SlideShare uma empresa Scribd logo

HP ArcSight

Transferir como PPSX, PDF
Mohamed Zohair
Mohamed Zohair

The document discusses security information and event management (SIEM) solutions from HP, including the HP SIRM Platform, ArcSight Logger, ArcSight Connectors, ArcSight ESM, and ArcSight Express. The HP SIRM Platform provides 360 degree security monitoring, proactive security testing, and adaptive network defenses. It integrates security correlation, application security analysis, and network defense mechanisms. ArcSight Logger collects and stores logs from over 350 sources for searching, analysis and retention. ArcSight Connectors automate log collection and normalization into a common format. ArcSight ESM analyzes and correlates events for security monitoring, compliance, and intelligence. ArcSight Express uses a new correlation

Tecnologia
1 de 39
Security Information and Event Management (SIEM) Mohamed Zohair Business Development Consultant
Why Security “We now create as much data in just two days as we did from the dawn of man until the year 2003. This means that over 90% of all data that exists today has been created in the last two years alone.” Eric Schmidt, the former CEO of Google
Big Data Challenge
Security Intelligence and Risk Management (SIRM) platform
SIRM Platform Based on market-leading products from ArcSight, Fortify, and TippingPoint, the HP SIRM Platform uniquely enables enterprises to take a proactive approach that integrates security correlation, deep application security analysis, and networklevel defense mechanisms
How the SIRM Platform Protects Your Enterprise • 360° Security Monitoring to Detect Incidents • Proactive Security Testing to Protect Applications • Adaptive Network Defenses to Block Attacks • Platform Integration to Manage Risk
SIRM Solutions
SIEM Overview The HP ArcSight Security Intelligence platform helps safeguard your business by giving you complete visibility into activity across the IT infrastructure including external threats such as malware and hackers, internal threats such as data breaches and fraud.
SIEM Solutions
SIEM Products • • • • • • • • • • HP ArcSight Logger HP ArcSight ESM HP ArcSight Express HP ArcSight Connector HP ArcSight IdentityView HP ArcSight Threat Detector HP ArcSight Threat Response Manager HP Compliance Insight Packages HP EnterpriseView HP Reputation Security Monitor (RepSM)
ArcSight environment Diagram Basic
ArcSight environment Diagram
HP ArcSight Logger
ArcSight Logger • ArcSight Logger you can improve everything from compliance and risk management to security intelligence to IT operations. This universal log management solution collects data from any log generating source and unifies the data for searching, indexing, reporting, analysis, and retention.
ArcSight Logger Key Capabilities • Collect logs from any log generating source through 350+ connectors from any device and in any format • Unify the data across the IT through normalization and categorization, into a common event format (CEF registered) • Search through millions of events using a text-based search tool on a simple interface • Store years' worth of logs and events in an unified format through a high compression ratio at low cost • Automate analysis, alerting, reporting, intelligence of logs and events for IT security, IT operations and log analytics
ArcSight Logger Specifications (SW)
ArcSight Logger Specifications (Appliance)
Logger Snapshoot
HP ArcSight Connector
HP ArcSight Connectors • ArcSight Connectors automate the process of collecting and managing logs from any device and in any format through normalization and categorization of logs into a unified format known as Common Event Format (CEF), • ArcSight Connectors provide universal data collection from over +350 unique devices and event sources without the need to deploy agents across the enterprise.
Common Event Format Each device has its own log format. The data is normalized and categorized into the ArcSight Common Event Format (CEF) for easy correlation and analysis
Correlation Diagram
HP ArcSight Connectors Samples
HP ArcSight Smart Connectors ArcSight Connectors including – Operating Systems, Applications, and Databases – Network Devices (routers, switches), – Network Analyzers (NetFlow data, traffic analyzers), – Security Solutions (IPS/IDS, firewalls, VPNs, vulnerability scanners), – Identity management solutions – Web servers/web-based applications.
HP ArcSight ESM
ArcSight ESM Overview HP ArcSight ESM is the premiere security event manager that analyzes and correlates every event in order to help your IT SOC team with security event monitoring, from compliance and risk management to security intelligence and operations.
ESM Key features • A cost-effective solution for all your regulatory compliance needs • Automated log collection and archiving • Fraud detection • Real-time threat detection • Forensics analysis capabilities for cyber security
ESM Add-on ( Risk Insight ) • HP ArcSight Risk Insight maps key business indicators to IT assets and security events. • HP ArcSight Risk Insight enables the user to understand the business impact of the real-time threats detected by ArcSight SIEM solution.
ESM Snapshoot
HP ArcSight ESM with CORR-Engine Specifications (SW)
HP ArcSight ESM 5.2 Specifications (Appliance)
HP ArcSight Express
ArcSight Express HP ArcSight Express delivers a new technological innovation to address the problem of increased log volumes. This innovation, called the ArcSight Correlation Optimized Retention and Retrieval Engine (CORREngine), moves away from the limits of a relational DBMS. It provides the ability to correlate larger sets of log data faster than ever before, to scale to higher log processing volumes, and to archive larger volumes of log data for extended periods using an efficient data store.
The ArcSight CORR-Engine • The CORR-Engine is a revolutionary solution for high-speed correlation and long-term data retention. • The CORR-Engine uses a highly customized flat file repository with a “write once, read many” approach • The CORR-Engine delivering up to five times the read performance when compared to the previous version of ArcSight running on similar hardware
Key learning Points
ArcSight Key learning Points • • • • • ArcSight Solutions ArcSight Connectors FlexConnectors & Smart Connectors Common Event Format (CEF) CORR Engine
Additional Reading • CA Identity Minder http://www.ca.com/us/identity-and-accessmanagement-resources.aspx • Why and how to calculate your Events Per Second ( Including Sample ) http://eromang.zataz.com/2011/04/12/whyand-howto-calculate-your-events-persecond/
Question For any information or inquires, Please contact me moh.zohair@gmail.com Skype: eng.zohair Linkedin Profile
THANK YOU

