SlideShare a Scribd company logo

Zero Visibility: Critcality of Centralized Log Management - v1

A
asherad

Presentation I gave on the importance on budgeting for a central log management solution.

Education
1 of 21
Download to read offline
“Zero Visibility” Criticality of Centralized Logging Prepared b A th P d by: Anthony Asher, CISSP, CEH A h CISSP
“Zero Visibility” Zero Visibility Criticality of Centralized Logging Quiz 1 Evolution of IT Attacks 2 Compliance Requirements 3 Potential Solutions 4
Q Quiz – #1 What is this device?
Q Quiz – #2 … and this device?
Q Quiz – Question 3 Q What do these things have in common? Geiger Counter Seismograph g p Answer: Used to detect and identify events, events so that an action plan can be followed to lower risk.
Evolution of IT Attacks •Technical Issue •Unix > 1998 •Servers •Attacks were Nuisance •Technical/Business Issue •Windows Systems 1998 - 2002 •Servers Servers •Attacks were Nuisance •Technical/Business/Legal •Applications 2002 -Now •Windows •Attacks for Money
MSRT disinfections by category, 2H05 – 2H07 y g y, PW S / K eyl ogg e rs 2H07 Root k its 2H06 Vir us 1H07 e s 1H06 T roja ns 2H05 Worm s Back door s Dow nloa d ers/ Drop pe rs millions 0 5 10 15 20
Evolution of IT Attacks (cont.)
Compliance Requirements & Penalties Regulation Data Retention Penalties Requirements Sarbanes-Oxley 5 years Fines to $5M PCI Corporate Policy p y Fines / Loss of CC GLBA 6 years Fines FISMA 3 years Fines HIPAA 6 years y $25,000 NERC 3 years TBD
Compliance Requirements 10.10.1 Audit Logging: “Audit logs recording user activities, exceptions activities exceptions, and information security & Penalties events shall be produces and kept...” 10.10.2 Monitoring System Use: “Procedures for monitoring use of i f it i f information processing ti i facilities shall be established and results reviewed.” 10.10.3 10 10 3 Protection of log information: “Logging Logging 10.10.1-5 facilities and log information shall be protected against tampering and unauthorized access.” Section 10 10.10.4 10 10 4 Administrator and operator logs: “System ISO 27001 administrator and system operator activities shall be logged.” Compliance 10.10.5 Fault Logging: “Faults shall be logged, Faults analyzed, and appropriate action taken.
Log Management Business Objectives Are A securityit Can legally Compliance policies IT admissible being Operations proof be followed? shown? Can compliance Can IT be substantiated operations be Security Forensics and gaps improved? identified? Operations
Current IT Infrastructure Average Environment: X 176
Current IT Infrastructure Average Environment: X 176 Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server S Server S Server SS Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server S Server S Server S Server S Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Se e Server Server Server Server Server Server x 17 Client Server Server Server Server Server Server Server Server Server Server Server Server Server Environments Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server
Current IT Infrastructure Average Environment: Domain Server Policy Server Server Server Logging Point Single Logging Domain g gg g “Bottom Line: Log analysis is increasing in importance for regulatory compliance and overall enterprise monitoring and security” – Paul Proctor, META Group
Future IT Infrastructure Server Server Server Policy Analysis Alerting Centralized Reporting Logging gg g Individual environments become part of a larger, enterprise wide system, with central analysis, analysis alerting and reporting. reporting
Solutions – Software Agent Agent P A t Process Server Pr ary im e S it Reports & Alerts Server S Snare Lasso Server
Solutions – Appliance Appliance Server Process P Event 560 Server Event 680 Appliance Event 681 Server
Research - Centralized Logging Research: Reviewed over fifteen products from open source to enterprise Participated in vendor enterprise. demonstrations. Research paper on portal. Communications: C i ti Participated in security consortiums initiated with consortiums, Common Tools Team, interviewed NSS Security, and discussed with NOC. Potential Solutions: Currently working to narrow solutions, and scope potential options based on Unisys requirements. Goal: Implement a centralized logging solutions to allow policy compliance, and prevent security violations by having higher visibility into security events.
Extended H@(|<5 @(| “hackers managed to steal data g from transactions that occurred between November 2003 and April 2004 “ 2004. “…install programs that gathered enormous quantities of p q personal financial data” "I suspect that a lot of p p are p people unaware that their identifying information has been compromised," U.S. Attorney Michael Sullivan
Questions?
References • Kevin Mandia – President & CEO, Mandiant • Michael Suby – Director, Stratecast • Microsoft Security Intelligence Report (July – December 2007) • LogLogic – Best Practices for Log Management. M t

