Upload File

siem architecture

19
SIEM Architecture By Nishanth Kumar Pathi

Upload: nishanth-kumar-pathi

Post on 15-Apr-2017

4.819 views

Category:

Technology


30 download

Report

TRANSCRIPT

Page 1: SIEM Architecture

SIEM Architecture

By

Nishanth Kumar Pathi

Page 2: SIEM Architecture

Nishanth Kumar Pathi

• Information Security Consultant

• null – moderator

• OWASP Contributor

• @nishanthkumarp

• http://nishanth.co.in

http://in.linkedin.com/in/nishanthkumarpathi
http://in.linkedin.com/in/nishanthkumarpathi
http://nishanth.co.in/
Page 3: SIEM Architecture

Typical Corporate Environment

Page 4: SIEM Architecture

Defense in Depth

Page 5: SIEM Architecture

Problem Statement

• Which events should be gathered ?

• How we manage the vast amount of logs and information

• What and How should we parse, normalize and time-correction ?

• How should the events be stored ?

• Identify data breach internal or external

• Mitigate cyber attacks.

• Meet Compliance Requirements.

Page 6: SIEM Architecture

What is SIEM

• Security Incident Event Management

• Real time monitoring of Servers, Network Devices.

• Correlation of Events

• Analysis and reporting of Security Incidents.

• Threat Intelligence

• Long term storage

Page 7: SIEM Architecture

Evolution

• SIM – System* Information Management

• SEM - Security Event Management

• NBA – Network Based Analysis

• Log Management – Log file capture & Storage

• SIEM - SIM & SEM

Page 8: SIEM Architecture

Features of SIEM

Page 9: SIEM Architecture

What it can collect ?

Page 10: SIEM Architecture

Work Flow

Collect data form log sources

Correlates Events

Alerts Security incidents

Generates IT security &

compliance reports

Archive Logs for Forensic

Analysis

Page 11: SIEM Architecture

SIEM Architecture

12

Page 12: SIEM Architecture

Dashboard

Page 13: SIEM Architecture

Implementation

Page 14: SIEM Architecture

Self Hosted , Self Managed

Page 15: SIEM Architecture

Cloud Hosted , Self Managed

Page 16: SIEM Architecture

Hybrid Model , Jointly Managed

Page 17: SIEM Architecture

Why SIEM Implementation Fails ?

• Lack of Planning

• Faulty Deployment Strategies.

• Operational Knowledge

Page 18: SIEM Architecture

Any Questions ?

Page 19: SIEM Architecture

Nishanth Kumar Pathi

• Information Security Consultant

• null – moderator

• OWASP Contributor

• @nishanthkumarp

• http://nishanth.co.in


The SIEM Buyer’s Guide for 2020 - The SIEM...The SIEM Buyer's Guide for 2020 1 WHITE PAPER 1. What is a SIEM 2 a. The evolution of a SIEM 3 b. Legacy SIEMs are stuck in the past

Volantino Siem

AHTS VS491 CD SIEM PEARL SIEM EMERALD SIEM SAPPHIRE SIEM ... · PDF fileThe vessel is a very large capacity Anchor Handling Tug Supply Vessel ... SIEM AHTS. Engine and

Enfo siem säkerhetsdagen_2013

Info-Tech Security Information & Event Management (SIEM ... · An implementation plan that includes the overall defining architecture of your final SIEM solution. Select an appropriate

SIEM Primer:

The CorreLog Approach to SIEM - ww1.prweb.comww1.prweb.com/.../CorreLog_SIEM_Server_Brochure.pdf · the CorreLog SIEM or a number of other SIEM systems. CorreLog’s SIEM Agent has

Siem Russia Risspa

ISSA Siem Fraud

MV SIEM Sailor - Welcome to Siem Offshore: Siem … Sailor Page Two Owner Siem Meling Offshore Da Builder Karmsund Maritim Services AS, Karmøy, Norway Built 2007 Design VS 485 CD

Volantino Siem Tirana

McAfee SIEM solution

OwnYIT CSAT + SIEM

Design and Configuration of IPS, IDS and SIEM in Industrial ... · IDS and SIEM in Industrial Control Systems CERT DE ... numerates and details ... to reach a complete architecture

Siem Reap, Cambodge

Siem Mc60 Ser

The SIEM Evaluator’s GuideThe SIEM Evaluator’s Guide Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are

EIGHT STEPS TO MIGRATE YOUR SIEM - Exabeam€¦ · replacing a legacy SIEM with a modern SIEM. These considerations also apply to more specific use cases such as SIEM consolidation

Bn ArcSight Siem

Splunk Siem

Advanced SIEM Operations

AdventurousDay 1 Sumptuous Siem Reap Cosmopolitan Siem Reap is Cambodia’s second city and gateway to Angkor Wat. With its colonial and Chinese-influenced architecture, Temple Town’s

Netiq Siem(SIEM)

Trustwave SIEM LP Software and SIEM Operations Edition ... … · Trustwave SIEM Software and SIEM Operations Edition Security Target 2 DOCUMENT INTRODUCTION Prepared By: Common Criteria

SIEM INDUSTRIES

SIEM eBook

MASSIF Architecture document v15 - CSP Forum · 20/12/2011 · Keywords SIEM, ... OSSIM Open Source Security Information Management ... The MASSIF architecture document provides an

SIEM evolution

Siem Reap, Cambodia

Siem daya decoration

Siem Reap Hotels

Axxera ci siem

Benchmarking SIEM

siem tirana

ArcSight SIEM