Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (7)
Similar to EventLog Analyzer - Product overview
Similar to EventLog Analyzer - Product overview (20)
Recently uploaded
Recently uploaded (20)
EventLog Analyzer - Product overview
- 1. Click to edit Master title style Log Management and Compliance Reporting for SIEM
- 2. 2 About ManageEngine EventLog Analyzer – An Intro Why EventLog Analyzer (ELA)? The problems it solves Few use cases Product Uniqueness Customer Speaks Summary AGENDA
- 3. 3 ManageEngine IT Management Software division of Zoho Corporation Established in 2002 ManageEngine covers the complete gamut of IT solutions 21 Products | 20 Free tools | 2 SAAS offerings Trusted by over 72,000 customers across 200+ countries 3 out of every 5 Fortune 500 companies are ManageEngine customers Introduction
- 4. 4 Introduction – ManageEngine IT Security solutions • EventLog Analyzer – Log Management and Compliance Reporting for SIEM • AD Audit Plus – AD Auditing and Reporting • Security Manager Plus – Vulnerability assessment and patching • Firewall Analyzer – Periphery Devices Management • DeviceExpert – Network Configuration & Security Management • Password Manager Pro – Identity access and Password Management • Desktop Central – Desktop and Mobile Device Management Servers and Applications Security Mgmt. Periphery devices, Network Devices Mgmt. Password Management Desktop and Mobile Management
- 5. 5 Information Security threats are increasing both in sophistication and frequency across the world. Protecting data against internal and external security threats has become essential. Why need a SIEM solution? Source: Infosecurity-magazine.com, Mcafee.com & Foxbusiness.com
- 6. 6 Centralizing Logs across IT sources helps Audit IT performance and security Safeguard your network from security breaches Achieve operational efficiency Conduct forensic analysis/ root cause analysis Stay compliant with statutory requirements Why need a Log Management & SIEM solution? Auditing is an integral part of IT security
- 7. 7 EventLog Analyzer – An Intro Log Management & Compliance Reporting software for SIEM Collect data form log sources Correlates Events Alerts Security incidents Generates IT security & compliance reports Archive Logs for Forensic Analysis
- 8. 8 Supported Log Sources • Servers (Physical/ Virtual)– Microsoft Windows, VMware ESX/ ESXi, Linux, HP US, IBM AIX, Solaris & Any Unix flavor host • Network Sources – Routers, Switches, Firewalls & Any Syslog sources • Applications – MS SQL, IIS (FTP, File Server), Print Server, MS Exchange, Java, Apache, .Net, Oracle, MySQL & other human readable formats (ULPI*) Out-of-the-box Compliance Reports • PCI DSS, FISMA, HIPAA, SOX, GLBA – Ability to customize reports as you need • Create new compliance reports – Viz. ISO 27001, NERC-CIP& more Real-time Event correlation • 50+ out-of-the-box correlation rules • Real-time alerts and reports to proactively manage threats • Customize rules to meet internal security policies • Better insights to security incidents with Intuitive Dashboards File Integrity Monitoring • Know what was accessed/created/modified, who accessed/created/modified when, was it accessed/created/modified & more… Log Archival & Security • Encryption & Time Stamping – Tamper-proof archival, AES encryption • User Authentication – Active Directory and RADIUS EventLog Analyzer – An Intro
- 9. 9 The IT office Grants permission to IT assets and services for employees, consultants and contractors. Inadvertently few new administrators created users with administrator privileges. Result Few tech savvy consultants started misusing the privileges to access critical government documents, which wasn’t under their purview. The espionage was caught by real-time security alerts Privilege User Access | New user creation| Object access | Audit policy changes | Audit logs cleared The problem ELA solves – Audit: Use case 1 A government organization 2700+ employees statewide Real-time alerts – Internal Security Threat
- 10. 10 The IT office One of the drive connected to Exchange server was likely to be affected by a RAID failure and kept logging the event at ‘System’ entries. Impact of Failure If these log entries were left unnoticed for few more days, all the RAID would get affected due to excessive workload. Email service would have been down for 2 days at least, since the vendor shipment has to reach the datacenter. Real-time security alerts/ remediation EventLog Analyzer alerted the administrator about the likely failure of RAID. IT team placed an order with Vendor for RAID replacement, which took 2 days for shipping. Temporary load balancing was arranged for mail server. Decision to upgrade the physical hardware of their MS Exchange server was made immediately and necessary PO were processed. The problem ELA solves – Audit: Use case 2 A Leading real-estate service co. 23,000+ employees worldwide Prevention – Aiding IT Operations
- 11. 11 The IT office Had their corporate blogs hosted in Amazon Web Server, running WordPress installation. No security monitoring was done, except regular content back-up. Result A professional hacker used the default admin user name and hacked into the blogs after 300+ login attempts in 3 days span and added all spam contents as comments. After implementing ManageEngine solution Configured log-in failures notification along with the user name. Configured to run-a-script in the event of such security incidents to block the user name and mail the admin after 3 consecutive login failure attempts. The problem ELA solves – Audit: Use case 3 An online media company 300+ employees Alert & Prevention – External Security Threat
- 12. 12 Universal Log Parsing and Indexing. Processes any human readable log formats, generate patterns for indexing, alerting and reporting Import logs automatically on specified time intervals or on demand. EventLog Analyzer – Uniqueness
- 13. 13 Powerful Search Helps conduct root cause analysis and generate forensic reports in minutes. Tag complex search queries for quick reference Search using Wild-cards, Phrases and Boolean operators EventLog Analyzer – Uniqueness
- 14. 14 Real-time security alerts Generates alerts when suspicious activities occur on the network Exclusive reports for Privileged User access information. Notifications are send in real- time via Email and SMS EventLog Analyzer – Uniqueness
- 15. 15 Secure log archiving Archive for custom period Tamper-proof data storage with encryption and time stamping Load archived data to the product at anytime to generate compliance reports, conduct forensic analysis and audit. EventLog Analyzer – Uniqueness
- 16. 16 Easy to use and affordable Intuitive GUI Easy of deploy & maintenance Lesser datacenter footprints Affordable – 100 Hosts premium edition cost $3195 annual (Pricing starts at $795 for 25 hosts). EventLog Analyzer – Uniqueness
- 17. 17 5,000+ customers across 110+ countries
- 18. 18 EventLog Analyzer (ELA) is a comprehensive log management and compliance reporting software for SIEM. ELA helps Safeguard your network from security breaches with real-time alerts Achieve operational efficiency by collecting and centralizing log data across IT resources Conduct forensic analysis, root cause analysis & helps generate IT audit reports Stay compliant with statutory requirements out-of-the box for PCI DSS, FISMA, HIPAA, SOX, GLBA & more… Easy to deploy, use and maintain Affordable A part of ManageEngine’s IT management solutions. Summary
- 19. 19 Thank you Support: eventlog-support@manageengine.com Sales: sales@manageengine.com
Editor's Notes
- Sources: http://www.infosecurity-magazine.com/view/28920/us-considers-preemptive-action-to-prevent-cyber-pearl-harbor- http://www.mcafee.com/us/resources/reports/rp-threat-predictions-2013.pdf http://www.foxbusiness.com/technology/2013/03/12/as-cyber-threats-mount-business-is-booming-in-security-world/