6. BalaBit IT Security
āThe syslog-ng companyā
ā¢ 2011 revenue: $10.3 M (35% annual growth)
ā¢ Number of employees: 120
ā¢ Number of customers - global:
ā commercial customers: 800
ā open source users: 850.000
ā¢ 12 years experience in IT Security
ā¢ Global partner network, 80+ partners in 30+ countries
ā¢ Awarded to Deloitte Technology Fast 500 and Fast 50 Lists (2010)
7. syslog-ng Description
ā¢ IT environments constantly generate
important data in log messages
ā¢ syslog-ng
ā¢ Collects
ā¢ Filters
ā¢ Classifies
ā¢ Normalizes
ā¢ Stores
ā¢ Transfers
ā¢ syslog-ng is not a log analysis tool but it is
essential to analysis
8
8. Product Family
ā¢ syslog-ng Open Source Edition
ā¢ Leader since 1998, de facto standard in 2001
ā¢ Large, world-wide community
ā¢ syslog-ng Premium Edition
ā¢ Commercial version
ā¢ Additional features
ā¢ Professional support
ā¢ syslog-ng Store Box
ā¢ Turnkey appliance
ā¢ Index, search, reporting
ā¢ Professional support
9
9. syslog-ng Open Source Edition
ā¢ Key Features
ā¢ Flexible message filtering and re-writing
ā¢ Pattern-based classification
ā¢ Secure log transfer via SSL/TLS
ā¢ Flow-control ā adaptive message rate control
ā¢ High speed processing > 650k/sec
ā¢ Community
ā¢ 100,000s of users worldwide
ā¢ Well know by system admins
ā¢ Included in 3rd party devices
ā¢ Custom add-ons
10
10. syslog-ng Premium Edition
ā¢ Additional Features
ā¢ Zero Message Loss
ā¢ Reliable Log Transfer Protocol (RLTP)
ā¢ Client side failover
ā¢ Disk buffer
ā¢ Encrypted log storage
ā¢ SQL source and destination support
ā¢ Windows support
ā¢ Support for more than 50 server
platforms
ā¢ Professional Support
11
12. Logging is not enoughā¦
1. Several security events are not logged!
The User Monitoring āPyramidā
2. Logs typically do not show what was done.
3. Logs often show only obscure techn. details.
Activity Records -
security camera
System logs -
snapshots
13. Key questions to answerā¦
Can you ensure the accountability of your IT staff?
Can you monitor the actions of your āsuperusersā?
Can you reliably control your outsourcing partners?
Do you really know āwho access whatā on servers?
Can you conduct quick and cheap audits at your company?
Can you present bullet-proof evidence in legal proceedings?
Are you sure youād pass audits concerning user monitoring?
14. IT Staff
Privileged Activity Monitoring
by Shell Control Box
Outsourcing
partners
Managers
ā¢ Firewall,
VDI users
ā¢ Network devices,
ā¢ Databases,
ā¢ Web/file servers,
ā¢ Citrix serverā¦
15. Privileged Activity Monitoring by
BalaBit Shell Control Box
Shell Control Box (SCB) is an
appliance that controls privileged
access to remote systems and
records the activities into searchable
and re-playable movie-like audit
trails.
16. Access Control
Security & compliance benefits:
ā¢ Central access control gateway
ā¢ Multi-protocol support - SSH,
RDP, VNC, Telnet, Citrix, etc.
ā¢ Sub-channel control
(e.g. file transfer)
ā¢ Access by time policy
ā¢ 4-eyes authorization
ā¢ Real-time access monitoring
Key Benefit: GRANULAR ACCESS POLICY ENFORCEMENT!
17. Real-time alerting (& blocking)
Security & compliance benefits:
ā¢ Alerts for monitoring tools
ā¢ Alerts for supervisors
Coming in :
ā¢ Terminates session if risky action
ā¢ Risky actions are customizable
(e.g. failed login, program execution,
credit card numberā¦)
Key Benefit: IMMIDIATE REACTION ON CRITICAL EVENTS!
20. Conclusion
Benefits for business
Faster ROI
ā¢ Faster and higher quality audits
ā¢ Lower troubleshooting and forensics costs
ā¢ Centralized authentication & access control
ā¢ Complete solution for user monitoring
Lower risk
ā¢ Improved regulatory and industry compliance
ā¢ Better employee/partner control
ā¢ Improved accountability of staff
ā¢ Bullet-proof evidence in legal proceedings
ā¢ Setting technical and psychological barrier
21. Thank you for your attention!
GĆ”bor ParĆ³czi
Sales Manager
gabor.paroczi@balabit.com
25