SlideShare ist ein Scribd-Unternehmen logo

Security Kung Fu: SIEM Solutions

Als PPTX, PDF herunterladen
Joshua Berman
Joshua Berman

The Security Kung Fu Series was created as both a thought leadership and awareness campaign which ran from Q1 – Q2 2017. It was meant to educate attendees on the internal and external threats businesses face, and the compliance challenges many must endure. It also served to highlight the need for an array of software solutions from the SolarWinds Core IT Security Portfolio which can assist with these concerns. A primary focus of the event was SolarWinds® Log & Event Manager which can contribute to greater IT security and assist businesses in meeting and maintaining compliance with a variety of compliance regimes. Part 1: SIEM Solutions In Part 1, we took an in-depth look at the cybersecurity climate businesses and currently facing and educated ourselves on the cybercrime industry as a whole. Using the Lockhead Martin Cyber Kill Chain® as an example, we discussed the role SIEM solutions play in identifying security threats and discussed the unique capabilities of such solutions to allow users to go back in time to conduct forensic analysis of security incidents and verified threats. Other Security Kung Fu Events: Part 2: Firewall Logs | http://bit.ly/2ql3l2A Part 3: Active Directory Changes | http://bit.ly/2s5kFFc Part 4: Security vs. Compliance | http://bit.ly/2qXuc3I If you are interested in learning about the impact of this campaign, please visit my LinkedIn Profile for more details or feel free to reach out to me directly over LinkedIn. Acknowledgements I’d like to thank the following individuals for assisting me in the execution of this campaign: Justina Lister, Angeline Kelly, Jamie Hynds, Ian Trump, Destiny Bertucci, Curtis Ingram, Chris Wiley, Ren Penaflor, Allie Eby, Ann Guidry, Rainy Schermerhorn, Kirsten Tanges, Damon Garcia

Software
1 von 18
INTRODUCTION The Security Kung Fu Series is a four-part series intended to guide you in the mastery of the art of Security Kung Fu. As we embarked on creating this series, we always knew that in the back of everyone’s minds were a couple of curious thoughts: Why “Kung Fu?” And, “what does martial arts have to do with how I protect my network?” Well, “Kung Fu” is a Chinese term referring to any study, learning, or practice that requires patience, energy, hard work, discipline and time to complete. So, really, it’s not just martial arts. Perhaps, by this definition, you’re starting to see the parallels we see with IT security, and the vital roles many of you play within your respective organizations. For on demand access to each recording of the series visit the Security Kung Fu Series Page. © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 1
AGENDA • Respect your Security Kung Fu Masters • Discuss the cybersecurity battleground • IT security stances • The need for a layered approach • SIEM solutions - security and compliance • Intro to SolarWinds® Log & Event Manager (LEM) • Q&A © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 2
SECURITY KUNG FU MASTERS © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 3 Curtis Ingram Sales Engineer, SolarWinds Ian Trump Cyber Security Strategist
THE CYBER SECURITY CLIMATE © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 4
THE CYBER SECURITY CLIMATE © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 5 $75 BILLION $170 BILLION $2 TRILLION
CYBER CRIME INDUSTRY • The mature Crime-as-a-Service model underpinning cyber-crime continues to provide tools and services across the entire spectrum of cyber criminality, from entry-level to top-level players, including terrorists. • The boundaries between cyber criminals, Advanced Persistent Threat (APT) style actors and other groups continue to blur. • The availability of cybercrime tools and services, and illicit commodities such as DDoS on the Darknet, provide ample opportunities for traditional crime to become cyber enabled. • Ransomware and banking Trojans remain top malware threats. © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 6 Source: 2016 Internet Organised Crime Threat Assessment (IOCTA), EUROPOL
RECENT EXAMPLE • IAT HONG, BO ZHENG, and CHIN HUNG © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 7 Source: https://www.sec.gov/litigation/litreleases/2016/lr23711.htm
IT SECURITY STANCES © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 8 PROACTIVE DETECTIVE REACTIVE-RECOVERY
PROACTIVE STANCE • 1/3 of the best defense is to prevent breaches altogether o Perimeter security measures like firewalls o Anti-virus, anti-malware, web protection, patch management o Harden endpoints “cyber hygiene” o Policies/Procedures, User Awareness Training © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 9
DETECTIVE STANCE • 2/3 of an effective defense o When cyber criminals are successful; there is a requirement to catch them before data ex-filtration takes place. o Network layer detections, machine heuristics, machine behavior-based metrics o Host Intrusion Detection System o Network Intrusion Detection System © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 10
REACTIVE-RECOVERY STANCE • 3/3 Restore business services o Ransomware is the “simple” threat o APT actors will establish footholds and move latterly o May require Incident Response; PR Legal, etc. o Answer what was taken, how it was taken? © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 11
RECENT EXAMPLES • AUSTRAILIA’S RED CROSS® BLOOD SERVICES © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 12 Source: http://theconversation.com
THE LAYERED SECURITY APPROACH © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 13 Delivery Exploitation Installation C2 Actions WAN to LAN End Point End Point LAN to WAN End Point Lockheed Martin Cyber Kill Chain®
THE NEED FOR SIEM SOLUTIONS • Gives you visibility in an area that is critical to your business “Threat Hunting” • Only solution with forensic feature to go back in time • Required for compliance and providing evidence for security audits • Uncovers unauthorized changes in the environment • Detects insider threats such as data ex-filtration • Provides a record of network layer activity, correlated with machine data and ultimately user behavior © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 14
SOLARWINDS LOG & EVENT MANAGER SolarWinds® Log & Event Manager is an affordable SIEM solution that helps you detect and respond to security threats. • Real-time event correlation for instantaneous detection of malicious and suspicious activity • Automated remediation and advanced search for forensic analysis and troubleshooting • Out-of-the-box compliance rules and reports for HIPAA, PCI, SOX, FISMA, and may more. Download Free Trial | Learn More 5/26/2017 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 15
SECURITY KUNG FU WEBINAR SERIES © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 17 The SolarWinds, SolarWinds & Design, Orion, and Thwack trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.

