SlideShare une entreprise Scribd logo

SpiceWorks Webinar: Whose logs, what logs, why logs

Télécharger en tant que PPTX, PDF
AlienVault
AlienVault

Securing your environment requires an understanding of the current and evolving threat landscape as well as knowledge of network technology and system design. This session will combine lecture, demo and interactive Q/A that will highlight how to build out a security plan to defend against today’s threats. Join AlienVault for this webinar to learn: • What network, system and host data you should be collecting for the quickest path to security visibility • Best practices for network, perimeter and host monitoring • Security advantages of new AlienVault Threat Alerts coming soon to SpiceWorks

Technologie
1  sur  33
WHOSE LOGS, WHAT LOGS, WHY LOGS: YOUR QUICKEST PATH TO SECURITY VISIBILITY Tom D’Aquino Senior Security Engineer AlienVault
AGENDA The Challenge
• Getting adequate security visibility for your small or medium business The Widely Pursued Solution
• The traditional approach to Log Management/SIEM
• The cost/benefit analysis An Alternative Approach
• Who, What and Why is the key • Unified Security Management
• AlienVault’s Threat Intelligence Labs Coming Soon to SpiceWorks: AlienVault Threat Alerts
HUMANS MEET TECHNOLOGY
HUMANS MEET TECHNOLOGY Something is down? YouTube is up though.
THE WIDELY PURSUED SOLUTION The traditional approach to Log Management/SIEM: • Collect Everything • Analyze everything • Correlate everything • Store everything
BUT AT WHAT HARDWARE COST? How much storage, CPU and RAM will you need to collect, correlate and store all of this data? • High-performance storage is not cheap How effective is the automated analysis, i.e. correlation really going to be? • Correlation is CPU and memory intensive
AND AT WHAT HUMAN RESOURCE COST? How effective is your team really going to be? • Can one person realistically review 10,000 alerts in a day
IS THERE A BETTER APPROACH TO LOG MANAGEMENT? What if we took a more strategic approach by identifying the problem more effectively? Why do you need the logs? • Do you have an intended result in mind? Why
IS THERE A BETTER APPROACH TO LOG MANAGEMENT? What if we took a more strategic approach by identifying the problem more effectively? Why do you need the logs? • Do you have an intended result in mind? What logs will you need to get that result? • i.e., will authentication logs suffice? Why What
IS THERE A BETTER APPROACH TO LOG MANAGEMENT? What if we took a more strategic approach by identifying the problem more effectively? Why do you need the logs? • Do you have an intended result in mind? What logs will you need to get that result? • i.e., will authentication logs suffice? Who will the logs you collect pertain to? • Is there a specific user group/community you should be focused on? Why What Who
LET’S LOOK AT SOME EXAMPLES What log sources should you start with?
EVERYONE COLLECTS FIREWALL LOGS, RIGHT? Why do you need Firewall logs? • I need to see what is getting in to my network What logs will you need to get that result? • Firewall permit logs Who will the logs you collect pertain to? • I’m most significantly concerned with blacklisted IPs/domains
WHAT’S GETTING IN YOUR WAY? You are probably only seeing these: When you should be looking for this:
WHAT ABOUT OS LOGS? Why do you need OS logs? • I need to detect unauthorized access attempts and account lockouts What logs will you need to get that result? • OS authentication failure and account lockout logs Who will the logs you collect pertain to? • I’m most significantly concerned with admin level accounts
WHAT’S GETTING IN YOUR WAY HERE? Multiple events to indicate a single login: No login failure events to be found…
WHAT ABOUT YOUR NETWORK GEAR? Why do you need Switch/Router logs? • I need to see when someone logs in to my network gear and makes config changes What logs will you need to get that result? • Syslog data from my Routers and Switches Who will the logs you collect pertain to? • Anyone connecting to my network gear
MORE NOISE IN YOUR WAY… You may have to process 10’s of thousands of these: Just to get one or two of these:
HOW CAN ALIENVAULT HELP WITH FIREWALL LOGS? Managing Firewall logs is all about context:
HOW CAN ALIENVAULT HELP WITH OS LOGS? Use policy filters to eliminate repetitive data:
HOW CAN ALIENVAULT HELP WITH OS LOGS? Use correlation to detect mischievous activity:
HOW CAN ALIENVAULT HELP WITH DEVICE LOGS? Use policy filters to eliminate the noise:
HOW CAN ALIENVAULT HELP WITH DEVICE LOGS? Or use policy filters to explicitly include the interesting stuff:
UNIFIED SECURITY MANAGEMENT “SECURITY VISIBILITY THROUGH OPEN SOURCE INTEGRATION” Asset Discovery Threat Detection Behavioral Monitoring • • • • • • • • • Log Collection • Netflow Analysis • Service Availability Monitoring Active Network Scanning Passive Network Scanning Asset Inventory Host-based Software Inventory Network IDS Host IDS Wireless IDS File Integrity Monitoring Security Intelligence Vulnerability Assessment • Network Vulnerability Testing • SIEM Correlation • Incident Response
BENEFITS OF UNIFIED SECURITY CONTROLS Accelerated time to value • Go from install to insight quickly Reduce cost and complexity • At deployment time: Focus on integrating the infrastructure event data only • Over the long term: Manage all through the same console, better workflow, etc. More coordinated detection for accurate alarms • Built-in event correlation rules • Attacker intelligence provides more accurate correlation
UNIFYING BEST-IN-BREED TECHNOLOGY WITH SHARED INTELLIGENCE AlienVault Labs monitor, analyze, reverse engineer and report on sophisticated zero-day threats including malware, bots, phishing campaigns and more. Findings are published in the Open Threat Exchange (OTX), pushing the latest threat intelligence including correlation rules, policies, and reputation data directly to AlienVault USM. AlienVault OTX 500,000 Malware Samples Analyzed per day 100,000 Malicious IPs Validated per day 8,000+ Global Collection Points in 140+ countries > 7 Million URLs Analyzed
CROWD-SOURCED THREAT DATA IN ACTION Since March 2012, OSSIM & USM users have flagged 196 million malicious events that were contributed to the OTX database Average of ~11 million per month (365,000 a day) 25000000 20000000 15000000 10000000 50000000 0 3/1/12 4/1/12 5/1/12 6/1/12 7/1/12 8/1/12 9/1/12 10/1/12 11/1/12 12/1/12 1/1/13 2/1/13 3/1/13 4/1/13 5/1/13 6/1/13 7/1/13 8/1/13 9/1/13
ALIENVAULT THREAT ALERTS FOR SPICEWORKS SpiceHead Benefits: Identify compromised hosts in a monitored network without having to deploy Anti-Virus or any other agent Remediation advice from world’s largest crowd sourced threat intelligence database
HOW IT WORKS – THREAT MONITORING Internet Search for connections with known malicious hosts Customers’ Internal Assets In SpiceWorks
HOW IT WORKS – ALERT TRIGGERED Alert on connection with known malicious host Customers’ Internal Assets In SpiceWorks
THREAT ALERTS IN SPICEWORKS: DASHBOARD & DEVICE DETAILS PAGE AlienVault Threat Analysis for suspicious IP “SpiceWorks has found a connection with a potentially suspicious IP Address 77.240.191.89 on device tmg-mbh. “
ALIENVAULT THREAT ANALYSIS - SUMMARY
ALIENVAULT THREAT ANALYSIS - REMEDIATION
NOW FOR SOME Q&A… Follow us on SpiceWorks http://community.spiceworks.com/pages/AlienVault Join us for a LIVE Demo! http://www.alienvault.com/marketing/alienvault-usmlive-demo Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Interactive Demo Site http://www.alienvault.com/live-demo-site Questions? Ping me (Tomdaq) in the SpiceWorks community

