SORT OUT YOUR SIEM
Download as PPTX, PDF2 likes1,255 views
The document discusses the importance and functionalities of Security Information and Event Management (SIEM) systems, highlighting their benefits for both IT teams and businesses. Key points include the need for real-time monitoring, centralization of logs, and proactive threat detection, alongside the distinction between what SIEM is and isn't. It also presents options for implementing SIEM, including in-house solutions and managed SIEM services.
SORT OUT YOUR SIEM
- 1. SORT OUT YOUR SIEM w w w. s i e m s t r a t e g y. c o m 16 October 2013 1
- 2. AGENDA • SIEM today – How are you doing it? • Why SIEM? – Business benefits – IT team benefits • Introducing SIEM – What it is, and what it isn’t • Four foundations for SIEM – Everything in place – Platform approach – Expert security contextualisation – Resourcing for 24/7 monitoring • Sorting out your SIEM – In-house – SIEM-as-a-Service 2
- 3. WHY SIEM?
- 4. TODAY’S SIEM LANDSCAPE We find IT leaders tend to operate in one of three ways when it comes to SIEM: Ignore it Seats of the pants security Do the minimum Log collation and reporting for compliance Functioning SIEM • • Platform approach Proactive threat detection 4
- 5. WHY SIEM? Business benefits • • • • Service availability / uptime / minimise downtime Early warning system Better security intelligence More ‘known’ risks IT benefits • • • • • Proactive threat detection prevents incidents and the need for fire-fighting Efficient – data logs from the entire network are viewed via a single dashboard All IT teams have full visibility of all logs to find the root cause faster Reduce spend on security hardware by getting more from your existing infrastructure Optimise IT resources on valuecreation project 5
- 6. SIEM AS IT SHOULD BE
- 7. SecureData 24x7 Security Operations Centre SecureData 24x7 Security Operations Centre OPTIMISED SIEM ARCHITECTURE Reports Alerts Reports WAN SecureData Cloud Data Centre Events Event Manager and Advanced Intelligence Logging Managers INTERNET Customer Data Centre n Customer Data Centre 1 Agent Agent Firewalls Firewalls Applications Applications Switches Switches Database Database Routers Routers 7
- 8. WHAT IS SIEM, AND WHAT IS IT NOT? SIEM is not only: But it is about: Storing logs / Logging Log correlation and contextualisation PCI or Compliance Security intelligence Reports Real time information Real time information Ability to view historical logs in a structured and targeted way Device logs All IT logs – physical access systems, coffee machines etc Logs Traffic flow, process information, file monitoring 8
- 9. HOW TO ADDRESS SIEM Four foundations of SIEM: 1 3 Everything in one place Making it make sense – the need for an expert eye 2 4 Logs glorious logsthink platform, not just devices Resourcing for monitoring and threat mitigation 9
- 10. 1 2 FOUR FOUNDATIONS FOR SIEM Everything in one place • • • • • • • 42% of IT managers see multiple logging systems as a security risk Centralise logs for real time correlation & analysis All logs, not just security devices logs Use automation tools Benchmark alarms for your organisational norms Provide full network visibility through one pane of glass to identify the root cause Enable faster diagnostics and mitigation Logs glorious logs • Take a platform or a ‘big data’ approach to log correlation •Set the platform up in the right way •Pull in contextual data such as traffic, packet analysis, traffic flow, file management etc •Track security behaviour across the whole of the network •40% of IT managers have serious concerns about the time it takes to analyse data and logs 10
- 11. 3 4 FOUR FOUNDATIONS FOR SIEM Make it make sense •Real time interpretation of SIEM monitoring is critical •It requires an expert, human interface •It’s important to distinguish the line between information and intelligence •Security experts need to review the alarms and alerts to determine the action in context of the organisation Resourcing for monitoring and threat mitigation •SIEM needs 24/7/365 monitoring •Security skills on a continuous basis are expensive and under-utilised on monitoring •Outputting a report each week is redundant practice in threat management •SIEM can free-up rather than use-up resources by acting as an early warning system •More time to mitigate threats enable resource planning and optimisation •Reduce the need to ‘drop everything’ for attack fire fighting 11
- 12. SORTING OUT SIEM
- 13. YOUR OPTIONS FOR SIEM Hybrid Internal • • • • Design, build, install Requires 24/7 resourcing Great if you have a SOC / NOC Security experts are expensive • • Fully managed SIEM by SecureData(so me, or all) Equipment located on customer site SIEM as a service • • Monitoring: log correlation, remote service monitoring, notifications Managed: remote diagnostics and assistance, remote vulnerability scans, remote system updates 13
- 14. AFFINITY SecureData SIEM-as-a-Service - Wholly owned SOC across two sites - 24x7x365 fully-manned operations - Affinity platform for complete security monitoring 14
- 15. THE SECUREDATA DIFFERENCE 1 2 Proactive approach to security: We take a different approach to security, focusing on proactive monitoring and management to minimise business disruption for our clients. We offer the complete security spectrum from assessing risk to detecting threats, protecting valuable assets and responding to breaches when the happen. Excellent customer service and support We offer independent consultancy through dedicated account managers and technical guardians to recommend business security solutions built on the leading security vendors in the industry. We work hard to partner with customers, and we offer flexibility to develop customised processes that fit with the customer. Our highly accredited technical staff give customers first-class support and fast resolution time with the desire to do the best possible job every time. 3 24/7 security operations platform We operate our own support teams and SOC providing global reach with full responsibility for 24/7 security monitoring and management for customers. Owning the SOC enables us to better synthesise information, intelligence and transactions to proactively mitigate more threats before they impact the customer. 15
- 16. THANK YOU www.siemstrategy.com For more information, contact: info@secdata.com +44 1622 723456 www.secdata.com 16
- 17. 17