Abstract image of a woman sitting on books and studying on a laptop

SIEM enabled risk management , SOC and GRC v1.0

R
Rasmi Swain

SIEM provides a single view of an organization's security by connecting and analyzing data from various security tools and systems. It gives security teams visibility into network activity, vulnerabilities, configurations, and risks. This allows SIEM to be the foundation for risk management, security operations centers, and governance, risk, and compliance programs. By providing security intelligence in real-time from logs, events, and other data sources, SIEM helps organizations detect threats, contain incidents, and ensure ongoing compliance.

1 of 13
Downloaded 63 times
1
2
3
4
5
6
7
8
9
10
11
12
13
SIEM Enabled Risk Management, SOC and GRC 1
SIEM: A Single View of Your IT Security • SIEM is about looking at what’s happening on your network through a larger lens than can be provided via any one security control or information source. • Your Intrusion Detection only understands Packets, Protocols and IP Addresses • Your Endpoint Security sees files, usernames and hosts • Your Service Logs show user logins, service activity and configuration changes. • Your Asset Management system sees apps, business processes and owners • None of these by themselves, can tell you what is happening to *your business* in terms of securing the continuity of your business processes – but together, they can… • SIEM is essentially, nothing more than a management layer above your existing systems and security controls. • It connects and unifies the information contained in your existing systems, allowing them to be analyzed and cross-referenced from a single interface SAP Cloud Security 2
SIEM based Risk Management • SIEM is a foundation to security management in 21st Century for provides mostly the post-exploit value • Risk Manager based on SIEM gives detailed assessment of network security risk using broad risk indicators such as: • WHAT HAS HAPPENED? (from network activity data and behavior analysis) • WHAT CAN HAPPEN? (from topology and configuration) • WHAT HAS BEEN ATTEPMTED? (from events and content data) • WHAT IS VULNERABLE AND AT RISK? (from scanners) SAP Cloud Security 3 • Automated and real time «Security Intelligence» is what is needed for GRC • Risk Assessment & Management • IT Security Governance & Management • Control of activities and environment • Performance measurement and improvement • Benefits from better alignment with business (costs saving, efficiency etc.)
SIEM- 8 Critical Things – At a glance SAP Cloud Security 44
Logs, flows, maze • What logs – • Audit logs • Transaction logs • Intrusion logs • Connection logs • System performance records • User activity logs • Business systems alerts and different other systems messages SAP Cloud Security 5 • From where – • Firewalls / Intrusion prevention • Routers / Switches • Intrusion detection • Servers, desktops, mainframes • Business applications • Databases • Antivirus software • VPN’s
SIEM based Risk Management • Assessing the risks = • Log management + • Event management + • Network activity monitoring + • Configuration + • Most successful attacks are result of poor configuration • Configuration audits are expensive, labor intensive and time consuming • Config files are inconsistent across the vendors and product / technology types • Compliance is mandatory in many industries SAP Cloud Security 6 • Vulnerability Assessment + • VA scanners don’t prioritize based on network context • Vulnerability prioritization is historically complex
Legal  Compliance and Laws • EU Data Protection /WP29 • US Data Protection • COPPA,HIPPA,SOX, Safe Harbor • Usage and Purpose of Collection • Conflicts • ES-US Data transfer • Encryption or not • Trade Compliance • Business need vs. Personal need • Information Assymetry SAP Cloud Security 7 • Privacy Policies • Secondary Data Collection • Opt-in and Opt-out • Defaults • Necessity • Tracking • Browser Cookies • Data transfers • Data retention
What is SOC – Security Operations Center • Providing Security Intelligence by • Detection of IT threats • Containment of IT threats • Remediation of IT threats • Monitors application to identify possible cyber attack ( Event) • Real time Monitoring • Log Collection, Analysis • Reporting/Custom Views • Post Incident Analysis • Forensic • Investigation • Automatic Remediation SAP Cloud Security 8 • Central Location to collect information on • External threats • Internal Threats • User activity • Loss of Personal or sensitive data • Provide evidence in investigations
Isn't a firewall, IDS or AVS enough ? • Firewall is active and known by attackers • Protect systems , not users • Anti-Virus • Lag time to catch new threats • Matches file, but not patterns SAP Cloud Security 9 • IDS alerts but does not provide context • System Logs, • Proxy Logs, • DNS Logs • Information from other sources
IBM Qradar Solution Portfolio and vision SAP Cloud Security 10
SIEM based Risk Management SAP Cloud Security 11
Sample Security Governance Model SAP Cloud Security 12
SAP Cloud Security 13 Q & A

More Related Content

PPT
IT Security management and risk assessment
CAS
 
PPT
Managed Services Presentation
Scott Gombar
 
PPT
SOC presentation- Building a Security Operations Center
Michael Nickle
 
PDF
Saas vs. on premise - How to Determine the Best Solution for your Sales Channel
Del Heles
 
PDF
Vulnerability and Patch Management
n|u - The Open Security Community
 
PDF
Data Management Best Practices
DATAVERSITY
 
PDF
Data Architecture - The Foundation for Enterprise Architecture and Governance
DATAVERSITY
 
