• No results found

SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)

N/A
N/A
Protected

Academic year: 2021

Share "SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)"

Copied!
12
0
0

Loading.... (view fulltext now)

Full text

(1)

SECURITY INFORMATION AND

EVENT MANAGEMENT (SIEM)

ALL THE PRACTICAL KNOW HOW AND HOW TO RELATED TO THE SUBJECT MATTERS.

COMPLIANCE MANAGEMENT,PROACTIVE MONITORING,THREAT MANAGEMENT

FORENSICS & TRACEABILITY

E-SPIN PROFESSIONAL BOOK

SECURITY MANAGEMENT

(2)

E-SPIN Comprehensive Professionals Book on Security Management helps to

face a

greater challenge when prioritizing just where their limited budgets should be invested

in order to emerge as strong, viable companies.

Security Management is possibly

today's most overlooked aspect to enjoy advanced correlation, searches, reporting and

displays for security incidents across any IT infrastructure.

One area where the tools can provide the most needed help is in compliance. Corporations increasingly

face the challenge of staying accountable to customers, employees and shareholders, and that means

protecting IT infrastructure, customer and corporate data, and complying with rules and regulations as

defined by the government and industry.

A lot has happened in the past few months, including an

increased international growth that now has taken us further into the global markets.

As a sole distributor In Malaysia, ImmuneSecurity products are part of E-SPIN’s Security Management

Solution Portfolio to to manage Dashboards that are user configurable depending on roles and

responsibilities and have a secure, centralized log archive that automatically analyzes log messages in

real-time.

E-SPIN Professional book on Security Management will focuses on Security Information and Event

Management (SIEM), Compliance Management, PCI Data Security Standards, Vulnerability

Assessment, Managed Services, and security concerns.

By reading this book, organizations, firms and companies should consider adopting Security

Information and Event Management (SIEM) solutions in the areas of security management providing a

platform that extracts intelligent events and incidents from the millions of logs that today exists in an IT

infrastructure of any size.

Finally, till we meet again in the next issue and happy reading.

Chief Of Editor,

Madeline Lim

(3)

TABLE OF CONTENTS

Chapters

Page

CHAPTER 1 – Introduction of Security Information and Event Management... 1-5

CHAPTER 2 –Compliance Management ... 6

CHAPTER 3 - PCI Data Security Standards………...7

CHAPTER 4 – Vulnerability Assessment………...8

CHAPTER 5 – Managed Service………...9

(4)

SIEM MADE EASY

Robust. Dynamic. Unparalleled.

Today’s extreme digital, IT and economic climates are increasingly demanding more from your company than ever before.

But balancing cybercrime security, compliance regulations and the optimization of IT systems is a delicate act – particularly when budgets are under strain.

Many organizations are realizing that a rich solution can turning SIEM into true business value, thanks to several key wins:

• Automated compliance and regulatory processes. • Improved efficiency in forensic investigations. • Increased troubleshooting turnaround. • An overall improved security posture.

LogPoint 5.1 – ROI, made easy.

ImmuneSecurity’s LogPoint 5.1 solution was created with your business value in mind.

Inspired by the needs of our customers and partners, LogPoint 5.1 incorporates SIEM innovations that translate into a welcome return on your investment.

• Proactive Monitoring.

When services are IT dependent, unexpected performance issues and security breaches can severely impact a company's competitiveness.LogPoint 5.1 allows you to quickly respond to unexpected situations and problems before business performance are affected or revenue is lost.

• Threat Management.

Investigations into IT and cybercrimes have revealed that more organizations are being exposed to internal as well as external attacks across the board. And these attacks are growing more complex and targeted – as well as more ‘silent’, efficient and harder to discover. LogPoint 5.1 is the one-stop-shop for detecting complex, external attacks and overlooked internal fraud across your enterprise – no matter the size.

• Forensics & Traceability.

Enterprises of all scales face the task of finding and gathering information from multiple data logs. And

keeping track of these logs steals precious time away from your other security needs. LogPoint 5.1 is a single, secure and compliant-ready ‘warehouse’ for all log data – allowing you to analyze all data uniformly.

Response time is minimized, events across the entire infrastructure are quickly alerted and easily addressed, and authorities and auditing firms can easily be given necessary documentation for investigation or analysis.

(5)

• Compliance Management.

The burden of regulatory compliance has grown significantly heavier for nearly every industry. The list of regulations is long and potential penalties are significant.LogPoint 5.1 provides the foundation for meeting compliance, but can also be the first step towards a truly effective security strategy. It allows you to focus on the right choices and core issues for your security solutions as you swiftly reach your compliance

requirements.

• Data Enrichment.

Logs alone don’t always give you the answers – they often lack the data you need to know. Organizations often burden themselves by launching unnecessary measures to search for this data, including manual processes, routines for executing proper controls, and spot checks in compliance with regulations or security controls. LogPoint 5.1 offers dynamically enriched log messages from external as well as internal data sources – enabling complex correlation and analysis features.

