Embed Size (px)
Citation preview
The logging
company
BalaBit IT Security
External Challenges:
Security Breaches
External Challenges:
Compliance Pressure to Monitor Users
SOX→ COBIT
DS5.5 Security monitoring
DS9.2 Config.changes
DS11.6 Securing Data
PCI-DSS
Chapter 7, 8 Implement Strong Access Control
Chapter 10 Audit Access to Cardholder Data
Chapter 12 Maintain sec.policy for personnel
ISO27002
A.10.2 Third-party service mngmnt
A.10.10 Monitoring user activities
A.13.2 Mgmt of Security Incidents
HIPAA, Basel II, GPG13…
Similar requirements!
Internal Challenges:
„Superuser” Fraud
Source: BalaBit IT professionals survey, 2011
How to control?
• Identity-management
• Logging
• Activity monitoring
BalaBit IT Security
„The syslog-ng company”
• 2011 revenue: $10.3 M (35% annual growth)
• Number of employees: 120
• Number of customers - global:
– commercial customers: 800
– open source users: 850.000
• 12 years experience in IT Security
• Global partner network, 80+ partners in 30+ countries
• Awarded to Deloitte Technology Fast 500 and Fast 50 Lists (2010)
8
syslog-ng Description
• IT environments constantly generate
important data in log messages
• syslog-ng
• Collects
• Filters
• Classifies
• Normalizes
• Stores
• Transfers
• syslog-ng is not a log analysis tool but it is
essential to analysis
9
Product Family
• syslog-ng Open Source Edition
• Leader since 1998, de facto standard in 2001
• Large, world-wide community
• syslog-ng Premium Edition
• Commercial version
• Additional features
• Professional support
• syslog-ng Store Box
• Turnkey appliance
• Index, search, reporting
• Professional support
10
syslog-ng Open Source Edition
• Key Features
• Flexible message filtering and re-writing
• Pattern-based classification
• Secure log transfer via SSL/TLS
• Flow-control – adaptive message rate control
• High speed processing > 650k/sec
• Community
• 100,000s of users worldwide
• Well know by system admins
• Included in 3rd party devices
• Custom add-ons
11
syslog-ng Premium Edition
• Additional Features
• Zero Message Loss
• Reliable Log Transfer Protocol (RLTP)
• Client side failover
• Disk buffer
• Encrypted log storage
• SQL source and destination support
• Windows support
• Support for more than 50 server
platforms
• Professional Support
Customers
The User Monitoring „Pyramid”
Activity Records -security camera
System logs -snapshots
Logging is not enough…
1. Several security events are not logged!
2. Logs typically do not show what was done.
3. Logs often show only obscure techn. details.
Key questions to answer…
Can you ensure the accountability of your IT staff?
Can you monitor the actions of your „superusers”?
Can you reliably control your outsourcing partners?
Do you really know „who access what” on servers?
Can you conduct quick and cheap audits at your company?
Can you present bullet-proof evidence in legal proceedings?
Are you sure you’d pass audits concerning user monitoring?
IT Staff
Outsourcing partners
Managers
• Firewall, • Network devices, • Databases, • Web/file servers, • Citrix server…
Privileged Activity Monitoring by Shell Control Box
VDI users
Privileged Activity Monitoring by
BalaBit Shell Control Box
Shell Control Box (SCB) is an appliance that controls privileged access to remote systems and records the activities into searchable and re-playable movie-like audit trails.
Access Control
Security & compliance benefits:
• Central access control gateway
• Multi-protocol support - SSH, RDP, VNC, Telnet, Citrix, etc.
• Sub-channel control (e.g. file transfer)
• Access by time policy
• 4-eyes authorization
• Real-time access monitoring
Key Benefit: GRANULAR ACCESS POLICY ENFORCEMENT!
Real-time alerting (& blocking)
Security & compliance benefits:
• Alerts for monitoring tools
• Alerts for supervisors
Coming in :
• Terminates session if risky action
• Risky actions are customizable (e.g. failed login, program execution, credit card number…)
Key Benefit: IMMIDIATE REACTION ON CRITICAL EVENTS!
Audit & Forensics
Security & compliance benefits:
• Real-time activity monitoring
• Tamper-proof, HQ audit trails
• Movie-like playback & search
• File transfer audit
• Independent, transparent audit device
Key Benefit: INDEPENDENT TOOL FOR QUICK AUDITS & FORENSICS!
Big SCB Users
Conclusion Benefits for business
Faster ROI • Faster and higher quality audits
• Lower troubleshooting and forensics costs
• Centralized authentication & access control
• Complete solution for user monitoring
Lower risk • Improved regulatory and industry compliance
• Better employee/partner control
• Improved accountability of staff
• Bullet-proof evidence in legal proceedings
• Setting technical and psychological barrier
