DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & Logging
1 like711 views
The document summarizes BalaBit IT Security, a logging company that provides solutions for security monitoring, compliance, and activity monitoring. It describes BalaBit's product offerings including their open-source syslog-ng software as well as their premium edition and Shell Control Box appliance. The Shell Control Box provides privileged activity monitoring, access control, real-time alerting and auditing capabilities. The document also provides information on BalaBit's customers, partners, and the benefits of their solutions for improving security, compliance, and reducing business risks.
DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & Logging
- 1. BalaBit IT Security The logging company
- 2. External Challenges: Security Breaches
- 3. External Challenges: Compliance Pressure to Monitor Users PCI-DSS ISO27002 SOX→ COBIT Chapter 7, 8 A.10.2 Third-party service DS5.5 Implement Strong mngmnt HIPAA, Basel Security monitoring Access Control A.10.10 II, GPG13… DS9.2 Chapter 10 Audit Access to Monitoring user Similar Config.changes Cardholder Data activities requirements! DS11.6 Chapter 12 A.13.2 Securing Data Maintain Mgmt of Security sec.policy for Incidents personnel
- 4. Internal Challenges: „Superuser” Fraud Source: BalaBit IT professionals survey, 2011
- 5. How to control? • Identity-management • Logging • Activity monitoring
- 6. BalaBit IT Security „The syslog-ng company” • 2011 revenue: $10.3 M (35% annual growth) • Number of employees: 120 • Number of customers - global: – commercial customers: 800 – open source users: 850.000 • 12 years experience in IT Security • Global partner network, 80+ partners in 30+ countries • Awarded to Deloitte Technology Fast 500 and Fast 50 Lists (2010)
- 7. syslog-ng Description • IT environments constantly generate important data in log messages • syslog-ng • Collects • Filters • Classifies • Normalizes • Stores • Transfers • syslog-ng is not a log analysis tool but it is essential to analysis 8
- 8. Product Family • syslog-ng Open Source Edition • Leader since 1998, de facto standard in 2001 • Large, world-wide community • syslog-ng Premium Edition • Commercial version • Additional features • Professional support • syslog-ng Store Box • Turnkey appliance • Index, search, reporting • Professional support 9
- 9. syslog-ng Open Source Edition • Key Features • Flexible message filtering and re-writing • Pattern-based classification • Secure log transfer via SSL/TLS • Flow-control – adaptive message rate control • High speed processing > 650k/sec • Community • 100,000s of users worldwide • Well know by system admins • Included in 3rd party devices • Custom add-ons 10
- 10. syslog-ng Premium Edition • Additional Features • Zero Message Loss • Reliable Log Transfer Protocol (RLTP) • Client side failover • Disk buffer • Encrypted log storage • SQL source and destination support • Windows support • Support for more than 50 server platforms • Professional Support 11
- 11. Customers
- 12. Logging is not enough… 1. Several security events are not logged! The User Monitoring „Pyramid” 2. Logs typically do not show what was done. 3. Logs often show only obscure techn. details. Activity Records - security camera System logs - snapshots
- 13. Key questions to answer… Can you ensure the accountability of your IT staff? Can you monitor the actions of your „superusers”? Can you reliably control your outsourcing partners? Do you really know „who access what” on servers? Can you conduct quick and cheap audits at your company? Can you present bullet-proof evidence in legal proceedings? Are you sure you’d pass audits concerning user monitoring?
- 14. IT Staff Privileged Activity Monitoring by Shell Control Box Outsourcing partners Managers • Firewall, VDI users • Network devices, • Databases, • Web/file servers, • Citrix server…
- 15. Privileged Activity Monitoring by BalaBit Shell Control Box Shell Control Box (SCB) is an appliance that controls privileged access to remote systems and records the activities into searchable and re-playable movie-like audit trails.
- 16. Access Control Security & compliance benefits: • Central access control gateway • Multi-protocol support - SSH, RDP, VNC, Telnet, Citrix, etc. • Sub-channel control (e.g. file transfer) • Access by time policy • 4-eyes authorization • Real-time access monitoring Key Benefit: GRANULAR ACCESS POLICY ENFORCEMENT!
- 17. Real-time alerting (& blocking) Security & compliance benefits: • Alerts for monitoring tools • Alerts for supervisors Coming in : • Terminates session if risky action • Risky actions are customizable (e.g. failed login, program execution, credit card number…) Key Benefit: IMMIDIATE REACTION ON CRITICAL EVENTS!
- 18. Audit & Forensics Security & compliance benefits: • Real-time activity monitoring • Tamper-proof, HQ audit trails • Movie-like playback & search • File transfer audit • Independent, transparent audit device Key Benefit: INDEPENDENT TOOL FOR QUICK AUDITS & FORENSICS!
- 19. Big SCB Users
- 20. Conclusion Benefits for business Faster ROI • Faster and higher quality audits • Lower troubleshooting and forensics costs • Centralized authentication & access control • Complete solution for user monitoring Lower risk • Improved regulatory and industry compliance • Better employee/partner control • Improved accountability of staff • Bullet-proof evidence in legal proceedings • Setting technical and psychological barrier
- 21. Thank you for your attention! Gábor Paróczi Sales Manager gabor.paroczi@balabit.com 25