Recomendados

ArcSight Basics.ppt
ArcSight Basics.pptArcSight Basics.ppt
ArcSight Basics.pptneoalt
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SHRIYARAI4
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM ArchitectureNishanth Kumar Pathi
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
IBM AppScan - the total software security solution
IBM AppScan - the total software security solutionIBM AppScan - the total software security solution
IBM AppScan - the total software security solutionhearme limited company
 
SIEM and Threat Hunting
SIEM and Threat HuntingSIEM and Threat Hunting
SIEM and Threat Huntingn|u - The Open Security Community
 

Recomendados

ArcSight Basics.ppt
ArcSight Basics.pptArcSight Basics.ppt
ArcSight Basics.pptneoalt
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SHRIYARAI4
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM ArchitectureNishanth Kumar Pathi
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
IBM AppScan - the total software security solution
IBM AppScan - the total software security solutionIBM AppScan - the total software security solution
IBM AppScan - the total software security solutionhearme limited company
 
SIEM and Threat Hunting
SIEM and Threat HuntingSIEM and Threat Hunting
SIEM and Threat Huntingn|u - The Open Security Community
 
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationSeccuris Inc.
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhydn|u - The Open Security Community
 
Siem ppt
Siem pptSiem ppt
Siem pptkmehul
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadarVirginia Fernandez
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
Arcsight explained
Arcsight explainedArcsight explained
Arcsight explainedanilkumar484492
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl
 
IBM Qradar
IBM QradarIBM Qradar
IBM QradarCoenraad Smith
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Security Information and Event Managemen
Security Information and Event ManagemenSecurity Information and Event Managemen
Security Information and Event ManagemenS Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
What is SIEM
What is SIEMWhat is SIEM
What is SIEMPatten John
 
Vectra Concept Overview
Vectra Concept OverviewVectra Concept Overview
Vectra Concept OverviewIlya O
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsOWASP Delhi
 
Vulnerability Assesment
Vulnerability AssesmentVulnerability Assesment
Vulnerability AssesmentDedi Dwianto
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius
 
