If you can't read please download the document
Upload
vodien
View
231
Download
0
Embed Size (px)
Citation preview
www.arcsight.com 1 2010 ArcSight Confidential
2010 ArcSight, Inc. All rights reserved.
ArcSight and the ArcSight logo are trademarks of ArcSight, Inc. All other product and company names may be trademarks or registered trademarks of their respective owners.
The ArcSight
Threat+Risk Management PlatformAlexandre Depret-Bixio
Regional Sales Manager
+33 6 12 92 35 73
Mars 2011
www.arcsight.com 2 2010 ArcSight Confidential
Monitoring is More Challenging Than Ever
You Need to See
Networked Systems
Zero-day Threats
Critical Data Stores
Privileged Users
Network Connections
Fraud Techniques
Application Risk
0 0 1 0 0 0 0
0 0 0 0 0 0 0
0 0 1 0 0 0 0
0 0 0 1 0 0 0
0 0 1 0 0 0 0
0 0 1 1 0 0 0 1
0 0 1 0 0 0 0 0
0 0 1 0 0 0 0 0
1 0 0 1 0 0 0 1
1 0 0 0 1 0 0 0
1 0 1 0 1 0 1 0
1 0 0 0 0
0 0 0 0 1
0 0 0 0 0
0 0 1 0 0 0 0
1 1 0 1 0 1 1
0 0 0 1 0 0 0
0 0 1 0 0 0 0
1 0 1 0 0 0 1
0 0 0 0 1 0
0 0 0 0 0 1
0 0 1 1 0 0
0 0 0 0 0 1
0 0 1 0 0 0 0 0
0 0 0 0 0 0 1 0
1 0 0 0 0 0 0 0
1 0 0 0 0 0 1 0
0 0 0 1 1 0 1 0
0 0 1 0 0
0 0 0 0 0
1 0 0 0 0
0 0 0 1 0 0 0 0
0 0 1 0 0 0 0 0
0 0 1 0 0 0 0 1
0 0 1 0 0 1 0 0
1 0 0 0 0 0 1 1
0 0 1 0 0 0 0 0 0 1
1 1 0 0 0 0 1 0 0 0
0 0 0 0 1 0 0 0 0 0
1 0 0 1 1 0 0 0 0 0
0 0 1 0 0 0 0 0 0 1
1 1 0 0 0 0 1 0 0 0
0 0 1 0 0 0 0 0 0 1
1 0 0 0 1 0 0 1 1
0 0 1 0 0 0 0 0 0
1 1 0 1 0 0 0 0 0
1 0 0 0 0 1 0 0 1
0 1 0 1 0 0 1 0 0
0 1 0 1 1 0 1 0 1
1 0 1 0 0 0 1
0 0 0 0 1 0 0
0 0 1 0 0 0 0
1 0 0 1 0 0 0
0 0 1 0 1 0 1
www.arcsight.com 3 2010 ArcSight Confidential
Cybercrime Keeps Growing
100 Million Credit Cards$130 Million Cost
45 Million Credit Cards
$250 Million Cost
1.5 Million Debit CardsProcessing License Revoked
Accounts Affected: Unknown
$12.5 Billion Market Cap Lost
www.arcsight.com 4 2010 ArcSight Confidential
Modern Breaches Share a Pattern
Acquire target, sneak in, hop around(Perimeter doesnt help)
Get privileged access to critical
assets(Impact takes time)
Conduct the crime for an extended
time(Early detection matters)
www.arcsight.com 5 2010 ArcSight Confidential
Todays Cybercrime Is Different
Smart Humans
High Value Targets
Signatures Ineffective
No Choke Point
Key Systems Unwatched
Key Users Unmonitored
Attacks
Defenses
Vulnerabilities
Business faces more risk
than ever.
Traditional defenses
wont work.
