ClearSkies. Re-Defining SIEM

ClearSkies

Re

-De

fin

ing

www.odysseyc.com www.odysseyc.com You are required to collect and archive log data

generated from diverse systems and applications for forensics and regulatory compliance purposes.

You need to appropriately analyze, investigate and report on log data collected for Security Threats and Vulnerabilities that might affect the Confidentiality, Integrity and Availability of your mission - critical systems and communication links.

You need access to dependable and up to date, in-depth Threat Intelligence information so that you can become more proactive and focused in minimizing and managing your information security risk.

In essence, what you need is a

robust, intelligent, cost effective,

easy to deploy, SIEM solution.

Odyssey’s ClearSkies Security-as-a-Service (SECaaS) SIEM platform addresses the need of organizations of any size or industry, to manage the wealth of log data generated from security devices, systems, applications, network infrastructures and communication links. It does so, in a holistic manner, enabling organizations to effectively and cost efficiently, enhance their information security and compliance operations across the board with virtually zero upfront investment.

The ever increasing frequency, complexity and sophistication of threats and attacks on organizational security devices, systems, applications, network infrastructures and communication links, imposes a greater pressure on organizations towards enhancing their information security arsenal and becoming more proactive in facing such risks.

This reality however, creates an operational oxymoron; the more extensive and complex the organizational information security arsenal becomes, the greatest the cost and difficulty in monitoring it to efficiently and timely identify and respond to threats and attacks on the organizational resources.

This challenge is further compounded by the fact that legal and regulatory frameworks exert an even stronger pressure on organizations to comply with, and report on stringent information security control measures.

To overcome these challenges, larger organizations have been internally investing in Security Information and Event Management (SIEM) capabilities.

However, economic pressures, as well as the fast pace at which information security trends and threats are emerging, make the administration and maintenance of an in-house SIEM capability, both expensive as well as highly specialized and thus, outside the core competency sphere of most organizations.

How Odyssey helps you

in addressing these

challenges

As a regional leader in the provision of information security and managed security services for over a decade, with hundreds of clients in security sensitive industries such as banking, insurance, energy and healthcare, we have been exposed to these challenges and have heavily invested in addressing them in a manner that not only meets current needs but is also flexible enough to evolve into accommodating emerging trends.

Achieve UP TO 80% reduction in the Number of False-Positive Alerts “Noise”, allowing you to focus your efforts on combating Real Threats.

Minimize incident response times and maximize response success rates by integrating

with the Threat Intelligence and Vulnerability Management service part of this service portfolio. Gain access to our BigData Analytics platform which provides Smarter Statistical

& Behavioral Analytics, including User Behavior Analytics “UBA” capabilities.

Have a clear, real-time view of important information security incidents, metrics and indicators literally at your fingertips through smart, fully customizable SIEM dashboards. Tailor your SIEM service to your needs and budget through our flexible service delivery model. Deploy a valuable tool which will immediately improve your information security baseline without long deployment learning curves and no upfront investment.

Re-Defining SIEM

Challenges faced by Organizations today

Functional Log and Event Management with clear view of your overall information security posture at any time.

Instant transformation of log data into information security intelligence, useful in making informed decisions.

Early identification of suspected or actual malicious events and the ability to analyze, address and follow up on them through a structured process.

Effortless preparation of both specialized as well as ad-hoc reports in no time, vastly enhancing your compliance and business decision support processes.

Enhanced knowledge of latest information security threats and trends by tapping into a unique Information Security and Threat Intelligence knowledge pool – Odyssey

IthacaLabs©_.

Accessing your service anywhere, anytime with ClearSkies mobile application available for Windows, iOS and Android smart-phones and tablets.

With ClearSkies Security-as-a-Service (SECaaS) SIEM you can:

ClearSkies Security-as-a-Service (SECaaS) SIEM, successfully

tackles these challenges by helping you achieve pivotal

information security and business objectives including:

“Efficient and effective

Security Information and

Event Management (SIEM)

is no longer an expensive

information security tool

that can be afforded only

by large and resource-rich

Reports

Incorporates predefined reports designed to meet

the requirements of regulatory frameworks such

as the PCI, but also allows you to easily create

additional reports based on your needs and

business requirements. The module’s scheduling

capabilities further simplify the reporting process.

