1 / 32

SIEM: The Tangible and Intangible ROI

SIEM: The Tangible and Intangible ROI. Trey Ackerman Director Systems Engineering, NA trey@alienvault.com. What is a SIEM?. Standard SIEM Deployment. Events. Alert. SIEM. Detection. Assessment. Discovery. Monitoring. Incident Response. Security Automation. Detection. Assessment.

kristian
Download Presentation

SIEM: The Tangible and Intangible ROI

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SIEM: The Tangible and Intangible ROI Trey Ackerman Director Systems Engineering, NA trey@alienvault.com

  2. What is a SIEM?

  3. Standard SIEM Deployment Events Alert SIEM Detection Assessment Discovery Monitoring Incident Response

  4. Security Automation Detection Assessment Discovery Monitoring Two way flow of information

  5. Security Automation: Dynamic Event Validation Vulnerability discovered • Was Attack Successful? Attack observed Any connections from the target machine to the attacker? Alert

  6. Security Automation: IR Workflow Automation Incident Response workflow automation starts with a click of a menu and provides … Service Monitoring Network Flow Analysis Full Packet Analysis Shellcode Analysis Vulnerability Assessment

  7. Security Research

  8. Start with a Robust and Powerful SIEM Platform • Analysis, Incident Management & Reporting • Event Normalization • Real-time Analysis & Correlation • Unified Management SIEM • Basic Security Events • Network • Endpoint • Compliance Logging • Forensically secured • Highly scalable (SAN/NAS) • Rich query interface

  9. Extend the Monitoring and Contextual Input • Detection Tools • IDS / IPS • Host IDS • FIM SIEM • Assessment Tools • Threats • Vulnerability • Basic Security Events • Network • Endpoint • Wireless • Discovery Tools • Identity • Assets • Monitoring Tools • Users/Data • Apps/Services

  10. Problem! Detection Tools Assessment Tools Standard SIEM Generating that data requires expensive sophisticated tools Monitoring Tools Discovery Tools Basic Security Events

  11. Solution: Unified Security Management Detection Assessment IDS/IPSWIDS HIDS/ File Integrity Vulnerability Assessment Threat Assessment Signature and anomaly based intrusion protection (Host, Network, Wireless) Vulnerability and threat assessment SIEM AlienVault SIEM Monitoring Discovery User & Data Application & Services Identity Asset Inventory Insight into availability of services, activities of users, and flow of data An inventory of all security relevant assets under management Basic Security Events

  12. Integration reduces time to visibility • Automatically inventories assets • Assesses assets for vulnerabilities • Analyzes behavior to detect intrusions • Monitors systems for disruptions • Correlates for targeted alerts • Full Visibility out of the box • Assets • Network Activity • Vulnerabilities What do I need to RIGHT NOW?

  13. There is No Security Without Visibility “You cannot fight what you cannot see.” • What is happening? • Where is it happening? • What does that mean to my business? • (Am I going to get fired?)

  14. Technology is no longer the impediment … • Licensing cost • Staff to manage the deployment • Time to make the products work together

  15. ROI for the IT Team

  16. For example, just PCI Compliance … • 1.1.2 Network map • 1.1.5 Asset Inventory • 10.7 Log management • 11.1 Wireless IDS • 11.2 Vulnerability Assessment • 11.4 Intrusion Detection System (IDS) • 11.5 File Integrity Monitoring • 12.5.2 SIEM The SIEM pulls it all together, but SIEM alone is not enough

  17. And it costs you more than just money … Estimated price based on consulting engagement for 200 node data center

  18. If you already have all of those security controls …. How long to make them SIEM Aware? Estimated price based on consulting engagement for 200 node data center

  19. Built-in security tools save money and time …

  20. ROI for the Executive Team

  21. ROI for the Executive Team

  22. Calculated Costs

  23. Calculated Costs

  24. AlienVault- Creators of Open Source SIM A Little About Us

  25. Our roots … • Focus on building-in open source security tools • Focused on unified management for a small team • Integrated controls & SIEM to reduce time to secure • Priced for protection • MSSP & Consultants • Leverage open-source to provide best value • Limited by time & resources • Founded OSSIM • Started building in best of breed open-source tools • Provided unified management capabilities

  26. AlienVault Unified Security Management Platform Over 30 essential security management tools built-in Assessment USM Asset Discovery Open source in the box with ability to integrate best of breed commercial solutions as needed

  27. Recent Headlines “A pernicious virus that infects the middleware of smart card readers is attacking users of U.S. Department of Defense (DoD) and Windows smart cards…The trojan, first identified by Alienvault Labs, appears targeted at a particular type of application” AlienVault Nabs Seven Senior HP Security Execs

  28. Security Research Additional Resources

  29. Sample Forensics Report Output • Forensic reports should include: • Incident Summary • Investigation Commenced • Investigative Steps • Forensic/Network Analysis • Document Review • Interviews • Summary of Principal Findings • Forensic AnalysisApplicable PoliciesFactual Chronology • Dates of Events • Findings & Conclusions

  30. Analysis and Research Resources • Malware Analysis Resources including: • PDF Analysis Tools • Sandbox Tools for Malware Analysis • Adobe Flash/Shockwave Analysis Tools • Online Scanner and Malware Analysis tools • http://t.co/i1p6zFRc • Nice egress testing tool: "Egress Buster" • https://www.secmaniac.com/blog/2012/02/29/new-tool-release-egress-buster-find-outbound-ports/ • 10 SQL Injection Tools For Database Pwnage • http://t.co/3kFXzLrG

  31. Thank you

More Related