PPTX
it grc
9535814851
 
IT Security management and risk assessment
CAS
 
Managed Services Presentation
Scott Gombar
 
SOC presentation- Building a Security Operations Center
Michael Nickle
 
Saas vs. on premise - How to Determine the Best Solution for your Sales Channel
Del Heles
 
Vulnerability and Patch Management
n|u - The Open Security Community
 
Data Management Best Practices
DATAVERSITY
 
Data Architecture - The Foundation for Enterprise Architecture and Governance
DATAVERSITY
 
it grc
9535814851
 

What's hot (20)

PDF
Segregation of Duties Solutions
Ahmed Abdul Hamed
 
PPTX
How to Audit Your Incident Response Plan
Resilient Systems
 
PPTX
Data Loss Prevention
Reza Kopaee
 
PPTX
Security Operation Center - Design & Build
Sameer Paradia
 
PDF
B/oss BOSS Bss oss b.oss telecom ppt by ijaz haider malik
Ijaz Haider Malik TOGAF, Harvard MM,Siebel, PRINCE2
 
PPTX
Data Quality Management: Cleaner Data, Better Reporting
accenture
 
PPTX
Cloud Security Architecture.pptx
Moshe Ferber
 
PDF
Identity and Access Management 101
Jerod Brennen
 
PPTX
Cloud Security
AWS User Group Bengaluru
 
PPTX
IT Infrastructure Managed Services and RIMS
Razak Mohammed Ali
 
PPTX
CISA Training - Chapter 2 - 2016
Hafiz Sheikh Adnan Ahmed
 
PDF
DMBOK and Data Governance
Peter Vennel PMP,SCEA,CBIP,CDMP
 
PPTX
Data Science: Past, Present, and Future
Gregory Piatetsky-Shapiro
 
PPT
Data Management Strategies
Micheal Axelsen
 
PDF
IBM Infosphere Guardium - Database Security
ebuc
 
PDF
OSS BSS BEST BOOK
ELIXIR PANACEA CONSULTANCY SERVICES
 
PDF
Secure Systems Security and ISA99- IEC62443
Yokogawa1
 
PPTX
IBM Security QRadar
Virginia Fernandez
 
PDF
Information security management system (isms) overview
Julia Urbina-Pineda
 
PDF
Cybersecurity Incident Management Powerpoint Presentation Slides
SlideTeam
 
Segregation of Duties Solutions
Ahmed Abdul Hamed
 
How to Audit Your Incident Response Plan
Resilient Systems
 
Data Loss Prevention
Reza Kopaee
 
Security Operation Center - Design & Build
Sameer Paradia
 
B/oss BOSS Bss oss b.oss telecom ppt by ijaz haider malik
Ijaz Haider Malik TOGAF, Harvard MM,Siebel, PRINCE2
 
Data Quality Management: Cleaner Data, Better Reporting
accenture
 
Cloud Security Architecture.pptx
Moshe Ferber
 
Identity and Access Management 101
Jerod Brennen
 
Cloud Security
AWS User Group Bengaluru
 
IT Infrastructure Managed Services and RIMS
Razak Mohammed Ali
 
CISA Training - Chapter 2 - 2016
Hafiz Sheikh Adnan Ahmed
 
DMBOK and Data Governance
Peter Vennel PMP,SCEA,CBIP,CDMP
 
Data Science: Past, Present, and Future
Gregory Piatetsky-Shapiro
 
Data Management Strategies
Micheal Axelsen
 
IBM Infosphere Guardium - Database Security
ebuc
 
OSS BSS BEST BOOK
ELIXIR PANACEA CONSULTANCY SERVICES
 
Secure Systems Security and ISA99- IEC62443
Yokogawa1
 
IBM Security QRadar
Virginia Fernandez
 
Information security management system (isms) overview
Julia Urbina-Pineda
 
Cybersecurity Incident Management Powerpoint Presentation Slides
SlideTeam
 
Ad

Similar to SIEM enabled risk management , SOC and GRC v1.0 (20)

PPTX
From Zero to SOC: Designing Effective Threat Detection & Incident Response
ReZa AdineH
 
PPTX
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Andris Soroka
 
PPTX
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud Security
Symantec
 
PPT
Ca world 2007 SOC integration
Michael Nickle
 
PPTX
Fundamentals of SOCs and CERTS for decision makers
farhad712
 
PPTX
SOC Architecture Workshop - Part 1
Priyanka Aash
 
KEY
What makes the IT industry tick?
Richard Stiennon
 
PPTX
Big Data Analytics for Cyber Security: A Quick Overview
Femi Ashaye
 
PDF
SIEM evaluator guide for soc analyst
InfosecTrain
 
PPTX
Security Operations Cloud vs On Prem ISC2 Bangalore SlideShare.pptx
Vikas Singh Yadav
 
