proof‟ feature which ‘encrypts‟ and ‘time stamps‟ them for compliance and forensics purposes.  Ease of retrieving and analyzing archived log data. 25
#5. IT Compliance Reports  IT compliance is the core of every SIEM solution.  Ensure that the SIEM solution has out-of-the-box regulatory compliance reports such as PCI DSS, FISMA, GLBA, SOX, HIPAA, etc.  SIEM solutions should also have the capability to customize and build new compliance reports to comply with future regulatory acts. 26
#6. File Integrity Monitoring  File integrity monitoring helps security professionals in monitoring business critical files and folders.  Ensure that the SIEM solution tracks and reports on all changes happening such as when files and folders are created, accessed, viewed, deleted, modified, renamed and much more.  The SIEM solution should also send real-time alerts when unauthorized users access critical files and folders. 27
#7. Log Forensics  SIEM solutions should allow users to track down a intruder or the event activity using log search capability.  The log search capability should be very intuitive and user-friendly, allowing IT administrators to search through the raw log data quickly. 28
#8. Dashboards  Dashboards drive SIEM solutions and help IT administrators timely action and make the take right decisions during network anomalies.  Security data must be presented in a very intuitive and user-friendly manner. customizable administrators so that can configure  The dashboard must be fully IT the security information they wish to see. 29
Deployment Options 30
Self-Hosted, Self-Managed 31
Self-Hosted, MSSP-Managed 32
THANK YOU 41
Ad

Recommended

Introduction to SIEM.pptx
Introduction to SIEM.pptxIntroduction to SIEM.pptx
Introduction to SIEM.pptx
neoalt
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
k33a
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur Vats
OWASP Delhi
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management
SHRIYARAI4
 
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for SecurityA Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
Tripwire
 
Siem ppt
Siem pptSiem ppt
Siem ppt
kmehul
 
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM) LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
rver21
 
SIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalSIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security Arsenal
ManageEngine EventLog Analyzer
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docx
karlhennesey
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
IBM Security
 
SIEM brochure A4 8pp FINAL WEB
SIEM brochure A4 8pp FINAL WEBSIEM brochure A4 8pp FINAL WEB
SIEM brochure A4 8pp FINAL WEB
Merlin Govender
 
EventLog Analyzer - Product overview
EventLog Analyzer - Product overviewEventLog Analyzer - Product overview
EventLog Analyzer - Product overview
ManageEngine EventLog Analyzer
 
IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter Most
Precisely
 
Changing the Security Monitoring Status Quo
Changing the Security Monitoring Status QuoChanging the Security Monitoring Status Quo
Changing the Security Monitoring Status Quo
EMC
 
ManageEngine_SIEM_Log360_SOC.pptx
ManageEngine_SIEM_Log360_SOC.pptxManageEngine_SIEM_Log360_SOC.pptx
ManageEngine_SIEM_Log360_SOC.pptx
TriLe786508
 
SIEM evaluator guide for soc analyst
SIEM evaluator guide for soc analystSIEM evaluator guide for soc analyst
SIEM evaluator guide for soc analyst
InfosecTrain
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
Ajit Wadhawan
 
Leveraging Log Management to provide business value
Leveraging Log Management to provide business valueLeveraging Log Management to provide business value
Leveraging Log Management to provide business value
Enterprise Technology Management (ETM)
 
PKI.pptx
PKI.pptxPKI.pptx
PKI.pptx
Ajit Wadhawan
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEM
Iftikhar Ali Iqbal
 
Siem pdf
Siem pdfSiem pdf
Siem pdf
kmehul
 
LTS Secure SIEM Features
LTS Secure SIEM Features LTS Secure SIEM Features
LTS Secure SIEM Features
rver21
 
Logicalis Security Conference
Logicalis Security ConferenceLogicalis Security Conference
Logicalis Security Conference
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
Siem solutions R&E
Siem solutions R&ESiem solutions R&E
Siem solutions R&E
Owais Ahmad
 
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Deepak Mishra
 
Siem tools-monitor-your-network
Siem tools-monitor-your-networkSiem tools-monitor-your-network
Siem tools-monitor-your-network
hardik soni
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhyd
n|u - The Open Security Community
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
Information Security Awareness Group
 
