SlideShare a Scribd company logo

Threat intelligence solution

A
ARUN REDDY M

This document describes InfoMagnum's log analytics solution for identifying threats. The solution collects and analyzes logs from various devices and applications to detect unauthorized access, ensure compliance, track suspicious behavior, and more. It uses technologies like syslog-ng, Elasticsearch, and machine learning algorithms to extract, transform, and index log data for analysis. This enables rapid generation of intelligence from large amounts of log data through visualization and anomaly detection. The solution helps with challenges like centralized log analysis from many sources, performance monitoring, and identifying intrusions or bottlenecks.

Small Business & Entrepreneurship
1 of 14
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
2nd Floor, Spline Arcade, Hi-tech city, Hyderabad-500081. email: contact@infomagnum.com
LOG ANALYTICS A SOLUTION TO IDENTIFY YOUR THREATS… Log’s are stepping stones to success.
AGENDA  Introduction to InfoMagnum Security Service  Logging everything  Features and possibilities  Process and implementation  Q&A
LOGGING EVERYTHING We Support below Devices and Applications Devices: - Cisco ISR, ASA, and PIX series - ISS Proventia - Fortinet - Checkpoint VPN-1 Pro and VPN-Edge Series, Firewall-1 Express - Juniper NetScreen Applications: - Windows, Linux, HPUX, AIX logs - Apache, mySQL, ftp, and more.
REASONS TO STEPIN • Detect/Prevent Unauthorized Access and insider Abuse • Meet Regulatory Requirement • Forensic Analysis and Correlation • Ensure Regulatory Compliance • Track Suspicious Behavior • IT Troubleshooting and Network Operation • Monitor User Activity • Best Practices/Frameworks such as COBIT, ISO, ITIL, etc. • Measure Application Performance • Achieve ROI or Cost Reduction in System Maintenance
BASIC FEATURES • Organizational Intelligence. • Enables analysts to rapidly generate actionable intelligence from massive amounts of continuous Syslog data. • Intuitive processes for visualizing data minimizes the time between data acquisition and analysis. • Analysts’ Advantage • Reduces the amount of time and effort to analyze in pointing problems in sets automatically. • Increase the IQ of analysts without subject matter expertise. • Provides simple visualizations for different facets of the same data, thereby replacing clutter and information overload. • Data Center foot printing and problem identification. • System Problem diagnostics and failure detection. • Cyber Threat Intelligence using system logged IP’s, url’s, dns and more atomics.
TECHNOLOGY Powered Technologies • Syslog-NG • Python - ETL • Indexing Elasticsearch or infuxDB • Algorithms – Many (Clustering, SVM, Regression) • AngularJS or Kibana. • Cyber Security threat intel. • Rediss
Anomaly detection methods a. Supervised : • Finger Printing Datacenter : identifying performance crises. • Failure Diagnostics – using decision b. Unsupervised: • Problem Identification and detection with minimal SME, Next version features: • Predictions and alerting will be implemented along with this services. DIFFERENTIATORS
STREAMING PROCESS • Syslog Platform • Device identification and topology review of logged data • Extraction of logs from syslog server to process pipeline server • Transformation at process pipeline server • Replacing/Pairing/Identify Invariants • Templatization • Parsing and pattern detection • Indexing parsed ETL for further analysis and machine learning • Applying periodic and correlation scripts to indexed data and calibration/correction the results before indexing • Representing graphs for the mentioned features
USE CASES
CHALLENGES • Lots of workload • Real-time performance monitoring metrics from many sources • Easy to identify bottlenecks • Easy to identify and co-relate any bottlenecks caused for further system performance tuning • Real-time centralized logs from many sources • Real-time suspicious & intrusion logs • Lots of Users • Many Sources of Logs
CHALLENGE #1 LOG ANALYSIS 1. The Firewall did it?  Did the Firewall Block something it shouldn’t have?  Got Bypassed !!! 2. What did the Intruder do? IDS, IPS, AX, etc.. Events 3. Phished, who clicked it? 4. What happened to the device 3Months ago? CPU NETWORK MEMORY DISK PROCESS EVENTS Integrative Scalable Administrative Secure
CHALLENGE #2 PERFORMANCE ANALYSIS HEAP MEM THREADS BUFFER CACHE NON HEAP METRICS
THANK YOU Queries arun@infomagnum.com contactus@infomagnum.com www.infomagnum.com

More Related Content

PDF
Monitoring
strikr .
 