Recommandé

How to Leverage Log Data for Effective Threat Detection
How to Leverage Log Data for Effective Threat DetectionHow to Leverage Log Data for Effective Threat Detection
How to Leverage Log Data for Effective Threat DetectionAlienVault
 
Open Source Malware Lab
Open Source Malware LabOpen Source Malware Lab
Open Source Malware LabThreatConnect
 
ATAGTR2017 Security Testing for Healthcare applications
ATAGTR2017 Security Testing for Healthcare applicationsATAGTR2017 Security Testing for Healthcare applications
ATAGTR2017 Security Testing for Healthcare applicationsAgile Testing Alliance
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Toolscentralohioissa
 
Network Forensics Backwards and Forwards
Network Forensics Backwards and ForwardsNetwork Forensics Backwards and Forwards
Network Forensics Backwards and ForwardsSavvius, Inc
 
You Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
You Suspect a Security Breach. Network Forensic Analysis Gives You the AnswersYou Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
You Suspect a Security Breach. Network Forensic Analysis Gives You the AnswersSavvius, Inc
 
Activated Charcoal - Making Sense of Endpoint Data
Activated Charcoal - Making Sense of Endpoint DataActivated Charcoal - Making Sense of Endpoint Data
Activated Charcoal - Making Sense of Endpoint DataGreg Foss
 
