mcafee siem solution
TRANSCRIPT
![Page 1: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/1.jpg)
Jonathan Knohl – CEOShaliza Fayyaz – CFOHashnee Subbusundaram – COOJuan Pardo – CIO Fahad Mohammad - CPO
![Page 2: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/2.jpg)
![Page 3: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/3.jpg)
![Page 4: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/4.jpg)
![Page 5: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/5.jpg)
![Page 6: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/6.jpg)
![Page 7: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/7.jpg)
![Page 8: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/8.jpg)
![Page 9: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/9.jpg)
![Page 10: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/10.jpg)
![Page 11: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/11.jpg)
![Page 12: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/12.jpg)
![Page 13: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/13.jpg)
![Page 14: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/14.jpg)
![Page 15: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/15.jpg)
![Page 16: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/16.jpg)
![Page 17: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/17.jpg)
![Page 18: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/18.jpg)
![Page 19: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/19.jpg)
![Page 20: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/20.jpg)
![Page 21: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/21.jpg)
![Page 22: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/22.jpg)
![Page 23: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/23.jpg)
![Page 24: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/24.jpg)
![Page 25: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/25.jpg)
![Page 26: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/26.jpg)
![Page 27: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/27.jpg)
![Page 28: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/28.jpg)
![Page 29: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/29.jpg)
![Page 30: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/30.jpg)
![Page 31: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/31.jpg)
![Page 32: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/32.jpg)
![Page 33: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/33.jpg)
![Page 34: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/34.jpg)
![Page 35: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/35.jpg)
![Page 36: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/36.jpg)
![Page 37: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/37.jpg)
![Page 38: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/38.jpg)
![Page 39: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/39.jpg)
![Page 40: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/40.jpg)
Integration• SIEM can be integrated with various platforms/software to insure that
those specific platforms are well secure from outside threats. • Platform/Software specific - each has its own set of SIEM Integration
Capabilities and its own SIEM Integration page• Transfer all information to the SIEM Integration Server • Select Data Transport Protocol - UDP or TCP (both transport layer protocol)
o User Data Protocol - Faster! o Transmission Control Protocol
• Has various correlation techniques used to integrate with a specific platforms/softwares
![Page 41: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/41.jpg)
![Page 42: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/42.jpg)
Escalation• Throughout time SIEM has escalated to be adaptable with various
devices/technologieso Applications, Operating Systems, Firewalls, Healthcare Auditing, Proxies
• Once a threat is detected, the device/software escalates its security levels to stay on top of potential new threats• McAfee releases periodic updates for SIEM
o Code updates are made available as a single compressed TAR file (Simple 7 Step Process)
• SIEM Add-Ons Include…oMcAfee Advanced Correlation Engine oMcAfee Application Data MonitoroMcAfee Enterprise Log ManageroMcAfee Global Threat Intelligence for Enterprise Security Manager
![Page 43: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/43.jpg)
Use Cases
![Page 44: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/44.jpg)
Scenario
![Page 45: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/45.jpg)
![Page 46: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/46.jpg)
![Page 47: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/47.jpg)
![Page 48: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/48.jpg)
![Page 49: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/49.jpg)
![Page 50: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/50.jpg)
![Page 51: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/51.jpg)
![Page 52: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/52.jpg)
![Page 53: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/53.jpg)
![Page 54: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/54.jpg)
![Page 55: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/55.jpg)
![Page 56: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/56.jpg)
What SIEM delivers?
![Page 57: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/57.jpg)
![Page 58: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/58.jpg)
![Page 59: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/59.jpg)
![Page 60: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/60.jpg)
![Page 61: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/61.jpg)
Informational Interview
1. Which are the benefits of SIEM?
To extract context from common security events. Using categorization and normalization, we can understand better what is a normal behavior and what should be investigated. I have sent you a few scenarios around that. For example, a normal environment would have 1000 lines of firewall logs, but which of those are related to a known malicious IP? Which users, through which protocol interacted with this IP? Was it a critical machine? Can it be infected by malware? Etc.