Q radar architecture deep dive
Q radar architecture deep diveQ radar architecture deep dive
Q radar architecture deep diveKamal Mouline
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
Setting up a secure development life cycle with OWASP - seba deleersnyder
Setting up a secure development life cycle with OWASP - seba deleersnyderSetting up a secure development life cycle with OWASP - seba deleersnyder
Setting up a secure development life cycle with OWASP - seba deleersnyderSebastien Deleersnyder
 
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...Precisely
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)hardik soni
 

Mais conteúdo relacionado

Mais procurados

Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationSeccuris Inc.
 
Siem ppt
Siem pptSiem ppt
Siem pptkmehul
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Vectra Concept Overview
Vectra Concept OverviewVectra Concept Overview
Vectra Concept OverviewIlya O
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsOWASP Delhi
 
Vulnerability Assesment
Vulnerability AssesmentVulnerability Assesment
Vulnerability AssesmentDedi Dwianto
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius
 
Q radar architecture deep dive
Q radar architecture deep diveQ radar architecture deep dive
Q radar architecture deep diveKamal Mouline
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
Setting up a secure development life cycle with OWASP - seba deleersnyder
Setting up a secure development life cycle with OWASP - seba deleersnyderSetting up a secure development life cycle with OWASP - seba deleersnyder
Setting up a secure development life cycle with OWASP - seba deleersnyderSebastien Deleersnyder
 

Mais procurados (20)

Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your Organziation
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhyd
 
Siem ppt
Siem pptSiem ppt
Siem ppt
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
 
Arcsight explained
Arcsight explainedArcsight explained
Arcsight explained
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar Users
 
IBM Qradar
IBM QradarIBM Qradar
IBM Qradar
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
 
Security Information and Event Managemen
Security Information and Event ManagemenSecurity Information and Event Managemen
Security Information and Event Managemen
 
What is SIEM
What is SIEMWhat is SIEM
What is SIEM
 
Vectra Concept Overview
Vectra Concept OverviewVectra Concept Overview
Vectra Concept Overview
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur Vats
 
Vulnerability Assesment
Vulnerability AssesmentVulnerability Assesment
Vulnerability Assesment
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
 
Q radar architecture deep dive
Q radar architecture deep diveQ radar architecture deep dive
Q radar architecture deep dive
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
Setting up a secure development life cycle with OWASP - seba deleersnyder
Setting up a secure development life cycle with OWASP - seba deleersnyderSetting up a secure development life cycle with OWASP - seba deleersnyder
Setting up a secure development life cycle with OWASP - seba deleersnyder
 

Semelhante a HP ArcSight

Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...Precisely
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)hardik soni
 
Actionable Insights - Thompson
Actionable Insights - ThompsonActionable Insights - Thompson
Actionable Insights - ThompsonProlifics
 
ManageEngine_SIEM_Log360_SOC.pptx
ManageEngine_SIEM_Log360_SOC.pptxManageEngine_SIEM_Log360_SOC.pptx
ManageEngine_SIEM_Log360_SOC.pptxTriLe786508
 
Integrate the AWS Cloud with Responsive Xilinx Machine Learning at the Edge (...
Integrate the AWS Cloud with Responsive Xilinx Machine Learning at the Edge (...Integrate the AWS Cloud with Responsive Xilinx Machine Learning at the Edge (...
Integrate the AWS Cloud with Responsive Xilinx Machine Learning at the Edge (...Amazon Web Services
 
MindSphere: The cloud-based, open IoT operating system. Damiano Manocchia
MindSphere: The cloud-based, open IoT operating system. Damiano ManocchiaMindSphere: The cloud-based, open IoT operating system. Damiano Manocchia
MindSphere: The cloud-based, open IoT operating system. Damiano ManocchiaData Driven Innovation
 
Extending The Enterprise With Office 365 & Azure for the Enterprise
Extending The Enterprise With Office 365 & Azure for the EnterpriseExtending The Enterprise With Office 365 & Azure for the Enterprise
Extending The Enterprise With Office 365 & Azure for the EnterpriseRichard Harbridge
 
