Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

From SIEM to Business processes

427 vues

Publié le

Shelestova Olesya's speech on #StartupVillage2017 #RuSIEM #RvSIEM

Publié dans : Logiciels
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

From SIEM to Business processes

  1. 1. RuSIEM Analytics From SIEM to business processes CEO, Co-founder RuSIEM Olesya Shelestova oshelestova@rusiem.com
  2. 2. Imagine: You bring a robot into the company What are the first steps you take? 2
  3. 3. Step-by-step. T-PDCA. • Teach him to "basic functions“ • Teach it to the “compound functions” • Try it in a real process • Define its tasks • Continue to "teach him" for a real process • Periodically, the necessary improvements Try on  Plan  Do  Check  Act 3
  4. 4. What the customer wants • Big red auto-button • Automation and cost reduction for processes and employees • Know everything that happens in real time • Timely prevention of incidents affecting the business • Staff wants to feel their importance in business and their careers • All important and required information should be available from a single location • Have process evaluation indicators God mode ON 4
  5. 5. Our team • Development since from 2014 • All team members have extensive experience in developing • Product architects have experience in development other SIEM • The product technology based on practical experience and the use of SIEM/LM • The product has already been successfully used in many enterprise companies 5
  6. 6. #Team 6 7 members of the current team: • 2 – php, JS, backbone • 2 – c+ STL linux • 1 – agent for windows, c#/.net • 1 – Analytics: java/scala/apps for Apache Storm • 1 – Analytic for KB (correlation rule, integrations, symptomatic, normalizations rule)
  7. 7. #Why_need_investments • The product is already ready • We have successful implementation and sales • There is already an RuSIEM Analytics working on the customer side, without cloud • In a short period of time, we were able to realize much more than large companies with large resources 7 And it really works already stably!
  8. 8. Past year Last 2 year With labor costs over < 1 month With labor costs 1-3 month All tasks 308 734 490 244 Original features > 26 > 60 16 44 Customers cases 163 207 84 123 Bugs 54 137 116 21 Bugs from customers 11 24 14 10 Successful implementation > 23 > 50 RvSIEM free version installed at customers 693 online unique installations around the world (by statistics of requested updates on 02 june 2017) 8
  9. 9. • All companies want automation: processes, employees, detect of the incidents • Existing solutions AI / ML can not work at low hardware power • As the business is tied heavily on IT - necessary processing and analysis in real time 9
  10. 10. What tasks are solved by our product • Ensuring continuity of IT infrastructure • Detection of incidents of information security • Detection of incidents affecting on business processes • Analysis of business process metrics • Interfacing units and employees through the built-in workflow • Identifying incidents without the need for correlation rules • All detection processes in real time • Increase the chance of detecting an incident through multiple sources of events • Real-time big data without a scalability limit • No cloud solution is required, limited hardware resources are used 10
  11. 11. 5+ stage of product development LM SIEM Analytics Business AnalyticsEmployee Profiling 11
  12. 12. Why need LM LM SIEM 12 Employee Profiling Business AnalyticsAnalytics LM: • Collection of states from various sources (events, surveys) • Connectors to many different systems • Event normalization (single taxonomy, key: value) • Saving to big data for further analysis and queries • Ensuring continuity of the collection and the absence of loss events
  13. 13. Why need SIEM LM SIEM 13 Employee Profiling Business AnalyticsAnalytics SIEM: • Managed Correlation for real-time Incident Detection and Prevention • Incident recording and timely notification • Proactive actions - running the script, blocking ip ... • Reports on processes, incident management, unloading of events, compliance with standards • Correlation rules help to reduce the number of false positives from Analytics
  14. 14. Analytics Analytics: Complex calculations and reports Baseline indicators Real-time analysis of multiple user-controlled algorithms Managed and user-configurable analytics Elimination of "heavy" and historical analyzes from correlation for real-time Detection of threats without the need to create many of correlation rules (by case) Provide data sets for quick access 14 LM SIEM Employee Profiling Business AnalyticsAnalytics
  15. 15. Auxiliary objectives of SIEM Analytics • Provide a quick demo to the customer • Ensure rapid implementation and successful installation • A wide range of detected incidents without correlation rules • Providing complex calculations and algorithms (back-end for correlations and reports) 15
  16. 16. Personal profiling • What is the employee's: pass, logins, access rights, email addresses, where he enters the system • Interests, queries, social pages, social circle, etc. • What systems did I enter into, what did I do • Change of activities and current activities that can affect the company and its business Pre-enrichment of the selected entities in real time from a data set that already exists in the system. 16
  17. 17. Business analytics, part 1 • Description and formalization of business processes • Assessing the impact of IT and IS components on the business process (vulnerabilities, personnel, staff actions, infrastructure errors, unauthorized actions, etc.) in real time: • Formalization and understanding of what is affected by a separate server, windows service, account • Incidents are not about IT components, but with an assessment of the impact on the business process • Continuity, process availability and information integrity • Prioritization of tasks and incidents for effective work of the units • Valuation of works, measures • Risks, their financial assessment depending on the processes 17
  18. 18. Business analytics, part 2 • Description and formalization of business processes in information systems in real time • Evaluation of business performance in real time: • Movement of financial flows, trends • Account balances • Targeting (targeted services and offers) • Customer refusals from orders on portals and their interests • The success of PR actions and news about the company / products • Assessment of trends (baseline) with the registration of bursts and deviations, violations of processes, inaccessibility of services. • If the IT component fails, notify the unavailability of the process in which it is involved. • Analysis for the purpose of stopping the service on a historical and current trend - when it is possible to carry out technical work with minimal financial and reputation losses 18
  19. 19. Needs and consumers LM SIEM Analytics Profiling BA IT IS Business units PR & Marketing Security 19
  20. 20. Sales model 20 • Sales through partners (integrators, software distributors) • Rare sales directly to key customers and partners (example: partner located in other country) • Clients: any sphere of activity of the companies in which the business depends on IT infrastructure • A solution out of the box, or an adaptation for solving customer cases (if it is not yet supported and can be scaled for other customers) • Technical support is provided by our company, or partners as the first line of support • Integration is carried out by the partners, or RuSIEM (if the partner does not have its own qualified specialists)
  21. 21. Market • Not only SIEM. SIEM is an outdated term. • Currently 15 companies have been implementing • Over 25 customers in 2017 already awaiting implementation • For 2018-2019 already planned more than 190 implementations for customers (we do not have marketing) • Our partners and customers are located: Russia, Spain, Italy, Norway, Brazil. • Over the past month, we have more than 10 customers wishing to switch from free RvSIEM to a commercial version 21
  22. 22. Thank you for attention CEO, Co-founder RuSIEM Olesya Shelestova oshelestova@rusiem.com 22
  23. 23. Why did we do LM / SIEM • Each component is a separate product • Sets of the modules - can be used as separate products for solving various tasks • Real-time analytics just require what LM / SIEM does: • Data collection from a variety of sources for comprehensive analysis • The reduction to the same type of format (key: value and taxonomy) • Interpretation to various levels of representations (machine, operator, analyst, logical connections) • Removing unnecessary data from an event • A stream of normalized events to analytics in real time 23