(6)

LogInspect™ v5.1.1

ImmuneSecurity proudly presents LogInspect™ version 5.1.1. This version contains

numerous enhancements as well as some bug fixes.

The highlights for this release are:

Introduction of LI Lite for distributed collection of logs from remote locations.

Higher availability of logs from the main LogInspect can be made by creating a copy

of a repo in the remote LogInspect.

Introduction of tenants for effective object management between various

organizational units.

Enhancements

A selection of the major enhancements of LogInspect™ v5.1.1 is listed below in detail.

Devices and Collection

Logs can be forwarded into the system from different platforms using the Distributed

Collector. This support is available for LI Lite at the moment.

IPv6 support is extended to the following collectors and fetchers:

SNMP fetcher, sflow collector,FileInspect collector, SNMP trap collector and

the netflow collector.

The CIDR IP address, is supported for all of the collectors.

Log parser's pattern can be validated by checking against the example message.

SNMP fetcher works for leaf OIDs.

Search and Queries

Fields in search query can now be renamed.

Grouping constructs support "order by" syntax.

Inline list now supports, using whitespace enclosed by quotes.

Cmd + click (Ctrl + click) opens and displays the search result on a new tab.

Dashboard and User Interface

Growl position setting, can now be managed from preferences page.

(7)

User Management

LDAP authentication supports three different login formats: "Sam Account Name",

"UID" and "DN". This can be configured from "Advance LDAP Settings".

SSL implemented for Directory Access Protocol (LDAP Strategy).

Username is now made non editable.

Correlation and Alert

Ownership of rules can be transferred to other users.

System and Performance

Critical security updates for the system can be applied by uploading the tested

security patch and installing them.

Backup and Storage

Backup scheduling is made optional.

For backups, its now possible to apply a retention policy.

FileInspect

Windows events can now be collected, by using the "Windows Event Log Reader"

checkmark, while configuring the FileInspect client.

Reporting

Queries in reports templates are now editable.

Bug Fixes

A selection of the major bug fixes of LogInspect™ v5.1.1 is listed below.

Netflow v9 now contains all available fields.

HTTPS certificate can now be applied, without rebooting the server.

Problem with configuration backup has been fixed.

Vendor dashboard can now be used through the "use action".

(8)

Compliance Management – a daunting task?

Security compliance requirements are normally a highly time-consuming and expensive task.

Companies must not only interpret audit requirements and controls, they also face managing extreme volumes of log data – all this while facing regulations at federal, state, and industry levels.

Not only are these mandates costly and complicated, failure to comply can result in huge financial losses from fines, notification costs, legal issues and damaged reputations.

A compliance opportunity.

The LogPoint 5.1 SIEM solution goes beyond enabling compliance. It provides the opportunity to prove you are implementing and monitoring the required processes. And it gives you a powerful tool to protect and secure your company’s data.

LogPoint 5.1’s compliance solution allows for ease when meeting compliance requirements, thanks to:

Compliance standard pre-sets. Meet compliance obligations quickly, easily and efficiently. Tailored reports. Easy, quick and customizable.

Full auditing trails. Track and trace your data with ease.

Log capture & storage. Secure and security-signed for evidence and forensics.

Additionally, LogPoint 5.1 supports out-of-the-box compliance and regulatory requirements, including:

PCI-DSS

SOX

ISO 17799 (auditing and monitoring) ISO 27001 including ds484:2005 Basel II

HIPAA

FISMA

(9)

PCI DATA SECURITY STANDARDS (PCI-DSS)

PCI compliance, made easy.

PCI – the Payment Card Industry data security standard.

PCI standard mandates that merchants and service providers storing, processing, or transmitting credit card data must comply with a multitude of requirements. The consequences of not meeting compliance are costly and include fines, notification costs, legal issues and brand damage.

Don’t just log – detect, stop, and remedy.

Typical log management solutions merely collect, store, and report on raw event

Logs. But meeting PCI requirements is more than simply “checking the box”. Assuring that proper controls are in place and effective requires more than just plugging in a log management tool and forgetting about it.

Simple and cost effective.

LogPoint 5.1 adds an additional layer of security intelligence by employing multiple layers of correlation technology – packaged with detection, security and remedy capabilities.

It not only helps you meet the most stringent PCI compliance obligations, it helps you fulfill your unique security intelligence needs – assuring that you do not have to overinvest your time, budget and resources.

SARBANES-OXLEY-SOX

SOX – for security best practices & proactive risk management.

The Sarbanes-Oxley Act (SOX) was designed to protect investors by improving the accuracy and reliability of corporate disclosures made in accordance with securities laws. SOX standards must be followed or companies face strict penalties for non-compliance.

Manageable and cost effective.