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...Jason Trost
 

Recommandé

How to Leverage Log Data for Effective Threat Detection
How to Leverage Log Data for Effective Threat DetectionHow to Leverage Log Data for Effective Threat Detection
How to Leverage Log Data for Effective Threat DetectionAlienVault
 
Open Source Malware Lab
Open Source Malware LabOpen Source Malware Lab
Open Source Malware LabThreatConnect
 
ATAGTR2017 Security Testing for Healthcare applications
ATAGTR2017 Security Testing for Healthcare applicationsATAGTR2017 Security Testing for Healthcare applications
ATAGTR2017 Security Testing for Healthcare applicationsAgile Testing Alliance
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Toolscentralohioissa
 
Network Forensics Backwards and Forwards
Network Forensics Backwards and ForwardsNetwork Forensics Backwards and Forwards
Network Forensics Backwards and ForwardsSavvius, Inc
 
You Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
You Suspect a Security Breach. Network Forensic Analysis Gives You the AnswersYou Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
You Suspect a Security Breach. Network Forensic Analysis Gives You the AnswersSavvius, Inc
 
Activated Charcoal - Making Sense of Endpoint Data
Activated Charcoal - Making Sense of Endpoint DataActivated Charcoal - Making Sense of Endpoint Data
Activated Charcoal - Making Sense of Endpoint DataGreg Foss
 
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...Jason Trost
 
SplunkLive! London 2016 - John Lewis
SplunkLive! London 2016 - John LewisSplunkLive! London 2016 - John Lewis
SplunkLive! London 2016 - John LewisSplunk
 
Building Security Controls around Attack Models
Building Security Controls around Attack ModelsBuilding Security Controls around Attack Models
Building Security Controls around Attack ModelsSeniorStoryteller
 
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Jason Trost
 
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghEndpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghNapier University
 
Splunk at the Bank of England
Splunk at the Bank of EnglandSplunk at the Bank of England
Splunk at the Bank of EnglandSplunk
 
Episode IV: A New Scope
Episode IV: A New ScopeEpisode IV: A New Scope
Episode IV: A New ScopeThreatConnect
 
Avoiding the Pitfalls of Hunting - BSides Charm 2016
Avoiding the Pitfalls of Hunting - BSides Charm 2016Avoiding the Pitfalls of Hunting - BSides Charm 2016
Avoiding the Pitfalls of Hunting - BSides Charm 2016Tony Cook
 
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?Michael Gough
 
Hunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsHunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsSpyglass Security
 
The Art and Science of Alert Triage
The Art and Science of Alert TriageThe Art and Science of Alert Triage
The Art and Science of Alert TriageSqrrl
 
NTXISSACSC2 - Software Security - My Other Marathon by Harold Toomey
NTXISSACSC2 - Software Security - My Other Marathon by Harold ToomeyNTXISSACSC2 - Software Security - My Other Marathon by Harold Toomey
NTXISSACSC2 - Software Security - My Other Marathon by Harold ToomeyNorth Texas Chapter of the ISSA
 
Group Health Cooperative Customer Presentation
Group Health Cooperative Customer PresentationGroup Health Cooperative Customer Presentation
Group Health Cooperative Customer PresentationSplunk
 
Shmoocon 2015 - httpscreenshot
Shmoocon 2015 - httpscreenshotShmoocon 2015 - httpscreenshot
Shmoocon 2015 - httpscreenshotjstnkndy
 
Republic Services Customer Presentation
Republic Services Customer PresentationRepublic Services Customer Presentation
Republic Services Customer PresentationSplunk
 
Modern Honey Network (MHN)
Modern Honey Network (MHN)Modern Honey Network (MHN)
Modern Honey Network (MHN)Jason Trost
 
AdvancedMD Customer Presentation
AdvancedMD Customer PresentationAdvancedMD Customer Presentation
AdvancedMD Customer PresentationSplunk
 
Dollars and Sense of Sharing Threat Intelligence
Dollars and Sense of Sharing Threat IntelligenceDollars and Sense of Sharing Threat Intelligence
Dollars and Sense of Sharing Threat IntelligenceThreatConnect
 
The Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationThe Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationNetskope
 
Modern Honey Network at Bay Area Open Source Security Hackers
Modern Honey Network at Bay Area Open Source Security HackersModern Honey Network at Bay Area Open Source Security Hackers
Modern Honey Network at Bay Area Open Source Security HackersJason Trost
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
 
Incident Response Fails
Incident Response FailsIncident Response Fails
Incident Response FailsMichael Gough
 
Security Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriSecurity Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriAtif Ghauri
 

Contenu connexe

Tendances

SplunkLive! London 2016 - John Lewis
SplunkLive! London 2016 - John LewisSplunkLive! London 2016 - John Lewis
SplunkLive! London 2016 - John LewisSplunk
 
