SIEM Architecture
25,295 views
19 slides
Dec 14, 2015
Slide 1 of 19
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
About This Presentation
Security Incident Event Management
Real time monitoring of Servers, Network Devices.
Correlation of Events
Analysis and reporting of Security Incidents.
Threat Intelligence
Long term storage
Slide Content
SIEM Architecture
By
Nishanth Kumar Pathi
By
Nishanth Kumar Pathi
Nishanth Kumar Pathi
•Information Security Consultant
•null – moderator
•OWASP Contributor
•@nishanthkumarp
•http://nishanth.co.in
•Information Security Consultant
•null – moderator
•OWASP Contributor
•@nishanthkumarp
•http://nishanth.co.in
Typical Corporate Environment
Defense in Depth
Problem Statement
•Which events should be gathered ?
•How we manage the vast amount of logs and
information
•What and How should we parse, normalize and
time-correction ?
•How should the events be stored ?
•Identify data breach internal or external
•Mitigate cyber attacks.
•Meet Compliance Requirements.
•Which events should be gathered ?
•How we manage the vast amount of logs and
information
•What and How should we parse, normalize and
time-correction ?
•How should the events be stored ?
•Identify data breach internal or external
•Mitigate cyber attacks.
•Meet Compliance Requirements.
What is SIEM
•Security Incident Event Management
•Real time monitoring of Servers, Network
Devices.
•Correlation of Events
•Analysis and reporting of Security Incidents.
•Threat Intelligence
•Long term storage
•Security Incident Event Management
•Real time monitoring of Servers, Network
Devices.
•Correlation of Events
•Analysis and reporting of Security Incidents.
•Threat Intelligence
•Long term storage
Evolution
•SIM – System* Information Management
•SEM - Security Event Management
•NBA – Network Based Analysis
•Log Management – Log file capture & Storage
•SIEM - SIM & SEM
•SIM – System* Information Management
•SEM - Security Event Management
•NBA – Network Based Analysis
•Log Management – Log file capture & Storage
•SIEM - SIM & SEM
Features of SIEM
What it can collect ?
Work Flow
Collect data
form log
sources
Correlates
Events
Alerts Security
incidents
Generates IT
security &
compliance
reports
Archive Logs
for Forensic
Analysis
Collect data
form log
sources
Correlates
Events
Alerts Security
incidents
Generates IT
security &
compliance
reports
Archive Logs
for Forensic
Analysis
SIEM Architecture
12
12
Dashboard
Implementation
Self Hosted , Self Managed
Cloud Hosted , Self Managed
Hybrid Model , Jointly Managed
Why SIEM Implementation Fails ?
•Lack of Planning
•Faulty Deployment Strategies.
•Operational Knowledge
•Lack of Planning
•Faulty Deployment Strategies.
•Operational Knowledge
Any Questions ?
Nishanth Kumar Pathi
•Information Security Consultant
•null – moderator
•OWASP Contributor
•@nishanthkumarp
•http://nishanth.co.in
•Information Security Consultant
•null – moderator
•OWASP Contributor
•@nishanthkumarp
•http://nishanth.co.in
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 25,295
- Slides 19
- Favorites 18
- Age 3642 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
35 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
32 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
28 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views