SlideShare ist ein Scribd-Unternehmen logo

What is the Future of SIEM?

Elasticsearch
Elasticsearch

Leveraging Elastic to modernize SIEM and log management.

Technologie
1 von 14
Downloaden Sie, um offline zu lesen
www.semplicityinc.com WHAT IS THE FUTURE OF SIEM? Elastic{ON} Roadshow Atlanta January 22, 2019 Leveraging Elastic to Modernize SIEM & Log Management George Boitano, President 617-524-0171 (direct) gboitano@semplicityinc.com www.semplicityinc.com © Copyright 2019 SEMplicity, Inc.
www.semplicityinc.com © Copyright 2019 SEMplicity, Inc. What does a legacy SIEM do? 2 SIEM (2006) is a marriage of older SIM and SEM technologies: • SIM stores security log records centrally and enables searching and some analysis; • SEM correlates incoming logs and alerts upon detected security events.
www.semplicityinc.com © Copyright 2019 SEMplicity, Inc. SIEM/Log Management – Yesterday 3 Compliance Correlation Evidentiary Storage Reporting Alerting Search Operations
www.semplicityinc.com © Copyright 2019 SEMplicity, Inc. The problem: now everybody wants in! 4 • As the threat landscape expands, more types of log records become relevant to security, from: • Applications; • Databases; • Physical Access Systems; • DNS/Routers/Netflow devices. • Meanwhile, the volume of logs from monitored devices continually expands non-linearly. • Finally, new event detection use cases keep emerging: • Long-range, non-realtime correlation; • Unsupervised machine learning anomaly detection; • Security log analytics. • How can SIEM keep up?
www.semplicityinc.com © Copyright 2019 SEMplicity, Inc. SIEM/Log Management – Today 5 Big Data! License Enforcement Legacy UE Machine Learning Analytics New Use Cases Tech Lock-In Integration Customers
www.semplicityinc.com © Copyright 2018-2019 SEMplicity, Inc. The SIEM/Log Management Pyramid 6 Log Secure Transport Parsing & Enrichment High Availability Ingestion Evidentiary Log Storage Very Fast Search & Visualizations Correlation & Alerting Analytics & Machine Learning
www.semplicityinc.com © Copyright 2018-2019 SEMplicity, Inc. 10 Commandments of Log Management 7 Log Secure Transport Parsing & Enrichment
www.semplicityinc.com © Copyright 2019 SEMplicity, Inc. Why Parse Logs? 8 Parsing logs attaches meaning: • Naming fields according to a common schema enables correlation; • Deriving fields like categories, severity and behavior enables analytics; • Only humans can attach meaning to anything…including log records! Parsing is hard…but necessary. Logs Meaning Parsers
www.semplicityinc.com © Copyright 2019 SEMplicity, Inc. Why Enrich Logs? 9 Log enrichment enables higher level use-cases: • Network information eases prioritization of event response; • Threat intelligence, both public, private and internal, greatly assists in event detection and correlation; • Identity information such as roles and privileges enables user analytics and sensitive user monitoring; • Vulnerability information helps determine root cause and remediation; • Host and user state and history also help determine root cause and assists analysts to build cases. All this enrichment empowers anomaly detection and many other forms of analytics! Logs There’s GOLD in them there logs!
www.semplicityinc.com © Copyright 2019 SEMplicity, Inc. Why Denormalize? 10 Denormalization avoids joining data between different structures: • Enables much faster and easier searching and analysis; • Costs more in terms of disk space and ingestion; • Log records, which are written once and accessed many times, are best denomalized; • We must always prioritize human time over machine resources…unless you want this guy:
www.semplicityinc.com © Copyright 2019 SEMplicity, Inc. Elastic! SIEM/Log Management – Tomorrow 11 Compliance Analytics Big Data Correlation Alerting Machine Learning Open Integration Evidentiary Storage ???
www.semplicityinc.com © Copyright 2019 SEMplicity, Inc. The Old vs. The New 12 Log Secure Transport Parsing & Enrichment
www.semplicityinc.com © Copyright 2019 SEMplicity, Inc. Connecting the Best of Both Worlds 13 Who We Are – SEMplicity is an official, licensed Elastic Managed Services Provider (MSP). – SEMplicity is the largest Micro Focus services provider for ArcSight. – SEMplicity offers a cloud-based or on-prem managed service to store, search, visualize and analyze legacy SIEM logs in Elasticsearch.
www.semplicityinc.com Thank You © Copyright 2019 SEMplicity, Inc. George Boitano, President 617-524-0171 (direct) gboitano@semplicityinc.com www.semplicityinc.com