Building Security Controls around Attack Models
Building Security Controls around Attack ModelsBuilding Security Controls around Attack Models
Building Security Controls around Attack ModelsSeniorStoryteller
 
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Jason Trost
 
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghEndpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghNapier University
 
Splunk at the Bank of England
Splunk at the Bank of EnglandSplunk at the Bank of England
Splunk at the Bank of EnglandSplunk
 
Episode IV: A New Scope
Episode IV: A New ScopeEpisode IV: A New Scope
Episode IV: A New ScopeThreatConnect
 
Avoiding the Pitfalls of Hunting - BSides Charm 2016
Avoiding the Pitfalls of Hunting - BSides Charm 2016Avoiding the Pitfalls of Hunting - BSides Charm 2016
Avoiding the Pitfalls of Hunting - BSides Charm 2016Tony Cook
 
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?Michael Gough
 
Hunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsHunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsSpyglass Security
 
The Art and Science of Alert Triage
The Art and Science of Alert TriageThe Art and Science of Alert Triage
The Art and Science of Alert TriageSqrrl
 
NTXISSACSC2 - Software Security - My Other Marathon by Harold Toomey
NTXISSACSC2 - Software Security - My Other Marathon by Harold ToomeyNTXISSACSC2 - Software Security - My Other Marathon by Harold Toomey
NTXISSACSC2 - Software Security - My Other Marathon by Harold ToomeyNorth Texas Chapter of the ISSA
 
Group Health Cooperative Customer Presentation
Group Health Cooperative Customer PresentationGroup Health Cooperative Customer Presentation
Group Health Cooperative Customer PresentationSplunk
 
Shmoocon 2015 - httpscreenshot
Shmoocon 2015 - httpscreenshotShmoocon 2015 - httpscreenshot
Shmoocon 2015 - httpscreenshotjstnkndy
 
Republic Services Customer Presentation
Republic Services Customer PresentationRepublic Services Customer Presentation
Republic Services Customer PresentationSplunk
 
Modern Honey Network (MHN)
Modern Honey Network (MHN)Modern Honey Network (MHN)
Modern Honey Network (MHN)Jason Trost
 
AdvancedMD Customer Presentation
AdvancedMD Customer PresentationAdvancedMD Customer Presentation
AdvancedMD Customer PresentationSplunk
 
Dollars and Sense of Sharing Threat Intelligence
Dollars and Sense of Sharing Threat IntelligenceDollars and Sense of Sharing Threat Intelligence
Dollars and Sense of Sharing Threat IntelligenceThreatConnect
 
The Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationThe Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationNetskope
 
Modern Honey Network at Bay Area Open Source Security Hackers
Modern Honey Network at Bay Area Open Source Security HackersModern Honey Network at Bay Area Open Source Security Hackers
Modern Honey Network at Bay Area Open Source Security HackersJason Trost
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
 

Tendances (20)

SplunkLive! London 2016 - John Lewis
SplunkLive! London 2016 - John LewisSplunkLive! London 2016 - John Lewis
SplunkLive! London 2016 - John Lewis
 
Building Security Controls around Attack Models
Building Security Controls around Attack ModelsBuilding Security Controls around Attack Models
Building Security Controls around Attack Models
 
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
 
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghEndpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
 
Splunk at the Bank of England
Splunk at the Bank of EnglandSplunk at the Bank of England
Splunk at the Bank of England
 
Episode IV: A New Scope
Episode IV: A New ScopeEpisode IV: A New Scope
Episode IV: A New Scope
 
Avoiding the Pitfalls of Hunting - BSides Charm 2016
Avoiding the Pitfalls of Hunting - BSides Charm 2016Avoiding the Pitfalls of Hunting - BSides Charm 2016
Avoiding the Pitfalls of Hunting - BSides Charm 2016
 
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
 
Hunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsHunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark Arts
 
The Art and Science of Alert Triage
The Art and Science of Alert TriageThe Art and Science of Alert Triage
The Art and Science of Alert Triage
 
NTXISSACSC2 - Software Security - My Other Marathon by Harold Toomey
NTXISSACSC2 - Software Security - My Other Marathon by Harold ToomeyNTXISSACSC2 - Software Security - My Other Marathon by Harold Toomey
NTXISSACSC2 - Software Security - My Other Marathon by Harold Toomey
 
Group Health Cooperative Customer Presentation
Group Health Cooperative Customer PresentationGroup Health Cooperative Customer Presentation
Group Health Cooperative Customer Presentation
 
