Security Monitoring

Amit Kumar Gupta Security Analyst

2012 WIPRO LTD | WWW.WIPRO.COM

Security Monitoring Importance of SecMon Technologies and Products

Support Levels
Q&A
2
2012 WIPRO LTD | WWW.WIPRO.COM

2011 The black year in the IT security

The Total Cost is an incredible number: nearly US $ 18 billion.

2012 WIPRO LTD | WWW.WIPRO.COM

Security Monitoring

422081'

It is the process of continuous observation of activities on servers, applications and various security products to detect any abnormal or malicious activity.

2012 WIPRO LTD | WWW.WIPRO.COM

Importance of Security Monitoring

It has two primary benefits. First the ability to identify attacks as they occur and Second

The ability to perform forensic analysis on the events that occurred before, during, and after an attack.
It also reduces the effect of attacks. Creates auditing information to meet regulatory requirements. Any policy violation can immediately be detected
5
2012 WIPRO LTD | WWW.WIPRO.COM

Technologies and Products

Firewall
CheckPoint Juniper Cisco PIX Cisco ASA Palo Alto Fortinet

2012 WIPRO LTD | WWW.WIPRO.COM

Technologies and Products

IDS/IPS (Intrusion Detection/Prevention System)
TippingPoint SourceFire IBM SiteProtector Cisco IDS

2012 WIPRO LTD | WWW.WIPRO.COM

Technologies and Products

DSS (Data Security Solutions)
Imperva Guardium

2012 WIPRO LTD | WWW.WIPRO.COM

Technologies and Products

Legacy method:
Independent Monitoring of every device Manual analysis of threats More time and efforts Vulnerable to miss the real time attacks

2012 WIPRO LTD | WWW.WIPRO.COM

Technologies and Products

SIEM (Securtiy Information and Event Management)
A centralized server to collect, analyze and store information coming from all the products in an organization. Alerting, notification, monitoring for entire network from a single terminal. Correlation of the information obtained from various levels in the network.

10

2012 WIPRO LTD | WWW.WIPRO.COM

Technologies and Products

Products:
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. HP ArchSight EMC2 RSA EnVision LogLogic Q1 Radar OSSIM (Open Source) Novell NetIQ Symantec Splunk NetForensics

11

2012 WIPRO LTD | WWW.WIPRO.COM

Support Level
Level 1
Detection, Classification and Prioritization of security incident. Identification of issue after initial triage and proper escalation. Daily/Weekly Reports on overall security threats and incidents. To provide inputs to level 2 for loopholes. Adherence to Escalation Matrix Provide prompt & concise information to L2/L3.

12

2012 WIPRO LTD | WWW.WIPRO.COM

Support Level
Level 2
To investigate further on escalated incidents. Based on L1 inputs, creation of new rules/reports on the tool. Responsible for daily administration.

Perform root cause analysis (RCA) & complete documentation of problems and solutions in known error database (KEDB).
Apply approved operating system updates, patches, and configuration changes for problem resolutions. Do trend analysis of security incidents.

13

2012 WIPRO LTD | WWW.WIPRO.COM

Support Level
Level 3
Investigation on escalated incidents by L2. Maintenance/Updates/Administration of the tools. Research on latest threat and creation of rules to capture those.

Perform the risk analysis and engage with clients.

Providing solution/workarounds on high priority incidents.

Perform Security and Compliance Audit Support

Develop Training and Awareness Program
14
2012 WIPRO LTD | WWW.WIPRO.COM

Interesting Sites
These websites provides pretty simple and easy to understand material on security domain. http://www.sans.org http://www.gohacking.com http://www.securitywizardry.com http://www.firewall.cx http://searchsecurity.techtarget.com

15

2012 WIPRO LTD | WWW.WIPRO.COM

It's your turn now !

16

2012 WIPRO LTD | WWW.WIPRO.COM

Thank you
Deserve before you desire

[email protected]

http://in.linkedin.com/in/linktoamitgupta

17

2012 WIPRO LTD | WWW.WIPRO.COM