Dashboard

Fully configurable dashboards can be customized

to meet users’ needs and work habits. With

smart drill down capabilities, the module allows

users to have pertinent information right at their

fingertips.

Compliance

Provides you with the framework for

understanding compliance behavior since

Information Security rules and regulations of

the organization are the key to strengthening

information security.

Performance & Availability

Helps you proactively monitor the performance

and availability of your mission-critical systems

and communication links.

“BigData” Analytics

Helps you by intelligently processing and analyzing

large volumes of structured and unstructured data,

identifying threats, which would go unnoticed by

traditional analysis tools and techniques.

Event Management

Allows you to efficiently and effectively monitor,

classify and manage events according to their

severity, permitting security staff to delegate

actions and responsibilities internally.

Vulnerability Management

Provides you with the ability to import results

from different vulnerability tools and use them

during the Analysis and Correlation process in

order to further minimize False-Positive Alerts.

ClearSkies SECaaS SIEM line of Service Modules & Architecture

The ClearSkies Security-as-a-Service (SECaaS) SIEM

is a cloud-based line of services, which combines a unique set of features, while its architecture is based on our

proven security event management methodology. Together, they formulate a service, which places Odyssey at the forefront of the global SIEM SECaaS provider

market. In addition, it is Integrated with BigData, intelligent security capabilities, thus bringing unparalleled performance capabilities to the platform’s Investigation,

Remediation, Statistical and User Behavioral Analytics (UBA) features; vital aspects for any organization that is serious about its information security capability.

Continuously enriched with evidence-based

knowledge for existing and/or emerging Cyber

Threats and Vulnerabilities. This outcome is fed

into the Analysis and Correlation processes, thus

minimizing False-Positive Alerts; also improving

your decision making process when strategically

planning your internal defenses against similar

future threats.

www.odysseyc.com www.odysseyc.com Log data generated from a number of diverse

security devices, systems, applications, network infrastructures and communication links, are collected.

Log data collected are compressed at a ratio of up to 85%, digitally signed and optionally encrypted before archived. This way collected logs are maintained at a state which allows them to be also utilized for forensic investigation or legal evidence should the need arise.

Log data from different network, systems, applications and vendors are formatted in different ways, even if these events are semantically equivalent. Copy of the log data collected are normalized and stored into a common schema at the time of data collection for further processing, Analysis and Correlation, and ad hoc search and reporting.

Optionally, sensitive information found within the log data, such as user credentials, could be masked before leaving your premises for further Statistical and Behavioral Analysis.

Analysis of normalized log data is performed for identifying Real-Threats, thus minimizing False-Positive Alerts, by utilizing IthacaLabs©

Threat Intelligence feed and Vulnerability Information that might exist on your mission-critical systems. Based on these characteristics the Severity, Exploitability and Impact Factors for Real-Threats are calculated and fed into the Correlation process.

The Correlation of Real-Threats utilizes not only a number of statistical and behavioral heuristics models but also a number of intelligent correlation rules which are developed on an ongoing basis by taking into consideration the Threat Analysis & Security Intelligence provided through IthacaLabs©_{. This process facilitates}

the early identification of Real-Threats and/ or misuse attempts that might affect the Confidentially, Integrity and Availability of your information.

Service Architecture

You can escalate events which have been determined to impose a Real-Threat to your mission-critical systems and communication links to incident status and assign them internally for further investigation and resolution using the built-in incident management process workflow through Incident Escalation communication channels such as:

• Sending email, Push-Notifications* and/or SMS to those people that this incident is assigned to, accompanied with a brief summary of the incident including its severity level.

• Updating the built-in incident management dashboard with details regarding the raised incident, including course of action.

*For receiving Push-Notifications on smart-phones and tablets you should have installed ClearSkies mobile application, which is available for Windows, iOS and Android operating systems.

