• Home

  • Documents

  • SIEM - softline.ru · • MaxPatrol Server • MaxPatrol Scanner • MaxPatrol Log Collector •...
18
SIEM ptsecurity.com

SIEM - softline.ru · • MaxPatrol Server • MaxPatrol Scanner • MaxPatrol Log Collector • MaxPatrol Network Traffic • MaxPatrol Host Control • MaxPatrol Local Update Server

  • Upload
    others

  • View
    8

  • Download
    0

Embed Size (px)

Citation preview

Page 1: SIEM - softline.ru · • MaxPatrol Server • MaxPatrol Scanner • MaxPatrol Log Collector • MaxPatrol Network Traffic • MaxPatrol Host Control • MaxPatrol Local Update Server

SIEMptsecurity.com

Page 2: SIEM - softline.ru · • MaxPatrol Server • MaxPatrol Scanner • MaxPatrol Log Collector • MaxPatrol Network Traffic • MaxPatrol Host Control • MaxPatrol Local Update Server

ptsecurity.com

1

Дни, часы, минуты занимает компрометация

Недели, месяцы проходят до обнаружения

Компрометация и обнаружение

Page 3: SIEM - softline.ru · • MaxPatrol Server • MaxPatrol Scanner • MaxPatrol Log Collector • MaxPatrol Network Traffic • MaxPatrol Host Control • MaxPatrol Local Update Server

ptsecurity.com

2Одна цель – множество систем – одна платформа

Network Compliance & Control

Threat Modeling

Host Compliance & Control

Network Storage & Forensic

Vulnerability Management

Page 4: SIEM - softline.ru · • MaxPatrol Server • MaxPatrol Scanner • MaxPatrol Log Collector • MaxPatrol Network Traffic • MaxPatrol Host Control • MaxPatrol Local Update Server

ptsecurity.com

3Активо-центрический подход

SMARTDATA

Событие

КонфигурацияСканирование сети

Аудит

Агент

Трафик

BIG DATA

Page 5: SIEM - softline.ru · • MaxPatrol Server • MaxPatrol Scanner • MaxPatrol Log Collector • MaxPatrol Network Traffic • MaxPatrol Host Control • MaxPatrol Local Update Server

ptsecurity.com

4Метамодель актива

AssetHardwareInterfaces

IPv4IPv6MAC

Groups/usersOS/Patch/UpdatesServices…Windows

SoftsOracle

Users…

Network DeviceVLANVPNNAT

Page 6: SIEM - softline.ru · • MaxPatrol Server • MaxPatrol Scanner • MaxPatrol Log Collector • MaxPatrol Network Traffic • MaxPatrol Host Control • MaxPatrol Local Update Server

`

ptsecurity.com

5Управление активами

ОРГАНИЗАЦИОННАЯ ТЕРРИТОРИАЛЬНАЯ ФУНКЦИОНАЛЬНАЯ

OS IPFQDN

Softversion

Hardware CONFIG

ASSET#2 ASSET#3ASSET#1 ASSET#1

1 2 3 4 5

Page 7: SIEM - softline.ru · • MaxPatrol Server • MaxPatrol Scanner • MaxPatrol Log Collector • MaxPatrol Network Traffic • MaxPatrol Host Control • MaxPatrol Local Update Server

ptsecurity.com

6Модельные корреляции

query Q(ip, port) from endpoints Group = "DMZ" and Endpoints(Address= ipand Port = port and Status = "Open")

event Ekey: dst.ipfilter object = "attack" andcategory = "IDS/IPS" andquery.Q(dst.ip, dst.port)

rule DMZ_host_attack: Event.E[5] within 1 day

Корреляционные правила

Данныеактива

События

КлассическийSIEM

HardwareTCP Ports

SoftConfigs

1

3

2

Page 8: SIEM - softline.ru · • MaxPatrol Server • MaxPatrol Scanner • MaxPatrol Log Collector • MaxPatrol Network Traffic • MaxPatrol Host Control • MaxPatrol Local Update Server

ptsecurity.com

7Пример модельной корреляции №1

Page 9: SIEM - softline.ru · • MaxPatrol Server • MaxPatrol Scanner • MaxPatrol Log Collector • MaxPatrol Network Traffic • MaxPatrol Host Control • MaxPatrol Local Update Server

ptsecurity.com

8Пример модельной корреляции №2

Page 10: SIEM - softline.ru · • MaxPatrol Server • MaxPatrol Scanner • MaxPatrol Log Collector • MaxPatrol Network Traffic • MaxPatrol Host Control • MaxPatrol Local Update Server

ptsecurity.com

9Пример модельной корреляции №3

Page 11: SIEM - softline.ru · • MaxPatrol Server • MaxPatrol Scanner • MaxPatrol Log Collector • MaxPatrol Network Traffic • MaxPatrol Host Control • MaxPatrol Local Update Server

ptsecurity.com

10Корреляции построенные на активах

Page 12: SIEM - softline.ru · • MaxPatrol Server • MaxPatrol Scanner • MaxPatrol Log Collector • MaxPatrol Network Traffic • MaxPatrol Host Control • MaxPatrol Local Update Server

ptsecurity.com

11У вас есть источник? Мы поддержим его из коробки!

