SlideShare a Scribd company logo

SIEM enabled risk management , SOC and GRC v1.0

R
Rasmi Swain

SIEM provides a single view of an organization's security by connecting and analyzing data from various security tools and systems. It gives security teams visibility into network activity, vulnerabilities, configurations, and risks. This allows SIEM to be the foundation for risk management, security operations centers, and governance, risk, and compliance programs. By providing security intelligence in real-time from logs, events, and other data sources, SIEM helps organizations detect threats, contain incidents, and ensure ongoing compliance.

1 of 13
Downloaded 63 times
1
2
3
4
5
6
7
8
9
10
11
12
13
SIEM Enabled Risk Management, SOC and GRC 1
SIEM: A Single View of Your IT Security • SIEM is about looking at what’s happening on your network through a larger lens than can be provided via any one security control or information source. • Your Intrusion Detection only understands Packets, Protocols and IP Addresses • Your Endpoint Security sees files, usernames and hosts • Your Service Logs show user logins, service activity and configuration changes. • Your Asset Management system sees apps, business processes and owners • None of these by themselves, can tell you what is happening to *your business* in terms of securing the continuity of your business processes – but together, they can… • SIEM is essentially, nothing more than a management layer above your existing systems and security controls. • It connects and unifies the information contained in your existing systems, allowing them to be analyzed and cross-referenced from a single interface SAP Cloud Security 2
SIEM based Risk Management • SIEM is a foundation to security management in 21st Century for provides mostly the post-exploit value • Risk Manager based on SIEM gives detailed assessment of network security risk using broad risk indicators such as: • WHAT HAS HAPPENED? (from network activity data and behavior analysis) • WHAT CAN HAPPEN? (from topology and configuration) • WHAT HAS BEEN ATTEPMTED? (from events and content data) • WHAT IS VULNERABLE AND AT RISK? (from scanners) SAP Cloud Security 3 • Automated and real time «Security Intelligence» is what is needed for GRC • Risk Assessment & Management • IT Security Governance & Management • Control of activities and environment • Performance measurement and improvement • Benefits from better alignment with business (costs saving, efficiency etc.)
SIEM- 8 Critical Things – At a glance SAP Cloud Security 44
Logs, flows, maze • What logs – • Audit logs • Transaction logs • Intrusion logs • Connection logs • System performance records • User activity logs • Business systems alerts and different other systems messages SAP Cloud Security 5 • From where – • Firewalls / Intrusion prevention • Routers / Switches • Intrusion detection • Servers, desktops, mainframes • Business applications • Databases • Antivirus software • VPN’s
SIEM based Risk Management • Assessing the risks = • Log management + • Event management + • Network activity monitoring + • Configuration + • Most successful attacks are result of poor configuration • Configuration audits are expensive, labor intensive and time consuming • Config files are inconsistent across the vendors and product / technology types • Compliance is mandatory in many industries SAP Cloud Security 6 • Vulnerability Assessment + • VA scanners don’t prioritize based on network context • Vulnerability prioritization is historically complex
Legal  Compliance and Laws • EU Data Protection /WP29 • US Data Protection • COPPA,HIPPA,SOX, Safe Harbor • Usage and Purpose of Collection • Conflicts • ES-US Data transfer • Encryption or not • Trade Compliance • Business need vs. Personal need • Information Assymetry SAP Cloud Security 7 • Privacy Policies • Secondary Data Collection • Opt-in and Opt-out • Defaults • Necessity • Tracking • Browser Cookies • Data transfers • Data retention
What is SOC – Security Operations Center • Providing Security Intelligence by • Detection of IT threats • Containment of IT threats • Remediation of IT threats • Monitors application to identify possible cyber attack ( Event) • Real time Monitoring • Log Collection, Analysis • Reporting/Custom Views • Post Incident Analysis • Forensic • Investigation • Automatic Remediation SAP Cloud Security 8 • Central Location to collect information on • External threats • Internal Threats • User activity • Loss of Personal or sensitive data • Provide evidence in investigations
Isn't a firewall, IDS or AVS enough ? • Firewall is active and known by attackers • Protect systems , not users • Anti-Virus • Lag time to catch new threats • Matches file, but not patterns SAP Cloud Security 9 • IDS alerts but does not provide context • System Logs, • Proxy Logs, • DNS Logs • Information from other sources
IBM Qradar Solution Portfolio and vision SAP Cloud Security 10
SIEM based Risk Management SAP Cloud Security 11
Sample Security Governance Model SAP Cloud Security 12
SAP Cloud Security 13 Q & A

More Related Content

PPTX
WTF is Digital Risk Protection
Digital Shadows
 
PDF
3rd party information security assessment guideline
Priyanka Aash
 
PDF
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
Priyanka Aash
 
PPTX
Cyber threat intelligence: maturity and metrics
Mark Arena
 
PDF
NIST Cybersecurity Framework (CSF) 2.0 Workshop
Bachir Benyammi
 
PDF
Building a Product Security Practice in a DevOps World
Arun Prabhakar
 
PPTX
Security Operation Center - Design & Build
Sameer Paradia
 
PDF
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
 
WTF is Digital Risk Protection
Digital Shadows
 
3rd party information security assessment guideline
Priyanka Aash
 
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
Priyanka Aash
 
Cyber threat intelligence: maturity and metrics
Mark Arena
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
Bachir Benyammi
 
Building a Product Security Practice in a DevOps World
Arun Prabhakar
 
Security Operation Center - Design & Build
Sameer Paradia
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
 

What's hot (20)

PDF
SOLID Design Principles for Test Automaion
Knoldus Inc.
 
