SECURITY INFORMATION AND
EVENT MANAGEMENT (SIEM)
ALL THE PRACTICAL KNOW HOW AND HOW TO RELATED TO THE SUBJECT MATTERS.
COMPLIANCE MANAGEMENT,PROACTIVE MONITORING,THREAT MANAGEMENT
FORENSICS & TRACEABILITY
E-SPIN PROFESSIONAL BOOK
SECURITY MANAGEMENT
E-SPIN Comprehensive Professionals Book on Security Management helps to
face a
greater challenge when prioritizing just where their limited budgets should be invested
in order to emerge as strong, viable companies.
Security Management is possibly
today's most overlooked aspect to enjoy advanced correlation, searches, reporting and
displays for security incidents across any IT infrastructure.
One area where the tools can provide the most needed help is in compliance. Corporations increasingly
face the challenge of staying accountable to customers, employees and shareholders, and that means
protecting IT infrastructure, customer and corporate data, and complying with rules and regulations as
defined by the government and industry.
A lot has happened in the past few months, including an
increased international growth that now has taken us further into the global markets.
As a sole distributor In Malaysia, ImmuneSecurity products are part of E-SPIN’s Security Management
Solution Portfolio to to manage Dashboards that are user configurable depending on roles and
responsibilities and have a secure, centralized log archive that automatically analyzes log messages in
real-time.
E-SPIN Professional book on Security Management will focuses on Security Information and Event
Management (SIEM), Compliance Management, PCI Data Security Standards, Vulnerability
Assessment, Managed Services, and security concerns.
By reading this book, organizations, firms and companies should consider adopting Security
Information and Event Management (SIEM) solutions in the areas of security management providing a
platform that extracts intelligent events and incidents from the millions of logs that today exists in an IT
infrastructure of any size.
Finally, till we meet again in the next issue and happy reading.
Chief Of Editor,
Madeline Lim
TABLE OF CONTENTS
Chapters
Page
CHAPTER 1 – Introduction of Security Information and Event Management... 1-5
CHAPTER 2 –Compliance Management ... 6
CHAPTER 3 - PCI Data Security Standards………...7
CHAPTER 4 – Vulnerability Assessment………...8
CHAPTER 5 – Managed Service………...9
SIEM MADE EASY
Robust. Dynamic. Unparalleled.
Today’s extreme digital, IT and economic climates are increasingly demanding more from your company than ever before.
But balancing cybercrime security, compliance regulations and the optimization of IT systems is a delicate act – particularly when budgets are under strain.
Many organizations are realizing that a rich solution can turning SIEM into true business value, thanks to several key wins:
• Automated compliance and regulatory processes. • Improved efficiency in forensic investigations. • Increased troubleshooting turnaround. • An overall improved security posture.
LogPoint 5.1 – ROI, made easy.
ImmuneSecurity’s LogPoint 5.1 solution was created with your business value in mind.
Inspired by the needs of our customers and partners, LogPoint 5.1 incorporates SIEM innovations that translate into a welcome return on your investment.
• Proactive Monitoring.
When services are IT dependent, unexpected performance issues and security breaches can severely impact a company's competitiveness.LogPoint 5.1 allows you to quickly respond to unexpected situations and problems before business performance are affected or revenue is lost.
• Threat Management.
Investigations into IT and cybercrimes have revealed that more organizations are being exposed to internal as well as external attacks across the board. And these attacks are growing more complex and targeted – as well as more ‘silent’, efficient and harder to discover. LogPoint 5.1 is the one-stop-shop for detecting complex, external attacks and overlooked internal fraud across your enterprise – no matter the size.
• Forensics & Traceability.
Enterprises of all scales face the task of finding and gathering information from multiple data logs. And
keeping track of these logs steals precious time away from your other security needs. LogPoint 5.1 is a single, secure and compliant-ready ‘warehouse’ for all log data – allowing you to analyze all data uniformly.
Response time is minimized, events across the entire infrastructure are quickly alerted and easily addressed, and authorities and auditing firms can easily be given necessary documentation for investigation or analysis.
• Compliance Management.
The burden of regulatory compliance has grown significantly heavier for nearly every industry. The list of regulations is long and potential penalties are significant.LogPoint 5.1 provides the foundation for meeting compliance, but can also be the first step towards a truly effective security strategy. It allows you to focus on the right choices and core issues for your security solutions as you swiftly reach your compliance
requirements.