PDF
DBOps
strikr .
 
PPTX
Dashboards, widgets, business views & 3D-data centre
ManageEngine, Zoho Corporation
 
PDF
SplunkLive! Customer Presentation - Hurricane Labs
Splunk
 
PDF
Putting the Sec into DevOps
Maytal Levi
 
PPTX
Leading American Entertainment Company implements OpManager
ManageEngine, Zoho Corporation
 
PPTX
5 ways you can strengthen and secure your network infrastructure with Firewal...
ManageEngine, Zoho Corporation
 
PPTX
5 benefits of OpManager
ManageEngine, Zoho Corporation
 
Monitoring
strikr .
 
DBOps
strikr .
 
Dashboards, widgets, business views & 3D-data centre
ManageEngine, Zoho Corporation
 
SplunkLive! Customer Presentation - Hurricane Labs
Splunk
 
Putting the Sec into DevOps
Maytal Levi
 
Leading American Entertainment Company implements OpManager
ManageEngine, Zoho Corporation
 
5 ways you can strengthen and secure your network infrastructure with Firewal...
ManageEngine, Zoho Corporation
 
5 benefits of OpManager
ManageEngine, Zoho Corporation
 

What's hot (20)

PPTX
Network fault management and IT automation training
ManageEngine, Zoho Corporation
 
PDF
Qradar as a SOC core
Mona Arkhipova
 
PPTX
Opmanager technical overview
ManageEngine, Zoho Corporation
 
PPTX
Free Netflow analyzer training - diagnosing_and_troubleshooting
ManageEngine, Zoho Corporation
 
PPTX
5 Ways NCM Can Save You From A Disaster
ManageEngine, Zoho Corporation
 
PPTX
World's Largest Space Research Organization Implements OpManager Plus
ManageEngine, Zoho Corporation
 
PDF
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Maytal Levi
 
PDF
Top-Down Approach to Monitoring
BigPanda
 
PPTX
Ransomware Attack: Best Practices to proactively prevent contain and respond
AlgoSec
 
PPTX
Server and application monitoring webinars [Applications Manager] - Part 3
ManageEngine, Zoho Corporation
 
PPTX
New OpManager v12
Inuit AB
 
PDF
Security Change Management: Agility vs. Control
AlgoSec
 
PPTX
Automating for NERC CIP-007-5-R1
Tripwire
 
PPTX
Protect & Defend Your Critical Infrastructure
Q1 Labs
 
PPTX
Global Airline giant's application performance monitoring solution!
ManageEngine, Zoho Corporation
 
PDF
6. Kepware_IIoT_Solution
Steve Lim
 
PPTX
Managing SCADA Operations and Security with Splunk Enterprise
Splunk
 
PPTX
Server and application monitoring webinars [Applications Manager] - Part 2
ManageEngine, Zoho Corporation
 
PDF
5 things you didn't know you could do with security policy management
AlgoSec
 
PPTX
Applications Performance Monitoring with Applications Manager part 1
ManageEngine, Zoho Corporation
 
Network fault management and IT automation training
ManageEngine, Zoho Corporation
 
Qradar as a SOC core
Mona Arkhipova
 
Opmanager technical overview
ManageEngine, Zoho Corporation
 
Free Netflow analyzer training - diagnosing_and_troubleshooting
ManageEngine, Zoho Corporation
 
5 Ways NCM Can Save You From A Disaster
ManageEngine, Zoho Corporation
 
World's Largest Space Research Organization Implements OpManager Plus
ManageEngine, Zoho Corporation
 
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Maytal Levi
 
Top-Down Approach to Monitoring
BigPanda
 
Ransomware Attack: Best Practices to proactively prevent contain and respond
AlgoSec
 
Server and application monitoring webinars [Applications Manager] - Part 3
ManageEngine, Zoho Corporation
 