PPT
information security management
Gurpreetkaur838
 
PDF
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
PPTX
Nozomi Fortinet Accelerate18
Nozomi Networks
 
PDF
Knowledge for the masses: Storytelling with ATT&CK
MITRE ATT&CK
 
PPTX
cybersecurity strategy planning in the banking sector
Olivier Busolini
 
PPTX
Introduction to data science club
Data Science Club
 
PDF
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
PDF
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
MITRE ATT&CK
 
PDF
Security Automation and Machine Learning
Siemplify
 
PDF
AI: The New Player in Cybersecurity (Nov. 08, 2023)
Takeshi Takahashi
 
PPTX
Cobit 2019 framework by ISACA
MDFazlaRabbiAbir
 
PPTX
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault
 
PPTX
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Katie Nickels
 
PPTX
Cyber Defense Matrix: Reloaded
Sounil Yu
 
PPTX
Cyber Threat Intelligence | Information to Insight
Deep Shankar Yadav
 
PDF
NIST Cybersecurity Framework (CSF) 2.0: What has changed?
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
PDF
Introduction to Big Data Analytics and Data Science
Data Science Thailand
 
PDF
Cyber Threat Intelligence
Marlabs
 
PDF
Cyber Threat Intelligence
ZaiffiEhsan
 
SOLID Design Principles for Test Automaion
Knoldus Inc.
 
information security management
Gurpreetkaur838
 
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
Nozomi Fortinet Accelerate18
Nozomi Networks
 
Knowledge for the masses: Storytelling with ATT&CK
MITRE ATT&CK
 
cybersecurity strategy planning in the banking sector
Olivier Busolini
 
Introduction to data science club
Data Science Club
 
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
MITRE ATT&CK
 
Security Automation and Machine Learning
Siemplify
 
AI: The New Player in Cybersecurity (Nov. 08, 2023)
Takeshi Takahashi
 
Cobit 2019 framework by ISACA
MDFazlaRabbiAbir
 
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Katie Nickels
 
Cyber Defense Matrix: Reloaded
Sounil Yu
 
Cyber Threat Intelligence | Information to Insight
Deep Shankar Yadav
 
NIST Cybersecurity Framework (CSF) 2.0: What has changed?
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Introduction to Big Data Analytics and Data Science
Data Science Thailand
 
Cyber Threat Intelligence
Marlabs
 
Cyber Threat Intelligence
ZaiffiEhsan
 
Ad

Similar to SIEM enabled risk management , SOC and GRC v1.0 (20)

PPTX
Effective Security Monitoring for IBM i: What You Need to Know
Precisely
 
PPTX
IBM i Security: Identifying the Events That Matter Most
Precisely
 
PDF
Security Monitoring Course - Ali Ahangari
Ali Ahangari
 
PPTX
IBM i Security SIEM Integration
Precisely
 
PDF
Monitoring and Reporting on IBM i Compliance and Security
Precisely
 
PPTX
SIEM - Your Complete IT Security Arsenal
ManageEngine EventLog Analyzer
 
PPTX
SIEM 1 solution .pptx
AbdulrahmanMuhammadB
 
PPTX
SORT OUT YOUR SIEM
SecureData Europe
 
PDF
UNIT -III SIEM aur baato kaise hai aap log.pdf
hefagi6193
 
PPTX
Tips on SIEM Ops 2015
Anton Chuvakin
 
PDF
Cybersecurity Series SEIM Log Analysis
Jim Kaplan CIA CFE
 
PPT
Intrusion detection 2001
eaiti
 
PPTX
IT Security: Eliminating threats with effective network & log analysis
ManageEngine, Zoho Corporation
 
PDF
SIEM Architecture
Nishanth Kumar Pathi
 
PPTX
Improve IT Security and Compliance with Mainframe Data in Splunk
Precisely
 
PPTX
Cyber Security # Lec 4
Kabul Education University
 
PPTX
Downtime is Not an Option: Integrating IBM Z into ServiceNow and Splunk
Precisely
 
PPTX
Security Information Event Management Security Information Event Management
karthikvcyber
 