Recommended

On site services flyer
On site services flyerOn site services flyer
On site services flyerkadarnell77
 
Data Protection And Disaster Recovery Overview Wine Mixer
Data Protection And Disaster Recovery Overview Wine MixerData Protection And Disaster Recovery Overview Wine Mixer
Data Protection And Disaster Recovery Overview Wine Mixermcini
 
Estimating the principal of Technical Debt - Dr. Bill Curtis - WTD '12
Estimating the principal of Technical Debt - Dr. Bill Curtis - WTD '12Estimating the principal of Technical Debt - Dr. Bill Curtis - WTD '12
Estimating the principal of Technical Debt - Dr. Bill Curtis - WTD '12OnTechnicalDebt
 
Best reviews for Nevales Networks
Best reviews for Nevales NetworksBest reviews for Nevales Networks
Best reviews for Nevales NetworksNevales Networks
 
Dwarka Forum Organizes Interaction with Candidates from Matiala Constituency
Dwarka Forum Organizes Interaction with Candidates from Matiala Constituency Dwarka Forum Organizes Interaction with Candidates from Matiala Constituency
Dwarka Forum Organizes Interaction with Candidates from Matiala Constituency Madhukar Varshney
 
Do You Straight Talk
Do You Straight TalkDo You Straight Talk
Do You Straight Talktheomarx
 
Charter of demands -From the Resident's of Dwarka,Delhi Sub city
Charter of demands -From the Resident's of Dwarka,Delhi Sub cityCharter of demands -From the Resident's of Dwarka,Delhi Sub city
Charter of demands -From the Resident's of Dwarka,Delhi Sub cityMadhukar Varshney
 
Geography of microwave survey
Geography of microwave surveyGeography of microwave survey
Geography of microwave surveyMadhukar Varshney
 

Recommended

On site services flyer
On site services flyerOn site services flyer
On site services flyerkadarnell77
 
Data Protection And Disaster Recovery Overview Wine Mixer
Data Protection And Disaster Recovery Overview Wine MixerData Protection And Disaster Recovery Overview Wine Mixer
Data Protection And Disaster Recovery Overview Wine Mixermcini
 
Estimating the principal of Technical Debt - Dr. Bill Curtis - WTD '12
Estimating the principal of Technical Debt - Dr. Bill Curtis - WTD '12Estimating the principal of Technical Debt - Dr. Bill Curtis - WTD '12
Estimating the principal of Technical Debt - Dr. Bill Curtis - WTD '12OnTechnicalDebt
 
Best reviews for Nevales Networks
Best reviews for Nevales NetworksBest reviews for Nevales Networks
Best reviews for Nevales NetworksNevales Networks
 
Dwarka Forum Organizes Interaction with Candidates from Matiala Constituency
Dwarka Forum Organizes Interaction with Candidates from Matiala Constituency Dwarka Forum Organizes Interaction with Candidates from Matiala Constituency
Dwarka Forum Organizes Interaction with Candidates from Matiala Constituency Madhukar Varshney
 
Do You Straight Talk
Do You Straight TalkDo You Straight Talk
Do You Straight Talktheomarx
 
Charter of demands -From the Resident's of Dwarka,Delhi Sub city
Charter of demands -From the Resident's of Dwarka,Delhi Sub cityCharter of demands -From the Resident's of Dwarka,Delhi Sub city
Charter of demands -From the Resident's of Dwarka,Delhi Sub cityMadhukar Varshney
 
Geography of microwave survey
Geography of microwave surveyGeography of microwave survey
Geography of microwave surveyMadhukar Varshney
 
National 2
National 2National 2
National 2filipj2000
 
Cigarette excise tax add data 04 11
Cigarette excise tax add data 04 11Cigarette excise tax add data 04 11
Cigarette excise tax add data 04 11Maine Public Health Association Tobacco Policy Subcommittee and Friends of the FHM
 
