View
229
Download
3
Category
Preview:
Citation preview
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Top 10 use cases of HP ArcSight Logger
Sridhar Karnam
@Sri747
Karnam@hp.com
#HPSecure
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Big data is driving innovation
•Collect Big Data for analytics
•Store Big Data for compliance
•Search Big Data for incident response
•Correlate Big Data for security
The Big Data will continue to expand
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Log management challenges
• Compliance and reporting
• Comprehensive collection
• Secure applications
• Store Big Data
• Filtering & parsing of various logs
• IT change management
• Ultra-fast forensic investigation
• Where do I start?
• Mobility
• Consolidated view
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
HP’s unique approach to universal log management
A new approach: Comprehensive log management
Collect 100% data collection
Enrich Unify Big Data through normalization and categorization
Search Fastest search engine on the planet
Store Store years’ worth of Big Data without additional database
Correlate Analytics for 25+ use cases including security and compliance
?
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
HP ArcSight Log management and SIEM solution
What we do?
Collect Store Analyze
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Time (Event Time) name DeviceVendor
DeviceProductCategoryBehavior
CategoryDeviceGroup
CategoryOutcome
CategorySignificance
6/17/2009 12:16:03
Deny Cisco PIX /Access /Firewall /Failure /Informational/
Warning
6/17/2009 14:53:16
Drop Checkpoint Firewall-1/VPN-1 /Access/Start /Firewall /Failure /Informational/
Warning
Convert all machine data into common format for search, report, and retention
Unified data
Benefit: Single data for searching, indexing, reporting, and archiving
Jun 17 2009 12:16:03: %PIX-6-106015: Deny TCP (no connection) from 10.50.215.102/15605 to 204.110.227.16/443 flags FIN ACK on interface outsideJun 17 2009 14:53:16 drop gw.foobar.com >eth0 product VPN-1 & Firewall-1 src xxx.xxx.146.12 s_port 2523 dst xxx.xxx.10.2 service ms-sql-m proto udp rule 49
Raw machine data
Unified data
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Customer benefits
4 weeks to generate IT GRC report
Logger compliance packs generates IT GRC reports in 5 minutes
6 weeks to run an IT audit
Audit-quality search results helps you run audits in 8 hours
24 days to respond to a breach
Fastest search engine along with full-text searching enable respond in 4 hours
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
#10: Dev-Ops/ Sec-Ops
• Prioritization
• Heat map of risk
Integrating operations to be part of other IT priorities
Heat map/ Sec-Ops Asset mapping Risk indicators Dev-Ops
• Isolation of incidents
• Vulnerability score
• Aggregation events
• Risk scoring
• Continuous monitoring
• Development feedback
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
#9: Log analytics for support team
• Provide view access to log analytics
• Different support groups get access to logs that only they care
• Secure your logs with view only access to broader teams including contractors and partners
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
#8: Threat detection and response
• Early detection of attacks from malware, virus or distributed attacks
• Upload reputation database and use lookup to find any suspicious activities or threats
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Security Analytics – Attacks
• Store year’s worth of data (1.6 PetaBytes) of data through peering 20 instances of Logger
• Run reports/ dashboards/ alerts on years’ worth of data
• Transfer data between Logger & ESM for long term security analytics use cases
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Organizations of All Sizes Are At Risk
© 2010 ArcSight Confidential 13
Typical threats
• Bot, Worm, and Virus Attacks
• Hacker Detection
• Bandwidth Hogs and Policy Violations
• Unauthorized Application Access
• VPN Sneak Attacks
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
#7: Web log analysis
• What websites are frequently visited?
• What is the click through rate?
• Which Search Engine is generating the lead for the visitor at my website?
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
#6: Network analytics
• Analyze network data through netflow, syslog, etc
• Firewall/ NGFW log analytics in real-time across the devices and vendors
• Integrate with IPS/ IDS for better management of threats/ attacks
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
#5: Application intelligence
• Monitoring application logs for security, performance, and operations
• Logs both on-the-wire and run-time for securing both new and legacy apps
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Logger collects and analyzes logs/ data from every layer or any RESTful APIs#4: Cloud monitoring
PaaS
IaaS
SaaS
Application
User
Consumer responsible Provider responsible
Application
Information
O/S
Network
Physical
O/Simage
Information
Application
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
#3: Mobility
• Monitoring on the go
• Compliance and security analytics on the mobile device
• Provide access to analysts/ CISO/ CIO to be on the same page
• Access dashboards/ reports quickly on iPad/ iPhone
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
#2: Compliance and audit reporting
• Built-in reports for automated compliance and audit reports
• Focused on delivering compliance
• Alerts
• Dashboards
• Reports
• Workflow
• Retention
ISO PCI DSS SOXNIST
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
#1: Big Data analytics
20
• Collect from 350+ log generating sources
• Collect data up to 5 TB/ day
• Store 1.6 PB of data
• Search billions of events in seconds through bloom filters
• Full-text English searching
• Collect data from thousands of devices from thousands of vendors
Recommended