• Data Enrichment.
Logs alone don’t always give you the answers – they often lack the data you need to know. Organizations often burden themselves by launching unnecessary measures to search for this data, including manual processes, routines for executing proper controls, and spot checks in compliance with regulations or security controls. LogPoint 5.1 offers dynamically enriched log messages from external as well as internal data sources – enabling complex correlation and analysis features.
LogInspect™ v5.1.1
ImmuneSecurity proudly presents LogInspect™ version 5.1.1. This version contains
numerous enhancements as well as some bug fixes.
The highlights for this release are:
Introduction of LI Lite for distributed collection of logs from remote locations.
Higher availability of logs from the main LogInspect can be made by creating a copy
of a repo in the remote LogInspect.
Introduction of tenants for effective object management between various
organizational units.
Enhancements
A selection of the major enhancements of LogInspect™ v5.1.1 is listed below in detail.
Devices and Collection
Logs can be forwarded into the system from different platforms using the Distributed
Collector. This support is available for LI Lite at the moment.
IPv6 support is extended to the following collectors and fetchers:
SNMP fetcher, sflow collector,FileInspect collector, SNMP trap collector and
the netflow collector.
The CIDR IP address, is supported for all of the collectors.
Log parser's pattern can be validated by checking against the example message.
SNMP fetcher works for leaf OIDs.
Search and Queries
Fields in search query can now be renamed.
Grouping constructs support "order by" syntax.
Inline list now supports, using whitespace enclosed by quotes.
Cmd + click (Ctrl + click) opens and displays the search result on a new tab.
Dashboard and User Interface
Growl position setting, can now be managed from preferences page.
User Management
LDAP authentication supports three different login formats: "Sam Account Name",
"UID" and "DN". This can be configured from "Advance LDAP Settings".
SSL implemented for Directory Access Protocol (LDAP Strategy).
Username is now made non editable.
Correlation and Alert
Ownership of rules can be transferred to other users.
System and Performance
Critical security updates for the system can be applied by uploading the tested
security patch and installing them.
Backup and Storage
Backup scheduling is made optional.
For backups, its now possible to apply a retention policy.
FileInspect
Windows events can now be collected, by using the "Windows Event Log Reader"
checkmark, while configuring the FileInspect client.
Reporting
Queries in reports templates are now editable.
Bug Fixes
A selection of the major bug fixes of LogInspect™ v5.1.1 is listed below.
Netflow v9 now contains all available fields.
HTTPS certificate can now be applied, without rebooting the server.
Problem with configuration backup has been fixed.
Vendor dashboard can now be used through the "use action".
Compliance Management – a daunting task?
Security compliance requirements are normally a highly time-consuming and expensive task.
Companies must not only interpret audit requirements and controls, they also face managing extreme volumes of log data – all this while facing regulations at federal, state, and industry levels.
Not only are these mandates costly and complicated, failure to comply can result in huge financial losses from fines, notification costs, legal issues and damaged reputations.
A compliance opportunity.
The LogPoint 5.1 SIEM solution goes beyond enabling compliance. It provides the opportunity to prove you are implementing and monitoring the required processes. And it gives you a powerful tool to protect and secure your company’s data.
LogPoint 5.1’s compliance solution allows for ease when meeting compliance requirements, thanks to:
Compliance standard pre-sets. Meet compliance obligations quickly, easily and efficiently. Tailored reports. Easy, quick and customizable.
Full auditing trails. Track and trace your data with ease.
Log capture & storage. Secure and security-signed for evidence and forensics.
Additionally, LogPoint 5.1 supports out-of-the-box compliance and regulatory requirements, including:
PCI-DSS
SOX
ISO 17799 (auditing and monitoring) ISO 27001 including ds484:2005 Basel II
HIPAA
FISMA
PCI DATA SECURITY STANDARDS (PCI-DSS)
PCI compliance, made easy.
PCI – the Payment Card Industry data security standard.
PCI standard mandates that merchants and service providers storing, processing, or transmitting credit card data must comply with a multitude of requirements. The consequences of not meeting compliance are costly and include fines, notification costs, legal issues and brand damage.
Don’t just log – detect, stop, and remedy.
Typical log management solutions merely collect, store, and report on raw event
Logs. But meeting PCI requirements is more than simply “checking the box”. Assuring that proper controls are in place and effective requires more than just plugging in a log management tool and forgetting about it.
