Click here to load reader
Upload
mohamed-zohair
View
35.337
Download
25
Embed Size (px)
Citation preview
Security Information and Event Management (SIEM)
Mohamed ZohairBusiness Development Consultant
Why Security
“We now create as much data in just two days as we did from the dawn of man until the year 2003. This means that over 90% of all data that exists today has been created in the last two years alone.”
Eric Schmidt, the former CEO of Google
Big Data Challenge
Security Intelligence and Risk Management (SIRM) platform
SIRM Platform
Based on market-leading products from ArcSight, Fortify, and TippingPoint, the HP SIRM Platform uniquely enables enterprises to take a proactive approach that integrates security correlation, deep application security analysis, and network-level defense mechanisms
How the SIRM Platform Protects Your Enterprise
• 360° Security Monitoring to Detect Incidents
• Proactive Security Testing to Protect Applications
• Adaptive Network Defenses to Block Attacks
• Platform Integration to Manage Risk
SIRM Solutions
SIEM Overview
The HP ArcSight Security Intelligence platform helps safeguard your business by giving you complete visibility into activity across the IT infrastructure including external threats such as malware and hackers, internal threats such as data breaches and fraud.
SIEM Solutions
SIEM Products• HP ArcSight Logger• HP ArcSight ESM• HP ArcSight Express• HP ArcSight Connector• HP ArcSight IdentityView• HP ArcSight Threat Detector• HP ArcSight Threat Response Manager• HP Compliance Insight Packages• HP EnterpriseView• HP Reputation Security Monitor (RepSM)
ArcSight environment Diagram Basic
ArcSight environment Diagram
HP ArcSight Logger
ArcSight Logger• ArcSight Logger you can improve everything
from compliance and risk management to security intelligence to IT operations. This universal log management solution collects data from any log generating source and unifies the data for searching, indexing, reporting, analysis, and retention.
• Collect logs from any log generating source through 350+
connectors from any device and in any format
• Unify the data across the IT through normalization and
categorization, into a common event format (CEF registered)
• Search through millions of events using a text-based search
tool on a simple interface
• Store years' worth of logs and events in an unified format
through a high compression ratio at low cost
• Automate analysis, alerting, reporting, intelligence of logs and
events for IT security, IT operations and log analytics
ArcSight Logger Key Capabilities
ArcSight Logger Specifications (SW)
ArcSight Logger Specifications (Appliance)
Logger Snapshoot
HP ArcSight Connector
HP ArcSight Connectors• ArcSight Connectors automate the process of
collecting and managing logs from any device and in any format through normalization and categorization of logs into a unified format known as Common Event Format (CEF),
• ArcSight Connectors provide universal data collection from over +350 unique devices and event sources without the need to deploy agents across the enterprise.
Common Event FormatEach device has its own log format. The data is normalized and categorized into the ArcSight Common Event Format (CEF) for easy correlation and analysis
Correlation Diagram
HP ArcSight Connectors Samples
HP ArcSight Smart Connectors
ArcSight Connectors including– Operating Systems, Applications, and Databases
– Network Devices (routers, switches),
– Network Analyzers (NetFlow data, traffic analyzers),
– Security Solutions (IPS/IDS, firewalls, VPNs, vulnerability
scanners),
– Identity management solutions
– Web servers/web-based applications.
HP ArcSight ESM
ArcSight ESM Overview
HP ArcSight ESM is the premiere security event
manager that analyzes and correlates every
event in order to help your IT SOC team with
security event monitoring, from compliance and risk
management to security intelligence and
operations.
ESM Key features
• A cost-effective solution for all your regulatory compliance needs
• Automated log collection and archiving• Fraud detection• Real-time threat detection• Forensics analysis capabilities for cyber
security
ESM Add-on ( Risk Insight )
• HP ArcSight Risk Insight maps key business indicators to IT assets and security events.
• HP ArcSight Risk Insight enables the user to understand the business impact of the real-time threats detected by ArcSight SIEM solution.
ESM Snapshoot
HP ArcSight ESM with CORR-Engine Specifications (SW)
HP ArcSight ESM 5.2 Specifications (Appliance)
HP ArcSight Express
ArcSight Express HP ArcSight Express delivers a new technological
innovation to address the problem of increased log volumes. This innovation, called the ArcSight Correlation Optimized Retention and Retrieval Engine (CORR-Engine), moves away from the limits of a relational DBMS. It provides the ability to correlate larger sets of log data faster than ever before, to scale to higher log processing volumes, and to archive larger volumes of log data for extended periods using an efficient data store.
The ArcSight CORR-Engine
• The CORR-Engine is a revolutionary solution for high-speed correlation and long-term data retention.
• The CORR-Engine uses a highly customized flat file repository with a “write once, read many” approach
• The CORR-Engine delivering up to five times the read performance when compared to the previous version of ArcSight running on similar hardware
Key learning Points
ArcSight Key learning Points
• ArcSight Solutions • ArcSight Connectors• FlexConnectors & Smart Connectors• Common Event Format (CEF) • CORR Engine
Additional Reading • CA Identity Minder http://www.ca.com/us/identity-and-access-management-resources.aspx
• Why and how to calculate your Events Per Second ( Including Sample ) http://eromang.zataz.com/2011/04/12/why-and-howto-calculate-your-events-per-second/
For any information or inquires, Please contact me
Skype: eng.zohair
Linkedin Profile
Question
THANK YOU