Shmoocon 2015 - httpscreenshot
Shmoocon 2015 - httpscreenshotShmoocon 2015 - httpscreenshot
Shmoocon 2015 - httpscreenshot
 
Republic Services Customer Presentation
Republic Services Customer PresentationRepublic Services Customer Presentation
Republic Services Customer Presentation
 
Modern Honey Network (MHN)
Modern Honey Network (MHN)Modern Honey Network (MHN)
Modern Honey Network (MHN)
 
AdvancedMD Customer Presentation
AdvancedMD Customer PresentationAdvancedMD Customer Presentation
AdvancedMD Customer Presentation
 
Dollars and Sense of Sharing Threat Intelligence
Dollars and Sense of Sharing Threat IntelligenceDollars and Sense of Sharing Threat Intelligence
Dollars and Sense of Sharing Threat Intelligence
 
The Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationThe Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - Presentation
 
Modern Honey Network at Bay Area Open Source Security Hackers
Modern Honey Network at Bay Area Open Source Security HackersModern Honey Network at Bay Area Open Source Security Hackers
Modern Honey Network at Bay Area Open Source Security Hackers
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015
 

Similaire à SpiceWorks Webinar: Whose logs, what logs, why logs

Incident Response Fails
Incident Response FailsIncident Response Fails
Incident Response FailsMichael Gough
 
Security Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriSecurity Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriAtif Ghauri
 
Windows Incident Response is hard, but doesn't have to be
Windows Incident Response is hard, but doesn't have to beWindows Incident Response is hard, but doesn't have to be
Windows Incident Response is hard, but doesn't have to beMichael Gough
 
Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008Anton Chuvakin
 
Enterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Enterprise Logging and Log Management: Hot Topics by Dr. Anton ChuvakinEnterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Enterprise Logging and Log Management: Hot Topics by Dr. Anton ChuvakinAnton Chuvakin
 
Its Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples CounselingIts Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples CounselingAtif Ghauri
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...SaraPia5
 
The Evolution of Cybercrime
The Evolution of CybercrimeThe Evolution of Cybercrime
The Evolution of CybercrimeStephen Cobb
 
The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0Michael Gough
 
Microsegmentation from strategy to execution
Microsegmentation from strategy to executionMicrosegmentation from strategy to execution
Microsegmentation from strategy to executionAlgoSec
 
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...EC-Council
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
Information Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesInformation Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesReliaQuest
 
Monitoring - When To start (or Metrics led development)
Monitoring - When To start (or Metrics led development)Monitoring - When To start (or Metrics led development)
Monitoring - When To start (or Metrics led development)Assaf Flatto
 
When Security Tools Fail You
When Security Tools Fail YouWhen Security Tools Fail You
When Security Tools Fail YouMichael Gough
 
Nagios Conference 2014 - Scott Wilkerson - Getting Started with Nagios Networ...
Nagios Conference 2014 - Scott Wilkerson - Getting Started with Nagios Networ...Nagios Conference 2014 - Scott Wilkerson - Getting Started with Nagios Networ...
Nagios Conference 2014 - Scott Wilkerson - Getting Started with Nagios Networ...Nagios
 
Choosing Your Log Management Approach: Buy, Build or Outsource
Choosing Your Log Management Approach: Buy, Build or OutsourceChoosing Your Log Management Approach: Buy, Build or Outsource
Choosing Your Log Management Approach: Buy, Build or OutsourceAnton Chuvakin
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Decisions
 

Similaire à SpiceWorks Webinar: Whose logs, what logs, why logs (20)

Incident Response Fails
Incident Response FailsIncident Response Fails
Incident Response Fails
 
Security Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriSecurity Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif Ghauri
 
Windows Incident Response is hard, but doesn't have to be
Windows Incident Response is hard, but doesn't have to beWindows Incident Response is hard, but doesn't have to be
Windows Incident Response is hard, but doesn't have to be
 
Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008
 
Enterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Enterprise Logging and Log Management: Hot Topics by Dr. Anton ChuvakinEnterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Enterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
 
Its Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples CounselingIts Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples Counseling
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVault
 
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
 
MID_SIEM_Boubker_EN
MID_SIEM_Boubker_ENMID_SIEM_Boubker_EN
MID_SIEM_Boubker_EN
 
The Evolution of Cybercrime
The Evolution of CybercrimeThe Evolution of Cybercrime
The Evolution of Cybercrime
 
The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0
 
Microsegmentation from strategy to execution
Microsegmentation from strategy to executionMicrosegmentation from strategy to execution
Microsegmentation from strategy to execution
 
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
Information Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesInformation Security: Advanced SIEM Techniques
Information Security: Advanced SIEM Techniques
 
