1 / 20

Redefining SIEM to Real Time Security Intelligence

Redefining SIEM to Real Time Security Intelligence . Terry Seymour Field Sales Account Manager Dinesh Mistry SIEM Solution Expert. About McAfee SIEM. Real time Security & Compliance Integrated SIEM & Log Management Unmatched speed and scale Unique database & application monitors

mora
Download Presentation

Redefining SIEM to Real Time Security Intelligence

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Redefining SIEM to Real Time Security Intelligence Terry Seymour Field Sales Account Manager Dinesh Mistry SIEM Solution Expert

  2. About McAfee SIEM • Real time Security & Compliance • Integrated SIEM & Log Management • Unmatched speed and scale • Unique database & application monitors • Only content aware SIEM • Certified for defense and critical infrastructure • Rapid Growth • Doubled SIEM sales in 2011 • Over 700 enterprise and government customers • Industry recognized • NIST/FIPS and Common Criteria Certified

  3. Industry Recognition April, 2011 Ranked #1 January, 2011 Best Log Mgmt “Tech of the Year”

  4. Industry Recognition April, 2011 The fastest database in the business, a truly creative front end, What more could you ask for in a SIEM? January, 2011 “An analyst’s power tool, strong SIEM capabilities in a highly configurable dashboard”

  5. Most Positive Movement of Any Vendor

  6. SIEM Magic Quadrant – 2012

  7. Key Market Segments & Customers Primary Industry Verticals and Representative Customers Government Financial Enterprise Education Energy Healthcare

  8. Nitro Security History Leading supplier of unified information security solutions that protects corporate IT networks and data with the industry’s highest performing, most cost effective integrated product suite for SIEM, log management, database activity monitoring, network analysis and intrusion prevention • Founded in 1999 by engineers from Idaho National Laboratories • Headquarters: Portsmouth, NH, R&D: Idaho Falls, Conshohocken PA • Worldwide sales, service & support, Global partner presence • Developed the NitroEDB Data Engine first! • No DBA required – Self healing closed system • 10-100 times faster than any competitor’s back-end database • Bursts to 128,000 Inserts/Retrievals Per Second, Industry fastest rate • Deployed on all NitroView system components

  9. McAfee ESM & Event Reporter McAfee ELM McAfee ESM • Unified Visibility • Correlation & Analysis • Compliance & Reporting • Policy Management • Log Management • Compliant Log Storage • McAfee Receiver • Third Party Logs • WMI, Syslog, etc… McAfee ADM McAfee DB Solutions McAfee ACE McAfee Network Solutions • Application Data Monitor • Layer 7 Decode • Full Meta-Data Collection • Database Session Monitor • Database Log Generation • Session Audit • Advanced Correlation • Risk-Based Correlation • Historical Correlation • Intrusion Detection/ Prevention • Flow Collection Application Visibility 100s of applications and 500+ document types Database Visibility Data trafficfrom leading databases Risk Scoring Detect potential threats Network Visibility Analysis of network traffic and events & flows • Asset information/context • Vulnerability Information • Which assets are most at-risk • ePO • Global Threat Intelligence • McAfee Risk Advisor • Malware, Trojans, Viruses • Exploits, Vulnerabilities • Network Flows

  10. Global Threat Intelligence File Reputation IP Reputation Web Reputation GTI Message Reputation EVENT, LOG AND COMPLIANCE RISK AWARENESS CONTENT CONTEXT GTI

  11. Situational Aware Risk Management ePO Security Data GTI Feed SIEM Event Data MFE Risk Advisor Countermeasure Analysis Actionable Security Policies

  12. McAfee Receivers DBM agent McAfee DBM McAfee ADM Integrated Database & Application Security Event correlation Incidence response VA integration User activity profiling Central policy & mgt Analysis & forensics Reporting, notification SOC/NOC Compliance DBA’s Management Monitor all OS security events - users logging in/out, access/change to Database, config files & backups McAfee ESM Block exploits and SQL Injection attacks before they reach the network core McAfee ELM Secure Segregation of Logged events for Compliance and Reporting. McAfee IPS Log local DBA console activity Full-session capture of SQL activity, db content use, db server discovery Monitor potential leakage of sensitive content via email, chat, web, P2P

  13. Sample Use Cases Content-Aware Forensics & Breach Discovery Discovering an HTTP Command and Control Spambot

  14. Content-Aware Forensics& Breach Discovery User extracts sensitive data from a SQL Server. Data access policy violation is detected - 1000 row threshold exceeded. User copies SQL results to a document and sends the sensitive data using webmail to an external address. User discusses sensitive data over IM with external user.

  15. Content-Aware Forensics & Breach Discovery User receives an email with attachment from an IP address on the GTI blacklist Potential Malware Infection HIPS agent identifies an unknown application but fails to quarantine the threat Potential Compromised Endpoint Compromised system is seen having multiple failed authentication attempts with enterprise systems. Historical analysis reveals multiple compromised hosts. Attack Proliferation

  16. Discovering an HTTP Command and Control Spambot Content-Aware SIEM Feature: Utilize the broad correlation, normalization, and content awareness capability of a Content-Aware SIEM to detect advanced security threats

  17. Discovering an HTTP Command and Control Spambot

  18. Discovering an HTTP Command and Control Spambot CorrelatedSourceEvents

More Related