Simple and cost effective.
LogPoint 5.1 adds an additional layer of security intelligence by employing multiple layers of correlation technology – packaged with detection, security and remedy capabilities.
It not only helps you meet the most stringent PCI compliance obligations, it helps you fulfill your unique security intelligence needs – assuring that you do not have to overinvest your time, budget and resources.
SARBANES-OXLEY-SOX
SOX – for security best practices & proactive risk management.
The Sarbanes-Oxley Act (SOX) was designed to protect investors by improving the accuracy and reliability of corporate disclosures made in accordance with securities laws. SOX standards must be followed or companies face strict penalties for non-compliance.
Manageable and cost effective.
A properly implemented risk-based approach to auditing for SOX compliance can make SOX more manageable. It can also reduce the associated cost and help ensure the adequacy of controls and the integrity of financial reporting. With LogPoint 5.1, a company can achieve security best practices and continuously manage risk through:
• Data collection • Log management • Real-time monitoring • Threat identification • Rapid response • Actionable reporting
VULNERABILITY ASSESSMENT
Vulnerability scanning prevents successful attacks in a business network
An Outpost24 solution automatically identifies security flaws in your network and gives an important overview of what an attacker could achieve by attacking your high-value assets.
To a cyber-criminal, vulnerabilities on a network are hidden gateways to gain access to the high-value assets in your organization. When exposed, these vulnerabilities can be targeted for exploitation, and consequently provide fuel for stolen identities, trigger theft of business secrets, violate privacy provisions of laws and regulations or right-out paralyze operations.
Organizations are forced to continuously maintain the protection of their networks. Traditionally, this has been accomplished by creating barriers against attacks by investing in reactive security tools such as firewalls, anti-virus tools and intrusion detection systems. In today's environment these reactive mechanisms simply are not enough. Instead of waiting for attacks to occur, there is a need to take a proactive approach. Only by using proactive security tools that continuously identify security risks, it is possible to effectively manage and reduce the risk exposure.
Legislation and compliance with security requirements are also becoming more demanding. The PCI (Payment Card Industry) security standards, Sarbanes-Oxley (SOX) among others all include requirements for regular testing of network security.
Outpost24 is dedicated to offering turnkey solutions based on a true proactive approach. Every day, we assist over 1,000 customers world-wide in securing their valuable assets and ensuring compliance with policies and regulations. Our solutions can be immediately deployed and are always accompanied by our well-appreciated 24/7 security expert support.
MANAGED SERVICES
Highly Specialized Services
Log Management and Vulnerability Assessment Management solutions from ImmuneSecurity within are often combined with a tailored managed service delivered on a weekly, monthly or quarterly basis.
The impact of implementing these often complex IT security solutions consumes many key resources within an organization. A managed service will ease the internal workload and the organization can concentrate on analyzing the key findings summarized by the ImmuneSecurity professionals.
Other key benefit from using a managed service is to have a neutral and external party deliver an IT security report on a frequent basis – this ensures that all IT breaches are covered and the desired level of security can be maintained.
The main driver for managed service subscriptions are assurance of compliance e.g. PCI, SOX,
DS484 by letting ImmuneSecurity deliver on-time quality compliance reporting and suggestions to
SIEM Security Concerns
Most organizations face the same inherent challenges when dealing with security information
and event management (SIEM): effectively balancing limited IT resources, ever-increasing
supplies of log data, dealing with regulation compliance, and keeping staff training up-to-date.
There are four best challenges that organizations should consider to achieve this balance:
Prioritize security information and event management appropriately throughout
organizations
—Organizations can define requirements and goals for performing logging
and monitoring logs to include applicable laws, regulations, and existing organization
policies. They can then prioritize goals based on balancing risk with time and resources
needed to manage logs
Establish policies and procedures for security information and event
management
—Policies and procedures are beneficial because they ensure consistent
approaches throughout organizations as well as ensure that laws and regulations are
observed. Periodic audits can confirm that logging standards and guidelines are followed
throughout organizations. Furthermore, testing and validating can properly ensure log
management policies and procedures
Create and maintain robust security information and event management
infrastructures
—Having secure log management infrastructures aids in preserving the
integrity of log data from accidental or intentional modifications or deletions and in
maintaining confidentiality. It is also critical for creating scalable infrastructures for
handling expected volumes of log data as well as peak volumes during extreme situations
(e.g. widespread malware incidents)