0% found this document useful (0 votes)
165 views17 pages

Security Monitoring: Amit Kumar Gupta Security Analyst

Security Monitoring is the process of continuous observation of activities on servers, applications and various security products to detect any abnormal or malicious activity. It has two primary benefits. First the ability to identify attacks as they occur and Second the ability to perform forensic analysis on the events that occurred before, during, and after an attack. Any policy violation can immediately be detected.

Uploaded by

Amit Gupta
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
165 views17 pages

Security Monitoring: Amit Kumar Gupta Security Analyst

Security Monitoring is the process of continuous observation of activities on servers, applications and various security products to detect any abnormal or malicious activity. It has two primary benefits. First the ability to identify attacks as they occur and Second the ability to perform forensic analysis on the events that occurred before, during, and after an attack. Any policy violation can immediately be detected.

Uploaded by

Amit Gupta
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 17

Security Monitoring

Amit Kumar Gupta Security Analyst

2012 WIPRO LTD | WWW.WIPRO.COM

Security Monitoring Importance of SecMon Technologies and Products

Support Levels
Q&A
2
2012 WIPRO LTD | WWW.WIPRO.COM

2011 The black year in the IT security


The Total Cost is an incredible number: nearly US $ 18 billion.

2012 WIPRO LTD | WWW.WIPRO.COM

Security Monitoring

422081'

It is the process of continuous observation of activities on servers, applications and various security products to detect any abnormal or malicious activity.

2012 WIPRO LTD | WWW.WIPRO.COM

Importance of Security Monitoring


It has two primary benefits. First the ability to identify attacks as they occur and Second

The ability to perform forensic analysis on the events that occurred before, during, and after an attack.
It also reduces the effect of attacks. Creates auditing information to meet regulatory requirements. Any policy violation can immediately be detected
5
2012 WIPRO LTD | WWW.WIPRO.COM

Technologies and Products


Firewall
CheckPoint Juniper Cisco PIX Cisco ASA Palo Alto Fortinet

2012 WIPRO LTD | WWW.WIPRO.COM

Technologies and Products


IDS/IPS (Intrusion Detection/Prevention System)
TippingPoint SourceFire IBM SiteProtector Cisco IDS

2012 WIPRO LTD | WWW.WIPRO.COM

Technologies and Products


DSS (Data Security Solutions)
Imperva Guardium

2012 WIPRO LTD | WWW.WIPRO.COM

Technologies and Products


Legacy method:
Independent Monitoring of every device Manual analysis of threats More time and efforts Vulnerable to miss the real time attacks

2012 WIPRO LTD | WWW.WIPRO.COM

Technologies and Products


SIEM (Securtiy Information and Event Management)
A centralized server to collect, analyze and store information coming from all the products in an organization. Alerting, notification, monitoring for entire network from a single terminal. Correlation of the information obtained from various levels in the network.

10

2012 WIPRO LTD | WWW.WIPRO.COM

Technologies and Products


Products:
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. HP ArchSight EMC2 RSA EnVision LogLogic Q1 Radar OSSIM (Open Source) Novell NetIQ Symantec Splunk NetForensics

11

2012 WIPRO LTD | WWW.WIPRO.COM

Support Level
Level 1
Detection, Classification and Prioritization of security incident. Identification of issue after initial triage and proper escalation. Daily/Weekly Reports on overall security threats and incidents. To provide inputs to level 2 for loopholes. Adherence to Escalation Matrix Provide prompt & concise information to L2/L3.

12

2012 WIPRO LTD | WWW.WIPRO.COM

Support Level
Level 2
To investigate further on escalated incidents. Based on L1 inputs, creation of new rules/reports on the tool. Responsible for daily administration.

Perform root cause analysis (RCA) & complete documentation of problems and solutions in known error database (KEDB).
Apply approved operating system updates, patches, and configuration changes for problem resolutions. Do trend analysis of security incidents.

13

2012 WIPRO LTD | WWW.WIPRO.COM

Support Level
Level 3
Investigation on escalated incidents by L2. Maintenance/Updates/Administration of the tools. Research on latest threat and creation of rules to capture those.

Perform the risk analysis and engage with clients.


Providing solution/workarounds on high priority incidents.

Perform Security and Compliance Audit Support


Develop Training and Awareness Program
14
2012 WIPRO LTD | WWW.WIPRO.COM

Interesting Sites
These websites provides pretty simple and easy to understand material on security domain. http://www.sans.org http://www.gohacking.com http://www.securitywizardry.com http://www.firewall.cx http://searchsecurity.techtarget.com

15

2012 WIPRO LTD | WWW.WIPRO.COM

It's your turn now !

16

2012 WIPRO LTD | WWW.WIPRO.COM

Thank you
Deserve before you desire

[email protected]

http://in.linkedin.com/in/linktoamitgupta

17

2012 WIPRO LTD | WWW.WIPRO.COM

You might also like