Fund for a Healthy Maine PPT, July 2011
Fund for a Healthy Maine PPT, July 2011Fund for a Healthy Maine PPT, July 2011
Fund for a Healthy Maine PPT, July 2011Maine Public Health Association Tobacco Policy Subcommittee and Friends of the FHM
 
Are we grateful enough for the colours we can see
Are we grateful enough for the colours we can seeAre we grateful enough for the colours we can see
Are we grateful enough for the colours we can seefilipj2000
 
Conte power point
Conte power pointConte power point
Conte power pointmarta
 
Using Data to Understand the Brain
Using Data to Understand the BrainUsing Data to Understand the Brain
Using Data to Understand the Brainjakehofman
 
Say Hello To Illinois - WiP
Say Hello To Illinois - WiPSay Hello To Illinois - WiP
Say Hello To Illinois - WiPSoreh
 
Foto Galería
Foto GaleríaFoto Galería
Foto GaleríaDario Santillán
 
Trial slideshow
Trial slideshowTrial slideshow
Trial slideshowkilaht805
 
08 copia de tarjeta kardex
08 copia de tarjeta kardex08 copia de tarjeta kardex
08 copia de tarjeta kardexANGIE MARCELA
 
产品早期市场推广探路实践 by XDash
产品早期市场推广探路实践 by XDash产品早期市场推广探路实践 by XDash
产品早期市场推广探路实践 by XDashZengzhangheike.com (Uther Growth Hacking Consulting)
 
Butchart gardens, canada
Butchart gardens, canadaButchart gardens, canada
Butchart gardens, canadafilipj2000
 
Niver helen
Niver helenNiver helen
Niver helenGabriel Crispim Mello
 
Russian photographers (8 18)
Russian photographers (8 18)Russian photographers (8 18)
Russian photographers (8 18)filipj2000
 
Maine Tobacco Control Timeline, 1897-2008
Maine Tobacco Control Timeline, 1897-2008Maine Tobacco Control Timeline, 1897-2008
Maine Tobacco Control Timeline, 1897-2008Maine Public Health Association Tobacco Policy Subcommittee and Friends of the FHM
 
Xay dung co so du lieu chi phi san xuat lua
Xay dung co so du lieu chi phi san xuat luaXay dung co so du lieu chi phi san xuat lua
Xay dung co so du lieu chi phi san xuat luaHo Cao Viet
 
Akropolis
AkropolisAkropolis
Akropolisfilipj2000
 
Siberian dream
Siberian dreamSiberian dream
Siberian dreamfilipj2000
 
Blogging at SinauOnline - Open Social Learning
Blogging at SinauOnline - Open Social LearningBlogging at SinauOnline - Open Social Learning
Blogging at SinauOnline - Open Social LearningSinauonline - The Passion of Learning
 
American deserts
American desertsAmerican deserts
American desertsfilipj2000
 
Implementing Distributed Novell Sentinel Environments: A Customer Case Study
Implementing Distributed Novell Sentinel Environments: A Customer Case StudyImplementing Distributed Novell Sentinel Environments: A Customer Case Study
Implementing Distributed Novell Sentinel Environments: A Customer Case StudyNovell
 
Seize the Cloud - Proven Tactics From a Successful Service Provider
Seize the Cloud - Proven Tactics From a Successful Service ProviderSeize the Cloud - Proven Tactics From a Successful Service Provider
Seize the Cloud - Proven Tactics From a Successful Service ProviderCA Nimsoft
 

More Related Content

Viewers also liked

Are we grateful enough for the colours we can see
Are we grateful enough for the colours we can seeAre we grateful enough for the colours we can see
Are we grateful enough for the colours we can seefilipj2000
 
Conte power point
Conte power pointConte power point
Conte power pointmarta
 
Using Data to Understand the Brain
Using Data to Understand the BrainUsing Data to Understand the Brain
Using Data to Understand the Brainjakehofman
 
Say Hello To Illinois - WiP
Say Hello To Illinois - WiPSay Hello To Illinois - WiP
Say Hello To Illinois - WiPSoreh
 
Trial slideshow
Trial slideshowTrial slideshow
Trial slideshowkilaht805
 
08 copia de tarjeta kardex
08 copia de tarjeta kardex08 copia de tarjeta kardex
08 copia de tarjeta kardexANGIE MARCELA
 
Butchart gardens, canada
Butchart gardens, canadaButchart gardens, canada
Butchart gardens, canadafilipj2000
 
