SlideShare ist ein Scribd-Unternehmen logo

Next-Generation SIEM: Delivered from the Cloud

Alert Logic
Alert Logic

This document discusses the evolution of security information and event management (SIEM) systems and the challenges posed by modern threats and hybrid IT environments. It argues that traditional on-premises SIEMs are difficult to implement and maintain effectively. The document then outlines the characteristics of a next-generation, cloud-delivered SIEM that is fully managed, provides unlimited scalability, supports multiple platforms and cloud services, and incorporates continuous threat intelligence and security updates. Alert Logic is presented as an example of such a modern SIEM solution.

Technologie
1 von 15
Downloaden Sie, um offline zu lesen
NEXT-GENERATION SIEM: DELIVERED FROM THE CLOUD James Brown. Director of Cloud Computing & Solution Architecture
Before We Begin Housekeeping Speaker • Turn on your system’s sound to hear the streaming presentation • Questions? Submit them to the presenter at anytime into the question box • The presentation slides will be available to download from the attachment tab after the webinar • The webinar will be recorded and published on BrightTalk • Technical Problems? Click “Help” • James Brown • Director of Cloud Computing & Security Architecture, Alert Logic
The Evolution of Technology and Attacks T R A D I T I O N A L S I E M S The Hybrid Data Center • Cloud First/mobile First approach by many companies • Public cloud and Hybrid IT environments mainstream The Virtual Data Center • Virtualization becomes mainstream • Public clouds launch • Mobile devices proliferate The Physical Data Center • X86 server pre-dominant • Primarily on-premises • Hosting providers emerge • Cloud options being developed T H R E A T S A N D A T T A C K S Next Generation Threats • Advanced attacks • Multi-vector approach • Social engineering • Targeted recon • Long duration compromises Catalyst for Change • Proliferation of malware • Organized hacking groups • Access to information • Financial gain motivation The Early Days of Threats • Basic malware • Spray and pray • Smash-n-grab • Solo hackers • Mischief motivation EARLY 2000’s MID 2000’s 2014 & BEYOND
Today’s Attacks are Becoming More Complex • Attacks are multi-stage using multiple threat vectors • Takes organisations months to identify they have been compromised1 - 229 days on average before detection of compromise • Over two-thirds of organizations find out from a 3rd party they have been compromised2 Initial Attack Identify & Recon Comman d & Control Discover & Spread Extract & Exfiltrate The Impact • Financial loss • Harm brand and reputation • Scrutiny from regulators 1 – IDC Worldwide Security and Vulnerability Management 2014–2018 Forecast 2 – 2014 mTrends Threat Report
Why SIEMs are valuable • Security is getting to the point of information overload • Increase in an organisation’s security posture - Through visibility and situational awareness - Deployment of detective and protective controls - Data from the network, system and applications to the SIEM - Allow for complex issues to be defined, categorized and expressed in logic • The effectiveness of SIEM in detecting the pre and post comprise activity is directly related to the success of collecting data. • It is all about the data
What is a SIEM? Infrastructure (servers, etc)Hardware Software Integration Experts Threat Intelligence Correlation Rules Data sources to feed the SIEM Licensing Lots of people, Software, hardware, process Threat Intelligence Feeds Write parsers, alert and correlation rules Ongoing tuning Subscribe & incorporate Intelligence feeds Databases Review & Respond to Alerts
Do Traditional SIEMs deliver value? • The people cost was more than expected in the usage of the SIEM • Big complex applications that demanded the user not only know SIEM but be expert in understanding event sources. • Lengthy implementations • Burden of on-going operational support (configuration, tuning, etc.)
Potential Pitfalls in the Cloud • Licensing • Capabilities • Performance • Move to the Cloud • Support for DevOps • Scalability • Multiple Platforms - Different cloud providers, OS, versions
The Characteristics of a Modern SIEM • Fully managed - Infrastructure - Security content and correlation rules - Monitored 24x7 • Big data • Unlimited scale • Cloud ready • Can collect data without access to underlying cloud host infrastructure • DevOps
The Characteristics of a Modern SIEM • Configuration Management - Ex: Chef, Ansible, AWS Cloud Formation Templates • Support cloud provider data types - Ex: AWS cloud trail • Easily extensible • Not limited by domain, source, message, or event frequency or uniqueness • Automatically incorporates 3rd party watch lists • Dynamically generate watch lists based on real time data
Monitoring your Environment A L E R T L O G I C C L O U D D E F E N D E R Identify Attacks & Protect Customers Big Data Analytics Platform Threat Intelligence & Security Content 24 x 7 Monitoring & Escalation Alert Logic ActiveAnalytics Alert Logic ActiveIntelligence Alert Logic ActiveWatch Cloud, Hybrid On-Premises Customer IT Environmen t Web application events Log data Network incidents
Creating Threat Intelligence to Feed a Modern SIEM Customer Security Operations Center 24/7 INCIDENT S Honey Pot Network Flow based Forensic Analysis Malware Forensic Sandboxing Intelligence Harvesting Grid Alert Logic Threat Manager Data Alert Logic Log Manager Data Alert Logic Web Security Manager Data Alert Logic ScanWatch Data Asset Model Data Customer Business Data Security Content Applied Analytics Threat Intelligence Research INPUTS Data Sources
What You Need to Solve the SIEM Problem • Experts create and manage correlation rules that identify threats and reduce false positives • Threat researchers continuously provide content enabling detection of emerging threats • Threat coverage across the application stack delivers broad visibility and protection • It must work in a highly agile multi- platform environment. RULE CREATION & MANAGEMENT CONTINOUS THREAT RESEARCH RESULTS DELIVERED FULL STACK CORRELATION
Get Connected www.alertlogic.com @alertlogic linkedin.com/company/alert-logic alertlogic.com/resources/blog/ youtube.com/user/AlertLogicTV brighttalk.com/channel/11587 Resources All available under the “Attachments” tab of the webinar: • 451 Research Report • Outlines Alert Logic approach to SIEM • Zero Day Magazine • Weekly Threat Newsletter
Thank you.