2. How is the Investment related with the solution/acquirement?
I wouldn’t know anything related to the price of it and that would also depend on the use case and sizing. For example, we have massive deployments where you have more than 30 appliances and environments that would use only a single combo box appliance.
3. How to deal with the storage when it comes to volume of data logs, correlation, etc?
This is also related to sizing and use case. Some organizations might have different requirements for log retention because of some specific compliance regulation.
4. Which will be the Best strategy followed to store that huge amount of data?
The best strategy is to have a powerful database that is capable of retrieving the data easily and serve the administrators. Also, to establish a structure for long term storage, that is the raw log. When we talk about SIEM, correlation, aggregation, we are talking about events that have been parsed and treated. The raw log is the raw log only, and should be primary for compliance. The company implementing that technology must have a clear use case in mind, that will directly impact on how much storage and which appliances they will need.
5. Is it easy how SIEM integrates with other technologies? any restrictions? is it secure?
We have a list of supported devices. For those unsupported, it is relatively easy to integrate building a custom parser. We just need a log sample and a method of retrieval.
6. What is the current analytical technique that is used?
I couldn’t answer that.
![Page 62: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/62.jpg)
7. What are some challenges associated with this tool?
The challenges are the business related rules and configurations. Once it is implemented, the administrators must be capable of extracting all the information available and make sense of it.
8. Is SIEM Cloud friendly? how it deals with data correlation and processing in this environment?
We support deployment of a component of the solution at the cloud (Amazon), that is the Receiver.
9. What are some additional functions that you think can make this tool even more effective? or which fields are being worked, so they can be included?
Data sources are key to achieve a specific use case. The more information available, the more you can extract context from it and investigate further the environments.
10. Was there a specific company or event that inspired the creation of SIEM?
I wouldn’t know.
11. What people (skills, roles, etc) should be involved in running and using a SIEM? Does it require training of personnel before deployment?
Security administrators, SOC operators, compliance reviewers, etc. It is recommend that the administrators take the McAfee offered training for the solution.
12. What is needed to make a SIEM implementation successful?
We recommend that the customer work with a Professional Services Consultant during the implementation and that they have a clear notion on what is the use case they are looking for. From there, as the deployment matures, they might grow to other levels and implement further business rules.
![Page 63: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/63.jpg)
References• "Advanced Threat Defense for SIEM." Solution Briefs (n.d.): n. pag. Web. 25 Sept. 2016. <
http://www.mcafee.com/us/resources/solution-briefs/sb-atd-for-siem.pdf>• "Security Information and Event Management." (n.d.): n. pag. Unique McAfee Data Management
Techniques. McAfee, Inc. Web. 25 Sept. 2016.http://bluekarmasecurity.net/wp-content/uploads/2014/01/McAfee-WhitePaper-SIEM.pdf
• “Data Sheet." (n.d.): n. pag. SIEM Solutions from McAfee. McAfee, Inc. Web. 25 Sept. 2016. http://www.mcafee.com/us/resources/data-sheets/ds-siem-solutions-from-mcafee.pdf
• "Data Exfiltration Study: Actors, Tactics, and Detection." (n.d.): n. pag. Grand Theft Data. McAfee, Inc. Web. 25 Sept. 2016. <http://www.mcafee.com/us/resources/reports/rp-data-exfiltration.pdf>
• "Verizon’s 2016 Data Breach Investigations Report." Verizon, n.d. Web. 25 Sept. 2016.<http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/>
• http://www.isaca.org/Knowledge-Center/Research/Documents/SIEM-Business-Benefits-and-Security-Governance-and-Assurance-Perspectives_whp_Eng_1210.pdf?regnum=
• Eduardo de Sá XavierProfessional Services Consultant – LAR Brazil
![Page 64: McAfee SIEM solution](https://reader036.vdocuments.us/reader036/viewer/2022062316/587b45081a28ab9c0e8b6837/html5/thumbnails/64.jpg)