Choosing the Right SIEM Solution
•
7 likes•2,867 views
Security Information and Event Management (SIEM) has evolved to become one of the most trusted and reliable solutions for log management, security and compliance. This Slideshare presentation will cover critical topics to consider, when choosing an SIEM solution.
Recommended
Recommended
More Related Content
More from SolarWinds
More from SolarWinds (20)
Recently uploaded
Recently uploaded (20)
Choosing the Right SIEM Solution
- 1. 1 How-To choose the RIGHT SIEM Solution © 2013, SolarWinds Worldwide, LLC. All rights reserved.
- 2. 2 Agenda • SIEM- An Overview • Factors to ensure when evaluating an SIEM solution • Log Analysis & Event Forensics • Automated Response to threats • Compliance Regulations and Reporting • Affordability of an SIEM Solution • SolarWinds Log & Event Manager • Top 3 reasons to try SolarWinds LEM • ROI on SolarWinds LEM 2
- 3. 3 SIEM – An overview » Security Information and Event Management (SIEM) has evolved to become one of the most trusted and reliable solutions for log management, security and compliance. » The demand for SIEM is continuously increasing due to the colossal surge of security breaches and cyber-attacks that largely impact organizations. » This presentation would cover critical topics to consider, when choosing an SIEM solution. SOLARWINDS LOG & EVENT MANAGER
- 4. 4 Factors to ensure when evaluating an SIEM solution » At the heart of an SIEM solution, we have: • Log collection • Event Correlation » Logs are collected from across the IT infrastructure covering all your network devices, security appliances, servers, workstations, databases, etc. » Log correlation is real-time and happens in-memory to detect zero-day threat vectors SOLARWINDS LOG & EVENT MANAGER
- 5. 5 Factors to ensure when evaluating an SIEM solution (Contd…) » Your SIEM tool is able to perform multiple event correlation to process all time and transaction-based events to provide actionable data and incident awareness » Your SIEM tool sends you real-time notification and alerts about irregularities in the network » The success of a SIEM software depends on the principle and mechanism of effective event log correlation. SOLARWINDS LOG & EVENT MANAGER
- 6. 6 Log Analysis & Event Forensics SOLARWINDS LOG & EVENT MANAGER » Being able to gain quick access to historical log data and analyze events will help you identify anomalies and deviant behavior network activity patterns. » Ensure your SEIM software allows you to • Interactively explore historical log data with simplicity and ease • Isolate the root-cause of a threat, breach, failure or any non-compliant activity • Perform event forensics to determine what really happened before, during and after the event • Track log activity over time and in context of suspicious events
- 7. 7 Automated Response to Threats » Incident response is the ability of the SIEM software to respond to a detected (by log correlation) security threat, contain or prevent it with automated response actions. » The application of incident response has expanded beyond security to cover IT troubleshooting and issue remediation for IT efficient IT administration. » Your SIEM software should be able to • Mitigate emerging security threats with automated active response • Remediate operational IT issues with pre-programmed corrective actions • Respond to policy violations and non-compliant activities with built-in correlation rules • Counter activities like insecure network connections, system settings and policies and unauthorized network and user access, USB misuse, etc. SOLARWINDS LOG & EVENT MANAGER
- 8. 8 Compliance Regulations & Reporting SOLARWINDS LOG & EVENT MANAGER » Satisfying compliance reporting requirements of key security policies such as PIC- DSS, HIPAA, GLBA, NERC CIP, etc. is a key aspect of SIEM. » With out-of-the-box reporting templates and the power of customization and report scheduling, SIEM becomes an integral part of your IT security architecture. » Starting from federal policies to compliance with internal corporate standards, SIEM software should be able to provide • Detailed reports of non-compliant activities and policy violations in the network • Historical system-based, user-based and network-based event data for compliance auditing • Information about threat response and mitigation measures carried out to contain or prevent attacks
- 9. 9 Affordability of an SIEM Solution » When you choose a SIEM software that provides most value for the money you invest in. » Choose an SIEM system that offers • Node-based licensing to cover log collection and correlation from a variety of network devices, servers and workstations • Scalability and flexibility to expand to more nodes easily • Simple-to-use software that is affordable, easy to evaluate and procure SOLARWINDS LOG & EVENT MANAGER
- 10. 10 SolarWinds Log & Event Manager » SolarWinds® Log & Event Manager (LEM) is an SIEM software that can help you expand security and protection across the breadth of your IT landscape. » SolarWinds LEM is an available as a virtual appliance offering centralized log management and network defense from an intuitive Web-based interface. » LEM provides built-in active responses to: • Block an IP address • Remove user from domain groups • Detach USB devices • Kill processes by ID or name • Disconnect networking on computers • Restart or shutdown machines, and more… SOLARWINDS LOG & EVENT MANAGER
- 11. 11 Top 3 Reasons to try SolarWinds LEM » Full-function SIEM capabilities including real-time event correlation, alerting, log analytics, active response, USB Defense, and over 300 built- in compliance repotting templates » Easy to deploy and use virtual appliance available on intuitive Web console » Affordable and reliable SIEM software that monitors your entire IT infrastructure 24/7 SOLARWINDS LOG & EVENT MANAGER Download the fully-functional 30-day evaluation of SolarWinds Log & Event Manager (LEM) Check Out the Other Network Security Solutions from SolarWinds
- 12. 12 ROI on SolarWinds LEM » Increased Productivity: LEM automates your monitoring routine and reduces time spent to normalize and analyze event logs. Also being a virtual appliance, it helps in cutting costs and increasing efficiency. » Enhanced Security: It helps you • Reduce the time taken to identify attacks, thereby reducing their impact • Reduce the time spent on forensic analysis • Reduce the time and cost incurred on policy compliance » Network High Availability: LEM helps you be proactive in detecting potential network downtimes and device unavailability that cause business and service interruption. Monitoring and analyzing logs from across the network will help get real-time notifications on network issues, device configuration changes so network admins can be prepared to troubleshoot issues immediately. SOLARWINDS LOG & EVENT MANAGER
- 13. 13 Thank You! SOLARWINDS LOG & EVENT MANAGER