Empfohlen

Elastic Security: Your one-stop OODA loop shop
Elastic Security: Your one-stop OODA loop shopElastic Security: Your one-stop OODA loop shop
Elastic Security: Your one-stop OODA loop shop
Elasticsearch
 
Keynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and visionKeynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and vision
Elasticsearch
 
Empowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside GovernmentEmpowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside Government
Elasticsearch
 
Operationalize with alerting, custom dashboards, and timelines
Operationalize with alerting, custom dashboards, and timelinesOperationalize with alerting, custom dashboards, and timelines
Operationalize with alerting, custom dashboards, and timelines
Elasticsearch
 
Keynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and visionKeynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and vision
Elasticsearch
 
Oscar Cabanillas - Elastic - OSL19
Oscar Cabanillas - Elastic - OSL19Oscar Cabanillas - Elastic - OSL19
Oscar Cabanillas - Elastic - OSL19
marketingsyone
 
Empowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside GovernmentEmpowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside Government
Elasticsearch
 
Keynote: Looping through data, insight, and action
Keynote: Looping through data, insight, and actionKeynote: Looping through data, insight, and action
Keynote: Looping through data, insight, and action
Elasticsearch
 

Empfohlen

Elastic Security: Your one-stop OODA loop shop
Elastic Security: Your one-stop OODA loop shopElastic Security: Your one-stop OODA loop shop
Elastic Security: Your one-stop OODA loop shop
Elasticsearch
 
Keynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and visionKeynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and vision
Elasticsearch
 
Empowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside GovernmentEmpowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside Government
Elasticsearch
 
Operationalize with alerting, custom dashboards, and timelines
Operationalize with alerting, custom dashboards, and timelinesOperationalize with alerting, custom dashboards, and timelines
Operationalize with alerting, custom dashboards, and timelines
Elasticsearch
 
Keynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and visionKeynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and vision
Elasticsearch
 
Oscar Cabanillas - Elastic - OSL19
Oscar Cabanillas - Elastic - OSL19Oscar Cabanillas - Elastic - OSL19
Oscar Cabanillas - Elastic - OSL19
marketingsyone
 
Empowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside GovernmentEmpowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside Government
Elasticsearch
 
Keynote: Looping through data, insight, and action
Keynote: Looping through data, insight, and actionKeynote: Looping through data, insight, and action
Keynote: Looping through data, insight, and action
Elasticsearch
 
Full time PII data protection: How Randstad uses Elastic Security to keep cli...
Full time PII data protection: How Randstad uses Elastic Security to keep cli...Full time PII data protection: How Randstad uses Elastic Security to keep cli...
Full time PII data protection: How Randstad uses Elastic Security to keep cli...
Elasticsearch
 
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic StackElastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elasticsearch
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
DevOps.com
 
The Journey from Zero to SOC: How Citadel built its Security Operations from ...
The Journey from Zero to SOC: How Citadel built its Security Operations from ...The Journey from Zero to SOC: How Citadel built its Security Operations from ...
The Journey from Zero to SOC: How Citadel built its Security Operations from ...
Elasticsearch
 
Limitless xdr meetup
Limitless xdr meetupLimitless xdr meetup
Limitless xdr meetup
Daliya Spasova
 
Building Elastic into security operations
Building Elastic into security operationsBuilding Elastic into security operations
Building Elastic into security operations
Elasticsearch
 
Herding Pets and Cattle: Extending Foundational Controls Into the Cloud
Herding Pets and Cattle: Extending Foundational Controls Into the CloudHerding Pets and Cattle: Extending Foundational Controls Into the Cloud
Herding Pets and Cattle: Extending Foundational Controls Into the Cloud
Tripwire
 
Simplicity in Hybrid IT Environments – A Security Oxymoron?
Simplicity in Hybrid IT Environments – A Security Oxymoron?Simplicity in Hybrid IT Environments – A Security Oxymoron?
Simplicity in Hybrid IT Environments – A Security Oxymoron?
Tripwire
 