New OpManager v12
Inuit AB
 
Security Change Management: Agility vs. Control
AlgoSec
 
Automating for NERC CIP-007-5-R1
Tripwire
 
Protect & Defend Your Critical Infrastructure
Q1 Labs
 
Global Airline giant's application performance monitoring solution!
ManageEngine, Zoho Corporation
 
6. Kepware_IIoT_Solution
Steve Lim
 
Managing SCADA Operations and Security with Splunk Enterprise
Splunk
 
Server and application monitoring webinars [Applications Manager] - Part 2
ManageEngine, Zoho Corporation
 
5 things you didn't know you could do with security policy management
AlgoSec
 
Applications Performance Monitoring with Applications Manager part 1
ManageEngine, Zoho Corporation
 
Ad

Similar to Threat intelligence solution (20)

PPT
Making Logs Sexy Again: Can We Finally Lose The Regexes?
Anton Chuvakin
 
PDF
Enterprise Security in Mainframe-Connected Environments
Precisely
 
PDF
360-Degree View of IT Infrastructure with IT Operations Analytics
Precisely
 
PDF
Wc4
Said Wali
 
PPT
Logs for Information Assurance and Forensics @ USMA
Anton Chuvakin
 
PPTX
Logs: Can’t Hate Them, Won’t Love Them: Brief Log Management Class by Anton C...
Anton Chuvakin
 
PDF
Incident response before:after breach
Sumedt Jitpukdebodin
 
PPTX
Firewall Analyzer - Middle East Workshop
ManageEngine, Zoho Corporation
 
PPTX
How to Leverage Log Data for Effective Threat Detection
AlienVault
 
DOC
Logging "BrainBox" Short Article
Anton Chuvakin
 
PPTX
Security Risk Advisors - BSides PGH 2018 - Red Team SIEM
Douglas Webster
 
PPTX
Log maintenance network securiy
Mohsin Ali
 
PPTX
ManageEngine Firewall Analyzer training
ManageEngine, Zoho Corporation
 
PPTX
IT Security: Eliminating threats with effective network & log analysis
ManageEngine, Zoho Corporation
 
PPTX
Log Standards & Future Trends by Dr. Anton Chuvakin
Anton Chuvakin
 
PDF
Logsign Forest Enterprise Solution Overview
Logsign
 
PDF
Get Mainframe Visibility to Enhance SIEM Efforts in Splunk
Precisely
 
PDF
Logging : How much is too much? Network Security Monitoring Talk @ hasgeek
vivekrajan
 
PPTX
Power of logs: practices for network security
Information Technology Society Nepal
 
ODP
Unlock Security Insight from Machine Data
Narudom Roongsiriwong, CISSP
 
Making Logs Sexy Again: Can We Finally Lose The Regexes?
Anton Chuvakin
 
Enterprise Security in Mainframe-Connected Environments
Precisely
 
360-Degree View of IT Infrastructure with IT Operations Analytics
Precisely
 
Wc4
Said Wali
 
Logs for Information Assurance and Forensics @ USMA
Anton Chuvakin
 
Logs: Can’t Hate Them, Won’t Love Them: Brief Log Management Class by Anton C...
Anton Chuvakin
 
Incident response before:after breach
Sumedt Jitpukdebodin
 
Firewall Analyzer - Middle East Workshop
ManageEngine, Zoho Corporation
 
How to Leverage Log Data for Effective Threat Detection
AlienVault
 
Logging "BrainBox" Short Article
Anton Chuvakin
 
Security Risk Advisors - BSides PGH 2018 - Red Team SIEM
Douglas Webster
 
Log maintenance network securiy
Mohsin Ali
 
ManageEngine Firewall Analyzer training
ManageEngine, Zoho Corporation
 
IT Security: Eliminating threats with effective network & log analysis
ManageEngine, Zoho Corporation
 
Log Standards & Future Trends by Dr. Anton Chuvakin
Anton Chuvakin
 
Logsign Forest Enterprise Solution Overview
Logsign
 
Get Mainframe Visibility to Enhance SIEM Efforts in Splunk
Precisely
 
Logging : How much is too much? Network Security Monitoring Talk @ hasgeek
vivekrajan
 