Empfohlen

Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Alert Logic
 
Modern vs. Traditional SIEM
Modern vs. Traditional SIEM Modern vs. Traditional SIEM
Modern vs. Traditional SIEM Alert Logic
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
 
Top 5 Cloud Security Predictions for 2016
Top 5 Cloud Security Predictions for 2016 Top 5 Cloud Security Predictions for 2016
Top 5 Cloud Security Predictions for 2016 Alert Logic
 
SIEM (Security Information and Event Management)
SIEM (Security Information and Event Management)SIEM (Security Information and Event Management)
SIEM (Security Information and Event Management)Osama Ellahi
 
The Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveThe Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveAlgoSec
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
Identity intelligence: Threat-aware Identity and Access Management
Identity intelligence: Threat-aware Identity and Access ManagementIdentity intelligence: Threat-aware Identity and Access Management
Identity intelligence: Threat-aware Identity and Access ManagementProlifics
 

Empfohlen

Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Alert Logic
 
Modern vs. Traditional SIEM
Modern vs. Traditional SIEM Modern vs. Traditional SIEM
Modern vs. Traditional SIEM Alert Logic
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
 
Top 5 Cloud Security Predictions for 2016
Top 5 Cloud Security Predictions for 2016 Top 5 Cloud Security Predictions for 2016
Top 5 Cloud Security Predictions for 2016 Alert Logic
 
SIEM (Security Information and Event Management)
SIEM (Security Information and Event Management)SIEM (Security Information and Event Management)
SIEM (Security Information and Event Management)Osama Ellahi
 
The Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveThe Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveAlgoSec
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
Identity intelligence: Threat-aware Identity and Access Management
Identity intelligence: Threat-aware Identity and Access ManagementIdentity intelligence: Threat-aware Identity and Access Management
Identity intelligence: Threat-aware Identity and Access ManagementProlifics
 
Shared Security Responsibility in the AWS Public Cloud
Shared Security Responsibility in the AWS Public CloudShared Security Responsibility in the AWS Public Cloud
Shared Security Responsibility in the AWS Public CloudAlert Logic
 
Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemSBWebinars
 
2012-12-12 Seminar McAfee ESM
2012-12-12 Seminar McAfee ESM2012-12-12 Seminar McAfee ESM
2012-12-12 Seminar McAfee ESMPinewood
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhydn|u - The Open Security Community
 
Vendor Landscape: Security Information and Event Management
Vendor Landscape: Security Information and Event ManagementVendor Landscape: Security Information and Event Management
Vendor Landscape: Security Information and Event ManagementInfo-Tech Research Group
 
SIEM
SIEMSIEM
SIEMvikasraina
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextAlgoSec
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Raffael Marty
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015n|u - The Open Security Community
 
Security Information and Event Management
Security Information and Event ManagementSecurity Information and Event Management
Security Information and Event ManagementUTD Computer Security Group
 
IBM Security QFlow & Vflow
IBM Security QFlow & VflowIBM Security QFlow & Vflow
IBM Security QFlow & VflowCamilo Fandiño Gómez
 
SORT OUT YOUR SIEM
SORT OUT YOUR SIEMSORT OUT YOUR SIEM
SORT OUT YOUR SIEMSecureData Europe
 
SIEM
SIEMSIEM
SIEMNapier University
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsOWASP Delhi
 
IT Cyber Security Operations
IT Cyber Security OperationsIT Cyber Security Operations
IT Cyber Security OperationsNapier University
 
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM) LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)rver21
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
7 Reasons your existing SIEM is not enough
7 Reasons your existing SIEM is not enough7 Reasons your existing SIEM is not enough
7 Reasons your existing SIEM is not enoughCloudAccess
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM ArchitectureNishanth Kumar Pathi
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Jay Steidle
 

Weitere ähnliche Inhalte

Was ist angesagt?

Shared Security Responsibility in the AWS Public Cloud
Shared Security Responsibility in the AWS Public CloudShared Security Responsibility in the AWS Public Cloud
Shared Security Responsibility in the AWS Public CloudAlert Logic
 
Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemSBWebinars
 
2012-12-12 Seminar McAfee ESM
2012-12-12 Seminar McAfee ESM2012-12-12 Seminar McAfee ESM
2012-12-12 Seminar McAfee ESMPinewood
 
Vendor Landscape: Security Information and Event Management
Vendor Landscape: Security Information and Event ManagementVendor Landscape: Security Information and Event Management
Vendor Landscape: Security Information and Event ManagementInfo-Tech Research Group
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextAlgoSec
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Raffael Marty
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015n|u - The Open Security Community
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsOWASP Delhi
 
IT Cyber Security Operations
IT Cyber Security OperationsIT Cyber Security Operations
IT Cyber Security OperationsNapier University
 
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM) LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)rver21
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
7 Reasons your existing SIEM is not enough
7 Reasons your existing SIEM is not enough7 Reasons your existing SIEM is not enough
7 Reasons your existing SIEM is not enoughCloudAccess
 

Was ist angesagt? (20)

Shared Security Responsibility in the AWS Public Cloud
Shared Security Responsibility in the AWS Public CloudShared Security Responsibility in the AWS Public Cloud
Shared Security Responsibility in the AWS Public Cloud
 
Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against Them
 
2012-12-12 Seminar McAfee ESM
2012-12-12 Seminar McAfee ESM2012-12-12 Seminar McAfee ESM
2012-12-12 Seminar McAfee ESM
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhyd
 
Vendor Landscape: Security Information and Event Management
Vendor Landscape: Security Information and Event ManagementVendor Landscape: Security Information and Event Management
Vendor Landscape: Security Information and Event Management
 
SIEM
SIEMSIEM
SIEM
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015
 
Security Information and Event Management
Security Information and Event ManagementSecurity Information and Event Management
Security Information and Event Management
 
IBM Security QFlow & Vflow
IBM Security QFlow & VflowIBM Security QFlow & Vflow
IBM Security QFlow & Vflow
 
SORT OUT YOUR SIEM
SORT OUT YOUR SIEMSORT OUT YOUR SIEM
SORT OUT YOUR SIEM
 
SIEM
SIEMSIEM
SIEM
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur Vats
 
IT Cyber Security Operations
IT Cyber Security OperationsIT Cyber Security Operations
IT Cyber Security Operations
 