End-to-End Security Analytics with the Elastic Stack
End-to-End Security Analytics with the Elastic StackEnd-to-End Security Analytics with the Elastic Stack
End-to-End Security Analytics with the Elastic Stack
Elasticsearch
 
October 2020 meetup
October 2020 meetupOctober 2020 meetup
October 2020 meetup
Daliya Spasova
 
Palestra de abertura: Evolução e visão do Elastic Security
Palestra de abertura: Evolução e visão do Elastic SecurityPalestra de abertura: Evolução e visão do Elastic Security
Palestra de abertura: Evolução e visão do Elastic Security
Elasticsearch
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
DevOps.com
 
ECS: Delivering Better Cyber Intelligence and Compliance
ECS: Delivering Better Cyber Intelligence and ComplianceECS: Delivering Better Cyber Intelligence and Compliance
ECS: Delivering Better Cyber Intelligence and Compliance
Elasticsearch
 
Conferencia principal: Evolución y visión de Elastic Security
Conferencia principal: Evolución y visión de Elastic SecurityConferencia principal: Evolución y visión de Elastic Security
Conferencia principal: Evolución y visión de Elastic Security
Elasticsearch
 
Innovating at speed and scale with implicit security
Innovating at speed and scale with implicit securityInnovating at speed and scale with implicit security
Innovating at speed and scale with implicit security
Elasticsearch
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
Kangaroot
 
Elastic Security : Protéger son entreprise avec la Suite Elastic
Elastic Security : Protéger son entreprise avec la Suite ElasticElastic Security : Protéger son entreprise avec la Suite Elastic
Elastic Security : Protéger son entreprise avec la Suite Elastic
Elasticsearch
 
Monitoring and Securing a Geo-Dispersed Data Center at Hill AFB
Monitoring and Securing a Geo-Dispersed Data Center at Hill AFBMonitoring and Securing a Geo-Dispersed Data Center at Hill AFB
Monitoring and Securing a Geo-Dispersed Data Center at Hill AFB
Elasticsearch
 
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...
Elasticsearch
 
Elastic and Google: Observability for multicloud and hybrid environments
Elastic and Google: Observability for multicloud and hybrid environmentsElastic and Google: Observability for multicloud and hybrid environments
Elastic and Google: Observability for multicloud and hybrid environments
Elasticsearch
 
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA
 
Cutting-Edge Network Behavior Audit Technology from BMST
Cutting-Edge Network Behavior Audit Technology from BMSTCutting-Edge Network Behavior Audit Technology from BMST
Cutting-Edge Network Behavior Audit Technology from BMST
BMST
 

Weitere ähnliche Inhalte

Was ist angesagt?

How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
DevOps.com
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
DevOps.com
 

Was ist angesagt? (20)

Full time PII data protection: How Randstad uses Elastic Security to keep cli...
Full time PII data protection: How Randstad uses Elastic Security to keep cli...Full time PII data protection: How Randstad uses Elastic Security to keep cli...
Full time PII data protection: How Randstad uses Elastic Security to keep cli...
 
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic StackElastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
 
The Journey from Zero to SOC: How Citadel built its Security Operations from ...
The Journey from Zero to SOC: How Citadel built its Security Operations from ...The Journey from Zero to SOC: How Citadel built its Security Operations from ...
The Journey from Zero to SOC: How Citadel built its Security Operations from ...
 
Limitless xdr meetup
Limitless xdr meetupLimitless xdr meetup
Limitless xdr meetup
 
Building Elastic into security operations
Building Elastic into security operationsBuilding Elastic into security operations
Building Elastic into security operations
 
Herding Pets and Cattle: Extending Foundational Controls Into the Cloud
Herding Pets and Cattle: Extending Foundational Controls Into the CloudHerding Pets and Cattle: Extending Foundational Controls Into the Cloud
Herding Pets and Cattle: Extending Foundational Controls Into the Cloud
 
Simplicity in Hybrid IT Environments – A Security Oxymoron?
Simplicity in Hybrid IT Environments – A Security Oxymoron?Simplicity in Hybrid IT Environments – A Security Oxymoron?
Simplicity in Hybrid IT Environments – A Security Oxymoron?
 