Security Incident machnism Security Incident machnismSecurity Incident machni...
Security Incident machnism Security Incident machnismSecurity Incident machni...Security Incident machnism Security Incident machnismSecurity Incident machni...
Security Incident machnism Security Incident machnismSecurity Incident machni...
karthikvcyber
 
cybersecuritycybersecuritycybersecuritycybersecurity
cybersecuritycybersecuritycybersecuritycybersecuritycybersecuritycybersecuritycybersecuritycybersecurity
cybersecuritycybersecuritycybersecuritycybersecurity
karthikvcyber
 
Ad

More Related Content

Similar to Security Information Event Management Security Information Event Management (20)

Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docx
karlhennesey
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
IBM Security
 
SIEM brochure A4 8pp FINAL WEB
SIEM brochure A4 8pp FINAL WEBSIEM brochure A4 8pp FINAL WEB
SIEM brochure A4 8pp FINAL WEB
Merlin Govender
 
EventLog Analyzer - Product overview
EventLog Analyzer - Product overviewEventLog Analyzer - Product overview
EventLog Analyzer - Product overview
ManageEngine EventLog Analyzer
 
IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter Most
Precisely
 
Changing the Security Monitoring Status Quo
Changing the Security Monitoring Status QuoChanging the Security Monitoring Status Quo
Changing the Security Monitoring Status Quo
EMC
 
ManageEngine_SIEM_Log360_SOC.pptx
ManageEngine_SIEM_Log360_SOC.pptxManageEngine_SIEM_Log360_SOC.pptx
ManageEngine_SIEM_Log360_SOC.pptx
TriLe786508
 
SIEM evaluator guide for soc analyst
SIEM evaluator guide for soc analystSIEM evaluator guide for soc analyst
SIEM evaluator guide for soc analyst
InfosecTrain
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
Ajit Wadhawan
 
Leveraging Log Management to provide business value
Leveraging Log Management to provide business valueLeveraging Log Management to provide business value
Leveraging Log Management to provide business value
Enterprise Technology Management (ETM)
 
PKI.pptx
PKI.pptxPKI.pptx
PKI.pptx
Ajit Wadhawan
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEM
Iftikhar Ali Iqbal
 
Siem pdf
Siem pdfSiem pdf
Siem pdf
kmehul
 
LTS Secure SIEM Features
LTS Secure SIEM Features LTS Secure SIEM Features
LTS Secure SIEM Features
rver21
 
Logicalis Security Conference
Logicalis Security ConferenceLogicalis Security Conference
Logicalis Security Conference
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
Siem solutions R&E
Siem solutions R&ESiem solutions R&E
Siem solutions R&E
Owais Ahmad
 
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Deepak Mishra
 
Siem tools-monitor-your-network
Siem tools-monitor-your-networkSiem tools-monitor-your-network
Siem tools-monitor-your-network
hardik soni
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhyd
n|u - The Open Security Community
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
Information Security Awareness Group
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docx
karlhennesey
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
IBM Security
 
SIEM brochure A4 8pp FINAL WEB
SIEM brochure A4 8pp FINAL WEBSIEM brochure A4 8pp FINAL WEB
SIEM brochure A4 8pp FINAL WEB
Merlin Govender
 
EventLog Analyzer - Product overview
EventLog Analyzer - Product overviewEventLog Analyzer - Product overview
EventLog Analyzer - Product overview
ManageEngine EventLog Analyzer
 
IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter Most
Precisely
 
Changing the Security Monitoring Status Quo
Changing the Security Monitoring Status QuoChanging the Security Monitoring Status Quo
Changing the Security Monitoring Status Quo
EMC
 
ManageEngine_SIEM_Log360_SOC.pptx
ManageEngine_SIEM_Log360_SOC.pptxManageEngine_SIEM_Log360_SOC.pptx
ManageEngine_SIEM_Log360_SOC.pptx
TriLe786508
 
SIEM evaluator guide for soc analyst
SIEM evaluator guide for soc analystSIEM evaluator guide for soc analyst
SIEM evaluator guide for soc analyst
InfosecTrain
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
Ajit Wadhawan
 
Leveraging Log Management to provide business value
Leveraging Log Management to provide business valueLeveraging Log Management to provide business value
Leveraging Log Management to provide business value
Enterprise Technology Management (ETM)
 