Spectrum Scale final
Spectrum Scale finalSpectrum Scale final
Spectrum Scale finalJoe Krotz
 
Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?Sridhar Karnam
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxkarlhennesey
 
APIdays Paris 2019 - How an Integrated Platform Helps to Drive Business with ...
APIdays Paris 2019 - How an Integrated Platform Helps to Drive Business with ...APIdays Paris 2019 - How an Integrated Platform Helps to Drive Business with ...
APIdays Paris 2019 - How an Integrated Platform Helps to Drive Business with ...apidays
 
Government Agencies Using Splunk: Is Your Critical Data Missing?
Government Agencies Using Splunk: Is Your Critical Data Missing?Government Agencies Using Splunk: Is Your Critical Data Missing?
Government Agencies Using Splunk: Is Your Critical Data Missing?Precisely
 
From sensor data processing to proactive alerting and ai software ag - misja ...
From sensor data processing to proactive alerting and ai software ag - misja ...From sensor data processing to proactive alerting and ai software ag - misja ...
From sensor data processing to proactive alerting and ai software ag - misja ...Capgemini
 
Discussing strategies for building the next gen data centre
Discussing strategies for building the next gen data centreDiscussing strategies for building the next gen data centre
Discussing strategies for building the next gen data centreICT-Partners
 
SIEM - Varolan Verilerin Anlamı
SIEM - Varolan Verilerin AnlamıSIEM - Varolan Verilerin Anlamı
SIEM - Varolan Verilerin AnlamıBGA Cyber Security
 
Build cost effective Security Data Lake + SIEM
Build cost effective Security Data Lake + SIEMBuild cost effective Security Data Lake + SIEM
Build cost effective Security Data Lake + SIEMRasool Irfan
 

Semelhante a HP ArcSight (20)

Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
Actionable Insights - Thompson
Actionable Insights - ThompsonActionable Insights - Thompson
Actionable Insights - Thompson
 
ManageEngine_SIEM_Log360_SOC.pptx
ManageEngine_SIEM_Log360_SOC.pptxManageEngine_SIEM_Log360_SOC.pptx
ManageEngine_SIEM_Log360_SOC.pptx
 
inmation Presentation
inmation Presentationinmation Presentation
inmation Presentation
 
Integrate the AWS Cloud with Responsive Xilinx Machine Learning at the Edge (...
Integrate the AWS Cloud with Responsive Xilinx Machine Learning at the Edge (...Integrate the AWS Cloud with Responsive Xilinx Machine Learning at the Edge (...
Integrate the AWS Cloud with Responsive Xilinx Machine Learning at the Edge (...
 
MindSphere: The cloud-based, open IoT operating system. Damiano Manocchia
MindSphere: The cloud-based, open IoT operating system. Damiano ManocchiaMindSphere: The cloud-based, open IoT operating system. Damiano Manocchia
MindSphere: The cloud-based, open IoT operating system. Damiano Manocchia
 
Extending The Enterprise With Office 365 & Azure for the Enterprise
Extending The Enterprise With Office 365 & Azure for the EnterpriseExtending The Enterprise With Office 365 & Azure for the Enterprise
Extending The Enterprise With Office 365 & Azure for the Enterprise
 
Spectrum Scale final
Spectrum Scale finalSpectrum Scale final
Spectrum Scale final
 
Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?
 
GE iFIX
GE iFIXGE iFIX
GE iFIX
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docx
 
Correlog Overview Presentation
Correlog Overview PresentationCorrelog Overview Presentation
Correlog Overview Presentation
 
APIdays Paris 2019 - How an Integrated Platform Helps to Drive Business with ...
APIdays Paris 2019 - How an Integrated Platform Helps to Drive Business with ...APIdays Paris 2019 - How an Integrated Platform Helps to Drive Business with ...
APIdays Paris 2019 - How an Integrated Platform Helps to Drive Business with ...
 