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM) LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
7 Reasons your existing SIEM is not enough
7 Reasons your existing SIEM is not enough7 Reasons your existing SIEM is not enough
7 Reasons your existing SIEM is not enough
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM Architecture
 

Andere mochten auch

Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Jay Steidle
 
White Paper: Protecting Your Cloud
White Paper: Protecting Your CloudWhite Paper: Protecting Your Cloud
White Paper: Protecting Your CloudthinkASG
 
Scaling Out With Hadoop And HBase
Scaling Out With Hadoop And HBaseScaling Out With Hadoop And HBase
Scaling Out With Hadoop And HBaseAge Mooij
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk CloudSplunk
 
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...Amazon Web Services
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardEMC
 
Attack monitoring using ElasticSearch Logstash and Kibana
Attack monitoring using ElasticSearch Logstash and KibanaAttack monitoring using ElasticSearch Logstash and Kibana
Attack monitoring using ElasticSearch Logstash and KibanaPrajal Kulkarni
 

Andere mochten auch (11)

Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
 
Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15
 
White Paper: Protecting Your Cloud
White Paper: Protecting Your CloudWhite Paper: Protecting Your Cloud
White Paper: Protecting Your Cloud
 
Scaling Out With Hadoop And HBase
Scaling Out With Hadoop And HBaseScaling Out With Hadoop And HBase
Scaling Out With Hadoop And HBase
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
 
Newbytes NullHyd
Newbytes NullHydNewbytes NullHyd
Newbytes NullHyd
 
Big data unit i
Big data unit iBig data unit i
Big data unit i
 
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
 
HP ArcSight
HP ArcSight HP ArcSight
HP ArcSight
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path Forward
 
Attack monitoring using ElasticSearch Logstash and Kibana
Attack monitoring using ElasticSearch Logstash and KibanaAttack monitoring using ElasticSearch Logstash and Kibana
Attack monitoring using ElasticSearch Logstash and Kibana
 

Ähnlich wie Next-Generation SIEM: Delivered from the Cloud

Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopMichele Chubirka
 
2015 Year to Date Security Trends
2015 Year to Date Security Trends2015 Year to Date Security Trends
2015 Year to Date Security TrendsTerra Verde
 
Cyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DayCyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DaySymantec
 
ciso-platform-annual-summit-2013-Hp enterprise security overview
ciso-platform-annual-summit-2013-Hp enterprise security overviewciso-platform-annual-summit-2013-Hp enterprise security overview
ciso-platform-annual-summit-2013-Hp enterprise security overviewPriyanka Aash
 
Cyber security within Organisations: A sneaky peak of current status, trends,...
Cyber security within Organisations: A sneaky peak of current status, trends,...Cyber security within Organisations: A sneaky peak of current status, trends,...
Cyber security within Organisations: A sneaky peak of current status, trends,...Marco Casassa Mont
 
Custom defense - Blake final
Custom defense - Blake finalCustom defense - Blake final
Custom defense - Blake finalMinh Le
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
Preparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissancePreparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissanceCloudera, Inc.
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceQualys
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Decisions
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Michele Chubirka
 
Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.AlgoSec
 
Cyber security event
Cyber security eventCyber security event
Cyber security eventTryzens
 
Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1PROIDEA
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 

Ähnlich wie Next-Generation SIEM: Delivered from the Cloud (20)

CSO CXO Series Breakfast
CSO CXO Series BreakfastCSO CXO Series Breakfast
CSO CXO Series Breakfast
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
 
2015 Year to Date Security Trends
2015 Year to Date Security Trends2015 Year to Date Security Trends
2015 Year to Date Security Trends
 
Cyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DayCyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO Day
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
ciso-platform-annual-summit-2013-Hp enterprise security overview
ciso-platform-annual-summit-2013-Hp enterprise security overviewciso-platform-annual-summit-2013-Hp enterprise security overview
ciso-platform-annual-summit-2013-Hp enterprise security overview
 
Cyber security within Organisations: A sneaky peak of current status, trends,...
Cyber security within Organisations: A sneaky peak of current status, trends,...Cyber security within Organisations: A sneaky peak of current status, trends,...
Cyber security within Organisations: A sneaky peak of current status, trends,...
 
