Download Phoenix SIEM (Security Information and Event

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
Document related concepts

Next-Generation Secure Computing Base wikipedia , lookup

Airport security wikipedia , lookup

Wireless security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Information security wikipedia , lookup

Distributed firewall wikipedia , lookup

Mobile security wikipedia , lookup

Cyberwarfare wikipedia , lookup

Unix security wikipedia , lookup

Security-focused operating system wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Cyberattack wikipedia , lookup

Computer security wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
INTRODUCTION
Sam Wachira
Director and CTO at Kenindus Limited . Holds a Bachelor of Science degree in Computer
Information Management from Life University in Atlanta, Georgia and a Masters in Small
Business and Entrepreneurship from Plymouth State in Plymouth, New Hampshire. I have
more than 10 years experience in cyber security software engineering. Some of the notable
organizations I have worked for include BAE Systems, Rapid 7 and 3M. At BAE Systems I
worked with NetReveal and Vuma, at Rapid 7 I worked with Nexpose and Metasploit,
Software that have received international accolades and adopted by both small and big
financial institutions, government agencies and other private entities setting a standard by
which others are measured.
Phoenix – Guard SIEM
What’s a SIEM ?
Security Information and Event Management (SIEM) is about looking at your network
through a larger lens than can be provided by a single security control or information
source. For example:
• Your Asset Management system only sees applications, business processes and
administrative contacts.
• Your Network Intrusion Detection system (IDS) only understands Packets, Protocols and
IP Addresses
• Your Endpoint Security system only sees files, usernames and hosts
• Your Service Logs show user sessions, transactions in databases and configuration
changes.
• File Integrity Monitoring (FIM) systems only sees changes in files and registry settings
How a SIEM Works
Phoenix – Guard SIEM
LMS - “Log Management System
LMS - “Log Management System”
– a system that collects and store
Log Files (from Operating
Systems, Applications) from
multiple hosts and systems into a
single location, allowing
centralized access to logs instead
of accessing them from each
system individually.
SLM /SEM– “Security Log/Event
Management
SLM /SEM– “Security Log/Event
Management” – an LMS, but
marketed towards security analysts
instead of system administrators.
SEM is about highlighting log entries
as more significant to security than
others.
Phoenix – Guard SIEM
SIM – “Security Information
Management
SIM – “Security Information
Management” - an Asset
Management system, but with
features to incorporate security
information too. Hosts may have
vulnerability reports listed in their
summaries, Intrusion Detection and
AntiVirus alerts may be shown
mapped to the systems involved.
SEC - “Security Event Correlation
SEC - “Security Event Correlation” –
To a particular piece of software, three
failed login attempts to the same user
account from three different clients, are
just three lines in their log file. To an
analyst, that is a peculiar sequence of
events worthy of investigation, and Log
Correlation (looking for patterns in log
files) is a way to raise alerts when these
things happen.
Phoenix – Guard SIEM
Features In Phoenix
Phoenix features are extensive to secure each unique environment:
• Comprehensive logging of activity for offline analysis and forensics.
• Port-independent analysis of application-layer protocols.
• Support for many application-layer protocols (including DNS, FTP, HTTP, IRC, SMTP,
SSH, SSL, SMB).
• Analysis of file content exchanged over application-layer protocols, including MD5/SHA1
computation for fingerprinting.
• Tunnel detection and analysis (including Ayiya, Teredo, GTPv1). Phoenix decapsulates
the tunnels and then proceeds to analyze their content as if no tunnel was in place.
• Vulnerability assessment
Phoenix – Guard SIEM
Features In Phoenix
•
•
•
•
•
•
•
•
•
•
•
Extensive sanity checks during protocol analysis.
Support for IDS-style pattern matching.
Network Intrusion Detection System (NIDS) engine
Network Intrusion Prevention System (NIPS) engine
Network Security Monitoring (NSM) engine
Off line analysis of PCAP files
Full system Audit
DOS detection
Auto discovery Scan
Penetration testing
Identifies vulnerabilities that allow a remote attacker to access sensitive information from the
system
• Network Monitoring intrusion detection system (IDS)
• Web Audit
The cost of cyber crime impacts all industries.
The average annualized cost of
cyber crime varies by
industry sector. In this year’s
study, we compare cost
averages for 17 different industry
sectors. As shown in
the figure below, the cost of cyber
crime for companies in
financial services and utilities &
energy experienced
the highest annualized costs. In
contrast, companies in
hospitality, automotive and
agriculture sectors incurred a
much lower cost on average
Types of cyber attacks experienced by companies
Average annualized cyber crime cost weighted by attack frequency
Percentage use of five advanced SIEM features
Phoenix–Guard
THANK YOU
Related documents
The Five Themes of Geography - Phoenix Union High School District
The Five Themes of Geography - Phoenix Union High School District
BBCN BANK: DETECTING LATERAL MOVEMENT AND SERVICE
BBCN BANK: DETECTING LATERAL MOVEMENT AND SERVICE
Mission Statement: Marketing
Mission Statement: Marketing
Presentation
Presentation
Phoenix
Phoenix
Wireless Video Surveillance The Phoenix Model
Wireless Video Surveillance The Phoenix Model
Glenbriar TakeStock! - Glenbriar Technologies Inc.
Glenbriar TakeStock! - Glenbriar Technologies Inc.
TODAY’S TECHNOLOGY CAN CHANGE IN THE BLINK OF AN EYE.
TODAY’S TECHNOLOGY CAN CHANGE IN THE BLINK OF AN EYE.
Siemplify, a fast-growing cyber security start
Siemplify, a fast-growing cyber security start
Document
Document
Mucho Big Data y ¿La Seguridad para cuándo?
Mucho Big Data y ¿La Seguridad para cuándo?