PKI.pptx
PKI.pptxPKI.pptx
PKI.pptx
Ajit Wadhawan
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEM
Iftikhar Ali Iqbal
 
Siem pdf
Siem pdfSiem pdf
Siem pdf
kmehul
 
LTS Secure SIEM Features
LTS Secure SIEM Features LTS Secure SIEM Features
LTS Secure SIEM Features
rver21
 
Logicalis Security Conference
Logicalis Security ConferenceLogicalis Security Conference
Logicalis Security Conference
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
Siem solutions R&E
Siem solutions R&ESiem solutions R&E
Siem solutions R&E
Owais Ahmad
 
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Deepak Mishra
 
Siem tools-monitor-your-network
Siem tools-monitor-your-networkSiem tools-monitor-your-network
Siem tools-monitor-your-network
hardik soni
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhyd
n|u - The Open Security Community
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
Information Security Awareness Group
 

More from karthikvcyber (20)

Security Incident machnism Security Incident machnismSecurity Incident machni...
Security Incident machnism Security Incident machnismSecurity Incident machni...Security Incident machnism Security Incident machnismSecurity Incident machni...
Security Incident machnism Security Incident machnismSecurity Incident machni...
karthikvcyber
 
cybersecuritycybersecuritycybersecuritycybersecurity
cybersecuritycybersecuritycybersecuritycybersecuritycybersecuritycybersecuritycybersecuritycybersecurity
cybersecuritycybersecuritycybersecuritycybersecurity
karthikvcyber
 
Standards & Framework.pdf
Standards & Framework.pdfStandards & Framework.pdf
Standards & Framework.pdf
karthikvcyber
 
Standards & Framework.ppt
Standards & Framework.pptStandards & Framework.ppt
Standards & Framework.ppt
karthikvcyber
 
OSINT.pptx
OSINT.pptxOSINT.pptx
OSINT.pptx
karthikvcyber
 
Encrypto.pptx
Encrypto.pptxEncrypto.pptx
Encrypto.pptx
karthikvcyber
 
PID-PPID.pptx
PID-PPID.pptxPID-PPID.pptx
PID-PPID.pptx
karthikvcyber
 
Authentication.pptx
Authentication.pptxAuthentication.pptx
Authentication.pptx
karthikvcyber
 
SIEM.pptx
SIEM.pptxSIEM.pptx
SIEM.pptx
karthikvcyber
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
karthikvcyber
 
cryptography-Final.pptx
cryptography-Final.pptxcryptography-Final.pptx
cryptography-Final.pptx
karthikvcyber
 
fileanddirectory-PID.pptx
fileanddirectory-PID.pptxfileanddirectory-PID.pptx
fileanddirectory-PID.pptx
karthikvcyber
 
CS_Tuto.ppt
CS_Tuto.pptCS_Tuto.ppt
CS_Tuto.ppt
karthikvcyber
 
Vuln.ppt
Vuln.pptVuln.ppt
Vuln.ppt
karthikvcyber
 
IP_Subnet training.pptx
IP_Subnet training.pptxIP_Subnet training.pptx
IP_Subnet training.pptx
karthikvcyber
 
Authorisation.pptx
Authorisation.pptxAuthorisation.pptx
Authorisation.pptx
karthikvcyber
 
IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptx
karthikvcyber
 
CCNP.ppt
CCNP.pptCCNP.ppt
CCNP.ppt
karthikvcyber
 
subnet.pptx
subnet.pptxsubnet.pptx
subnet.pptx
karthikvcyber
 
OSI TCP-IP.pptx
OSI TCP-IP.pptxOSI TCP-IP.pptx
OSI TCP-IP.pptx
karthikvcyber
 
Security Incident machnism Security Incident machnismSecurity Incident machni...
Security Incident machnism Security Incident machnismSecurity Incident machni...Security Incident machnism Security Incident machnismSecurity Incident machni...
Security Incident machnism Security Incident machnismSecurity Incident machni...
karthikvcyber
 
cybersecuritycybersecuritycybersecuritycybersecurity
cybersecuritycybersecuritycybersecuritycybersecuritycybersecuritycybersecuritycybersecuritycybersecurity
cybersecuritycybersecuritycybersecuritycybersecurity
karthikvcyber
 
Standards & Framework.pdf
Standards & Framework.pdfStandards & Framework.pdf
Standards & Framework.pdf
karthikvcyber
 
