siem/soc by connect everywhere israel - cybershark solution
Post on 13-Apr-2017
111 Views
Preview:
TRANSCRIPT
המפיצה של הרשמיתCYBERSHARK
by
About Us• Connect Everywhere Israel, Branch of Mexican IT Company
•More then 20 years of IT management & Security
•Working globally as Security Expert
• Bring the Israel IT top of the art security solution
AV-Test Report more then 390,000of new malware every day!
"Incidents and information security incidents rose by 66% year on year since 2009".
According to a survey by The Global State of Information Security
Malware based attacks continue to rise
20092,361,414
430,555,582
new malware detected
2015 new malware detected
Source: Symantec 2016 Global Intelligence Network Report
1,179,000
new malware detectedevery day
Source: Symantec 2016 Global Intelligence Network Report
Our Way to Solve Security Risk• Our System Solution helps companies to overcome
security issues in their system• There are 2 process that work together to solve your
security break
• SIEM - Security Information and Event Management • Deal with all the alerts in the system
• SOC - Security Operations Center • Real people• Working 24x7 • Monitors the security event • send alerts and solutions to problems
The work flow
Firewalls
I.P.S
Linux Server
Window Server
Switches
Router
The company has different IT and Information Security Devices, such as Firewalls, IPS, Switches, routers, proxies, Anti Spam, Antivirus , Windows Servers, Linux Servers and others. Each Device Creates Its Own Security Log With Security Information On It.
1
The Collector (MSI) will be installed on the client premises and will take the logs from all this devices.
Firewalls
I.P.S
Linux Server
Window Server
Switches
Router
Collector MSI
2
Firewalls
I.P.S
Linux Server
Window Server
Switches
Router
Collector MSI
Compress
Encrypt
Send
The collector will compress them and send them encrypted to the Cyber Shark Cloud.
3
Firewalls
I.P.S
Linux Server
Window Server
Switches
Router
Collector MSI
Compress
Encrypt
Send
Aggregation
Normalization
Duplication
The events when arriving pass to different processes as Aggregation, normalization and duplication.
4
Firewalls
I.P.S
Linux Server
Window Server
Switches
Router
Collector MSI
Compress
Encrypt
Send
Aggregation
Normalization
Duplication
Then are placed in the Database
5
Firewalls
I.P.S
Linux Server
Window Server
Switches
Router
Collector MSI
Compress
Encrypt
Send
The Data on database is enriched by external sources as Blacklists and others. IT is passed through a complex set of correlation rules.
6 Aggregation
Normalization
Duplication
External Sources
Enrichment
Compliance Rules
Correlation Rules DB
Firewalls
I.P.S
Linux Server
Window Server
Switches
Router
Collector MSI
Compress
Encrypt
Send
Data can be exposed to the client using the dashboard. When an incident is identified, an alert is sent to the costumer and a ticket being open for the analyst to check the issue.
7 Aggregation
Normalization
DuplicationExternal Sources
Enrichment
Compliance Rules
Correlation Rules DB
Dashboard Alert
Firewalls
I.P.S
Linux Server
Window Server
Switches
Router
Collector MSI
Compress
Encrypt
Send
The analyst checks the incident and decide if it is a false positive or not, and if not gathers all the evidence. A Remediation plan is created and all this data is send to the client via a ticketing system or email.
8 Aggregation
Normalization
DuplicationExternal Sources
Enrichment
Compliance Rules
Correlation Rules
Verify False Positive
Add Remediation Plan
DB
Dashboard Alert
Notify
SOC Analyst
CLIENTS
Who needs this solutions• Capital Market• Credit Data Law • Superintendent of Insurance• SOC2 - Cloud companies that hold customer information• PCI - Companies that perform credit card transactions
required to correct• HIPPA - Companies must meet HIPPA regulation - drug
companies and HMOs
Why CYBERShark ?• Your network & data are critical to your success • The characteristics of cyber threats are known:• Unusual outbound network traffic/data exfiltration• Anomalies in privileged-user account activity • Large numbers of requests for the same file• Geographical irregularities• Database extractions (SQL injection)• Sweep Scans & event log alterations
• But these Indicators of Compromise (IoC) cannot be reliably detected by localized security measures like firewalls and IDS/IPS systems!• You need CYBERShark to watch your entire network
HOW CYBERSHARK PROTECTS YOU• The alerts we send you don’t just tell you that there’s a
problem, they tell you how to handle it:• Identification of the specific threat• Remediation steps to fix the problem (device-specific)• All supporting evidence provided in the alert
• The customer portal lets you view your own network security posture at a glance
• You get access to comprehensive reporting for security and regulatory compliance• Compliance reports identify the specific regulatory issues at
stake due to a threat (HIPAA, PCI, GPG13 and more)
Contact Us
WWW.CEI.CO.IL
Salo 052-3653227 salo@cei.co.il
Sharon 054-5680114 sharon@cei.co.il
top related