PPTX
RuSIEM overview (english version)
Olesya Shelestova
 
PPTX
Introduction to SIEM.pptx
neoalt
 
Effective Security Monitoring for IBM i: What You Need to Know
Precisely
 
IBM i Security: Identifying the Events That Matter Most
Precisely
 
Security Monitoring Course - Ali Ahangari
Ali Ahangari
 
IBM i Security SIEM Integration
Precisely
 
Monitoring and Reporting on IBM i Compliance and Security
Precisely
 
SIEM - Your Complete IT Security Arsenal
ManageEngine EventLog Analyzer
 
SIEM 1 solution .pptx
AbdulrahmanMuhammadB
 
SORT OUT YOUR SIEM
SecureData Europe
 
UNIT -III SIEM aur baato kaise hai aap log.pdf
hefagi6193
 
Tips on SIEM Ops 2015
Anton Chuvakin
 
Cybersecurity Series SEIM Log Analysis
Jim Kaplan CIA CFE
 
Intrusion detection 2001
eaiti
 
IT Security: Eliminating threats with effective network & log analysis
ManageEngine, Zoho Corporation
 
SIEM Architecture
Nishanth Kumar Pathi
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Precisely
 
Cyber Security # Lec 4
Kabul Education University
 
Downtime is Not an Option: Integrating IBM Z into ServiceNow and Splunk
Precisely
 
Security Information Event Management Security Information Event Management
karthikvcyber
 
RuSIEM overview (english version)
Olesya Shelestova
 
Introduction to SIEM.pptx
neoalt
 
Ad

SIEM enabled risk management , SOC and GRC v1.0

  • 1. SIEM Enabled Risk Management, SOC and GRC 1
  • 2. SIEM: A Single View of Your IT Security • SIEM is about looking at what’s happening on your network through a larger lens than can be provided via any one security control or information source. • Your Intrusion Detection only understands Packets, Protocols and IP Addresses • Your Endpoint Security sees files, usernames and hosts • Your Service Logs show user logins, service activity and configuration changes. • Your Asset Management system sees apps, business processes and owners • None of these by themselves, can tell you what is happening to *your business* in terms of securing the continuity of your business processes – but together, they can… • SIEM is essentially, nothing more than a management layer above your existing systems and security controls. • It connects and unifies the information contained in your existing systems, allowing them to be analyzed and cross-referenced from a single interface SAP Cloud Security 2
  • 3. SIEM based Risk Management • SIEM is a foundation to security management in 21st Century for provides mostly the post-exploit value • Risk Manager based on SIEM gives detailed assessment of network security risk using broad risk indicators such as: • WHAT HAS HAPPENED? (from network activity data and behavior analysis) • WHAT CAN HAPPEN? (from topology and configuration) • WHAT HAS BEEN ATTEPMTED? (from events and content data) • WHAT IS VULNERABLE AND AT RISK? (from scanners) SAP Cloud Security 3 • Automated and real time «Security Intelligence» is what is needed for GRC • Risk Assessment & Management • IT Security Governance & Management • Control of activities and environment • Performance measurement and improvement • Benefits from better alignment with business (costs saving, efficiency etc.)
  • 4. SIEM- 8 Critical Things – At a glance SAP Cloud Security 44
  • 5. Logs, flows, maze • What logs – • Audit logs • Transaction logs • Intrusion logs • Connection logs • System performance records • User activity logs • Business systems alerts and different other systems messages SAP Cloud Security 5 • From where – • Firewalls / Intrusion prevention • Routers / Switches • Intrusion detection • Servers, desktops, mainframes • Business applications • Databases • Antivirus software • VPN’s
  • 6. SIEM based Risk Management • Assessing the risks = • Log management + • Event management + • Network activity monitoring + • Configuration + • Most successful attacks are result of poor configuration • Configuration audits are expensive, labor intensive and time consuming • Config files are inconsistent across the vendors and product / technology types • Compliance is mandatory in many industries SAP Cloud Security 6 • Vulnerability Assessment + • VA scanners don’t prioritize based on network context • Vulnerability prioritization is historically complex
  • 7. Legal  Compliance and Laws • EU Data Protection /WP29 • US Data Protection • COPPA,HIPPA,SOX, Safe Harbor • Usage and Purpose of Collection • Conflicts • ES-US Data transfer • Encryption or not • Trade Compliance • Business need vs. Personal need • Information Assymetry SAP Cloud Security 7 • Privacy Policies • Secondary Data Collection • Opt-in and Opt-out • Defaults • Necessity • Tracking • Browser Cookies • Data transfers • Data retention
  • 8. What is SOC – Security Operations Center • Providing Security Intelligence by • Detection of IT threats • Containment of IT threats • Remediation of IT threats • Monitors application to identify possible cyber attack ( Event) • Real time Monitoring • Log Collection, Analysis • Reporting/Custom Views • Post Incident Analysis • Forensic • Investigation • Automatic Remediation SAP Cloud Security 8 • Central Location to collect information on • External threats • Internal Threats • User activity • Loss of Personal or sensitive data • Provide evidence in investigations
  • 9. Isn't a firewall, IDS or AVS enough ? • Firewall is active and known by attackers • Protect systems , not users • Anti-Virus • Lag time to catch new threats • Matches file, but not patterns SAP Cloud Security 9 • IDS alerts but does not provide context • System Logs, • Proxy Logs, • DNS Logs • Information from other sources
  • 10. IBM Qradar Solution Portfolio and vision SAP Cloud Security 10
  • 11. SIEM based Risk Management SAP Cloud Security 11
  • 12. Sample Security Governance Model SAP Cloud Security 12