Government Agencies Using Splunk: Is Your Critical Data Missing?
Government Agencies Using Splunk: Is Your Critical Data Missing?Government Agencies Using Splunk: Is Your Critical Data Missing?
Government Agencies Using Splunk: Is Your Critical Data Missing?
 
From sensor data processing to proactive alerting and ai software ag - misja ...
From sensor data processing to proactive alerting and ai software ag - misja ...From sensor data processing to proactive alerting and ai software ag - misja ...
From sensor data processing to proactive alerting and ai software ag - misja ...
 
Discussing strategies for building the next gen data centre
Discussing strategies for building the next gen data centreDiscussing strategies for building the next gen data centre
Discussing strategies for building the next gen data centre
 
SIEM - Varolan Verilerin Anlamı
SIEM - Varolan Verilerin AnlamıSIEM - Varolan Verilerin Anlamı
SIEM - Varolan Verilerin Anlamı
 
Build cost effective Security Data Lake + SIEM
Build cost effective Security Data Lake + SIEMBuild cost effective Security Data Lake + SIEM
Build cost effective Security Data Lake + SIEM
 
ESM_101_6.9.0.pdf
ESM_101_6.9.0.pdfESM_101_6.9.0.pdf
ESM_101_6.9.0.pdf
 

Mais de Mohamed Zohair

ADD: New itil implementation approach
ADD: New itil implementation approachADD: New itil implementation approach
ADD: New itil implementation approachMohamed Zohair
 
Tackling ITIL Implementation Challenges
Tackling ITIL Implementation ChallengesTackling ITIL Implementation Challenges
Tackling ITIL Implementation ChallengesMohamed Zohair
 
Tackling ITIL Implementation Challenges
Tackling ITIL Implementation ChallengesTackling ITIL Implementation Challenges
Tackling ITIL Implementation ChallengesMohamed Zohair
 
How to select A good itsm tool
How to select A good itsm toolHow to select A good itsm tool
How to select A good itsm toolMohamed Zohair
 
ITIL Foundation card Game
ITIL Foundation card GameITIL Foundation card Game
ITIL Foundation card GameMohamed Zohair
 

Mais de Mohamed Zohair (6)

ADD: New itil implementation approach
ADD: New itil implementation approachADD: New itil implementation approach
ADD: New itil implementation approach
 
How to Calculate WACC
How to Calculate WACCHow to Calculate WACC
How to Calculate WACC
 
Tackling ITIL Implementation Challenges
Tackling ITIL Implementation ChallengesTackling ITIL Implementation Challenges
Tackling ITIL Implementation Challenges
 
Tackling ITIL Implementation Challenges
Tackling ITIL Implementation ChallengesTackling ITIL Implementation Challenges
Tackling ITIL Implementation Challenges
 
How to select A good itsm tool
How to select A good itsm toolHow to select A good itsm tool
How to select A good itsm tool
 
ITIL Foundation card Game
ITIL Foundation card GameITIL Foundation card Game
ITIL Foundation card Game
 

Último

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 

Último (20)