500

200

100

Any

Page 13: SIEM - softline.ru · • MaxPatrol Server • MaxPatrol Scanner • MaxPatrol Log Collector • MaxPatrol Network Traffic • MaxPatrol Host Control • MaxPatrol Local Update Server

ptsecurity.com

12Сбор

AgentWindows Linux

Businessapplications

WMI\RPC

Syslog

SSHTelnet

SMB ODBC OPSEC

Type: ODBC OraclePort: 1521Instance: ORCLQuery:

select id, date, user, action, host

from (select ….where

action = “denied”order by …

Interval: 1000…

Пример:

Page 14: SIEM - softline.ru · • MaxPatrol Server • MaxPatrol Scanner • MaxPatrol Log Collector • MaxPatrol Network Traffic • MaxPatrol Host Control • MaxPatrol Local Update Server

ptsecurity.com

13Топология – достижимость – вектора атак

1

2

3

Page 15: SIEM - softline.ru · • MaxPatrol Server • MaxPatrol Scanner • MaxPatrol Log Collector • MaxPatrol Network Traffic • MaxPatrol Host Control • MaxPatrol Local Update Server

ptsecurity.com

14Фокус на автоматизацию

Уведомления Инциденты Многоуровневые

и

распределённые

корреляции

Ретроспективный

анализ

Сбор данных Мониторинг

Page 16: SIEM - softline.ru · • MaxPatrol Server • MaxPatrol Scanner • MaxPatrol Log Collector • MaxPatrol Network Traffic • MaxPatrol Host Control • MaxPatrol Local Update Server

ptsecurity.com

Компоненты 15

• MaxPatrol Server

• MaxPatrol Scanner

• MaxPatrol Log Collector

• MaxPatrol Network Traffic

• MaxPatrol Host Control

• MaxPatrol Local Update Server

Page 17: SIEM - softline.ru · • MaxPatrol Server • MaxPatrol Scanner • MaxPatrol Log Collector • MaxPatrol Network Traffic • MaxPatrol Host Control • MaxPatrol Local Update Server

ptsecurity.com

Платформа MaxPatrol: Архитектура16

• Масштабирование с учетом инфраструктуры клиента

• Оптимизация передачи данных по слабым каналам

• Увеличение производительности и объемов хранимых данных без дополнительных лицензий

• Удобство развертывания компонентов

• Встроенные механизмы диагностики

• Программы обучения персонала• Оперативная техническая

поддержка• Возможность доработки

производителем

Page 18: SIEM - softline.ru · • MaxPatrol Server • MaxPatrol Scanner • MaxPatrol Log Collector • MaxPatrol Network Traffic • MaxPatrol Host Control • MaxPatrol Local Update Server

ptsecurity.com

Спасибо!


pt company history-ENApple, Red Hat, and Siemens. 45 employees 2008 MaxPatrol vulnerability and compliance management solution released. MaxPatrol is the most in-demand product of

pt company history-ENApple, Red Hat, and Siemens. 45 employees 2008 MaxPatrol vulnerability and compliance management solution released. MaxPatrol is the most in-demand product of

Documents
Software CatalogSQL Server 2005 SQL Server 2008 SQL Server 2008 R2 SQL Server 2012 SQL Server 2014 SQL Server 2016 SQL Server 2017 SQL Server 2019 ... Visual Basic Visual C++ Visual

Software CatalogSQL Server 2005 SQL Server 2008 SQL Server 2008 R2 SQL Server 2012 SQL Server 2014 SQL Server 2016 SQL Server 2017 SQL Server 2019 ... Visual Basic Visual C++ Visual

Documents
The Perfect Server - CentOS 5.5 x86 64 [ISPConfig 2 ... · server with SMTP-AUTH and TLS, BIND DNS server, Proftpd FTP server, MySQL server, ... FTP Server: Proftpd POP3/IMAP server:

The Perfect Server - CentOS 5.5 x86 64 [ISPConfig 2 ... · server with SMTP-AUTH and TLS, BIND DNS server, Proftpd FTP server, MySQL server, ... FTP Server: Proftpd POP3/IMAP server:

Documents
[MS-SRVS]: Server Service Remote Protocol... · 2016. 6. 22. · Server Service Remote Protocol server server server server. [MS-SRVS]

