EventLog AnalyzerYour complete security arsenal
Nitin Devanand
• Need for a SIEM solution
• EventLog Analyzer – quick overview
• Security attacks - use cases
• -Brute force• -Stopping the rise of ransomware• -SQL injection• -Insider threat• -Monitoring privileged user activities• -Securing physical ,virtual and cloud environment• -Compliance
• Q & A
Agenda
Collect data from log sources Correlate events
Alert IT about security
incidents
Generate IT security and compliance
reports
Archive logs for forensic analysis
Sealing security loopholes
• To protect from security attacks, it is essential for a company to deploy various security solutions such as vulnerability scanners, endpoint security protection tools, perimeter security devices and so forth.
• This leaves security administrators overwhelmed with the number of security alerts they get each day.
• Problem faced - lack of contextual understanding of security information required to distinguish an actual threat from the false positives.
Windows
Unix andLinux
Applications
Network devices
Predefined alert criteria
Alerting
Detecting insider attacks
Dealing insider attacks
More than 40% of attacks are from malicious insiders in any organization. Therefore, every organization must keep the same level of security policies for insiders too.
• Insider threat detection • Forensic analysis of scope of foot print of the former
employee
Source-http://resources.infosecinstitute.com/top-6-seim-use-cases/#gref
User session monitoring
Provides a complete user audit trial from log on to log off
Answers who did what, when, and from where
Reconstruct any network incident with the help of the user activity timeline.
Securing physical, virtual and cloud environments
• Apart from data security, there are numerous challenges like network forensics, troubleshooting, fault monitoring, and compliance.
• To overcome these challenges, IT security professionals need to monitor and analyze the log data generated by their cloud infrastructure.
Results of compliance fail..
Banks suddenly asks its 3.2
million users to change their debit cards
2.6 million card data is on Visa
and MasterCard and 600k is on
RuPay platform
The data theft happened because of
malware introduction on
the PoS supplied by
Hitachi Payment Systems
Integrated compliance management• Out of the box compliance reports for PCI DSS,
FISMA, GLBA, HIPPA, ISO 27001, and more
• Compliance reports for both Windows event logs and Linux/Unix syslogs
• Generate compliance reports from a centralized location
• Get compliance reports in multiple formats: HTML, PDF, or CSV
• Schedule compliance reports to run periodically, and get emailed to multiple administrators
Questions?
Sources : http://www.hackmageddon.com/
http://www.zdnet.com/article/the-top-security-threats-of-2016/