Empfohlen

Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSecurity Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSolarWinds
 
Security Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsSecurity Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsJoshua Berman
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?marketingunitrends
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
How to Take the Ransom Out of Ransomware
How to Take the Ransom Out of RansomwareHow to Take the Ransom Out of Ransomware
How to Take the Ransom Out of Ransomwaremarketingunitrends
 
Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.marketingunitrends
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky
 

Empfohlen

Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSecurity Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSolarWinds
 
Security Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsSecurity Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsJoshua Berman
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?marketingunitrends
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
How to Take the Ransom Out of Ransomware
How to Take the Ransom Out of RansomwareHow to Take the Ransom Out of Ransomware
How to Take the Ransom Out of Ransomwaremarketingunitrends
 
Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.marketingunitrends
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky
 
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)Priyanka Aash
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chainAnkita Ganguly
 
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessWebinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessStorage Switzerland
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016InfinIT - Innovationsnetværket for it
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016InfinIT - Innovationsnetværket for it
 
Zymr Cybersecurity
Zymr Cybersecurity Zymr Cybersecurity
Zymr Cybersecurity Zymr Inc
 
Behavior-Based Defense in ICS
Behavior-Based Defense in ICSBehavior-Based Defense in ICS
Behavior-Based Defense in ICSDragos, Inc.
 
Web hacking using Cyber range
Web hacking using Cyber rangeWeb hacking using Cyber range
Web hacking using Cyber rangePriyanka Aash
 
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateInsider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateFidelis Cybersecurity
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016InfinIT - Innovationsnetværket for it
 
Darren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile World
Darren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile WorldDarren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile World
Darren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile WorldPro Mrkt
 
The Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesThe Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesKaspersky
 
The Current State of Cybersecurity
The Current State of CybersecurityThe Current State of Cybersecurity
The Current State of CybersecurityTruShield Security Solutions
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetWatcher
 
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...TruShield Security Solutions
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyVeriato
 
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Cristian Garcia G.
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterSpanning Cloud Apps
 
INTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSINTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSSylvain Martinez
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYSylvain Martinez
 
Security Kung Fu: Security vs Compliance
Security Kung Fu: Security vs ComplianceSecurity Kung Fu: Security vs Compliance
Security Kung Fu: Security vs ComplianceSolarWinds
 
Security Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceSecurity Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceJoshua Berman
 

Weitere ähnliche Inhalte

Was ist angesagt?

Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)Priyanka Aash
 
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessWebinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessStorage Switzerland
 
Zymr Cybersecurity
Zymr Cybersecurity Zymr Cybersecurity
Zymr Cybersecurity Zymr Inc
 
Behavior-Based Defense in ICS
Behavior-Based Defense in ICSBehavior-Based Defense in ICS
Behavior-Based Defense in ICSDragos, Inc.
 
Web hacking using Cyber range
Web hacking using Cyber rangeWeb hacking using Cyber range
Web hacking using Cyber rangePriyanka Aash
 
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateInsider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateFidelis Cybersecurity
 
Darren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile World
Darren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile WorldDarren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile World
Darren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile WorldPro Mrkt
 
The Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesThe Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesKaspersky
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetWatcher
 
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...TruShield Security Solutions
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyVeriato
 
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Cristian Garcia G.
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterSpanning Cloud Apps
 
INTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSINTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSSylvain Martinez
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYSylvain Martinez
 

Was ist angesagt? (20)

Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
 
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessWebinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
 
Zymr Cybersecurity
Zymr Cybersecurity Zymr Cybersecurity
Zymr Cybersecurity
 
Behavior-Based Defense in ICS
Behavior-Based Defense in ICSBehavior-Based Defense in ICS
Behavior-Based Defense in ICS
 
Web hacking using Cyber range
Web hacking using Cyber rangeWeb hacking using Cyber range
Web hacking using Cyber range
 
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateInsider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
 
Darren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile World
Darren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile WorldDarren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile World
Darren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile World
 
The Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesThe Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-Adversaries
 
The Current State of Cybersecurity
The Current State of CybersecurityThe Current State of Cybersecurity
The Current State of Cybersecurity
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
 
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your Company
 
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware Disaster
 
INTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSINTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICS
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITY
 

Ähnlich wie Security Kung Fu: SIEM Solutions

Security Kung Fu: Security vs Compliance
Security Kung Fu: Security vs ComplianceSecurity Kung Fu: Security vs Compliance
Security Kung Fu: Security vs ComplianceSolarWinds
 
Security Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceSecurity Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceJoshua Berman
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
 
Security Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsSecurity Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsSolarWinds
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItResilient Systems
 
Cyber security event
Cyber security eventCyber security event
Cyber security eventTryzens
 
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...NetworkCollaborators
 
Carbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksCarbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksMighty Guides, Inc.
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation SecurityCisco Canada
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Decisions
 
Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsCisco Canada
 
Cisco Connect 2018 Singapore - Cisco Incident Response Services
Cisco Connect 2018 Singapore - Cisco Incident Response ServicesCisco Connect 2018 Singapore - Cisco Incident Response Services
Cisco Connect 2018 Singapore - Cisco Incident Response ServicesNetworkCollaborators
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Decisions
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019Ulf Mattsson
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopMichele Chubirka
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAPNIC
 

Ähnlich wie Security Kung Fu: SIEM Solutions (20)

Security Kung Fu: Security vs Compliance
Security Kung Fu: Security vs ComplianceSecurity Kung Fu: Security vs Compliance
Security Kung Fu: Security vs Compliance
 
Security Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceSecurity Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. Compliance
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
Security Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsSecurity Kung Fu: Firewall Logs
Security Kung Fu: Firewall Logs
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About It
 
Cyber security event
Cyber security eventCyber security event
Cyber security event
 
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
 
Carbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksCarbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down Attacks
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
 
Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced Threats
 
Cisco Connect 2018 Singapore - Cisco Incident Response Services
Cisco Connect 2018 Singapore - Cisco Incident Response ServicesCisco Connect 2018 Singapore - Cisco Incident Response Services
Cisco Connect 2018 Singapore - Cisco Incident Response Services
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
 
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SCCyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security Checklist
 

Kürzlich hochgeladen

Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 

Kürzlich hochgeladen (20)

Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 

Security Kung Fu: SIEM Solutions

  • 1.
  • 2. INTRODUCTION The Security Kung Fu Series is a four-part series intended to guide you in the mastery of the art of Security Kung Fu. As we embarked on creating this series, we always knew that in the back of everyone’s minds were a couple of curious thoughts: Why “Kung Fu?” And, “what does martial arts have to do with how I protect my network?” Well, “Kung Fu” is a Chinese term referring to any study, learning, or practice that requires patience, energy, hard work, discipline and time to complete. So, really, it’s not just martial arts. Perhaps, by this definition, you’re starting to see the parallels we see with IT security, and the vital roles many of you play within your respective organizations. For on demand access to each recording of the series visit the Security Kung Fu Series Page. © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 1
  • 3. AGENDA • Respect your Security Kung Fu Masters • Discuss the cybersecurity battleground • IT security stances • The need for a layered approach • SIEM solutions - security and compliance • Intro to SolarWinds® Log & Event Manager (LEM) • Q&A © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 2
  • 4. SECURITY KUNG FU MASTERS © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 3 Curtis Ingram Sales Engineer, SolarWinds Ian Trump Cyber Security Strategist
  • 5. THE CYBER SECURITY CLIMATE © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 4
  • 6. THE CYBER SECURITY CLIMATE © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 5 $75 BILLION $170 BILLION $2 TRILLION
  • 7. CYBER CRIME INDUSTRY • The mature Crime-as-a-Service model underpinning cyber-crime continues to provide tools and services across the entire spectrum of cyber criminality, from entry-level to top-level players, including terrorists. • The boundaries between cyber criminals, Advanced Persistent Threat (APT) style actors and other groups continue to blur. • The availability of cybercrime tools and services, and illicit commodities such as DDoS on the Darknet, provide ample opportunities for traditional crime to become cyber enabled. • Ransomware and banking Trojans remain top malware threats. © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 6 Source: 2016 Internet Organised Crime Threat Assessment (IOCTA), EUROPOL
  • 8. RECENT EXAMPLE • IAT HONG, BO ZHENG, and CHIN HUNG © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 7 Source: https://www.sec.gov/litigation/litreleases/2016/lr23711.htm
  • 9. IT SECURITY STANCES © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 8 PROACTIVE DETECTIVE REACTIVE-RECOVERY
  • 10. PROACTIVE STANCE • 1/3 of the best defense is to prevent breaches altogether o Perimeter security measures like firewalls o Anti-virus, anti-malware, web protection, patch management o Harden endpoints “cyber hygiene” o Policies/Procedures, User Awareness Training © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 9
  • 11. DETECTIVE STANCE • 2/3 of an effective defense o When cyber criminals are successful; there is a requirement to catch them before data ex-filtration takes place. o Network layer detections, machine heuristics, machine behavior-based metrics o Host Intrusion Detection System o Network Intrusion Detection System © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 10
  • 12. REACTIVE-RECOVERY STANCE • 3/3 Restore business services o Ransomware is the “simple” threat o APT actors will establish footholds and move latterly o May require Incident Response; PR Legal, etc. o Answer what was taken, how it was taken? © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 11
  • 13. RECENT EXAMPLES • AUSTRAILIA’S RED CROSS® BLOOD SERVICES © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 12 Source: http://theconversation.com
  • 14. THE LAYERED SECURITY APPROACH © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 13 Delivery Exploitation Installation C2 Actions WAN to LAN End Point End Point LAN to WAN End Point Lockheed Martin Cyber Kill Chain®
  • 15. THE NEED FOR SIEM SOLUTIONS • Gives you visibility in an area that is critical to your business “Threat Hunting” • Only solution with forensic feature to go back in time • Required for compliance and providing evidence for security audits • Uncovers unauthorized changes in the environment • Detects insider threats such as data ex-filtration • Provides a record of network layer activity, correlated with machine data and ultimately user behavior © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 14
  • 16. SOLARWINDS LOG & EVENT MANAGER SolarWinds® Log & Event Manager is an affordable SIEM solution that helps you detect and respond to security threats. • Real-time event correlation for instantaneous detection of malicious and suspicious activity • Automated remediation and advanced search for forensic analysis and troubleshooting • Out-of-the-box compliance rules and reports for HIPAA, PCI, SOX, FISMA, and may more. Download Free Trial | Learn More 5/26/2017 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 15
  • 17.
  • 18. SECURITY KUNG FU WEBINAR SERIES © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 17 The SolarWinds, SolarWinds & Design, Orion, and Thwack trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.