[MS-SRVS]: Server Service Remote Protocol... · 2016. 6. 22. · Server Service Remote Protocol server server server server. [MS-SRVS]

Documents
Industrial Cybersecurity Situation Awareness Darensky.pdf · PT ISIM MAXPATROL 8 MAXPATROL SIEM Positive OT cybersecurity solutions COLLECT & PROCESSING ANALYSIS & DECISION SUPPORT

Industrial Cybersecurity Situation Awareness Darensky.pdf · PT ISIM MAXPATROL 8 MAXPATROL SIEM Positive OT cybersecurity solutions COLLECT & PROCESSING ANALYSIS & DECISION SUPPORT

Documents
Управление ИТ активами (IT Asset Management) · 2013-11-12 · 8 (800) 100 00 23 info@softline.ru Управление ИТ-активами (IT Asset Management)

Управление ИТ активами (IT Asset Management) · 2013-11-12 · 8 (800) 100 00 23 [email protected] Управление ИТ-активами (IT Asset Management)

Documents
Installing Content Server with WebLogic Server · PDF fileInstalling Content Server with WebLogic Server ... Lab, Indiana University ... Installing Content Server with WebLogic Server

Installing Content Server with WebLogic Server · PDF fileInstalling Content Server with WebLogic Server ... Lab, Indiana University ... Installing Content Server with WebLogic Server

Documents
Exchange 2013. Exchange Server Role Architecture in Exchange Server 2013 Server roles in Exchange Server 2013: Client Access Server Mailbox Server Client

Exchange 2013. Exchange Server Role Architecture in Exchange Server 2013 Server roles in Exchange Server 2013: Client Access Server Mailbox Server Client

Documents
MaxPatrol SIEM + MaxPatrol VM

MaxPatrol SIEM + MaxPatrol VM

Documents
Что нового в MaxPatrol 8 - Positive Technologies · Что нового в MaxPatrol 8 Алексей Савин ... ОбновлениеCIS —Microsoft Windows Server

Что нового в MaxPatrol 8 - Positive Technologies · Что нового в MaxPatrol 8 Алексей Савин ... ОбновлениеCIS —Microsoft Windows Server

Documents
New MaxPatrol SIEM LE - Positive Technologies · 2016. 10. 14. · • 69% респондентов ищут возможность сократить стоимость siem •

New MaxPatrol SIEM LE - Positive Technologies · 2016. 10. 14. · • 69% респондентов ищут возможность сократить стоимость siem •

Documents
Benefits of the ground segment use for EO data acquisition€¦ · Polar Server 2 DVB1 Server DVB2 Server Terr. Server XRIT-1 Server XRIT-5 Server XRIT-3 Server XRIT-4 Server RSS

Benefits of the ground segment use for EO data acquisition€¦ · Polar Server 2 DVB1 Server DVB2 Server Terr. Server XRIT-1 Server XRIT-5 Server XRIT-3 Server XRIT-4 Server RSS

Documents
GUSTO 54 CATERING WEDDINGS · 2019-09-06 · LEAD SERVER SERVER SERVER SERVER SERVER SERVER SERVER 35.00 30.00 30.00 30.00 30.00 30.00 30.00 315.00 270.00 270.00 180.00 180.00 180.00

GUSTO 54 CATERING WEDDINGS · 2019-09-06 · LEAD SERVER SERVER SERVER SERVER SERVER SERVER SERVER 35.00 30.00 30.00 30.00 30.00 30.00 30.00 315.00 270.00 270.00 180.00 180.00 180.00

Documents
OCP Project Overview & Deep Dive on OAM,.… · OCP Project Overview & Deep Dive on OAM, RMC, OSF and Open EDGE ... Switch Server Server Server Rack Manager Server Server Server Server

OCP Project Overview & Deep Dive on OAM,.… · OCP Project Overview & Deep Dive on OAM, RMC, OSF and Open EDGE ... Switch Server Server Server Rack Manager Server Server Server Server

Documents
WSV315. Lync Server SharePoint Server Service Manager Windows Small Business Server Exchange Server Windows Diagnostics Server Manager SQL Server

WSV315. Lync Server SharePoint Server Service Manager Windows Small Business Server Exchange Server Windows Diagnostics Server Manager SQL Server

Documents
MaxPatrol 8 - pacifica.kz · J_dhf_g^ZpbbihmkljZg_gbx Hlq_lghklvihh[gh\e_gbyf

MaxPatrol 8 - pacifica.kz · J_dhf_g^ZpbbihmkljZg_gbx Hlq_lghklvihh[gh\e_gbyf

Documents
Bright Computing · Provisioning Monitoring Server Server Server Server Server Server Server Server OS OS OS OS OS OS OS OS Tools Workload Management High Performance Computing (HPC)