End-to-End Security Analytics with the Elastic Stack
End-to-End Security Analytics with the Elastic StackEnd-to-End Security Analytics with the Elastic Stack
End-to-End Security Analytics with the Elastic Stack
 
October 2020 meetup
October 2020 meetupOctober 2020 meetup
October 2020 meetup
 
Palestra de abertura: Evolução e visão do Elastic Security
Palestra de abertura: Evolução e visão do Elastic SecurityPalestra de abertura: Evolução e visão do Elastic Security
Palestra de abertura: Evolução e visão do Elastic Security
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
 
ECS: Delivering Better Cyber Intelligence and Compliance
ECS: Delivering Better Cyber Intelligence and ComplianceECS: Delivering Better Cyber Intelligence and Compliance
ECS: Delivering Better Cyber Intelligence and Compliance
 
Conferencia principal: Evolución y visión de Elastic Security
Conferencia principal: Evolución y visión de Elastic SecurityConferencia principal: Evolución y visión de Elastic Security
Conferencia principal: Evolución y visión de Elastic Security
 
Innovating at speed and scale with implicit security
Innovating at speed and scale with implicit securityInnovating at speed and scale with implicit security
Innovating at speed and scale with implicit security
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
 
Elastic Security : Protéger son entreprise avec la Suite Elastic
Elastic Security : Protéger son entreprise avec la Suite ElasticElastic Security : Protéger son entreprise avec la Suite Elastic
Elastic Security : Protéger son entreprise avec la Suite Elastic
 
Monitoring and Securing a Geo-Dispersed Data Center at Hill AFB
Monitoring and Securing a Geo-Dispersed Data Center at Hill AFBMonitoring and Securing a Geo-Dispersed Data Center at Hill AFB
Monitoring and Securing a Geo-Dispersed Data Center at Hill AFB
 
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...
 
Elastic and Google: Observability for multicloud and hybrid environments
Elastic and Google: Observability for multicloud and hybrid environmentsElastic and Google: Observability for multicloud and hybrid environments
Elastic and Google: Observability for multicloud and hybrid environments
 

Ähnlich wie What is the Future of SIEM?

Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA
 
Content is King - Symantec
Content is King - SymantecContent is King - Symantec
Content is King - Symantec
Harry Gunns
 
Ciso Platform Webcast: Shadow Data Exposed
Ciso Platform Webcast: Shadow Data ExposedCiso Platform Webcast: Shadow Data Exposed
Ciso Platform Webcast: Shadow Data Exposed
Elastica Inc.
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and risk
EY
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWP
Sridhar Karnam
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4
Valencell, Inc.
 

Ähnlich wie What is the Future of SIEM? (20)

Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
 
Cutting-Edge Network Behavior Audit Technology from BMST
Cutting-Edge Network Behavior Audit Technology from BMSTCutting-Edge Network Behavior Audit Technology from BMST
Cutting-Edge Network Behavior Audit Technology from BMST
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
 
Content is King - Symantec
Content is King - SymantecContent is King - Symantec
Content is King - Symantec
 
20140507 ARMA NoVA 3 Faces of Information Governance.pptx
20140507 ARMA NoVA 3 Faces of Information Governance.pptx20140507 ARMA NoVA 3 Faces of Information Governance.pptx
20140507 ARMA NoVA 3 Faces of Information Governance.pptx
 
The Silicon Valley Security Debate: Demo by Symphony’s CTO and CSO
The Silicon Valley Security Debate: Demo by Symphony’s CTO and CSOThe Silicon Valley Security Debate: Demo by Symphony’s CTO and CSO
The Silicon Valley Security Debate: Demo by Symphony’s CTO and CSO
 
David valovcin big data - big risk
David valovcin big data - big riskDavid valovcin big data - big risk
David valovcin big data - big risk
 
Cloud_security.pptx
Cloud_security.pptxCloud_security.pptx
Cloud_security.pptx
 
Ciso Platform Webcast: Shadow Data Exposed
Ciso Platform Webcast: Shadow Data ExposedCiso Platform Webcast: Shadow Data Exposed
Ciso Platform Webcast: Shadow Data Exposed
 
Leveraging Log Management to provide business value
Leveraging Log Management to provide business valueLeveraging Log Management to provide business value
Leveraging Log Management to provide business value
 
Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010
 
biometrics and cyber security
biometrics and cyber securitybiometrics and cyber security
biometrics and cyber security
 
Where in the world is your Corporate data?
Where in the world is your Corporate data?Where in the world is your Corporate data?
Where in the world is your Corporate data?
 