Monitoring - When To start (or Metrics led development)
Monitoring - When To start (or Metrics led development)Monitoring - When To start (or Metrics led development)
Monitoring - When To start (or Metrics led development)
 
When Security Tools Fail You
When Security Tools Fail YouWhen Security Tools Fail You
When Security Tools Fail You
 
Nagios Conference 2014 - Scott Wilkerson - Getting Started with Nagios Networ...
Nagios Conference 2014 - Scott Wilkerson - Getting Started with Nagios Networ...Nagios Conference 2014 - Scott Wilkerson - Getting Started with Nagios Networ...
Nagios Conference 2014 - Scott Wilkerson - Getting Started with Nagios Networ...
 
Choosing Your Log Management Approach: Buy, Build or Outsource
Choosing Your Log Management Approach: Buy, Build or OutsourceChoosing Your Log Management Approach: Buy, Build or Outsource
Choosing Your Log Management Approach: Buy, Build or Outsource
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015
 

Plus de AlienVault

Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsAlienVault
 
Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?AlienVault
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMAlienVault
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection RecommendationsAlienVault
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienVault
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideAlienVault
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmAlienVault
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuideAlienVault
 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmAlienVault
 
The State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICThe State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICAlienVault
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides finalAlienVault
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMAlienVault
 
Improve Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesImprove Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesAlienVault
 
How Malware Works
How Malware WorksHow Malware Works
How Malware WorksAlienVault
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverAlienVault
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than EverAlienVault
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAlienVault
 
Improve Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMImprove Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMAlienVault
 

Plus de AlienVault (20)

Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
 
Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USM
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection Recommendations
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworks
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's Guide
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usm
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usm
 
The State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICThe State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHIC
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides final
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
 
Improve Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesImprove Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation Directives
 
How Malware Works
How Malware WorksHow Malware Works
How Malware Works
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & Response
 
Improve Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMImprove Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USM
 

Dernier

SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 

Dernier (20)

SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 

SpiceWorks Webinar: Whose logs, what logs, why logs

  • 1. WHOSE LOGS, WHAT LOGS, WHY LOGS: YOUR QUICKEST PATH TO SECURITY VISIBILITY Tom D’Aquino Senior Security Engineer AlienVault
  • 2. AGENDA The Challenge
• Getting adequate security visibility for your small or medium business The Widely Pursued Solution
• The traditional approach to Log Management/SIEM
• The cost/benefit analysis An Alternative Approach
• Who, What and Why is the key • Unified Security Management
• AlienVault’s Threat Intelligence Labs Coming Soon to SpiceWorks: AlienVault Threat Alerts
  • 4. HUMANS MEET TECHNOLOGY Something is down? YouTube is up though.
  • 5. THE WIDELY PURSUED SOLUTION The traditional approach to Log Management/SIEM: • Collect Everything • Analyze everything • Correlate everything • Store everything
  • 6. BUT AT WHAT HARDWARE COST? How much storage, CPU and RAM will you need to collect, correlate and store all of this data? • High-performance storage is not cheap How effective is the automated analysis, i.e. correlation really going to be? • Correlation is CPU and memory intensive
  • 7. AND AT WHAT HUMAN RESOURCE COST? How effective is your team really going to be? • Can one person realistically review 10,000 alerts in a day
  • 8. IS THERE A BETTER APPROACH TO LOG MANAGEMENT? What if we took a more strategic approach by identifying the problem more effectively? Why do you need the logs? • Do you have an intended result in mind? Why
  • 9. IS THERE A BETTER APPROACH TO LOG MANAGEMENT? What if we took a more strategic approach by identifying the problem more effectively? Why do you need the logs? • Do you have an intended result in mind? What logs will you need to get that result? • i.e., will authentication logs suffice? Why What
  • 10. IS THERE A BETTER APPROACH TO LOG MANAGEMENT? What if we took a more strategic approach by identifying the problem more effectively? Why do you need the logs? • Do you have an intended result in mind? What logs will you need to get that result? • i.e., will authentication logs suffice? Who will the logs you collect pertain to? • Is there a specific user group/community you should be focused on? Why What Who
  • 11. LET’S LOOK AT SOME EXAMPLES What log sources should you start with?
  • 12. EVERYONE COLLECTS FIREWALL LOGS, RIGHT? Why do you need Firewall logs? • I need to see what is getting in to my network What logs will you need to get that result? • Firewall permit logs Who will the logs you collect pertain to? • I’m most significantly concerned with blacklisted IPs/domains
  • 13. WHAT’S GETTING IN YOUR WAY? You are probably only seeing these: When you should be looking for this:
  • 14. WHAT ABOUT OS LOGS? Why do you need OS logs? • I need to detect unauthorized access attempts and account lockouts What logs will you need to get that result? • OS authentication failure and account lockout logs Who will the logs you collect pertain to? • I’m most significantly concerned with admin level accounts
  • 15. WHAT’S GETTING IN YOUR WAY HERE? Multiple events to indicate a single login: No login failure events to be found…
  • 16. WHAT ABOUT YOUR NETWORK GEAR? Why do you need Switch/Router logs? • I need to see when someone logs in to my network gear and makes config changes What logs will you need to get that result? • Syslog data from my Routers and Switches Who will the logs you collect pertain to? • Anyone connecting to my network gear
  • 17. MORE NOISE IN YOUR WAY… You may have to process 10’s of thousands of these: Just to get one or two of these:
  • 18. HOW CAN ALIENVAULT HELP WITH FIREWALL LOGS? Managing Firewall logs is all about context:
  • 19. HOW CAN ALIENVAULT HELP WITH OS LOGS? Use policy filters to eliminate repetitive data:
  • 20. HOW CAN ALIENVAULT HELP WITH OS LOGS? Use correlation to detect mischievous activity:
  • 21. HOW CAN ALIENVAULT HELP WITH DEVICE LOGS? Use policy filters to eliminate the noise:
  • 22. HOW CAN ALIENVAULT HELP WITH DEVICE LOGS? Or use policy filters to explicitly include the interesting stuff:
  • 23. UNIFIED SECURITY MANAGEMENT “SECURITY VISIBILITY THROUGH OPEN SOURCE INTEGRATION” Asset Discovery Threat Detection Behavioral Monitoring • • • • • • • • • Log Collection • Netflow Analysis • Service Availability Monitoring Active Network Scanning Passive Network Scanning Asset Inventory Host-based Software Inventory Network IDS Host IDS Wireless IDS File Integrity Monitoring Security Intelligence Vulnerability Assessment • Network Vulnerability Testing • SIEM Correlation • Incident Response
  • 24. BENEFITS OF UNIFIED SECURITY CONTROLS Accelerated time to value • Go from install to insight quickly Reduce cost and complexity • At deployment time: Focus on integrating the infrastructure event data only • Over the long term: Manage all through the same console, better workflow, etc. More coordinated detection for accurate alarms • Built-in event correlation rules • Attacker intelligence provides more accurate correlation
  • 25. UNIFYING BEST-IN-BREED TECHNOLOGY WITH SHARED INTELLIGENCE AlienVault Labs monitor, analyze, reverse engineer and report on sophisticated zero-day threats including malware, bots, phishing campaigns and more. Findings are published in the Open Threat Exchange (OTX), pushing the latest threat intelligence including correlation rules, policies, and reputation data directly to AlienVault USM. AlienVault OTX 500,000 Malware Samples Analyzed per day 100,000 Malicious IPs Validated per day 8,000+ Global Collection Points in 140+ countries > 7 Million URLs Analyzed
  • 26. CROWD-SOURCED THREAT DATA IN ACTION Since March 2012, OSSIM & USM users have flagged 196 million malicious events that were contributed to the OTX database Average of ~11 million per month (365,000 a day) 25000000 20000000 15000000 10000000 50000000 0 3/1/12 4/1/12 5/1/12 6/1/12 7/1/12 8/1/12 9/1/12 10/1/12 11/1/12 12/1/12 1/1/13 2/1/13 3/1/13 4/1/13 5/1/13 6/1/13 7/1/13 8/1/13 9/1/13
  • 27. ALIENVAULT THREAT ALERTS FOR SPICEWORKS SpiceHead Benefits: Identify compromised hosts in a monitored network without having to deploy Anti-Virus or any other agent Remediation advice from world’s largest crowd sourced threat intelligence database
  • 28. HOW IT WORKS – THREAT MONITORING Internet Search for connections with known malicious hosts Customers’ Internal Assets In SpiceWorks
  • 29. HOW IT WORKS – ALERT TRIGGERED Alert on connection with known malicious host Customers’ Internal Assets In SpiceWorks
  • 30. THREAT ALERTS IN SPICEWORKS: DASHBOARD & DEVICE DETAILS PAGE AlienVault Threat Analysis for suspicious IP “SpiceWorks has found a connection with a potentially suspicious IP Address 77.240.191.89 on device tmg-mbh. “
  • 32. ALIENVAULT THREAT ANALYSIS - REMEDIATION
  • 33. NOW FOR SOME Q&A… Follow us on SpiceWorks http://community.spiceworks.com/pages/AlienVault Join us for a LIVE Demo! http://www.alienvault.com/marketing/alienvault-usmlive-demo Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Interactive Demo Site http://www.alienvault.com/live-demo-site Questions? Ping me (Tomdaq) in the SpiceWorks community