Standards & Framework.ppt
Standards & Framework.pptStandards & Framework.ppt
Standards & Framework.ppt
karthikvcyber
 
OSINT.pptx
OSINT.pptxOSINT.pptx
OSINT.pptx
karthikvcyber
 
Encrypto.pptx
Encrypto.pptxEncrypto.pptx
Encrypto.pptx
karthikvcyber
 
PID-PPID.pptx
PID-PPID.pptxPID-PPID.pptx
PID-PPID.pptx
karthikvcyber
 
Authentication.pptx
Authentication.pptxAuthentication.pptx
Authentication.pptx
karthikvcyber
 
SIEM.pptx
SIEM.pptxSIEM.pptx
SIEM.pptx
karthikvcyber
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
karthikvcyber
 
cryptography-Final.pptx
cryptography-Final.pptxcryptography-Final.pptx
cryptography-Final.pptx
karthikvcyber
 
fileanddirectory-PID.pptx
fileanddirectory-PID.pptxfileanddirectory-PID.pptx
fileanddirectory-PID.pptx
karthikvcyber
 
CS_Tuto.ppt
CS_Tuto.pptCS_Tuto.ppt
CS_Tuto.ppt
karthikvcyber
 
Vuln.ppt
Vuln.pptVuln.ppt
Vuln.ppt
karthikvcyber
 
IP_Subnet training.pptx
IP_Subnet training.pptxIP_Subnet training.pptx
IP_Subnet training.pptx
karthikvcyber
 
Authorisation.pptx
Authorisation.pptxAuthorisation.pptx
Authorisation.pptx
karthikvcyber
 
IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptx
karthikvcyber
 
CCNP.ppt
CCNP.pptCCNP.ppt
CCNP.ppt
karthikvcyber
 
subnet.pptx
subnet.pptxsubnet.pptx
subnet.pptx
karthikvcyber
 
OSI TCP-IP.pptx
OSI TCP-IP.pptxOSI TCP-IP.pptx
OSI TCP-IP.pptx
karthikvcyber
 
Ad

Recently uploaded (20)

Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...
Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...
Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...
Journal of Soft Computing in Civil Engineering
 
Data Structures_Searching and Sorting.pptx
Data Structures_Searching and Sorting.pptxData Structures_Searching and Sorting.pptx
Data Structures_Searching and Sorting.pptx
RushaliDeshmukh2
 
International Journal of Distributed and Parallel systems (IJDPS)
International Journal of Distributed and Parallel systems (IJDPS)International Journal of Distributed and Parallel systems (IJDPS)
International Journal of Distributed and Parallel systems (IJDPS)
samueljackson3773
 
Fort night presentation new0903 pdf.pdf.
Fort night presentation new0903 pdf.pdf.Fort night presentation new0903 pdf.pdf.
Fort night presentation new0903 pdf.pdf.
anuragmk56
 
DSP and MV the Color image processing.ppt
DSP and MV the Color image processing.pptDSP and MV the Color image processing.ppt
DSP and MV the Color image processing.ppt
HafizAhamed8
 
AI-assisted Software Testing (3-hours tutorial)
AI-assisted Software Testing (3-hours tutorial)AI-assisted Software Testing (3-hours tutorial)
AI-assisted Software Testing (3-hours tutorial)
Vəhid Gəruslu
 
Degree_of_Automation.pdf for Instrumentation and industrial specialist
Degree_of_Automation.pdf for Instrumentation and industrial specialistDegree_of_Automation.pdf for Instrumentation and industrial specialist
Degree_of_Automation.pdf for Instrumentation and industrial specialist
shreyabhosale19
 
The Gaussian Process Modeling Module in UQLab
The Gaussian Process Modeling Module in UQLabThe Gaussian Process Modeling Module in UQLab
The Gaussian Process Modeling Module in UQLab
Journal of Soft Computing in Civil Engineering
 
IntroSlides-April-BuildWithAI-VertexAI.pdf
IntroSlides-April-BuildWithAI-VertexAI.pdfIntroSlides-April-BuildWithAI-VertexAI.pdf
IntroSlides-April-BuildWithAI-VertexAI.pdf
Luiz Carneiro
 
new ppt artificial intelligence historyyy
new ppt artificial intelligence historyyynew ppt artificial intelligence historyyy
new ppt artificial intelligence historyyy
PianoPianist
 
DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...
DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...
DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...
charlesdick1345
 
theory-slides-for react for beginners.pptx
theory-slides-for react for beginners.pptxtheory-slides-for react for beginners.pptx
theory-slides-for react for beginners.pptx
sanchezvanessa7896
 
15th International Conference on Computer Science, Engineering and Applicatio...
15th International Conference on Computer Science, Engineering and Applicatio...15th International Conference on Computer Science, Engineering and Applicatio...
15th International Conference on Computer Science, Engineering and Applicatio...
IJCSES Journal
 
introduction to machine learining for beginers
introduction to machine learining for beginersintroduction to machine learining for beginers
introduction to machine learining for beginers
JoydebSheet
 
Oil-gas_Unconventional oil and gass_reseviours.pdf
Oil-gas_Unconventional oil and gass_reseviours.pdfOil-gas_Unconventional oil and gass_reseviours.pdf
Oil-gas_Unconventional oil and gass_reseviours.pdf
M7md3li2
 
Lidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptx
Lidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptxLidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptx
Lidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptx
RishavKumar530754
 
MAQUINARIA MINAS CEMA 6th Edition (1).pdf
MAQUINARIA MINAS CEMA 6th Edition (1).pdfMAQUINARIA MINAS CEMA 6th Edition (1).pdf
MAQUINARIA MINAS CEMA 6th Edition (1).pdf
ssuser562df4
 
Development of MLR, ANN and ANFIS Models for Estimation of PCUs at Different ...
Development of MLR, ANN and ANFIS Models for Estimation of PCUs at Different ...Development of MLR, ANN and ANFIS Models for Estimation of PCUs at Different ...
Development of MLR, ANN and ANFIS Models for Estimation of PCUs at Different ...
Journal of Soft Computing in Civil Engineering
 
Artificial Intelligence (AI) basics.pptx
Artificial Intelligence (AI) basics.pptxArtificial Intelligence (AI) basics.pptx
Artificial Intelligence (AI) basics.pptx
aditichinar
 
Smart_Storage_Systems_Production_Engineering.pptx
Smart_Storage_Systems_Production_Engineering.pptxSmart_Storage_Systems_Production_Engineering.pptx
Smart_Storage_Systems_Production_Engineering.pptx
rushikeshnavghare94
 
Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...
Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...
Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...
Journal of Soft Computing in Civil Engineering
 
Data Structures_Searching and Sorting.pptx
Data Structures_Searching and Sorting.pptxData Structures_Searching and Sorting.pptx
Data Structures_Searching and Sorting.pptx
RushaliDeshmukh2
 
International Journal of Distributed and Parallel systems (IJDPS)
International Journal of Distributed and Parallel systems (IJDPS)International Journal of Distributed and Parallel systems (IJDPS)
International Journal of Distributed and Parallel systems (IJDPS)
samueljackson3773
 
Fort night presentation new0903 pdf.pdf.
Fort night presentation new0903 pdf.pdf.Fort night presentation new0903 pdf.pdf.
Fort night presentation new0903 pdf.pdf.
anuragmk56
 
DSP and MV the Color image processing.ppt
DSP and MV the Color image processing.pptDSP and MV the Color image processing.ppt
DSP and MV the Color image processing.ppt
HafizAhamed8
 
AI-assisted Software Testing (3-hours tutorial)
AI-assisted Software Testing (3-hours tutorial)AI-assisted Software Testing (3-hours tutorial)
AI-assisted Software Testing (3-hours tutorial)
Vəhid Gəruslu
 
Degree_of_Automation.pdf for Instrumentation and industrial specialist
Degree_of_Automation.pdf for Instrumentation and industrial specialistDegree_of_Automation.pdf for Instrumentation and industrial specialist
Degree_of_Automation.pdf for Instrumentation and industrial specialist
shreyabhosale19
 
The Gaussian Process Modeling Module in UQLab
The Gaussian Process Modeling Module in UQLabThe Gaussian Process Modeling Module in UQLab
The Gaussian Process Modeling Module in UQLab
Journal of Soft Computing in Civil Engineering
 
