Upload
securedata-europe
View
611
Download
0
Embed Size (px)
Citation preview
SORT OUT YOUR SIEMwww.s iemstrategy.com
16 October 2013
1
• SIEM today
– How are you doing it?
• Why SIEM?
– Business benefits
– IT team benefits
• Introducing SIEM
– What it is, and what it isn’t
• Four foundations for SIEM
– Everything in place
– Platform approach
– Expert security contextualisation
– Resourcing for 24/7 monitoring
• Sorting out your SIEM
– In-house
– SIEM-as-a-Service
2
AGENDA
WHY SIEM?
We find IT leaders tend to operate in one of three ways when it comes to SIEM:
4
TODAY’S SIEM LANDSCAPE
Ignore it
Seats of the pants security
Do the minimum
Log collation and reporting for
compliance
Functioning SIEM
• Platform approach
• Proactive threat detection
WHY SIEM?
5
Business benefits
• Service availability / uptime / minimise downtime
• Early warning system• Better security intelligence• More ‘known’ risks
IT benefits
• Proactive threat detection prevents incidents and the need for fire-fighting
• Efficient – data logs from the entire network are viewed via a single dashboard
• All IT teams have full visibility of all logs to find the root cause faster
• Reduce spend on security hardware by getting more from your existing infrastructure
• Optimise IT resources on value-creation project
SIEM AS IT SHOULD BE
OPTIMISED SIEM ARCHITECTURE
7
SecureData 24x7 Security Operations Centre
SecureData 24x7 Security Operations Centre
Reports
Alerts
Alarm
s
Rep
orts
Rep
ort requests
WAN
INTERNET
SecureData Cloud Data Centre
Events
Event Manager and Advanced Intelligence
Logging
Com
pressed encrypted logs
Com
pressed encrypted logs
Managers
Compr
esse
d en
cryp
ted
logs
Compr
esse
d en
cryp
ted
logs
Customer Data Centre 1
Customer Data Centre n
Agent Agent
Applications
Database
Firewalls Firewalls
SwitchesSwitches
Routers Routers
Applications
Database
8
WHAT IS SIEM, AND WHAT IS IT NOT?
SIEM is not only: But it is about:
Storing logs / Logging
PCI orCompliance
Reports
Real time information
Device logs
Logs
Log correlation and contextualisation
Security intelligence
Real time information
Ability to view historical logs in a structured and targeted way
All IT logs – physical access systems, coffee machines etc
Traffic flow, process information, file monitoring
Four foundations of SIEM:
9
HOW TO ADDRESS SIEM
Everything in one place
Making it make sense – the need for an
expert eye
Logs glorious logs- think platform, not
just devices
Resourcing for monitoring and
threat mitigation
1 2 3 4
2 1 FOUR FOUNDATIONS FOR SIEM
Everything in one place
• 42% of IT managers see multiple logging systems as a security risk
• Centralise logs for real time correlation & analysis
• All logs, not just security devices logs• Use automation tools• Benchmark alarms for your
organisational norms• Provide full network visibility through
one pane of glass to identify the root cause
• Enable faster diagnostics and mitigation
10
Logs glorious logs
• Take a platform or a ‘big data’ approach to log correlation•Set the platform up in the right way•Pull in contextual data such as traffic, packet analysis, traffic flow, file management etc•Track security behaviour across the whole of the network•40% of IT managers have serious concerns about the time it takes to analyse data and logs
4 3 FOUR FOUNDATIONS FOR SIEM
11
Make it make sense
•Real time interpretation of SIEM monitoring is critical•It requires an expert, human interface•It’s important to distinguish the line between information and intelligence•Security experts need to review the alarms and alerts to determine the action in context of the organisation
Resourcing for monitoring and threat mitigation
•SIEM needs 24/7/365 monitoring•Security skills on a continuous basis are expensive and under-utilised on monitoring•Outputting a report each week is redundant practice in threat management•SIEM can free-up rather than use-up resources by acting as an early warning system•More time to mitigate threats enable resource planning and optimisation•Reduce the need to ‘drop everything’ for attack fire fighting
SORTING OUT SIEM
13
YOUR OPTIONS FOR SIEM
Internal
• Design, build, install
• Requires 24/7 resourcing
• Great if you have a SOC / NOC
• Security experts are expensive
Hybrid
• Fully managed SIEM by SecureData(some, or all)
• Equipment located on customer site
SIEM as a service
• Monitoring: log correlation, remote service monitoring, notifications
• Managed: remote diagnostics and assistance, remote vulnerability scans, remote system updates
14
AFFINITY
SecureData SIEM-as-a-Service- Wholly owned SOC across two sites- 24x7x365 fully-manned operations- Affinity platform for complete security monitoring
3 2 1
15
THE SECUREDATA DIFFERENCE
Proactive approach to security:We take a different approach to security, focusing on proactive monitoring and management to minimise business disruption for our clients. We offer the complete security spectrum from assessing risk to detecting threats, protecting valuable assets and responding to breaches when the happen.
Excellent customer service and supportWe offer independent consultancy through dedicated account managers and technical guardians to recommend business security solutions built on the leading security vendors in the industry. We work hard to partner with customers, and we offer flexibility to develop customised processes that fit with the customer. Our highly accredited technical staff give customers first-class support and fast resolution time with the desire to do the best possible job every time.
24/7 security operations platform We operate our own support teams and SOC providing global reach with full responsibility for 24/7 security monitoring and management for customers. Owning the SOC enables us to better synthesise information, intelligence and transactions to proactively mitigate more threats before they impact the customer.
16
THANK YOU
www.siemstrategy.com
For more information, contact:[email protected]+44 1622 723456www.secdata.com
17