Notes de l'éditeur

  1. We leverage technology in our effort to simplify things but introduce new problems in the process. And sometimes the learning curve is just too steep.Articulate the challenge and how it ties in to the overall concept more clearly… express the volume of data challenge more specifically – also emphasize the human element required for making SIEM effectiveThis slide ran too long (shorten it up)Add transitions
  2. In the business world, we have people and technology coming together to try to meet the business objective and the human error factor mixes with technology error and suddenly we have a big mix of information that is difficult to manage. Sometimes honest mistakes appear to have malicious intent, while real malicious intent gets overlooked entirely.This slide ran too long (shorten it up)
  3. The traditional approach to log management says “collect logs from everything connected to the network and let some back end analysis process figure out what’s important.”So how far do we take this? Should we audit and correlate print jobs? I mean, I guess there could be a use case for identifying gross misuse of printing resources.How much value are you really getting out of all these logs?Add transitions
  4. This slide was up for too much time. Break it out to three why, what and who slides – add transitions for why, what, who
  5. This slide was up for too much time. Break it out to three why, what and who slides – add transitions for why, what, who
  6. This slide was up for too much time. Break it out to three why, what and who slides – add transitions for why, what, who
  7. This is a best practice by the way. We always recommend collecting firewall permit logs to get visibility around what is coming in to the network. If your use case were “I need to identify misconfigured systems on my network”, collecting firewall deny events would help you get there.Point out that firewall denies represent action already takenUse screenshots of the product and forego the demo…
  8. This is a best practice by the way. We always recommend collecting firewall permit logs to get visibility around what is coming in to the network. If your use case were “I need to identify misconfigured systems on my network”, collecting firewall deny events would help you get there.Point out that firewall denies represent action already takenUse screenshots of the product and forego the demo…
  9. Switches generate lots of information. A small percentage is security relevant. We have to make cognizant effort to identify the relevant information.
  10. This is also a best practice. We always recommend collecting OS audit logs to get visibility around who is accessing your assets. Paying special attention to privileged accounts is critical.Include specific references, numbers and percentages to illustrate the issue
  11. This is also a best practice. We always recommend collecting OS audit logs to get visibility around who is accessing your assets. Paying special attention to privileged accounts is critical.
  12. Switches and routers generate lots of information. A small percentage is security relevant. We have to make a cognizant effort to identify the relevant information.
  13. Switches generate lots of information. A small percentage is security relevant. We have to make cognizant effort to identify the relevant information.
  14. Switches generate lots of information. A small percentage is security relevant. We have to make cognizant effort to identify the relevant information.
  15. Switches generate lots of information. A small percentage is security relevant. We have to make cognizant effort to identify the relevant information.
  16. Switches generate lots of information. A small percentage is security relevant. We have to make cognizant effort to identify the relevant information.
  17. Switches generate lots of information. A small percentage is security relevant. We have to make cognizant effort to identify the relevant information.
  18. Switches generate lots of information. A small percentage is security relevant. We have to make cognizant effort to identify the relevant information.
  19. In fact, AlienVault offers the only unified security management solution to unify the five essential security capabilities you need for complete security visibility. This translates into rapid time to value – faster and easier audits, targeted remediation, and more seamless incident response.
  20. The AlienVault Open Threat Exchange, or OTX, compiles raw threat research from the nearly 5,500 installations of AlienVault’s unified security management technology – these are organizations who have volunteered to contribute. These installations exist across the world – in over 140 countries – and has been growing at an impressive rate. Just in the time OTX was launched in February 2012, we’ve analyzed over 7M suspicious URLs. The IP reputation data that is shared helps organizations better defend against these widespread attacks. Like we mentioned before, AlienVault believes in the power of shared intelligence and so all of this data is freely shared and accessible on our website.Researchers review and validate threat data to ensure that only the most accurate and actionable intelligence is published. The team analyzes the latest attacks, exploits, breaches, and malware strains in order to stay up-to-date with the latest threats from around the world. Understanding how the exploits work, how attacks are hidden, and what the malware is doing, is the only way to find a way to detect and protect against them. The secret to understanding what your data is trying to tell you comes from the intelligence you leverage. True visibility requires an expert team that understands the behaviors of the latest threats and helps you identify attacks, vulnerabilities, and the systems that are targeted.
  21. 196 million since March 2012 – October 2013