IntroSlides-April-BuildWithAI-VertexAI.pdf
IntroSlides-April-BuildWithAI-VertexAI.pdfIntroSlides-April-BuildWithAI-VertexAI.pdf
IntroSlides-April-BuildWithAI-VertexAI.pdf
Luiz Carneiro
 
new ppt artificial intelligence historyyy
new ppt artificial intelligence historyyynew ppt artificial intelligence historyyy
new ppt artificial intelligence historyyy
PianoPianist
 
DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...
DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...
DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...
charlesdick1345
 
theory-slides-for react for beginners.pptx
theory-slides-for react for beginners.pptxtheory-slides-for react for beginners.pptx
theory-slides-for react for beginners.pptx
sanchezvanessa7896
 
15th International Conference on Computer Science, Engineering and Applicatio...
15th International Conference on Computer Science, Engineering and Applicatio...15th International Conference on Computer Science, Engineering and Applicatio...
15th International Conference on Computer Science, Engineering and Applicatio...
IJCSES Journal
 
introduction to machine learining for beginers
introduction to machine learining for beginersintroduction to machine learining for beginers
introduction to machine learining for beginers
JoydebSheet
 
Oil-gas_Unconventional oil and gass_reseviours.pdf
Oil-gas_Unconventional oil and gass_reseviours.pdfOil-gas_Unconventional oil and gass_reseviours.pdf
Oil-gas_Unconventional oil and gass_reseviours.pdf
M7md3li2
 
Lidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptx
Lidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptxLidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptx
Lidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptx
RishavKumar530754
 
MAQUINARIA MINAS CEMA 6th Edition (1).pdf
MAQUINARIA MINAS CEMA 6th Edition (1).pdfMAQUINARIA MINAS CEMA 6th Edition (1).pdf
MAQUINARIA MINAS CEMA 6th Edition (1).pdf
ssuser562df4
 
Development of MLR, ANN and ANFIS Models for Estimation of PCUs at Different ...
Development of MLR, ANN and ANFIS Models for Estimation of PCUs at Different ...Development of MLR, ANN and ANFIS Models for Estimation of PCUs at Different ...
Development of MLR, ANN and ANFIS Models for Estimation of PCUs at Different ...
Journal of Soft Computing in Civil Engineering
 
Artificial Intelligence (AI) basics.pptx
Artificial Intelligence (AI) basics.pptxArtificial Intelligence (AI) basics.pptx
Artificial Intelligence (AI) basics.pptx
aditichinar
 
Smart_Storage_Systems_Production_Engineering.pptx
Smart_Storage_Systems_Production_Engineering.pptxSmart_Storage_Systems_Production_Engineering.pptx
Smart_Storage_Systems_Production_Engineering.pptx
rushikeshnavghare94
 