Introduction to SIEM.pptx
Introduction to SIEM.pptxIntroduction to SIEM.pptx
Introduction to SIEM.pptx
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and risk
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWP
 
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
 
093049ov16.pptx
093049ov16.pptx093049ov16.pptx
093049ov16.pptx
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4
 

Mehr von Elasticsearch

An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolbox
Elasticsearch
 
From MSP to MSSP using Elastic
From MSP to MSSP using ElasticFrom MSP to MSSP using Elastic
From MSP to MSSP using Elastic
Elasticsearch
 
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic CloudTirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
Elasticsearch
 
An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolbox
Elasticsearch
 

Mehr von Elasticsearch (20)

An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolbox
 
From MSP to MSSP using Elastic
From MSP to MSSP using ElasticFrom MSP to MSSP using Elastic
From MSP to MSSP using Elastic
 
Cómo crear excelentes experiencias de búsqueda en sitios web
Cómo crear excelentes experiencias de búsqueda en sitios webCómo crear excelentes experiencias de búsqueda en sitios web
Cómo crear excelentes experiencias de búsqueda en sitios web
 
Te damos la bienvenida a una nueva forma de realizar búsquedas
Te damos la bienvenida a una nueva forma de realizar búsquedas Te damos la bienvenida a una nueva forma de realizar búsquedas
Te damos la bienvenida a una nueva forma de realizar búsquedas
 
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic CloudTirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
 
Comment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesComment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitables
 
Plongez au cœur de la recherche dans tous ses états.
Plongez au cœur de la recherche dans tous ses états.Plongez au cœur de la recherche dans tous ses états.
Plongez au cœur de la recherche dans tous ses états.
 
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
 
An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolbox
 
Welcome to a new state of find
Welcome to a new state of findWelcome to a new state of find
Welcome to a new state of find
 
Building great website search experiences
Building great website search experiencesBuilding great website search experiences
Building great website search experiences
 
Keynote: Harnessing the power of Elasticsearch for simplified search
Keynote: Harnessing the power of Elasticsearch for simplified searchKeynote: Harnessing the power of Elasticsearch for simplified search
Keynote: Harnessing the power of Elasticsearch for simplified search
 
Cómo transformar los datos en análisis con los que tomar decisiones
Cómo transformar los datos en análisis con los que tomar decisionesCómo transformar los datos en análisis con los que tomar decisiones
Cómo transformar los datos en análisis con los que tomar decisiones
 
Explore relève les défis Big Data avec Elastic Cloud
Explore relève les défis Big Data avec Elastic Cloud Explore relève les défis Big Data avec Elastic Cloud
Explore relève les défis Big Data avec Elastic Cloud
 
Comment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesComment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitables
 
Transforming data into actionable insights
Transforming data into actionable insightsTransforming data into actionable insights
Transforming data into actionable insights
 
Opening Keynote: Why Elastic?
Opening Keynote: Why Elastic?Opening Keynote: Why Elastic?
Opening Keynote: Why Elastic?
 
The opportunities and challenges of data for public good
The opportunities and challenges of data for public goodThe opportunities and challenges of data for public good
The opportunities and challenges of data for public good
 
Enterprise search and unstructured data with CGI and Elastic
Enterprise search and unstructured data with CGI and ElasticEnterprise search and unstructured data with CGI and Elastic
Enterprise search and unstructured data with CGI and Elastic
 
What's new at Elastic: Update on major initiatives and releases
What's new at Elastic: Update on major initiatives and releasesWhat's new at Elastic: Update on major initiatives and releases
What's new at Elastic: Update on major initiatives and releases
 

Kürzlich hochgeladen

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Kürzlich hochgeladen (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

What is the Future of SIEM?