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 

HP ArcSight

  • 1. Security Information and Event Management (SIEM) Mohamed Zohair Business Development Consultant
  • 2. Why Security “We now create as much data in just two days as we did from the dawn of man until the year 2003. This means that over 90% of all data that exists today has been created in the last two years alone.” Eric Schmidt, the former CEO of Google
  • 4. Security Intelligence and Risk Management (SIRM) platform
  • 5. SIRM Platform Based on market-leading products from ArcSight, Fortify, and TippingPoint, the HP SIRM Platform uniquely enables enterprises to take a proactive approach that integrates security correlation, deep application security analysis, and networklevel defense mechanisms
  • 6. How the SIRM Platform Protects Your Enterprise • 360° Security Monitoring to Detect Incidents • Proactive Security Testing to Protect Applications • Adaptive Network Defenses to Block Attacks • Platform Integration to Manage Risk
  • 8. SIEM Overview The HP ArcSight Security Intelligence platform helps safeguard your business by giving you complete visibility into activity across the IT infrastructure including external threats such as malware and hackers, internal threats such as data breaches and fraud.
  • 10. SIEM Products • • • • • • • • • • HP ArcSight Logger HP ArcSight ESM HP ArcSight Express HP ArcSight Connector HP ArcSight IdentityView HP ArcSight Threat Detector HP ArcSight Threat Response Manager HP Compliance Insight Packages HP EnterpriseView HP Reputation Security Monitor (RepSM)
  • 14. ArcSight Logger • ArcSight Logger you can improve everything from compliance and risk management to security intelligence to IT operations. This universal log management solution collects data from any log generating source and unifies the data for searching, indexing, reporting, analysis, and retention.
  • 15. ArcSight Logger Key Capabilities • Collect logs from any log generating source through 350+ connectors from any device and in any format • Unify the data across the IT through normalization and categorization, into a common event format (CEF registered) • Search through millions of events using a text-based search tool on a simple interface • Store years' worth of logs and events in an unified format through a high compression ratio at low cost • Automate analysis, alerting, reporting, intelligence of logs and events for IT security, IT operations and log analytics
  • 20. HP ArcSight Connectors • ArcSight Connectors automate the process of collecting and managing logs from any device and in any format through normalization and categorization of logs into a unified format known as Common Event Format (CEF), • ArcSight Connectors provide universal data collection from over +350 unique devices and event sources without the need to deploy agents across the enterprise.
  • 21. Common Event Format Each device has its own log format. The data is normalized and categorized into the ArcSight Common Event Format (CEF) for easy correlation and analysis
  • 24. HP ArcSight Smart Connectors ArcSight Connectors including – Operating Systems, Applications, and Databases – Network Devices (routers, switches), – Network Analyzers (NetFlow data, traffic analyzers), – Security Solutions (IPS/IDS, firewalls, VPNs, vulnerability scanners), – Identity management solutions – Web servers/web-based applications.
  • 26. ArcSight ESM Overview HP ArcSight ESM is the premiere security event manager that analyzes and correlates every event in order to help your IT SOC team with security event monitoring, from compliance and risk management to security intelligence and operations.
  • 27. ESM Key features • A cost-effective solution for all your regulatory compliance needs • Automated log collection and archiving • Fraud detection • Real-time threat detection • Forensics analysis capabilities for cyber security
  • 28. ESM Add-on ( Risk Insight ) • HP ArcSight Risk Insight maps key business indicators to IT assets and security events. • HP ArcSight Risk Insight enables the user to understand the business impact of the real-time threats detected by ArcSight SIEM solution.
  • 30. HP ArcSight ESM with CORR-Engine Specifications (SW)
  • 31. HP ArcSight ESM 5.2 Specifications (Appliance)
  • 33. ArcSight Express HP ArcSight Express delivers a new technological innovation to address the problem of increased log volumes. This innovation, called the ArcSight Correlation Optimized Retention and Retrieval Engine (CORREngine), moves away from the limits of a relational DBMS. It provides the ability to correlate larger sets of log data faster than ever before, to scale to higher log processing volumes, and to archive larger volumes of log data for extended periods using an efficient data store.
  • 34. The ArcSight CORR-Engine • The CORR-Engine is a revolutionary solution for high-speed correlation and long-term data retention. • The CORR-Engine uses a highly customized flat file repository with a “write once, read many” approach • The CORR-Engine delivering up to five times the read performance when compared to the previous version of ArcSight running on similar hardware
  • 36. ArcSight Key learning Points • • • • • ArcSight Solutions ArcSight Connectors FlexConnectors & Smart Connectors Common Event Format (CEF) CORR Engine
  • 37. Additional Reading • CA Identity Minder http://www.ca.com/us/identity-and-accessmanagement-resources.aspx • Why and how to calculate your Events Per Second ( Including Sample ) http://eromang.zataz.com/2011/04/12/whyand-howto-calculate-your-events-persecond/
  • 38. Question For any information or inquires, Please contact me moh.zohair@gmail.com Skype: eng.zohair Linkedin Profile