siem architecture
TRANSCRIPT
SIEM Architecture
By
Nishanth Kumar Pathi
Nishanth Kumar Pathi
• Information Security Consultant
• null – moderator
• OWASP Contributor
• @nishanthkumarp
• http://nishanth.co.in
Typical Corporate Environment
Defense in Depth
Problem Statement
• Which events should be gathered ?
• How we manage the vast amount of logs and information
• What and How should we parse, normalize and time-correction ?
• How should the events be stored ?
• Identify data breach internal or external
• Mitigate cyber attacks.
• Meet Compliance Requirements.
What is SIEM
• Security Incident Event Management
• Real time monitoring of Servers, Network Devices.
• Correlation of Events
• Analysis and reporting of Security Incidents.
• Threat Intelligence
• Long term storage
Evolution
• SIM – System* Information Management
• SEM - Security Event Management
• NBA – Network Based Analysis
• Log Management – Log file capture & Storage
• SIEM - SIM & SEM
Features of SIEM
What it can collect ?
Work Flow
Collect data form log sources
Correlates Events
Alerts Security incidents
Generates IT security &
compliance reports
Archive Logs for Forensic
Analysis
SIEM Architecture
12
Dashboard
Implementation
Self Hosted , Self Managed
Cloud Hosted , Self Managed
Hybrid Model , Jointly Managed
Why SIEM Implementation Fails ?
• Lack of Planning
• Faulty Deployment Strategies.
• Operational Knowledge
Any Questions ?
Nishanth Kumar Pathi
• Information Security Consultant
• null – moderator
• OWASP Contributor
• @nishanthkumarp
• http://nishanth.co.in