Custom defense - Blake final
Custom defense - Blake finalCustom defense - Blake final
Custom defense - Blake final
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
Preparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissancePreparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity Renaissance
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and Compliance
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
 
Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.
 
Cyber security event
Cyber security eventCyber security event
Cyber security event
 
Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
XG Firewall
XG FirewallXG Firewall
XG Firewall
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
 

Mehr von Alert Logic

Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsAlert Logic
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Alert Logic
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and ResponseAlert Logic
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Alert Logic
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the CloudAlert Logic
 
Reducing Your Attack Surface
Reducing Your Attack SurfaceReducing Your Attack Surface
Reducing Your Attack SurfaceAlert Logic
 
Reality Check: Security in the Cloud
Reality Check: Security in the CloudReality Check: Security in the Cloud
Reality Check: Security in the CloudAlert Logic
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOpsAlert Logic
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Security Spotlight: Presidio
Security Spotlight: PresidioSecurity Spotlight: Presidio
Security Spotlight: PresidioAlert Logic
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOpsAlert Logic
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Security Spotlight: Rent-A-Center
Security Spotlight: Rent-A-CenterSecurity Spotlight: Rent-A-Center
Security Spotlight: Rent-A-CenterAlert Logic
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionAlert Logic
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOpsAlert Logic
 
Security Spotlight: Presidio
Security Spotlight: PresidioSecurity Spotlight: Presidio
Security Spotlight: PresidioAlert Logic
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the CloudAlert Logic
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionAlert Logic
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 

Mehr von Alert Logic (20)

Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and Response
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the Cloud
 
Reducing Your Attack Surface
Reducing Your Attack SurfaceReducing Your Attack Surface
Reducing Your Attack Surface
 
Reality Check: Security in the Cloud
Reality Check: Security in the CloudReality Check: Security in the Cloud
Reality Check: Security in the Cloud
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Security Spotlight: Presidio
Security Spotlight: PresidioSecurity Spotlight: Presidio
Security Spotlight: Presidio
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Security Spotlight: Rent-A-Center
Security Spotlight: Rent-A-CenterSecurity Spotlight: Rent-A-Center
Security Spotlight: Rent-A-Center
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
 
Security Spotlight: Presidio
Security Spotlight: PresidioSecurity Spotlight: Presidio
Security Spotlight: Presidio
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the Cloud
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 

Kürzlich hochgeladen

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 

Kürzlich hochgeladen (20)

