eMagic SIEM

advertisement
Security Information and Event Management
9th Feb 2016
About SIEM
What is SIEM ?
•
•
•
•
Security Information and Event Management (SIEM) provides a real time analysis security alerts generated by Network, Hardware and Applications.
It combines two services – Security Information Management (SIM) and Security Event Management (SEM).
The segment of security management that deals with real time monitoring, correlation of events, notification and console views is known as SEM.
Area which provides long term storage as well as analysis and reporting of log data is known as SIM.
What SIEM Does ?
• SIEM system centralizes the storage and interpretation of logs and allows near real-time analysis which enables security personnel to take defensive
actions more quickly
• collects data into a central repository for trend analysis and provides automated reporting for compliance and centralized reporting
Why SIEM ?
•
•
•
•
•
Rise in data breaches due to internal and external threats
Attackers are smart and traditional security tools just don’t suffice
Mitigate sophisticated cyber-attacks
Manage increasing volumes of logs from multiple sources
Meet stringent compliance requirements
Data Collection
Analysis + Value
Addition
Output
How Stuff Works
Email Alerts &
Notifications
Dashboards
Real Time Reports
File Integrity
Log Retention
User Activity
Monitoring
Correlation Engine
Ticketing System
Integration
Reporting System
Portal Management
Control
Network Analysis
Log Management
System
SIEM – Default System rules + User Defined Rules + Correlations
Network
Switches
Routers
Servers
Firewalls
VMs
Applications
Database
SIEM Features
Represents the features available in eMagic SIEM module
Log Collection
Real Time Alerting
Log Analysis
User Activity Monitoring
Event Correlation
Dashboards
Log Forensics
SIEM
Reporting
IT Compliance
File Integrity Monitoring
Application Log Monitoring
System & Device Log Monitoring
Object Access Auditing
Log Retention
SIEM Features – Overview – Features available with eMagic SIEM
Logs from all the virtual and physical IT Infrastructure assets are collected for the purpose of analysis.
Log Collection
This is the starting of any SIEM system.
This is an Agent based process and eMagic is having a very unique feature which allows the user to download and install the set-up remotely on any
device through the SIEM UI with just one click!
All the collected logs are analyzed with the help of default system rules and user defined rules.
Log Analysis
eMagic is having more than 1000 rules already set-up for this purpose.
User can also define the rules as per the need.
Log Correlation is also available in eMagic SIEM which allows users to correlate multiple rules as per n
SIEM
Event
Correlation
Log Forensics
This is a technique for making a sense of a large number of events and pin-pointing the few events that are really important in that mass of
information.
Accomplished by looking for and analyzing relationships between events.
With the help of this feature, users can refer to any past logs with some specific date and time.
Historic data helps in comparing and tracking some specific alerts or issues happened in the past
SIEM Features – Overview – Features available with eMagic SIEM
Logs generated by every application on your network are collected and analyzed
Application Log
Monitoring
It tells you when a particular application is installed on a client box
This monitoring is agent based and agents can be installed remotely through eMagic UI with a single click.
Real Time
Alerting
Logs from all the IT Infrastructure Assets are collected run time.
These logs are analyzed using rules and correlation engines.
Real time alerts are sent to the users to take the actions.
SIEM
Agent
Management
Download, Install, Uninstall, Restart, Delete and Ping Agent – All these Agent Management with just one click through eMagic
UI.
One click Agent Management is an unique feature of eMagic SIEM module which helps user to improve operational efficiency
by managing the agents remotely.
A centralized place for everyone to understand the health of all IT Infrastructure Assets.
Dashboards
This provides an input to make the decision making process faster
Data driven decisions can be taken proactively with the help of the data available on the dashboards
SIEM Features – Overview – Features available with eMagic SIEM
Various reports are generated after analyzing the logs
Reporting
These reports are then presented on the dashboards.
Reports are also sent through emails in the form of alerts
File Integrity databases are stored in Manager
File Integrity
Monitoring
This check can be agent based or agent less
It detects any changes in the system files, registry or directory and sends the alerts
SIEM
System &
Device Log
Monitoring
Logs from all Operating System, Application and Device on the network are collected, analyzed and correlated to
check for any attack, misuse or error
Alerts are generated and sent accordingly.
A centralized place for everyone to understand the health of all IT Infrastructure Assets.
Log Retention
This provides an input to make the decision making process faster
Data driven decisions can be taken proactively with the help of the data available on the dashboards
Thank You!
Download
Related flashcards
Create Flashcards