Ad

Security Information Event Management Security Information Event Management

  • 2. Background on Network Components  Router  IPS/IDS  Firewall  Switch (L2 & L3)  Servers (Application, Database, etc.)  Demilitarized Zone (DMZ)  Virtual Private Network 2
  • 5.  Log management (LM) comprises an approach to dealing with large volumes of computer-generated log messages (also known as audit records, audit trails, event-logs, etc.).  LM covers log collection, centralized aggregation, long- term retention, log analysis (in real-time and in bulk after storage) as well as log search and reporting. Log Management 5
  • 7. Log Management Challenges  Analyzing Logs for Relevant Security Intelligence  Centralizing Log Collection  Meeting IT Compliance Requirements  Conducting Effective Root Cause Analysis  Making Log Data More Meaningful  Tracking Suspicious User Behavior 7
  • 8. Introduction to SIEM  Security Information and Event Management (SIEM) is a term for software and products services combining security information management (SIM) and security event manager (SEM).  The acronyms SEM, SIM and SIEM have been sometimes used interchangeably.  The segment of security management that deals with real-time monitoring, correlation of events, notifications and console views is commonly known as Security Event Management (SEM).  The second area provides long-term storage, analysis and reporting of log data and is known as Security Information Management (SIM). 9
  • 9. Key Objectives  Identify threats and possible breaches  Collect audit logs for security and compliance  Conduct investigations and provide evidence 10
  • 10. SIEM vs LM Functionality Security Information and Event Management (SIEM) Log Management (LM) Log collection Collect security relevant logs + context data Collect all logs Log pre-processing Parsing, normalization, categorization, enrichment Indexing, parsing or none Log retention Retail parsed and normalized data Retain raw log data Reporting Security focused reporting Broad use reporting Analysis Correlation, threat scoring, event prioritization Full text analysis, tagging Alerting and notification Advanced security focused reporting Simple alerting on all logs Other features Incident management, analyst workflow, context analysis, etc. High scalability of collection and storage 11
  • 11. Why is SIEM Necessary? Rise in data breaches due to internal and external threats Attackers are smart and traditional security tools just don’t suffice Mitigate sophisticated cyber-attacks Manage increasing volumes of logs from multiple sources Meet stringent compliance requirements 12
  • 12. Elements of SIEM Monitored Events Event Collection Core Engine User Interface 13
  • 14. BIG 3 for SIEM Compliance Security SIEM Operations 15
  • 15. SIEM Process Flow Data Collection Extract Intelligent Information Add Value Presentation Dashboards & Reports 16
  • 16. Typical Working of an SIEM Solution 17
  • 17. System Inputs Event Data Operating Systems Applications Devices Databases Contextual Data Vulnerability Scans User Information Asset Information Threat Intelligence Data Collection Normalization Correlation Logic/Rules Aggregation SIEM System Outputs Analysis Reports Real Time Monitoring SIEMArchitecture 18
  • 19. Adding Context Examples of context  Add geo-location information  Get information from DNS servers  Get User details (Full Name, Job Title & Description) Add context aids in identifying  Access from foreign locations  Suspect data transfer 20
  • 20. 8 Critical Features of SIEM 21
  • 21. #1. Log Collection  Universal Log Collection  To collect logs from heterogeneous sources (Windows systems, Unix/Linux systems, applications, databases, routers, switches, and other devices).  Log collection method - agent-based or agentless  Both Recommended  Centralized log collection  Events Per Second (EPS) – Rate at which your IT infrastructure sends events  If not calculated properly the SIEM solution will start dropping events before they are stored in the database leading to incorrect reports, search results, alerts, and correlation. 22
  • 22. #2. User Activity Monitoring  SIEM solutions should have Out-of- the-box user activity monitoring, Privileged user monitoring and audit (PUMA) reporting feature.  Ensure that the SIEM solution gives the „Complete audit trail‟  Know which user performed the action, what was the result of the action, on what server it happened, and user workstation/device from where the action was triggered. 23
  • 23. #3. Real Time Event Correlation A B C D is all with  Real-time event correlation about proactively dealing threats.  Correlation boosts network security by processing millions of events simultaneously to detect anomalous events on the network.  Correlation can be based on log search, rules and alerts  Predefined rules and alerts are not sufficient. Custom rule and alert builder is a must for every SIEM solution.  Ensure that the process of correlating events is easy. 24
  • 24. #4. Log Retention  SIEM solutions should automatically archive all log data from systems, devices & applications to a ‘centralized‟ repository.  Ensure that the SIEM solution has „Tamper Proof‟ feature which ‘encrypts‟ and ‘time stamps‟ them for compliance and forensics purposes.  Ease of retrieving and analyzing archived log data. 25
  • 25. #5. IT Compliance Reports  IT compliance is the core of every SIEM solution.  Ensure that the SIEM solution has out-of-the-box regulatory compliance reports such as PCI DSS, FISMA, GLBA, SOX, HIPAA, etc.  SIEM solutions should also have the capability to customize and build new compliance reports to comply with future regulatory acts. 26
  • 26. #6. File Integrity Monitoring  File integrity monitoring helps security professionals in monitoring business critical files and folders.  Ensure that the SIEM solution tracks and reports on all changes happening such as when files and folders are created, accessed, viewed, deleted, modified, renamed and much more.  The SIEM solution should also send real-time alerts when unauthorized users access critical files and folders. 27
  • 27. #7. Log Forensics  SIEM solutions should allow users to track down a intruder or the event activity using log search capability.  The log search capability should be very intuitive and user-friendly, allowing IT administrators to search through the raw log data quickly. 28
  • 28. #8. Dashboards  Dashboards drive SIEM solutions and help IT administrators timely action and make the take right decisions during network anomalies.  Security data must be presented in a very intuitive and user-friendly manner. customizable administrators so that can configure  The dashboard must be fully IT the security information they wish to see. 29