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 

Next-Generation SIEM: Delivered from the Cloud

  • 1. NEXT-GENERATION SIEM: DELIVERED FROM THE CLOUD James Brown. Director of Cloud Computing & Solution Architecture
  • 2. Before We Begin Housekeeping Speaker • Turn on your system’s sound to hear the streaming presentation • Questions? Submit them to the presenter at anytime into the question box • The presentation slides will be available to download from the attachment tab after the webinar • The webinar will be recorded and published on BrightTalk • Technical Problems? Click “Help” • James Brown • Director of Cloud Computing & Security Architecture, Alert Logic
  • 3. The Evolution of Technology and Attacks T R A D I T I O N A L S I E M S The Hybrid Data Center • Cloud First/mobile First approach by many companies • Public cloud and Hybrid IT environments mainstream The Virtual Data Center • Virtualization becomes mainstream • Public clouds launch • Mobile devices proliferate The Physical Data Center • X86 server pre-dominant • Primarily on-premises • Hosting providers emerge • Cloud options being developed T H R E A T S A N D A T T A C K S Next Generation Threats • Advanced attacks • Multi-vector approach • Social engineering • Targeted recon • Long duration compromises Catalyst for Change • Proliferation of malware • Organized hacking groups • Access to information • Financial gain motivation The Early Days of Threats • Basic malware • Spray and pray • Smash-n-grab • Solo hackers • Mischief motivation EARLY 2000’s MID 2000’s 2014 & BEYOND
  • 4. Today’s Attacks are Becoming More Complex • Attacks are multi-stage using multiple threat vectors • Takes organisations months to identify they have been compromised1 - 229 days on average before detection of compromise • Over two-thirds of organizations find out from a 3rd party they have been compromised2 Initial Attack Identify & Recon Comman d & Control Discover & Spread Extract & Exfiltrate The Impact • Financial loss • Harm brand and reputation • Scrutiny from regulators 1 – IDC Worldwide Security and Vulnerability Management 2014–2018 Forecast 2 – 2014 mTrends Threat Report
  • 5. Why SIEMs are valuable • Security is getting to the point of information overload • Increase in an organisation’s security posture - Through visibility and situational awareness - Deployment of detective and protective controls - Data from the network, system and applications to the SIEM - Allow for complex issues to be defined, categorized and expressed in logic • The effectiveness of SIEM in detecting the pre and post comprise activity is directly related to the success of collecting data. • It is all about the data
  • 6. What is a SIEM? Infrastructure (servers, etc)Hardware Software Integration Experts Threat Intelligence Correlation Rules Data sources to feed the SIEM Licensing Lots of people, Software, hardware, process Threat Intelligence Feeds Write parsers, alert and correlation rules Ongoing tuning Subscribe & incorporate Intelligence feeds Databases Review & Respond to Alerts
  • 7. Do Traditional SIEMs deliver value? • The people cost was more than expected in the usage of the SIEM • Big complex applications that demanded the user not only know SIEM but be expert in understanding event sources. • Lengthy implementations • Burden of on-going operational support (configuration, tuning, etc.)
  • 8. Potential Pitfalls in the Cloud • Licensing • Capabilities • Performance • Move to the Cloud • Support for DevOps • Scalability • Multiple Platforms - Different cloud providers, OS, versions
  • 9. The Characteristics of a Modern SIEM • Fully managed - Infrastructure - Security content and correlation rules - Monitored 24x7 • Big data • Unlimited scale • Cloud ready • Can collect data without access to underlying cloud host infrastructure • DevOps
  • 10. The Characteristics of a Modern SIEM • Configuration Management - Ex: Chef, Ansible, AWS Cloud Formation Templates • Support cloud provider data types - Ex: AWS cloud trail • Easily extensible • Not limited by domain, source, message, or event frequency or uniqueness • Automatically incorporates 3rd party watch lists • Dynamically generate watch lists based on real time data
  • 11. Monitoring your Environment A L E R T L O G I C C L O U D D E F E N D E R Identify Attacks & Protect Customers Big Data Analytics Platform Threat Intelligence & Security Content 24 x 7 Monitoring & Escalation Alert Logic ActiveAnalytics Alert Logic ActiveIntelligence Alert Logic ActiveWatch Cloud, Hybrid On-Premises Customer IT Environmen t Web application events Log data Network incidents
  • 12. Creating Threat Intelligence to Feed a Modern SIEM Customer Security Operations Center 24/7 INCIDENT S Honey Pot Network Flow based Forensic Analysis Malware Forensic Sandboxing Intelligence Harvesting Grid Alert Logic Threat Manager Data Alert Logic Log Manager Data Alert Logic Web Security Manager Data Alert Logic ScanWatch Data Asset Model Data Customer Business Data Security Content Applied Analytics Threat Intelligence Research INPUTS Data Sources
  • 13. What You Need to Solve the SIEM Problem • Experts create and manage correlation rules that identify threats and reduce false positives • Threat researchers continuously provide content enabling detection of emerging threats • Threat coverage across the application stack delivers broad visibility and protection • It must work in a highly agile multi- platform environment. RULE CREATION & MANAGEMENT CONTINOUS THREAT RESEARCH RESULTS DELIVERED FULL STACK CORRELATION
  • 14. Get Connected www.alertlogic.com @alertlogic linkedin.com/company/alert-logic alertlogic.com/resources/blog/ youtube.com/user/AlertLogicTV brighttalk.com/channel/11587 Resources All available under the “Attachments” tab of the webinar: • 451 Research Report • Outlines Alert Logic approach to SIEM • Zero Day Magazine • Weekly Threat Newsletter