Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
LogRhythmLogRhythm
Cyber Threat Cyber Threat Cyber Threat Cyber Threat Cyber Threat Cyber Threat Cyber Threat Cyber Threat Defense: Defense: Defense: Defense: Defense: Defense: Defense: Defense: Is Is Is Is Is Is Is Is your Firm the Weak your Firm the Weak your Firm the Weak your Firm the Weak your Firm the Weak your Firm the Weak your Firm the Weak your Firm the Weak Link?Link?Link?Link?Link?Link?Link?Link?
Cyber Threat Cyber Threat Cyber Threat Cyber Threat Cyber Threat Cyber Threat Cyber Threat Cyber Threat Defense: Defense: Defense: Defense: Defense: Defense: Defense: Defense: Is Is Is Is Is Is Is Is your Firm the Weak your Firm the Weak your Firm the Weak your Firm the Weak your Firm the Weak your Firm the Weak your Firm the Weak your Firm the Weak Link?Link?Link?Link?Link?Link?Link?Link?
LogRhythmSIEM 2.0SIEM 2.0LogRhythmSIEM 2.0SIEM 2.0
Joshua D Walderbach
Senior Network Security & Compliance Analyst
7/10/2012
1.6MThe number of viruses
seen daily1
55K The number of new malware
By the Numbers…
55K The number of new malware
signatures that are distributed daily2
90%The number of companies in the US who
fell victim to a cyber security breach at
least once in the past 12 months3
1. Source: Symantec.
2. Source: McAfee.
3. Source: Ponemon Institute22
“�Analyzing the
attack, investigators
found that the
spyware designed to
capture confidential
documents -- and
sent via spoofed e-
..and Jan 2012…
33
sent via spoofed e-
mails –
was compiled on a
Chinese-language
keyboard and China-
based servers were
involved in the attack,
he said.”
…FBI cyber division “law firms targeted”
“� Mary Galligan, who heads
the FBI division that held the
New York meeting, talked to
Bloomberg about the dangers.
“As financial institutions in
New York City and the world
become stronger, a hacker
can hit a law firm and it’s a
much, much easier quarry,”
she said.
44
she said.
At the meeting, law firm
representatives were told they
need to diagram their
networks and to know how
computer logs are kept.
“Some were really well
prepared,” Galligan told
Bloomberg. “Others didn’t
know what we were talking
about.”
..and last month in WSJ…
The pressure is
on Law Firms to
improve Cyber
security and
cyber Threat
defense or risk
client trust and
55
client trust and
business
Log Management and SIEM 2.0 | Law FirmsLog Management and SIEM 2.0 | Law FirmsLog Management and SIEM 2.0 | Law FirmsLog Management and SIEM 2.0 | Law FirmsLog Management and SIEM 2.0 | Law FirmsLog Management and SIEM 2.0 | Law FirmsLog Management and SIEM 2.0 | Law FirmsLog Management and SIEM 2.0 | Law Firms
Compliance requirements based on client’s needs (PCI, HIPAA, SOX, GLBA, FISMA, etc.)
Protection of electronic evidence with encryption and digital chain of custody to eliminate potential tampering with activity records via File Integrity Monitoring
Page 6Page 6 Company Confidential
Monitoring
Out of the box reporting, alerts and investigations
Ability to enforce and monitor Security Controls, such as Acceptable Use Policies, across the network and specifically for Privileged Users
Intuitive interface, easy to use and deploy
How Does SIEM Fit Into The Picture?How Does SIEM Fit Into The Picture?How Does SIEM Fit Into The Picture?How Does SIEM Fit Into The Picture?How Does SIEM Fit Into The Picture?How Does SIEM Fit Into The Picture?How Does SIEM Fit Into The Picture?How Does SIEM Fit Into The Picture?
Centralized Security Event Management
� Collects, correlates, retains, and analyzes security-related information from applications, hosts, network devices, physical devices, security devices, etc�
Defense in Depth
� Situational awareness of all systems across the organization, central view of threat activities, insight into effectiveness of security controls
Page 7Page 7
security controls
� Access control, accountability, & authentication
� BCP/DR (Business Continuity Planning/Disaster Recovery)
� Communication & system protection & configuration management
� Event & incident response
� Information & system integrity
� Physical protection
� Risk management & security assessment
Compliance Support� GLBA | HIPAA | PCI | SOX | etc..
88
Use CasesUse CasesUse CasesUse CasesUse CasesUse CasesUse CasesUse Cases
Verifying Effectiveness of Security Controls
� Change Control
� Network & System Changes
� Malware Detection & Prevention
� Signature Updates/Virus Infections
� Patch Management
� Software Updates/Vulnerabilities
Enforcing Policies
Page 9Page 9
Enforcing Policies
� Applications/Communication
Monitoring Privileged Use
� Access, Account Management, Authentication
Protecting Sensitive Data
� Access, Deletion/Modification, Permission Changes
Use Cases Use Cases Use Cases Use Cases (continued…)Use Cases Use Cases Use Cases Use Cases (continued…)
Monitoring Activities Across the Infrastructure� Audit, Operations, and Security Events
� Correlation of Events
Alerting on Potential Incidents� Event Based
� User/Group/Role
� SNMP/SMTP
Investigating Potential Incidents
Page 10Page 10
Investigating Potential Incidents� Forensic Investigation
� Raw Log
Audit, Compliance, and Forensic Evidence Reporting� Reporting Packages Specific to Compliance Requirements
Automated Response� Approval based or Automated Response Actions
LogRhythm DemonstrationLogRhythm DemonstrationLogRhythm DemonstrationLogRhythm DemonstrationLogRhythm DemonstrationLogRhythm DemonstrationLogRhythm DemonstrationLogRhythm Demonstration
11
ConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusion
Centralized Security Management
� Collects, correlates, retains, and analyzes security-related information
Defense in Depth
� Continuous monitoring and advanced correlation for Central view of threat activities
SIEM Enables:
Page 12Page 12
view of threat activities
� Situational awareness of all systems across the organization, central view of threat activities
� Insight into effectiveness of security controls
Compliance Support Required for Client Data
� GLBA, HIPAA, PCI, & SOX
Automated Response
� Disable vulnerable accounts or services
� Isolate compromised hosts
Next StepsNext StepsNext StepsNext StepsNext StepsNext StepsNext StepsNext Steps
Identify Critical Assets Including Client Data
Initiate Compliance Strategy Effort
11
22
33Review and Update Security Controls
Continuous Monitoring of Network Activities
33
44
Questions?Questions?
Contact InfoContact Info
Josh Walderbach, [email protected]
Tom Crowe, Turner Padget, ILTA QuestionsTom Crowe, Turner Padget, ILTA [email protected]
803.227.4301