Russian photographers (8 18)
Russian photographers (8 18)Russian photographers (8 18)
Russian photographers (8 18)filipj2000
 
Xay dung co so du lieu chi phi san xuat lua
Xay dung co so du lieu chi phi san xuat luaXay dung co so du lieu chi phi san xuat lua
Xay dung co so du lieu chi phi san xuat luaHo Cao Viet
 
Siberian dream
Siberian dreamSiberian dream
Siberian dreamfilipj2000
 
American deserts
American desertsAmerican deserts
American desertsfilipj2000
 

Viewers also liked (20)

National 2
National 2National 2
National 2
 
Cigarette excise tax add data 04 11
Cigarette excise tax add data 04 11Cigarette excise tax add data 04 11
Cigarette excise tax add data 04 11
 
Fund for a Healthy Maine PPT, July 2011
Fund for a Healthy Maine PPT, July 2011Fund for a Healthy Maine PPT, July 2011
Fund for a Healthy Maine PPT, July 2011
 
Are we grateful enough for the colours we can see
Are we grateful enough for the colours we can seeAre we grateful enough for the colours we can see
Are we grateful enough for the colours we can see
 
Conte power point
Conte power pointConte power point
Conte power point
 
Using Data to Understand the Brain
Using Data to Understand the BrainUsing Data to Understand the Brain
Using Data to Understand the Brain
 
Say Hello To Illinois - WiP
Say Hello To Illinois - WiPSay Hello To Illinois - WiP
Say Hello To Illinois - WiP
 
Foto Galería
Foto GaleríaFoto Galería
Foto Galería
 
Trial slideshow
Trial slideshowTrial slideshow
Trial slideshow
 
08 copia de tarjeta kardex
08 copia de tarjeta kardex08 copia de tarjeta kardex
08 copia de tarjeta kardex
 
产品早期市场推广探路实践 by XDash
产品早期市场推广探路实践 by XDash产品早期市场推广探路实践 by XDash
产品早期市场推广探路实践 by XDash
 
Butchart gardens, canada
Butchart gardens, canadaButchart gardens, canada
Butchart gardens, canada
 
Niver helen
Niver helenNiver helen
Niver helen
 
Russian photographers (8 18)
Russian photographers (8 18)Russian photographers (8 18)
Russian photographers (8 18)
 
Maine Tobacco Control Timeline, 1897-2008
Maine Tobacco Control Timeline, 1897-2008Maine Tobacco Control Timeline, 1897-2008
Maine Tobacco Control Timeline, 1897-2008
 
Xay dung co so du lieu chi phi san xuat lua
Xay dung co so du lieu chi phi san xuat luaXay dung co so du lieu chi phi san xuat lua
Xay dung co so du lieu chi phi san xuat lua
 
Akropolis
AkropolisAkropolis
Akropolis
 
Siberian dream
Siberian dreamSiberian dream
Siberian dream
 
Blogging at SinauOnline - Open Social Learning
Blogging at SinauOnline - Open Social LearningBlogging at SinauOnline - Open Social Learning
Blogging at SinauOnline - Open Social Learning
 
American deserts
American desertsAmerican deserts
American deserts
 

Similar to Zero Visibility: Critcality of Centralized Log Management - v1

Implementing Distributed Novell Sentinel Environments: A Customer Case Study
Implementing Distributed Novell Sentinel Environments: A Customer Case StudyImplementing Distributed Novell Sentinel Environments: A Customer Case Study
Implementing Distributed Novell Sentinel Environments: A Customer Case StudyNovell
 
Seize the Cloud - Proven Tactics From a Successful Service Provider
Seize the Cloud - Proven Tactics From a Successful Service ProviderSeize the Cloud - Proven Tactics From a Successful Service Provider
Seize the Cloud - Proven Tactics From a Successful Service ProviderCA Nimsoft
 
Penetration Testing as an auditing tool
Penetration Testing as an auditing toolPenetration Testing as an auditing tool
Penetration Testing as an auditing toolsyrinxtech
 
Cloud security and cyber security v 3.1
Cloud security and cyber security v 3.1Cloud security and cyber security v 3.1
Cloud security and cyber security v 3.1CloudExpoEurope
 
