EventLog AnalyzerYour complete security arsenal

Nitin Devanand

• Need for a SIEM solution

• EventLog Analyzer – quick overview

• Security attacks - use cases

• -Brute force• -Stopping the rise of ransomware• -SQL injection• -Insider threat• -Monitoring privileged user activities• -Securing physical ,virtual and cloud environment• -Compliance

• Q & A

Agenda

Collect data from log sources Correlate events

Alert IT about security

incidents

Generate IT security and compliance

reports

Archive logs for forensic analysis

Sealing security loopholes

• To protect from security attacks, it is essential for a company to deploy various security solutions such as vulnerability scanners, endpoint security protection tools, perimeter security devices and so forth.

• This leaves security administrators overwhelmed with the number of security alerts they get each day.

• Problem faced - lack of contextual understanding of security information required to distinguish an actual threat from the false positives.

Windows

Unix andLinux

Applications

Network devices

Predefined alert criteria

Alerting

Detecting insider attacks

Dealing insider attacks

More than 40% of attacks are from malicious insiders in any organization. Therefore, every organization must keep the same level of security policies for insiders too.

• Insider threat detection • Forensic analysis of scope of foot print of the former

employee

Source-http://resources.infosecinstitute.com/top-6-seim-use-cases/#gref

User session monitoring

Provides a complete user audit trial from log on to log off

Answers who did what, when, and from where

Reconstruct any network incident with the help of the user activity timeline.

Securing physical, virtual and cloud environments

• Apart from data security, there are numerous challenges like network forensics, troubleshooting, fault monitoring, and compliance.

• To overcome these challenges, IT security professionals need to monitor and analyze the log data generated by their cloud infrastructure. 

Results of compliance fail..

Banks suddenly asks its 3.2

million users to change their debit cards

2.6 million card data is on Visa

and MasterCard and 600k is on

RuPay platform

The data theft happened because of

malware introduction on

the PoS supplied by

Hitachi Payment Systems

Integrated compliance management• Out of the box compliance reports for PCI DSS,

FISMA, GLBA, HIPPA, ISO 27001, and more

• Compliance reports for both Windows event logs and Linux/Unix syslogs

• Generate compliance reports from a centralized location

• Get compliance reports in multiple formats: HTML, PDF, or CSV

• Schedule compliance reports to run periodically, and get emailed to multiple administrators

Questions?

Sources : http://www.hackmageddon.com/

http://www.zdnet.com/article/the-top-security-threats-of-2016/

Thank you!eventlog-support@manageengine.com

nick@manageengine.com