Power of logs: practices for network security
Information Technology Society Nepal
 
Unlock Security Insight from Machine Data
Narudom Roongsiriwong, CISSP
 
Ad

Recently uploaded (20)

PDF
Investment Risk Assessment Brief: Zacharia Ali and Associated Entities
publicrecordswatch
 
PDF
Chapter 1 - Introduction to management.pdf
ek19nguyenvuthuha
 
PPTX
Process-and-Ethics-in-Research-1.potatoi
judekimwellnombre15
 
PDF
Pollitrace pitch deck- Ai powered multiple species
abukasadiq
 
PPTX
ELS-07 Lifeskills ToT PPt-Adama (ABE).pptx
TefferiMekonnen2
 
PPT
Chap8. Product & Service Strategy and branding
ammarilistic12306
 
PDF
Budora Case Study: Building Trust in Canada’s Online Cannabis Market
Weed Delivery in Canada
 
PDF
Why Has Vertical Farming Recently Become More Economical.pdf
Skyfield Agritech
 
PPTX
Daily stand up meeting on the various business
SmitNeev
 
PPTX
Peerless Plumbing Company-Fort Worth.pptx
Peerless Plumbing Company-Fort Worth
 
PDF
Driving Innovation & Growth, Scalable Startup IT Services That Deliver Result...
Mobisoft Infotech
 
PPT
chap9.New Product Development product lifecycle.ppt
ammarilistic12306
 
PDF
Business Risk Assessment and Due Diligence Report: Zacharia Ali and Associate...
publicrecordswatch
 
PDF
4. Finance for non-financial managers.08.08.2025.pdf
Alison Humphries-Engelbrecht
 
PDF
initiate-entrepreneurship-in-healthcare-service-management-in-sierra-leone.pdf
paulallieukamara31
 
PDF
Why DevOps Teams Are Dropping Spreadsheets for Real-Time Cloud Hygiene.pdf
Sudeep Khire
 
PPTX
TimeBee vs. Toggl: Which Time Tracking Tool is Best for You?
Michael Carter
 
PPTX
ENTREPRENEURSHIP..PPT.pptx..1234567891011
AnalynCanale1
 
PDF
Meme Coin Empire- Launch, Scale & Earn $500K-Month_3.pdf
hrushi013
 
PPT
Organizational Culture and Management.ppt
shivprasadjaysi2005
 
Investment Risk Assessment Brief: Zacharia Ali and Associated Entities
publicrecordswatch
 
Chapter 1 - Introduction to management.pdf
ek19nguyenvuthuha
 
Process-and-Ethics-in-Research-1.potatoi
judekimwellnombre15
 
Pollitrace pitch deck- Ai powered multiple species
abukasadiq
 
ELS-07 Lifeskills ToT PPt-Adama (ABE).pptx
TefferiMekonnen2
 
Chap8. Product & Service Strategy and branding
ammarilistic12306
 
Budora Case Study: Building Trust in Canada’s Online Cannabis Market
Weed Delivery in Canada
 
Why Has Vertical Farming Recently Become More Economical.pdf
Skyfield Agritech
 
Daily stand up meeting on the various business
SmitNeev
 
Peerless Plumbing Company-Fort Worth.pptx
Peerless Plumbing Company-Fort Worth
 
Driving Innovation & Growth, Scalable Startup IT Services That Deliver Result...
Mobisoft Infotech
 
chap9.New Product Development product lifecycle.ppt
ammarilistic12306
 
Business Risk Assessment and Due Diligence Report: Zacharia Ali and Associate...
publicrecordswatch
 
4. Finance for non-financial managers.08.08.2025.pdf
Alison Humphries-Engelbrecht
 
initiate-entrepreneurship-in-healthcare-service-management-in-sierra-leone.pdf
paulallieukamara31
 
Why DevOps Teams Are Dropping Spreadsheets for Real-Time Cloud Hygiene.pdf
Sudeep Khire
 