Cloud Foundry Open Tour India 2012 , Keynote
Cloud Foundry Open Tour India 2012 , KeynoteCloud Foundry Open Tour India 2012 , Keynote
Cloud Foundry Open Tour India 2012 , Keynoterajdeep
 
Osmius: Monitoring Made Easy
Osmius: Monitoring Made EasyOsmius: Monitoring Made Easy
Osmius: Monitoring Made Easyosmius
 
Uma Solução para Identificação da Causa Raiz de Problemas no Gerenciamento de...
Uma Solução para Identificação da Causa Raiz de Problemas no Gerenciamento de...Uma Solução para Identificação da Causa Raiz de Problemas no Gerenciamento de...
Uma Solução para Identificação da Causa Raiz de Problemas no Gerenciamento de...Ricardo Luis dos Santos
 
AGC - San Francisco - 2013
AGC - San Francisco - 2013AGC - San Francisco - 2013
AGC - San Francisco - 2013Seculert
 
(DVO205) Monitoring Evolution: Flying Blind to Flying by Instrument
(DVO205) Monitoring Evolution: Flying Blind to Flying by Instrument(DVO205) Monitoring Evolution: Flying Blind to Flying by Instrument
(DVO205) Monitoring Evolution: Flying Blind to Flying by InstrumentAmazon Web Services
 
Case Study: Datalink—Manage IT monitoring the MSP way
Case Study: Datalink—Manage IT monitoring the MSP wayCase Study: Datalink—Manage IT monitoring the MSP way
Case Study: Datalink—Manage IT monitoring the MSP wayCA Technologies
 
Axiros tr069-smartmicrogrid-devicemanagement
Axiros tr069-smartmicrogrid-devicemanagementAxiros tr069-smartmicrogrid-devicemanagement
Axiros tr069-smartmicrogrid-devicemanagementAxiros
 
11 Ways Microservices & Dynamic Clouds Break Your Monitoring
11 Ways Microservices & Dynamic Clouds Break Your Monitoring11 Ways Microservices & Dynamic Clouds Break Your Monitoring
11 Ways Microservices & Dynamic Clouds Break Your MonitoringAbner Germanow
 
Intel's Out of the Box Network Developers Ireland Meetup on March 29 2017 - ...
Intel's Out of the Box Network Developers Ireland Meetup on March 29 2017 - ...Intel's Out of the Box Network Developers Ireland Meetup on March 29 2017 - ...
Intel's Out of the Box Network Developers Ireland Meetup on March 29 2017 - ...Haidee McMahon
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementNovell
 
Dealing With ATT&CK's Different Levels Of Detail
Dealing With ATT&CK's Different Levels Of DetailDealing With ATT&CK's Different Levels Of Detail
Dealing With ATT&CK's Different Levels Of DetailMITRE ATT&CK
 
IBM Smarter Business 2012 - Smarta managerade övervakningstjänster baserad på...
IBM Smarter Business 2012 - Smarta managerade övervakningstjänster baserad på...IBM Smarter Business 2012 - Smarta managerade övervakningstjänster baserad på...
IBM Smarter Business 2012 - Smarta managerade övervakningstjänster baserad på...IBM Sverige
 
Pune open cloudfoundry keynote niranjan maka share
Pune open cloudfoundry keynote niranjan maka share Pune open cloudfoundry keynote niranjan maka share
Pune open cloudfoundry keynote niranjan maka share nmaka
 
WAS Support & Monitoring Tools
WAS Support & Monitoring ToolsWAS Support & Monitoring Tools
WAS Support & Monitoring ToolsRoyal Cyber Inc.
 
Cloud computing ppt
Cloud computing pptCloud computing ppt
Cloud computing pptLiza Welch
 

Similar to Zero Visibility: Critcality of Centralized Log Management - v1 (20)

Implementing Distributed Novell Sentinel Environments: A Customer Case Study
Implementing Distributed Novell Sentinel Environments: A Customer Case StudyImplementing Distributed Novell Sentinel Environments: A Customer Case Study
Implementing Distributed Novell Sentinel Environments: A Customer Case Study
 
Seize the Cloud - Proven Tactics From a Successful Service Provider
Seize the Cloud - Proven Tactics From a Successful Service ProviderSeize the Cloud - Proven Tactics From a Successful Service Provider
Seize the Cloud - Proven Tactics From a Successful Service Provider
 
