Presentation is loading. Please wait.

Presentation is loading. Please wait.

INTRODUCTION Sam Wachira

Published byGervais Bryan Modified over 7 years ago

Similar presentations

Presentation on theme: "INTRODUCTION Sam Wachira"— Presentation transcript:

1

2 INTRODUCTION Sam Wachira
Director and CTO at Kenindus Limited . Holds a Bachelor of Science degree in Computer Information Management from Life University in Atlanta, Georgia and a Masters in Small Business and Entrepreneurship from Plymouth State in Plymouth, New Hampshire. I have more than 10 years experience in cyber security software engineering. Some of the notable organizations I have worked for include BAE Systems, Rapid 7 and 3M. At BAE Systems I worked with NetReveal and Vuma, at Rapid 7 I worked with Nexpose and Metasploit, Software that have received international accolades and adopted by both small and big financial institutions, government agencies and other private entities setting a standard by which others are measured.

3 Phoenix – Guard SIEM What’s a SIEM ?
Security Information and Event Management (SIEM) is about looking at your network through a larger lens than can be provided by a single security control or information source. For example: Your Asset Management system only sees applications, business processes and administrative contacts. Your Network Intrusion Detection system (IDS) only understands Packets, Protocols and IP Addresses Your Endpoint Security system only sees files, usernames and hosts Your Service Logs show user sessions, transactions in databases and configuration changes. File Integrity Monitoring (FIM) systems only sees changes in files and registry settings

4 How a SIEM Works

5 Phoenix – Guard SIEM LMS - “Log Management System SLM /SEM– “Security Log/Event Management LMS - “Log Management System” – a system that collects and store Log Files (from Operating Systems, Applications) from multiple hosts and systems into a single location, allowing centralized access to logs instead of accessing them from each system individually. SLM /SEM– “Security Log/Event Management” – an LMS, but marketed towards security analysts instead of system administrators. SEM is about highlighting log entries as more significant to security than others.

6 Phoenix – Guard SIEM SIM – “Security Information Management SEC - “Security Event Correlation SIM – “Security Information Management” - an Asset Management system, but with features to incorporate security information too. Hosts may have vulnerability reports listed in their summaries, Intrusion Detection and AntiVirus alerts may be shown mapped to the systems involved. SEC - “Security Event Correlation” – To a particular piece of software, three failed login attempts to the same user account from three different clients, are just three lines in their log file. To an analyst, that is a peculiar sequence of events worthy of investigation, and Log Correlation (looking for patterns in log files) is a way to raise alerts when these things happen.

7 Phoenix – Guard SIEM Features In Phoenix
Phoenix features are extensive to secure each unique environment: Comprehensive logging of activity for offline analysis and forensics. Port-independent analysis of application-layer protocols. Support for many application-layer protocols (including DNS, FTP, HTTP, IRC, SMTP, SSH, SSL, SMB). Analysis of file content exchanged over application-layer protocols, including MD5/SHA1 computation for fingerprinting. Tunnel detection and analysis (including Ayiya, Teredo, GTPv1). Phoenix decapsulates the tunnels and then proceeds to analyze their content as if no tunnel was in place. Vulnerability assessment

8 Phoenix – Guard SIEM Features In Phoenix
Extensive sanity checks during protocol analysis. Support for IDS-style pattern matching. Network Intrusion Detection System (NIDS) engine Network Intrusion Prevention System (NIPS) engine Network Security Monitoring (NSM) engine Off line analysis of PCAP files Full system Audit DOS detection Auto discovery Scan Penetration testing Identifies vulnerabilities that allow a remote attacker to access sensitive information from the system Network Monitoring intrusion detection system (IDS)  Web Audit

9 The cost of cyber crime impacts all industries.
The average annualized cost of cyber crime varies by industry sector. In this year’s study, we compare cost averages for 17 different industry sectors. As shown in the figure below, the cost of cyber crime for companies in financial services and utilities & energy experienced the highest annualized costs. In contrast, companies in hospitality, automotive and agriculture sectors incurred a much lower cost on average

10 Types of cyber attacks experienced by companies

11 Average annualized cyber crime cost weighted by attack frequency

12 Percentage use of five advanced SIEM features

13 P h o e n i x – G u a r d

14 THANK YOU

Download ppt "INTRODUCTION Sam Wachira"

Similar presentations

SIEM Based Intrusion Detection Jim Beechey May 2010 GSEC, GCIA, GCIH, GCFA, GCWN twitter: jim_beechey.

SIEM Based Intrusion Detection Jim Beechey May 2010 GSEC, GCIA, GCIH, GCFA, GCWN twitter: jim_beechey.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.

Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,

1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,
Access Control Chapter 3 Part 5 Pages 248 to 252.

Access Control Chapter 3 Part 5 Pages 248 to 252.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Host Intrusion Prevention Systems & Beyond

Host Intrusion Prevention Systems & Beyond
Department Of Computer Engineering

Department Of Computer Engineering
Intrusion Detection System Marmagna Desai [ 520 Presentation]

Intrusion Detection System Marmagna Desai [ 520 Presentation]
Security Guidelines and Management

Security Guidelines and Management
Or: “Everything You Wanted to Know About Log Management But were Afraid to Ask” WWW.ALIENVAULT.COM SIEM FOR BEGINNERS.

Or: “Everything You Wanted to Know About Log Management But were Afraid to Ask” SIEM FOR BEGINNERS.

Similar presentations

Ads by Google