TimeBee vs. Toggl: Which Time Tracking Tool is Best for You?
Michael Carter
 
ENTREPRENEURSHIP..PPT.pptx..1234567891011
AnalynCanale1
 
Meme Coin Empire- Launch, Scale & Earn $500K-Month_3.pdf
hrushi013
 
Organizational Culture and Management.ppt
shivprasadjaysi2005
 

Threat intelligence solution

  • 1. 2nd Floor, Spline Arcade, Hi-tech city, Hyderabad-500081. email: contact@infomagnum.com
  • 2. LOG ANALYTICS A SOLUTION TO IDENTIFY YOUR THREATS… Log’s are stepping stones to success.
  • 3. AGENDA  Introduction to InfoMagnum Security Service  Logging everything  Features and possibilities  Process and implementation  Q&A
  • 4. LOGGING EVERYTHING We Support below Devices and Applications Devices: - Cisco ISR, ASA, and PIX series - ISS Proventia - Fortinet - Checkpoint VPN-1 Pro and VPN-Edge Series, Firewall-1 Express - Juniper NetScreen Applications: - Windows, Linux, HPUX, AIX logs - Apache, mySQL, ftp, and more.
  • 5. REASONS TO STEPIN • Detect/Prevent Unauthorized Access and insider Abuse • Meet Regulatory Requirement • Forensic Analysis and Correlation • Ensure Regulatory Compliance • Track Suspicious Behavior • IT Troubleshooting and Network Operation • Monitor User Activity • Best Practices/Frameworks such as COBIT, ISO, ITIL, etc. • Measure Application Performance • Achieve ROI or Cost Reduction in System Maintenance
  • 6. BASIC FEATURES • Organizational Intelligence. • Enables analysts to rapidly generate actionable intelligence from massive amounts of continuous Syslog data. • Intuitive processes for visualizing data minimizes the time between data acquisition and analysis. • Analysts’ Advantage • Reduces the amount of time and effort to analyze in pointing problems in sets automatically. • Increase the IQ of analysts without subject matter expertise. • Provides simple visualizations for different facets of the same data, thereby replacing clutter and information overload. • Data Center foot printing and problem identification. • System Problem diagnostics and failure detection. • Cyber Threat Intelligence using system logged IP’s, url’s, dns and more atomics.
  • 7. TECHNOLOGY Powered Technologies • Syslog-NG • Python - ETL • Indexing Elasticsearch or infuxDB • Algorithms – Many (Clustering, SVM, Regression) • AngularJS or Kibana. • Cyber Security threat intel. • Rediss
  • 8. Anomaly detection methods a. Supervised : • Finger Printing Datacenter : identifying performance crises. • Failure Diagnostics – using decision b. Unsupervised: • Problem Identification and detection with minimal SME, Next version features: • Predictions and alerting will be implemented along with this services. DIFFERENTIATORS
  • 9. STREAMING PROCESS • Syslog Platform • Device identification and topology review of logged data • Extraction of logs from syslog server to process pipeline server • Transformation at process pipeline server • Replacing/Pairing/Identify Invariants • Templatization • Parsing and pattern detection • Indexing parsed ETL for further analysis and machine learning • Applying periodic and correlation scripts to indexed data and calibration/correction the results before indexing • Representing graphs for the mentioned features
  • 11. CHALLENGES • Lots of workload • Real-time performance monitoring metrics from many sources • Easy to identify bottlenecks • Easy to identify and co-relate any bottlenecks caused for further system performance tuning • Real-time centralized logs from many sources • Real-time suspicious & intrusion logs • Lots of Users • Many Sources of Logs
  • 12. CHALLENGE #1 LOG ANALYSIS 1. The Firewall did it?  Did the Firewall Block something it shouldn’t have?  Got Bypassed !!! 2. What did the Intruder do? IDS, IPS, AX, etc.. Events 3. Phished, who clicked it? 4. What happened to the device 3Months ago? CPU NETWORK MEMORY DISK PROCESS EVENTS Integrative Scalable Administrative Secure
  • 13. CHALLENGE #2 PERFORMANCE ANALYSIS HEAP MEM THREADS BUFFER CACHE NON HEAP METRICS