Penetration Testing as an auditing tool
Penetration Testing as an auditing toolPenetration Testing as an auditing tool
Penetration Testing as an auditing tool
 
Cloud security and cyber security v 3.1
Cloud security and cyber security v 3.1Cloud security and cyber security v 3.1
Cloud security and cyber security v 3.1
 
Cloud Foundry Open Tour India 2012 , Keynote
Cloud Foundry Open Tour India 2012 , KeynoteCloud Foundry Open Tour India 2012 , Keynote
Cloud Foundry Open Tour India 2012 , Keynote
 
Osmius: Monitoring Made Easy
Osmius: Monitoring Made EasyOsmius: Monitoring Made Easy
Osmius: Monitoring Made Easy
 
Uma Solução para Identificação da Causa Raiz de Problemas no Gerenciamento de...
Uma Solução para Identificação da Causa Raiz de Problemas no Gerenciamento de...Uma Solução para Identificação da Causa Raiz de Problemas no Gerenciamento de...
Uma Solução para Identificação da Causa Raiz de Problemas no Gerenciamento de...
 
AGC - San Francisco - 2013
AGC - San Francisco - 2013AGC - San Francisco - 2013
AGC - San Francisco - 2013
 
(DVO205) Monitoring Evolution: Flying Blind to Flying by Instrument
(DVO205) Monitoring Evolution: Flying Blind to Flying by Instrument(DVO205) Monitoring Evolution: Flying Blind to Flying by Instrument
(DVO205) Monitoring Evolution: Flying Blind to Flying by Instrument
 
Uss Overview Adira
Uss Overview AdiraUss Overview Adira
Uss Overview Adira
 
Case Study: Datalink—Manage IT monitoring the MSP way
Case Study: Datalink—Manage IT monitoring the MSP wayCase Study: Datalink—Manage IT monitoring the MSP way
Case Study: Datalink—Manage IT monitoring the MSP way
 
Axiros tr069-smartmicrogrid-devicemanagement
Axiros tr069-smartmicrogrid-devicemanagementAxiros tr069-smartmicrogrid-devicemanagement
Axiros tr069-smartmicrogrid-devicemanagement
 
11 Ways Microservices & Dynamic Clouds Break Your Monitoring
11 Ways Microservices & Dynamic Clouds Break Your Monitoring11 Ways Microservices & Dynamic Clouds Break Your Monitoring
11 Ways Microservices & Dynamic Clouds Break Your Monitoring
 
Intel's Out of the Box Network Developers Ireland Meetup on March 29 2017 - ...
Intel's Out of the Box Network Developers Ireland Meetup on March 29 2017 - ...Intel's Out of the Box Network Developers Ireland Meetup on March 29 2017 - ...
Intel's Out of the Box Network Developers Ireland Meetup on March 29 2017 - ...
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log Management
 
Dealing With ATT&CK's Different Levels Of Detail
Dealing With ATT&CK's Different Levels Of DetailDealing With ATT&CK's Different Levels Of Detail
Dealing With ATT&CK's Different Levels Of Detail
 
IBM Smarter Business 2012 - Smarta managerade övervakningstjänster baserad på...
IBM Smarter Business 2012 - Smarta managerade övervakningstjänster baserad på...IBM Smarter Business 2012 - Smarta managerade övervakningstjänster baserad på...
IBM Smarter Business 2012 - Smarta managerade övervakningstjänster baserad på...
 
Pune open cloudfoundry keynote niranjan maka share
Pune open cloudfoundry keynote niranjan maka share Pune open cloudfoundry keynote niranjan maka share
Pune open cloudfoundry keynote niranjan maka share
 
WAS Support & Monitoring Tools
WAS Support & Monitoring ToolsWAS Support & Monitoring Tools
WAS Support & Monitoring Tools
 
Cloud computing ppt
Cloud computing pptCloud computing ppt
Cloud computing ppt
 

Recently uploaded

Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 

Recently uploaded (20)

Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 

Zero Visibility: Critcality of Centralized Log Management - v1

  • 1. “Zero Visibility” Criticality of Centralized Logging Prepared b A th P d by: Anthony Asher, CISSP, CEH A h CISSP
  • 2. “Zero Visibility” Zero Visibility Criticality of Centralized Logging Quiz 1 Evolution of IT Attacks 2 Compliance Requirements 3 Potential Solutions 4
  • 3. Q Quiz – #1 What is this device?
  • 4. Q Quiz – #2 … and this device?
  • 5. Q Quiz – Question 3 Q What do these things have in common? Geiger Counter Seismograph g p Answer: Used to detect and identify events, events so that an action plan can be followed to lower risk.
  • 6. Evolution of IT Attacks •Technical Issue •Unix > 1998 •Servers •Attacks were Nuisance •Technical/Business Issue •Windows Systems 1998 - 2002 •Servers Servers •Attacks were Nuisance •Technical/Business/Legal •Applications 2002 -Now •Windows •Attacks for Money
  • 7. MSRT disinfections by category, 2H05 – 2H07 y g y, PW S / K eyl ogg e rs 2H07 Root k its 2H06 Vir us 1H07 e s 1H06 T roja ns 2H05 Worm s Back door s Dow nloa d ers/ Drop pe rs millions 0 5 10 15 20
  • 8. Evolution of IT Attacks (cont.)
  • 9. Compliance Requirements & Penalties Regulation Data Retention Penalties Requirements Sarbanes-Oxley 5 years Fines to $5M PCI Corporate Policy p y Fines / Loss of CC GLBA 6 years Fines FISMA 3 years Fines HIPAA 6 years y $25,000 NERC 3 years TBD
  • 10. Compliance Requirements 10.10.1 Audit Logging: “Audit logs recording user activities, exceptions activities exceptions, and information security & Penalties events shall be produces and kept...” 10.10.2 Monitoring System Use: “Procedures for monitoring use of i f it i f information processing ti i facilities shall be established and results reviewed.” 10.10.3 10 10 3 Protection of log information: “Logging Logging 10.10.1-5 facilities and log information shall be protected against tampering and unauthorized access.” Section 10 10.10.4 10 10 4 Administrator and operator logs: “System ISO 27001 administrator and system operator activities shall be logged.” Compliance 10.10.5 Fault Logging: “Faults shall be logged, Faults analyzed, and appropriate action taken.
  • 11. Log Management Business Objectives Are A securityit Can legally Compliance policies IT admissible being Operations proof be followed? shown? Can compliance Can IT be substantiated operations be Security Forensics and gaps improved? identified? Operations
  • 12. Current IT Infrastructure Average Environment: X 176
  • 13. Current IT Infrastructure Average Environment: X 176 Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server S Server S Server SS Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server S Server S Server S Server S Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Se e Server Server Server Server Server Server x 17 Client Server Server Server Server Server Server Server Server Server Server Server Server Server Environments Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server
  • 14. Current IT Infrastructure Average Environment: Domain Server Policy Server Server Server Logging Point Single Logging Domain g gg g “Bottom Line: Log analysis is increasing in importance for regulatory compliance and overall enterprise monitoring and security” – Paul Proctor, META Group
  • 15. Future IT Infrastructure Server Server Server Policy Analysis Alerting Centralized Reporting Logging gg g Individual environments become part of a larger, enterprise wide system, with central analysis, analysis alerting and reporting. reporting
  • 16. Solutions – Software Agent Agent P A t Process Server Pr ary im e S it Reports & Alerts Server S Snare Lasso Server
  • 17. Solutions – Appliance Appliance Server Process P Event 560 Server Event 680 Appliance Event 681 Server
  • 18. Research - Centralized Logging Research: Reviewed over fifteen products from open source to enterprise Participated in vendor enterprise. demonstrations. Research paper on portal. Communications: C i ti Participated in security consortiums initiated with consortiums, Common Tools Team, interviewed NSS Security, and discussed with NOC. Potential Solutions: Currently working to narrow solutions, and scope potential options based on Unisys requirements. Goal: Implement a centralized logging solutions to allow policy compliance, and prevent security violations by having higher visibility into security events.
  • 19. Extended H@(|<5 @(| “hackers managed to steal data g from transactions that occurred between November 2003 and April 2004 “ 2004. “…install programs that gathered enormous quantities of p q personal financial data” "I suspect that a lot of p p are p people unaware that their identifying information has been compromised," U.S. Attorney Michael Sullivan
  • 21. References • Kevin Mandia – President & CEO, Mandiant • Michael Suby – Director, Stratecast • Microsoft Security Intelligence Report (July – December 2007) • LogLogic – Best Practices for Log Management. M t