Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Fernando Imperiale - Security Intelligence para PYMES

118 Aufrufe

Veröffentlicht am

  • Login to see the comments

  • Gehören Sie zu den Ersten, denen das gefällt!

Fernando Imperiale - Security Intelligence para PYMES

  1. 1. © 2013 IBM Corporation IBM Security © 2014 IBM Corporation Security Intelligence Implementando una plataforma de inteligencia de Seguridad en PYMES Fernando M. Imperiale Security Advisor - Argentina Noviembre 2015
  2. 2. Qué es Security Intelligence? Security Intelligence Información accionable, derivada del análisis de todas las fuentes de datos de Seguridad disponibles de una organización.
  3. 3. Por que Security Intelligence es Esencial? Escalating Threats Increasing Complexity Resource Constraints • Increasingly sophisticated attack methods • Disappearing perimeters • Accelerating security breaches • Constantly changing infrastructure • Too many products from multiple vendors; costly to configure and manage • Inadequate antivirus products • Struggling security teams • Too much data with limited manpower and skills to manage it all Spear Phishing Persistence Backdoors Designer Malware
  4. 4. El equipo de Seguridad ve ruido
  5. 5. La forma mas rápida, integrada y automática posible para alcanzar Security Intelligence: AUTOMATION INTEGRATION IBM QRadar Security Intelligence Platform Correlation, analysis and massive data reduction Driving simplicity and accelerating time-to-value Unified architecture delivered in a single console INTELLIGENCE
  6. 6. Security Intelligence platform that enables security optimization through advanced threat detection, meet compliance and policy demands and eliminating data silos Portfolio Overview QRadar Log Manager • Turnkey log management for SMB and Enterprises • Upgradeable to enterprise SIEM QRadar SIEM • Integrated log, flow, threat, compliance mgmt • Asset profiling and flow analytics • Offense management and workflow Network Activity Collectors (QFlow) • Network analytics, behavior and anomaly detection • Layer 7 application monitoring QRadar Risk Manager • Predictive threat modeling & simulation • Scalable configuration monitoring and audit • Advanced threat and impact analysis QRadar Vulnerability Manager • Integrated Network Scanning & Workflow • Leverage SIEM, Threat, Risk to prioritize vulnerabilities QRadar Incident Forensics • Reconstruct raw network packets to original format • Determine root cause of security incidents and help prevent recurrences QRadar Product Portfolio
  7. 7. Intelligence: Embedded intelligence to find true offenses Servers and mainframes Network and virtual activity Application activity Data activity Configuration information Vulnerabilities and threats Users and identities Global threat intelligence Security devices Extensive Data Sources …Suspected Incidents • Automated data collection, asset discovery and profiling • Automated, real-time, and integrated analytics • Massive data reduction • Activity baselining and anomaly detection • Out-of-the box rules and templates Embedded Intelligence True Offenses Automated Offense Identification
  8. 8. Automático: Simplicidad y aceleración al valor para el negocio Descubre components de RED Proactive vulnerability scans, configuration comparisons, and policy compliance checks Implementación Simple Automated configuration of log data sources and asset databases Actualiza Automaticamente Stay current with latest threats, vulnerabilities, and protocols Reglas y Reportes de fabrica Reduce incident investigations and meet compliance mandates
  9. 9. SIEM / LM Virtual Appliance Model Initial Capacity Capacity Increase1 SIEM All-in-1 Virtual Appliance 3190 100 EPS 15K Flows 100 EPS incremental increase to 500, then to 1,000, and then to 2500 or 5000 EPS Flow increase to 25K, 50K, 100K, 200K Flows SIEM Console Virtual Appliance 3190 Not applicable Not applicable SIEM Event Processor Virtual Appliance 1690 100 EPS 100 EPS incremental increase to 500, then to 1,000, 2500, and then 2500 EPS incremental increase, up to 10,000 EPS SIEM Flow Processor Virtual Appliance 1790 15K Flows to 25K, 50K, then 100K Flow incremental increase, up to 600K Flows SIEM Event Collector Virtual Appliance 1590 Not applicable Not applicable SIEM QFlow Collector Virtual Appliance 1290 Not applicable Not applicable SIEM Data Node Virtual Appliance 14904 Not applicable Not applicable Log Manager All-in-1 Virtual Appliance 3190 100 EPS 100 EPS incremental increase to 500, then to 1000, then to 2500 or 5000 EPS Log Manager Console Virtual Appliance 3190 Not applicable Not applicable Log Manager Event Processor Virtual Appliance 1690 100 EPS 100 EPS incremental increase to 500, then to 1,000, 2500, and then 2500 EPS incremental increase, up to 10,000 EPS
  10. 10. © 2013 IBM Corporation IBM Security © 2014 IBM Corporation PREGUNTAS? GRACIAS ! Fernando M. Imperiale Security Advisor - Argentina Noviembre 2015

×