View
742
Download
4
Tags:
Embed Size (px)
DESCRIPTION
A quick overview of MangeEngine EventLog Analyzer, the most cost-effective Log Management, Compliance Reporting software for Security Information and Event Management (SIEM). Using this Log Analyzer software, organizations can automate the entire process of managing terabytes of machine generated logs by collecting, analyzing, searching, reporting, and archiving from one central location. This event log analyzer software helps to mitigate security threats, archive data for conducting log forensics analysis, root cause analysis & more at http://www.manageengine.com/products/eventlog/
Citation preview
Click to edit Master title style
Log Management and Compliance Reporting for SIEM
2
About ManageEngineEventLog Analyzer – An IntroWhy EventLog Analyzer (ELA)?The problems it solves
Few use casesProduct UniquenessCustomer Speaks Summary
AGENDA
3
ManageEngine IT Management Software division of Zoho
Corporation Established in 2002 ManageEngine covers the complete gamut
of IT solutions 21 Products | 20 Free tools | 2 SAAS offerings
Trusted by over 72,000 customers across 200+ countries
3 out of every 5 Fortune 500 companies are ManageEngine customers
Introduction
4
Introduction – ManageEngine IT Security solutions
• EventLog Analyzer – Log Management and Compliance Reporting for SIEM
• AD Audit Plus – AD Auditing and Reporting
• Security Manager Plus – Vulnerability assessment and patching
• Firewall Analyzer – Periphery Devices Management
• DeviceExpert – Network Configuration & Security Management
• Password Manager Pro – Identity access and Password Management
• Desktop Central – Desktop and Mobile Device Management
Servers and Applications Security Mgmt. Periphery devices, Network Devices Mgmt.
Password Management
Desktop and Mobile Management
5
Information Security threats are increasing both in sophistication and frequency across the world.
Protecting data against internal and external security threats has become essential.
Why need a SIEM solution?
Source: Infosecurity-magazine.com, Mcafee.com & Foxbusiness.com
6
Centralizing Logs across IT sources helps Audit IT performance and security Safeguard your network from security
breaches Achieve operational efficiency Conduct forensic analysis/ root cause
analysis Stay compliant with statutory requirements
Why need a Log Management & SIEM solution?
Auditing is an integral part of IT security
7
EventLog Analyzer – An Intro
Log Management & Compliance Reporting software for SIEM
Collect data form log sources Correlates Events Alerts Security
incidents
Generates IT security &
compliance reports
Archive Logs for Forensic Analysis
8
Supported Log Sources• Servers (Physical/ Virtual)– Microsoft Windows, VMware
ESX/ ESXi, Linux, HP US, IBM AIX, Solaris & Any Unix flavor host
• Network Sources – Routers, Switches, Firewalls & Any Syslog sources
• Applications – MS SQL, IIS (FTP, File Server), Print Server, MS Exchange, Java, Apache, .Net, Oracle, MySQL & other human readable formats (ULPI*)
Out-of-the-box Compliance Reports• PCI DSS, FISMA, HIPAA, SOX, GLBA – Ability to
customize reports as you need• Create new compliance reports – Viz. ISO 27001,
NERC-CIP& more
Real-time Event correlation• 50+ out-of-the-box correlation rules• Real-time alerts and reports to
proactively manage threats• Customize rules to meet internal
security policies• Better insights to security incidents
with Intuitive Dashboards
File Integrity Monitoring• Know what was
accessed/created/modified, who accessed/created/modified when, was it accessed/created/modified & more…
Log Archival & Security• Encryption & Time Stamping –
Tamper-proof archival, AES encryption
• User Authentication – Active Directory and RADIUS
EventLog Analyzer – An Intro
9
The IT office Grants permission to IT assets and services for employees,
consultants and contractors. Inadvertently few new administrators created users with
administrator privileges. Result
Few tech savvy consultants started misusing the privileges to access critical government documents, which wasn’t under their purview.
The espionage was caught by real-time security alerts Privilege User Access | New user creation| Object access |
Audit policy changes | Audit logs cleared
The problem ELA solves – Audit: Use case 1A government organization2700+ employees statewide
Real-time alerts – Internal Security Threat
10
The IT office One of the drive connected to Exchange server was likely to be
affected by a RAID failure and kept logging the event at ‘System’ entries.
Impact of Failure If these log entries were left unnoticed for few more days, all the
RAID would get affected due to excessive workload. Email service would have been down for 2 days at least, since the
vendor shipment has to reach the datacenter.
Real-time security alerts/ remediation EventLog Analyzer alerted the administrator about the likely
failure of RAID. IT team placed an order with Vendor for RAID replacement, which took 2 days for shipping.
Temporary load balancing was arranged for mail server. Decision to upgrade the physical hardware of their MS Exchange
server was made immediately and necessary PO were processed.
The problem ELA solves – Audit: Use case 2A Leading real-estate service co.23,000+ employees worldwide
Prevention – Aiding IT Operations
11
The IT office Had their corporate blogs hosted in Amazon Web Server,
running WordPress installation. No security monitoring was done, except regular content back-
up. Result
A professional hacker used the default admin user name and hacked into the blogs after 300+ login attempts in 3 days span and added all spam contents as comments.
After implementing ManageEngine solution Configured log-in failures notification along with the user name. Configured to run-a-script in the event of such security
incidents to block the user name and mail the admin after 3 consecutive login failure attempts.
The problem ELA solves – Audit: Use case 3An online media company
300+ employeesAlert & Prevention – External Security Threat
12
Universal Log Parsing and Indexing. Processes any human readable
log formats, generate patterns for indexing, alerting and reporting
Import logs automatically on specified time intervals or on demand.
EventLog Analyzer – Uniqueness
13
Powerful Search Helps conduct root cause
analysis and generate forensic reports in minutes.
Tag complex search queries for quick reference
Search using Wild-cards, Phrases and Boolean operators
EventLog Analyzer – Uniqueness
14
Real-time security alerts Generates alerts when
suspicious activities occur on the network
Exclusive reports for Privileged User access information.
Notifications are send in real-time via Email and SMS
EventLog Analyzer – Uniqueness
15
Secure log archiving Archive for custom period Tamper-proof data storage with
encryption and time stamping Load archived data to the
product at anytime to generate compliance reports, conduct forensic analysis and audit.
EventLog Analyzer – Uniqueness
16
Easy to use and affordable Intuitive GUI Easy of deploy & maintenance Lesser datacenter footprints Affordable – 100 Hosts
premium edition cost $3195 annual (Pricing starts at $795 for 25 hosts).
EventLog Analyzer – Uniqueness
17
5,000+ customers across 110+ countries
18
EventLog Analyzer (ELA) is a comprehensive log management and compliance reporting software for SIEM.
ELA helps Safeguard your network from security breaches with real-time alerts Achieve operational efficiency by collecting and centralizing log data across IT resources Conduct forensic analysis, root cause analysis & helps generate IT audit reports Stay compliant with statutory requirements out-of-the box for PCI DSS, FISMA, HIPAA,
SOX, GLBA & more… Easy to deploy, use and maintain Affordable
A part of ManageEngine’s IT management solutions.
Summary