Understanding the varying sizes, needs, internal capabilities and information security management maturity levels of different organizations, we have structured the ClearSkies Security-as-a-Service (SECaaS) SIEM line of services in a modular manner and in different deployment options including virtual and physical appliances. While each module can operate on its own, the addition of service modules based on clients’ changing needs and budget, can be a swift and transparent process.

Part or the entire ClearSkies Security-as-a-Service (SECaaS) SIEM services could be upgraded at any given time to Managed Security & Protection Services and/or to Outsourcing Services.

This scenario is ideal for organizations with the need of 24/7/365 Asset Monitoring, Log Review, Analysis, Event Management for their critical assets, but at the same time wish to perform their own log review and analysis for non critical assets.

Flexible Service Delivery Model

Correlation:

Analyze:

Normalize/Mask:

Archive:

Collect:

notifications smart-phones & tabletsPush notifications Clearskies SecureWeb Portal notificationsSMS

Incident Management:

The entire architecture of the ClearSkies Security-as-a-Service (SECaaS) SIEM service is based on our proven Event Management Methodology developed through our decades’ long experience and expertise in the challenging sector of information security. Basically, this architecture is based on the following process, which demonstrates how effective and efficient Event Management of Security threats is achieved.

Collection

Archiving

Normalization

Analysis

Correlation

process minimizes further False-Positive Alerts thus allows

you to focus only on those events that require your attention.

Managed

Security &

protection

services

Outsourcing

Services

Intelligent Correlation Service by Odyssey IthacaLabs© Performance

& Availability Compliance Vulnerability

Management IntelligenceThreat Analytics ManagementEvent

Standard

Plus

Premium

Reports Dashboard

Analytics ManagementEvent

Reports Dashboard

Vulnerability

Management IntelligenceThreat Analytics ManagementEvent

+

+

+

Company Overview

Odyssey Consultants is an ISO 27001 certified, Information Security, Infrastructure and Risk Management Solutions integrator and a Managed Security & Outsourcing Services Provider. Odyssey is accredited by the Payment Card Industry Security Standards Council (PCI SSC) as a Qualified Security Assessor (QSA) and an Approved Scanning Vendor (ASV). Our services and solutions span the whole spectrum of People, Process and Technology. Odyssey was founded in 2002 with the main objective of providing “High-Quality, Cutting- Edge, Information Security, Infrastructure and Risk Management Services” to organizations that value their information assets. Since then, and in keeping with market trends, we have evolved and pride ourselves for becoming a regional leader in the Managed Security & Outsourcing Services sector as well.

Our Vision and Mission

Our vision is “to be the leading organization in the wider region in the areas of Information Security, Infrastructure and Risk Management Services and related Managed Security & Outsourcing Services, creating real and sustainable value to our clients, employees and shareholders”.

Our Mission is “to be the recognized leader in the regional Information Security, Infrastructure, Risk Management and Managed Security & Outsourcing Services market, projecting trust in our experience and skills, and consistently delivering a high quality experience to our clients”.

Our Principles

We Are Centered Around You

Underlying our business mission is the unconditional requirement that our services fulfill our clients’ needs and exceed their expectations. Having this in mind, our business approach places the client in the center of our business equation.

Building Value For Our Customers

This statement underpins our philosophy in servicing our clients’ needs through robust cost - benefit analysis and approaches, which take a pragmatic and practical approach in balancing risks and controls.

Our Values

Innovation

We transform innovative ideas into progressive products and solutions that proactively address information security trends and challenges.

Passion for Perfection

We strive for perfection by inspiring into our people the sense of leadership, ownership and perseverance that is supported by a culture of teamwork, mutual respect and professionalism.

Customer Focus

Underlying our business mission is the unconditional commitment to be ahead of our customers’ needs and exceed their expectations, by delivering high quality, adaptive and robust solutions.

Greece: 7 Anastaseos str., 2nd floor, Holargos 155 61, Athens, tel.: +30 210 6565200, fax: +30 210 6565219

Headquarters

Offices

Ground Floor #07, Building 16, Dubai Internet City,