A different approach
is required.
www.arcsight.com 6 2010 ArcSight Confidential
You Cant Fight What You Cant See
Unknown
Networked Systems
Zero-day Threats
Critical Data Stores
Privileged Users
Network Connections
Fraud Techniques
Application Risk
0 0 1 0 0 0 0
0 0 0 0 0 0 0
0 0 1 0 0 0 0
0 0 0 1 0 0 0
0 0 1 0 0 0 0
0 0 1 1 0 0 0 1
0 0 1 0 0 0 0 0
0 0 1 0 0 0 0 0
1 0 0 1 0 0 0 1
1 0 0 0 1 0 0 0
1 0 1 0 1 0 1 0
1 0 0 0 0
0 0 0 0 1
0 0 0 0 0
0 0 1 0 0 0 0
1 1 0 1 0 1 1
0 0 0 1 0 0 0
0 0 1 0 0 0 0
1 0 1 0 0 0 1
0 0 0 0 1 0
0 0 0 0 0 1
0 0 1 1 0 0
0 0 0 0 0 1
0 0 1 0 0 0 0 0
0 0 0 0 0 0 1 0
1 0 0 0 0 0 0 0
1 0 0 0 0 0 1 0
0 0 0 1 1 0 1 0
0 0 1 0 0
0 0 0 0 0
1 0 0 0 0
0 0 0 1 0 0 0 0
0 0 1 0 0 0 0 0
0 0 1 0 0 0 0 1
0 0 1 0 0 1 0 0
1 0 0 0 0 0 1 1
0 0 1 0 0 0 0 0 0 1
1 1 0 0 0 0 1 0 0 0
0 0 0 0 1 0 0 0 0 0
1 0 0 1 1 0 0 0 0 0
0 0 1 0 0 0 0 0 0 1
1 1 0 0 0 0 1 0 0 0
0 0 1 0 0 0 0 0 0 1
1 0 0 0 1 0 0 1 1
0 0 1 0 0 0 0 0 0
1 1 0 1 0 0 0 0 0
1 0 0 0 0 1 0 0 1
0 1 0 1 0 0 1 0 0
0 1 0 1 1 0 1 0 1
1 0 1 0 0 0 1
0 0 0 0 1 0 0
0 0 1 0 0 0 0
1 0 0 1 0 0 0
0 0 1 0 1 0 1
www.arcsight.com 7 2010 ArcSight Confidential
0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0
0 0 1 0 1 1 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1
0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0
0 0 1 0 1 1 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1
0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0
0 0 1 0 1 1 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1
0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 1 1 0 0
0 0 1 0 1 1 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 1 0 0 0 0 0 0 1
0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0
0 0 1 0 1 1 0 0 0 0 1 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1
0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0
0 0 1 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 1 0 0 0 1
0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 0 0
0 0 1 0 1 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 1 0 0 0 0 1
0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0
0 0 1 0 1 1 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1
0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0
0 0 1 0 1 1 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1
0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0
0 0 1 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1
0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0
0 0 1 0 1 1 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1
0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0
0 0 1 0 1 1 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1
ArcSight Enables Complete Visibility
Detect
Networked Assets
Zero-day Impacts
Critical Data Stores
Privileged Users
Network Connections
Fraud Techniques
Application Risk
www.arcsight.com 8 2010 ArcSight Confidential
ArcSight Is the Only Solution
ArcSight ETRM Platform
A comprehensive platform for
monitoring modern threats and risks
Capture any data from any system
Manage and store every event
Analyze events in real time
Identify unusual behavior
Respond quickly to prevent loss
www.arcsight.com 9 2010 ArcSight Confidential
ArcSight Does Three Things Better Than Anyone
Collect events from any device on the network
Raw, or categorized for better analysis
Extend to new data types whenever needed,
without ArcSight involvement
Universal Data Collection
Todays choices will not limit tomorrows strategy
Collect Consolidate Correlate
www.arcsight.com 10 2010 ArcSight Confidential
ArcSight Does Three Things Better Than Anyone
Complete management of any data to support security,
compliance and IT operations
Search + report on years of data to investigate outages
and incidents quickly and easily
Cut SAN/storage cost with cheap simple management of
petabytes of log data
Enterprise Log Management
Deploy one solution to manage enterprise-wide log data
Collect Consolidate Correlate