A properly implemented risk-based approach to auditing for SOX compliance can make SOX more manageable. It can also reduce the associated cost and help ensure the adequacy of controls and the integrity of financial reporting. With LogPoint 5.1, a company can achieve security best practices and continuously manage risk through:

• Data collection • Log management • Real-time monitoring • Threat identification • Rapid response • Actionable reporting

(10)

VULNERABILITY ASSESSMENT

Vulnerability scanning prevents successful attacks in a business network

An Outpost24 solution automatically identifies security flaws in your network and gives an important overview of what an attacker could achieve by attacking your high-value assets.

To a cyber-criminal, vulnerabilities on a network are hidden gateways to gain access to the high-value assets in your organization. When exposed, these vulnerabilities can be targeted for exploitation, and consequently provide fuel for stolen identities, trigger theft of business secrets, violate privacy provisions of laws and regulations or right-out paralyze operations.

Organizations are forced to continuously maintain the protection of their networks. Traditionally, this has been accomplished by creating barriers against attacks by investing in reactive security tools such as firewalls, anti-virus tools and intrusion detection systems. In today's environment these reactive mechanisms simply are not enough. Instead of waiting for attacks to occur, there is a need to take a proactive approach. Only by using proactive security tools that continuously identify security risks, it is possible to effectively manage and reduce the risk exposure.

Legislation and compliance with security requirements are also becoming more demanding. The PCI (Payment Card Industry) security standards, Sarbanes-Oxley (SOX) among others all include requirements for regular testing of network security.

Outpost24 is dedicated to offering turnkey solutions based on a true proactive approach. Every day, we assist over 1,000 customers world-wide in securing their valuable assets and ensuring compliance with policies and regulations. Our solutions can be immediately deployed and are always accompanied by our well-appreciated 24/7 security expert support.

(11)

MANAGED SERVICES

Highly Specialized Services

Log Management and Vulnerability Assessment Management solutions from ImmuneSecurity within are often combined with a tailored managed service delivered on a weekly, monthly or quarterly basis.

The impact of implementing these often complex IT security solutions consumes many key resources within an organization. A managed service will ease the internal workload and the organization can concentrate on analyzing the key findings summarized by the ImmuneSecurity professionals.

Other key benefit from using a managed service is to have a neutral and external party deliver an IT security report on a frequent basis – this ensures that all IT breaches are covered and the desired level of security can be maintained.

The main driver for managed service subscriptions are assurance of compliance e.g. PCI, SOX,

DS484 by letting ImmuneSecurity deliver on-time quality compliance reporting and suggestions to

(12)

SIEM Security Concerns

Most organizations face the same inherent challenges when dealing with security information

and event management (SIEM): effectively balancing limited IT resources, ever-increasing

supplies of log data, dealing with regulation compliance, and keeping staff training up-to-date.

There are four best challenges that organizations should consider to achieve this balance:

Prioritize security information and event management appropriately throughout

organizations

—Organizations can define requirements and goals for performing logging

and monitoring logs to include applicable laws, regulations, and existing organization

policies. They can then prioritize goals based on balancing risk with time and resources

needed to manage logs

Establish policies and procedures for security information and event

management

—Policies and procedures are beneficial because they ensure consistent

approaches throughout organizations as well as ensure that laws and regulations are

observed. Periodic audits can confirm that logging standards and guidelines are followed

throughout organizations. Furthermore, testing and validating can properly ensure log

management policies and procedures

Create and maintain robust security information and event management

infrastructures

—Having secure log management infrastructures aids in preserving the

integrity of log data from accidental or intentional modifications or deletions and in

maintaining confidentiality. It is also critical for creating scalable infrastructures for

handling expected volumes of log data as well as peak volumes during extreme situations

(e.g. widespread malware incidents)

Provide proper training for all staff with security information and event

management responsibilities

—While defining log management schemas, organizations

must provide requisite training to relevant staffers regarding their log management

responsibilities as well as skilled instruction on the resources necessary to support log

management. This includes providing log management tools, tool documentation,

technical guidance on log management, and disseminating information to log

management staffers.

References

Related documents

Given the role a properly implemented, managed and utilized security information and event management (SIEM) system plays in an organization's security infrastructure

HP has the potential to become a security powerhouse with a broad portfolio of security offerings — application, network security and security information and event management (SIEM)

Methods that are generally used to study gas dispersion include integral model such as Gaussian, DEGADIS, HEGADAS, SLAB, etc, wind tunnel modeling and computational fluid

In order to respond to the research object, the following objectives were formulated: Identify the types of occupational hazards to which the nursing professionals are exposed

The  rates  of  the  Electricity  Charges  payable  to  RSO  by  the  Applicant  for  the  Electricity  Services  will  be  be  based  on  the  reasonable  costs 

Projective integration allows a stable yet explicit integration of such problems by first taking a few small (inner) steps using a step size δt with a simple, explicit method, until

Even if migrants living in border zones are rarely confined to one location to the same degree as the asylum-seekers Mountz studied, it is central to examine the political