INTRODUCTION Sam Wachira

Slides:



Advertisements
Similar presentations
SIEM Based Intrusion Detection Jim Beechey May 2010 GSEC, GCIA, GCIH, GCFA, GCWN twitter: jim_beechey.
Advertisements

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.
The Most Analytical and Comprehensive Defense Network in a Box.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,
Access Control Chapter 3 Part 5 Pages 248 to 252.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Host Intrusion Prevention Systems & Beyond
Department Of Computer Engineering
Intrusion Detection System Marmagna Desai [ 520 Presentation]
Security Guidelines and Management
Or: “Everything You Wanted to Know About Log Management But were Afraid to Ask” SIEM FOR BEGINNERS.
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.
Securing Legacy Software SoBeNet User group meeting 25/06/2004.
Auditing for Security Management By Cyril Onwubiko Network Security Analyst at COLT Telecom Invited Guest Lecture delivered at London Metropolitan University,
Penetration Testing Security Analysis and Advanced Tools: Snort.
Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
The Most Analytical and Comprehensive Defense Network in a Box.
What is FORENSICS? Why do we need Network Forensics?
ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.
Honeypot and Intrusion Detection System
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted.
CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.
1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.
Linux Networking and Security
SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
1 Figure 10-4: Intrusion Detection Systems (IDSs) HOST IDSs  Protocol Stack Monitor (like NIDS) Collects the same type of information as a NIDS Collects.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
© CounterSnipe – April 2015 TM CounterSnipe – Network Security Welcome Amar Rathore.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Some Great Open Source Intrusion Detection Systems (IDSs)
Unit 2: Cyber Security Part 3 Monitoring Tools & other Security Products.
Lab #2 NET332 By Asma AlOsaimi.
SIEM Rotem Mesika System security engineering
Securing Information Systems
Final Project: Advanced security blade
CompTIA Security+ Study Guide (SY0-401)
Snort – IDS / IPS.
C IBM Security QRadar SIEM V7.2.6 Associate Analyst
Secure Software Confidentiality Integrity Data Security Authentication
Securing the Network Perimeter with ISA 2004
Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009
Lecture 6: TCP/IP Networking By: Adal Alashban
SECURITY INFORMATION AND EVENT MANAGEMENT
CompTIA Security+ Study Guide (SY0-401)
NETWORK SECURITY LAB Lab 9. IDS and IPS.
IIS.
Chapter 27: System Security
Intrusion Detection Systems (IDS)
ISMS Information Security Management System
Lesson 16-Windows NT Security Issues
Chapter 4: Protecting the Organization
Designing IIS Security (IIS – Internet Information Service)
Network Security Mark Creighton GBA 576 6/4/2019.
Presentation transcript:

INTRODUCTION Sam Wachira Director and CTO at Kenindus Limited . Holds a Bachelor of Science degree in Computer Information Management from Life University in Atlanta, Georgia and a Masters in Small Business and Entrepreneurship from Plymouth State in Plymouth, New Hampshire. I have more than 10 years experience in cyber security software engineering. Some of the notable organizations I have worked for include BAE Systems, Rapid 7 and 3M. At BAE Systems I worked with NetReveal and Vuma, at Rapid 7 I worked with Nexpose and Metasploit, Software that have received international accolades and adopted by both small and big financial institutions, government agencies and other private entities setting a standard by which others are measured.

Phoenix – Guard SIEM What’s a SIEM ? Security Information and Event Management (SIEM) is about looking at your network through a larger lens than can be provided by a single security control or information source. For example: Your Asset Management system only sees applications, business processes and administrative contacts. Your Network Intrusion Detection system (IDS) only understands Packets, Protocols and IP Addresses Your Endpoint Security system only sees files, usernames and hosts Your Service Logs show user sessions, transactions in databases and configuration changes. File Integrity Monitoring (FIM) systems only sees changes in files and registry settings

How a SIEM Works

Phoenix – Guard SIEM LMS - “Log Management System SLM /SEM– “Security Log/Event Management LMS - “Log Management System” – a system that collects and store Log Files (from Operating Systems, Applications) from multiple hosts and systems into a single location, allowing centralized access to logs instead of accessing them from each system individually. SLM /SEM– “Security Log/Event Management” – an LMS, but marketed towards security analysts instead of system administrators. SEM is about highlighting log entries as more significant to security than others.

Phoenix – Guard SIEM SIM – “Security Information Management SEC - “Security Event Correlation SIM – “Security Information Management” - an Asset Management system, but with features to incorporate security information too. Hosts may have vulnerability reports listed in their summaries, Intrusion Detection and AntiVirus alerts may be shown mapped to the systems involved. SEC - “Security Event Correlation” – To a particular piece of software, three failed login attempts to the same user account from three different clients, are just three lines in their log file. To an analyst, that is a peculiar sequence of events worthy of investigation, and Log Correlation (looking for patterns in log files) is a way to raise alerts when these things happen.

Phoenix – Guard SIEM Features In Phoenix Phoenix features are extensive to secure each unique environment: Comprehensive logging of activity for offline analysis and forensics. Port-independent analysis of application-layer protocols. Support for many application-layer protocols (including DNS, FTP, HTTP, IRC, SMTP, SSH, SSL, SMB). Analysis of file content exchanged over application-layer protocols, including MD5/SHA1 computation for fingerprinting. Tunnel detection and analysis (including Ayiya, Teredo, GTPv1). Phoenix decapsulates the tunnels and then proceeds to analyze their content as if no tunnel was in place. Vulnerability assessment

Phoenix – Guard SIEM Features In Phoenix Extensive sanity checks during protocol analysis. Support for IDS-style pattern matching. Network Intrusion Detection System (NIDS) engine Network Intrusion Prevention System (NIPS) engine Network Security Monitoring (NSM) engine Off line analysis of PCAP files Full system Audit DOS detection Auto discovery Scan Penetration testing Identifies vulnerabilities that allow a remote attacker to access sensitive information from the system Network Monitoring intrusion detection system (IDS)  Web Audit

The cost of cyber crime impacts all industries. The average annualized cost of cyber crime varies by industry sector. In this year’s study, we compare cost averages for 17 different industry sectors. As shown in the figure below, the cost of cyber crime for companies in financial services and utilities & energy experienced the highest annualized costs. In contrast, companies in hospitality, automotive and agriculture sectors incurred a much lower cost on average

Types of cyber attacks experienced by companies

Average annualized cyber crime cost weighted by attack frequency

Percentage use of five advanced SIEM features

P h o e n i x – G u a r d

THANK YOU

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.