www.arcsight.com 11 2010 ArcSight Confidential
ArcSight Does Three Things Better Than Anyone
ThreatDetector Pattern recognition and anomaly
detection to identify modern threats
Analyze roles, identities, histories and trends to detect
business risk violations
The more you collect, the smarter it gets
Cutting-edge Threat Analysis
Detect and then prevent attacks you cant predict
Collect Consolidate Correlate
www.arcsight.com 12 2010 ArcSight Confidential
Only ArcSight Can Handle Modern Threats
No toolkit to create new connectors, requires R& D
4-6 weeks per connector
The vendor controls your ability to monitor
Too expensive ($3 Million for 100,000 eps)
Limited scalability = limited data retention
Your investigations produce poor results
Too few structured fields = limited correlation
Limited correlation means only basic threats
can be detected
You are at increased risk of breach and loss
The Competition
www.arcsight.com 13 2010 ArcSight Confidential
Interlocking Products For Any Size Organization
www.arcsight.com 14 2010 ArcSight Confidential
Interlocking Products For Any Size Organization
Event Correlation
Log Management
Data
Capture
ArcSight ESM
ArcSight Logger
ArcSight Express
Controls
Monitoring
User
Monitoring
Fraud
Monitoring
App
Monitoring
IdentityView
FraudView
Auditor Apps
SAP Auditor
ArcSight TRM
www.arcsight.com 15 2010 ArcSight Confidential
ArcSight Connects,
Extends and Protects
Critical Infrastructure:
Data Leak Protection
Mobility/device management
Storage and backup
Uptime/availability
Identity lifecycle
Cloud/virtualization
Config/systems management
Endpoint/patch management
ArcSight in the IT Ecosystem
www.arcsight.com 16 2010 ArcSight Confidential
Beyond Security: Improving Business Operations
Extend Useful Life of Legacy Applications
Credit Union
BENEFIT:
$8 Million savings by deferring rewrite
PAYBACK:
3 Weeks
Reduce SOX Compliance Reporting Effort
Regional
Electric
Utility
BENEFIT:
$4.6 Million over three years by reducing 7,600 work hours
PAYBACK:
39 Days
Prevent Funds Transfer Fraud
Regional
Financial
Company
BENEFIT:
$900K wire fraud eliminated within one week
PAYBACK:
3 Days
www.arcsight.com 17 2010 ArcSight Confidential
Securing Leaders in All Major Markets
Healthcare Finance Education Government
Energy Telecommunications Manufacturing Retail
http://www.google.com/imgres?imgurl=http://www.porticus.org/bell/images/att_horiz_color_lrg.gif&imgrefurl=http://www.porticus.org/bell/bell_logos.html&h=65&w=136&sz=22&tbnid=a-KrM3qPuqQJ:&tbnh=65&tbnw=136&prev=/images?q=at&t+logo&hl=en&sa=X&oi=image_result&resnum=1&ct=image&cd=2http://www.fiserv.com/default.htmhttp://images.google.com/imgres?imgurl=http://blog.kir.com/archives/images/Department of Justice L.jpg&imgrefurl=http://blog.kir.com/archives/2007/05/chronic_lack_of.asp&h=328&w=325&sz=28&hl=en&start=1&tbnid=tqCRHaB8Y4flRM:&tbnh=118&tbnw=117&prev=/images?q=department+of+justice&gbv=2&hl=enhttp://www.fdic.gov/index.htmlhttp://www.ets.org/
www.arcsight.com 18 2010 ArcSight Confidential
A different approach
is required.
Business faces more
risk than ever.
Traditional defenses
wont work.
ArcSight SIEM Platform
The only effective solution for detecting, managing, and minimizing modern threats and risks.
Complete visibility
Improved uptime
Streamlined compliance
www.arcsight.com 19 2010 ArcSight Confidential
Analyst RecognitionCompany Background
Delivered By The Market Leader
Founded May 2000
2000+ customers
500+ employees, offices worldwide
NASDAQ: ARST
#1 In-use for both SIEM and Log Management
#1 in Market Share Last three reports
SIEM Leaders Quadrant -SIX years running
Industry Recognition
www.arcsight.com 20 2010 ArcSight Confidential
To learn more, contact ArcSight at:
[email protected] or 1-888-415-ARST
ArcSight, Inc.
5 Results Way, Cupertino, CA 95014, USA
Corporate Headquarters: 1-888-415-ARST
EMEA Headquarters: +44 (0)844 745 2068
Asia Pac Headquarters: +65 6248 4795
www.arcsight.com