  • 1. www.semplicityinc.com WHAT IS THE FUTURE OF SIEM? Elastic{ON} Roadshow Atlanta January 22, 2019 Leveraging Elastic to Modernize SIEM & Log Management George Boitano, President 617-524-0171 (direct) gboitano@semplicityinc.com www.semplicityinc.com © Copyright 2019 SEMplicity, Inc.
  • 2. www.semplicityinc.com © Copyright 2019 SEMplicity, Inc. What does a legacy SIEM do? 2 SIEM (2006) is a marriage of older SIM and SEM technologies: • SIM stores security log records centrally and enables searching and some analysis; • SEM correlates incoming logs and alerts upon detected security events.
  • 3. www.semplicityinc.com © Copyright 2019 SEMplicity, Inc. SIEM/Log Management – Yesterday 3 Compliance Correlation Evidentiary Storage Reporting Alerting Search Operations
  • 4. www.semplicityinc.com © Copyright 2019 SEMplicity, Inc. The problem: now everybody wants in! 4 • As the threat landscape expands, more types of log records become relevant to security, from: • Applications; • Databases; • Physical Access Systems; • DNS/Routers/Netflow devices. • Meanwhile, the volume of logs from monitored devices continually expands non-linearly. • Finally, new event detection use cases keep emerging: • Long-range, non-realtime correlation; • Unsupervised machine learning anomaly detection; • Security log analytics. • How can SIEM keep up?
  • 5. www.semplicityinc.com © Copyright 2019 SEMplicity, Inc. SIEM/Log Management – Today 5 Big Data! License Enforcement Legacy UE Machine Learning Analytics New Use Cases Tech Lock-In Integration Customers
  • 6. www.semplicityinc.com © Copyright 2018-2019 SEMplicity, Inc. The SIEM/Log Management Pyramid 6 Log Secure Transport Parsing & Enrichment High Availability Ingestion Evidentiary Log Storage Very Fast Search & Visualizations Correlation & Alerting Analytics & Machine Learning
  • 7. www.semplicityinc.com © Copyright 2018-2019 SEMplicity, Inc. 10 Commandments of Log Management 7 Log Secure Transport Parsing & Enrichment
  • 8. www.semplicityinc.com © Copyright 2019 SEMplicity, Inc. Why Parse Logs? 8 Parsing logs attaches meaning: • Naming fields according to a common schema enables correlation; • Deriving fields like categories, severity and behavior enables analytics; • Only humans can attach meaning to anything…including log records! Parsing is hard…but necessary. Logs Meaning Parsers
  • 9. www.semplicityinc.com © Copyright 2019 SEMplicity, Inc. Why Enrich Logs? 9 Log enrichment enables higher level use-cases: • Network information eases prioritization of event response; • Threat intelligence, both public, private and internal, greatly assists in event detection and correlation; • Identity information such as roles and privileges enables user analytics and sensitive user monitoring; • Vulnerability information helps determine root cause and remediation; • Host and user state and history also help determine root cause and assists analysts to build cases. All this enrichment empowers anomaly detection and many other forms of analytics! Logs There’s GOLD in them there logs!
  • 10. www.semplicityinc.com © Copyright 2019 SEMplicity, Inc. Why Denormalize? 10 Denormalization avoids joining data between different structures: • Enables much faster and easier searching and analysis; • Costs more in terms of disk space and ingestion; • Log records, which are written once and accessed many times, are best denomalized; • We must always prioritize human time over machine resources…unless you want this guy:
  • 11. www.semplicityinc.com © Copyright 2019 SEMplicity, Inc. Elastic! SIEM/Log Management – Tomorrow 11 Compliance Analytics Big Data Correlation Alerting Machine Learning Open Integration Evidentiary Storage ???
  • 12. www.semplicityinc.com © Copyright 2019 SEMplicity, Inc. The Old vs. The New 12 Log Secure Transport Parsing & Enrichment
  • 13. www.semplicityinc.com © Copyright 2019 SEMplicity, Inc. Connecting the Best of Both Worlds 13 Who We Are – SEMplicity is an official, licensed Elastic Managed Services Provider (MSP). – SEMplicity is the largest Micro Focus services provider for ArcSight. – SEMplicity offers a cloud-based or on-prem managed service to store, search, visualize and analyze legacy SIEM logs in Elasticsearch.
  • 14. www.semplicityinc.com Thank You © Copyright 2019 SEMplicity, Inc. George Boitano, President 617-524-0171 (direct) gboitano@semplicityinc.com www.semplicityinc.com