http://cei.co.il/cloud-solutions/siem/
שירות SIEM-as-a-Service שיחד עם מרכז בקרה (SOC) מספק ללקוחות שלנו זיהוי בזמן אמת של אירועי אבטחת מידע ודרכי פיתרון מומלצים. המערכת מאפשרת זיהוי מיידי של חריגות בביצועי הרשת וכן התפרצויות של חריגות אבטחת מידע על בסיס ניתוח התנהגות הרשת.
ניטור הרשת 7 × 24, התראות בזמן אמת, תיקון עבור כל פעילות זדונית, זרימת עבודה וניהול אירוע משולב, דוחות הנדרשים לצורך עמידה בדרישות ISO, PCI, HIPAA, SOX ועוד, עלות חודשית נמוכה
היכנס לאתר שלנו והירשם לקבלת המערכת ל 30 ימי ניסיון בחינם
http://cei.co.il/cloud-solutions/siem/
2. About Us
• Connect Everywhere Israel, Branch of Mexican IT Company
• More then 20 years of IT management & Security
• Working globally as Security Expert
• Bring the Israel IT top of the art security solution
3. Malware Based Attacks Continue To Rise
2009 2,361,414
430,555,582
new malware detected
2015
new malware detected
Source: Symantec 2016 Global Intelligence Network
Report
5. Cisco Threats
Security Risk
• Every day there are more
then 10 Security Risk
threats in your network that
you need to handle
• Some impact you
immediately
• You need to be aware them
and threat them when it
happen
6. • 2016 – 146 Vulnerabilities for Microsoft Office
• 106 Vulnerabilities considered CRITICAL
• 2015-2016 – 150 Vulnerabilities for Adobe Reader
• 11 Vulnerabilities considered CRITICAL
Microsoft Security Bulletin MS16-120 - Critical
Adobe Security Bulleting
7. Our Way to Solve Security Risk
• Our System Solution helps companies to overcome security issues in
their system
• There are 2 process that work together to solve your security break
• SIEM - Security Information and Event Management
• Deal with all the alerts in the system
• SOC - Security Operations Center
• Real people
• Working 24x7
• Monitors the security event
• send alerts and solutions to problems
9. Firewalls
I.P.S
Linux Server
Window Server
Switches
Router
The company has different IT and Information Security
Devices, such as Firewalls, IPS, Switches, routers,
proxies, Anti Spam, Antivirus , Windows Servers, Linux
Servers and others. Each Device Creates Its Own
Security Log With Security Information On It.
1
10. The Collector (MSI) will be installed on the client
premises and will take the logs from all this devices.
Firewalls
I.P.S
Linux Server
Window Server
Switches
Router
CollectorMSI
2
15. Firewalls
I.P.S
Linux Server
Window Server
Switches
Router
CollectorMSI
Compress
Encrypt
Send
Data can be exposed to the client using the
dashboard. When an incident is identified, an alert
is sent to the costumer and a ticket being open for
the analyst to check the issue.
7 Aggregation
Normalization
Duplication
External
Sources
Enrichment
Compliance Rules
Correlation Rules
DB
Dashboard Alert
16. Firewalls
I.P.S
Linux Server
Window Server
Switches
Router
Collector MSI
Compress
Encrypt
Send
The analyst checks the incident and decide if it is a
false positive or not, and if not gathers all the
evidence. A Remediation plan is created and all this
data is send to the client via a ticketing system or
email.
8 Aggregation
Normalization
Duplication
External
Sources
Enrichment
Compliance Rules
Correlation Rules
Verify
False Positive
Add
Remediation Plan
DB
Dashboard
Alert
Notify
SOC Analyst
CLIENTS
17. Who needs this solutions
• Capital Market
• Credit Data Law
• Superintendent of Insurance
• SOC2 - Cloud companies that hold customer information
• PCI - Companies that perform credit card transactions required to
correct
• HIPPA - Companies must meet HIPPA regulation - drug companies and
HMOs
18. Why CYBERShark ?
• Your network & data are critical to your success
• The characteristics of cyber threats are known:
• Unusual outbound network traffic/data exfiltration
• Anomalies in privileged-user account activity
• Large numbers of requests for the same file
• Geographical irregularities
• Database extractions (SQL injection)
• Sweep Scans & event log alterations
• But these Indicators of Compromise (IoC) cannot be reliably detected
by localized security measures like firewalls and IDS/IPS systems!
• You need CYBERShark to watch your entire network
19. HOW CYBERSHARK PROTECTS YOU
• The alerts we send you don’t just tell you that there’s a problem, they
tell you how to handle it:
• Identification of the specific threat
• Remediation steps to fix the problem (device-specific)
• All supporting evidence provided in the alert
• The customer portal lets you view your own network security posture
at a glance
• You get access to comprehensive reporting for security and
regulatory compliance
• Compliance reports identify the specific regulatory issues at stake due to a
threat (HIPAA, PCI, GPG13 and more)