Bright Computing · Provisioning Monitoring Server Server Server Server Server Server Server Server OS OS OS OS OS OS OS OS Tools Workload Management High Performance Computing (HPC)

Documents
Chapter 1 The Ubuntu Server Installation - Packt · Basic Ubuntu server OpenSSH server DNS server LAMP server Matl server PostgreSQL database ... Please choose the web server that

Chapter 1 The Ubuntu Server Installation - Packt · Basic Ubuntu server OpenSSH server DNS server LAMP server Matl server PostgreSQL database ... Please choose the web server that

Documents
DHCP Server mit Windows Server 2008 R2 und DHCP Server ... · DHCP Server mit Windows Server 2008 R2 und DHCP Server Redundanz Einrichtung eines DHCP Servers auf Windows Server 2008

DHCP Server mit Windows Server 2008 R2 und DHCP Server ... · DHCP Server mit Windows Server 2008 R2 und DHCP Server Redundanz Einrichtung eines DHCP Servers auf Windows Server 2008

Documents
ProcessLinx OPC Server to Server Softwareliterature.rockwellautomation.com/idc/groups/literature/documents/... · ProcessLinx OPC Server to Server ... •OPC Server configuration

ProcessLinx OPC Server to Server Softwareliterature.rockwellautomation.com/idc/groups/literature/documents/... · ProcessLinx OPC Server to Server ... •OPC Server configuration

Documents
GeoMedia & Geostandaarden geostandaarden_19052010.pdf · Oracle Data Server CAD Data Server TerraShare Data Server ArcView Data Server WFS Data Server WMS Data Server GML Data Server

GeoMedia & Geostandaarden geostandaarden_19052010.pdf · Oracle Data Server CAD Data Server TerraShare Data Server ArcView Data Server WFS Data Server WMS Data Server GML Data Server

Documents
Client Server Architektur Überblick File Server Architektur SQL Server Datenbank Client Server Architektur

Client Server Architektur Überblick File Server Architektur SQL Server Datenbank Client Server Architektur

Documents
Autodesk Infrastructure Map Server - AEC DevBlog · Autodesk Infrastructure Map Server ... Web Server MapGuide Server Database Server Client - Tier Web Tier Server Tier Components

Autodesk Infrastructure Map Server - AEC DevBlog · Autodesk Infrastructure Map Server ... Web Server MapGuide Server Database Server Client - Tier Web Tier Server Tier Components

Documents
Windows Server 2008 Server Core Administrator's …€¦ · ... SQL Server, Visual ... Deploying Server Core Using Windows Deployment ... 357. Windows Server 2008 Server Core Administrator’s

Windows Server 2008 Server Core Administrator's …€¦ · ... SQL Server, Visual ... Deploying Server Core Using Windows Deployment ... 357. Windows Server 2008 Server Core Administrator’s

Documents
GO PUBLIC! GO GLOBAL! Ruslan Belousov CEO ruslan@softline.ru 8 (800) 100-00-23 info@softline.ru info@softline.ru | info@softlinegroup.cominfo@softlinegroup.com

GO PUBLIC! GO GLOBAL! Ruslan Belousov CEO [email protected] 8 (800) 100-00-23 [email protected] [email protected] | [email protected]@softlinegroup.com

Documents
it-academy.ru academy@softline.ru +7(495) 221-10-70

it-academy.ru [email protected] +7(495) 221-10-70

Documents
Veritas NetBackup Enterprise Server and Server 7.7 - · PDF fileVeritas NetBackup ™ Enterprise Server and Server 7.7 ... Veritas NetBackup ™ Enterprise Server and Server 7.7

Veritas NetBackup Enterprise Server and Server 7.7 - · PDF fileVeritas NetBackup ™ Enterprise Server and Server 7.7 ... Veritas NetBackup ™ Enterprise Server and Server 7.7

Documents
Google@softline.ru Roman.Gayan@softline.com Роман Гаян · Голосовой ввод, голосовое управление; Интерактивное голосовое

[email protected] [email protected] Роман Гаян · Голосовой ввод, голосовое управление; Интерактивное голосовое

Documents
Отчеты MaxPatrol в формате XML’еретенников...―Интеграция с внешними системами (ArcSight, SkyBOX Security Risk Control и т.д.)

Отчеты MaxPatrol в формате XML’еретенников...―Интеграция с внешними системами (ArcSight, SkyBOX Security Risk Control и т.д.)

Documents
Microsoft Solutions Department - Softline · 8 (800) 100 00 23 info@softline.ru Microsoft Solutions Department mscenter@softline.ru +7 (495) 232 00 23

Microsoft Solutions Department - Softline · 8 (800) 100 00 23 [email protected] Microsoft Solutions Department [email protected] +7 (495) 232 00 23

Documents