PDF
Cybersecurity Series SEIM Log Analysis
Jim Kaplan CIA CFE
 
PDF
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
sucesuminas
 
PPTX
Optimizing Security Operations: 5 Keys to Success
Sirius
 
PPTX
SOC and SIEM.pptx
SandeshUprety4
 
PPTX
Cyber Security Needs and Challenges
Happiest Minds Technologies
 
PDF
Si InfoSecMiddleEastLR0516
Saad Khan
 
PDF
Cyber Security | Information Security
Cyber Security Experts
 
PPTX
AWS Spotlight Series - Modernization and Security with AWS
CloudHesive
 
PPTX
LIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptx
SonuSingh81247
 
PPTX
AWS Cloud Security
AWS Riyadh User Group
 
From Zero to SOC: Designing Effective Threat Detection & Incident Response
ReZa AdineH
 
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Andris Soroka
 
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud Security
Symantec
 
Ca world 2007 SOC integration
Michael Nickle
 
Fundamentals of SOCs and CERTS for decision makers
farhad712
 
SOC Architecture Workshop - Part 1
Priyanka Aash
 
What makes the IT industry tick?
Richard Stiennon
 
Big Data Analytics for Cyber Security: A Quick Overview
Femi Ashaye
 
SIEM evaluator guide for soc analyst
InfosecTrain
 
Security Operations Cloud vs On Prem ISC2 Bangalore SlideShare.pptx
Vikas Singh Yadav
 
Cybersecurity Series SEIM Log Analysis
Jim Kaplan CIA CFE
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
sucesuminas
 
Optimizing Security Operations: 5 Keys to Success
Sirius
 
SOC and SIEM.pptx
SandeshUprety4
 
Cyber Security Needs and Challenges
Happiest Minds Technologies
 
Si InfoSecMiddleEastLR0516
Saad Khan
 
Cyber Security | Information Security
Cyber Security Experts
 
AWS Spotlight Series - Modernization and Security with AWS
CloudHesive
 
LIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptx
SonuSingh81247
 
AWS Cloud Security
AWS Riyadh User Group
 
Ad

SIEM enabled risk management , SOC and GRC v1.0

  • 1. SIEM Enabled Risk Management, SOC and GRC 1
  • 2. SIEM: A Single View of Your IT Security • SIEM is about looking at what’s happening on your network through a larger lens than can be provided via any one security control or information source. • Your Intrusion Detection only understands Packets, Protocols and IP Addresses • Your Endpoint Security sees files, usernames and hosts • Your Service Logs show user logins, service activity and configuration changes. • Your Asset Management system sees apps, business processes and owners • None of these by themselves, can tell you what is happening to *your business* in terms of securing the continuity of your business processes – but together, they can… • SIEM is essentially, nothing more than a management layer above your existing systems and security controls. • It connects and unifies the information contained in your existing systems, allowing them to be analyzed and cross-referenced from a single interface SAP Cloud Security 2
  • 3. SIEM based Risk Management • SIEM is a foundation to security management in 21st Century for provides mostly the post-exploit value • Risk Manager based on SIEM gives detailed assessment of network security risk using broad risk indicators such as: • WHAT HAS HAPPENED? (from network activity data and behavior analysis) • WHAT CAN HAPPEN? (from topology and configuration) • WHAT HAS BEEN ATTEPMTED? (from events and content data) • WHAT IS VULNERABLE AND AT RISK? (from scanners) SAP Cloud Security 3 • Automated and real time «Security Intelligence» is what is needed for GRC • Risk Assessment & Management • IT Security Governance & Management • Control of activities and environment • Performance measurement and improvement • Benefits from better alignment with business (costs saving, efficiency etc.)
  • 4. SIEM- 8 Critical Things – At a glance SAP Cloud Security 44
  • 5. Logs, flows, maze • What logs – • Audit logs • Transaction logs • Intrusion logs • Connection logs • System performance records • User activity logs • Business systems alerts and different other systems messages SAP Cloud Security 5 • From where – • Firewalls / Intrusion prevention • Routers / Switches • Intrusion detection • Servers, desktops, mainframes • Business applications • Databases • Antivirus software • VPN’s
  • 6. SIEM based Risk Management • Assessing the risks = • Log management + • Event management + • Network activity monitoring + • Configuration + • Most successful attacks are result of poor configuration • Configuration audits are expensive, labor intensive and time consuming • Config files are inconsistent across the vendors and product / technology types • Compliance is mandatory in many industries SAP Cloud Security 6 • Vulnerability Assessment + • VA scanners don’t prioritize based on network context • Vulnerability prioritization is historically complex
  • 7. Legal  Compliance and Laws • EU Data Protection /WP29 • US Data Protection • COPPA,HIPPA,SOX, Safe Harbor • Usage and Purpose of Collection • Conflicts • ES-US Data transfer • Encryption or not • Trade Compliance • Business need vs. Personal need • Information Assymetry SAP Cloud Security 7 • Privacy Policies • Secondary Data Collection • Opt-in and Opt-out • Defaults • Necessity • Tracking • Browser Cookies • Data transfers • Data retention
  • 8. What is SOC – Security Operations Center • Providing Security Intelligence by • Detection of IT threats • Containment of IT threats • Remediation of IT threats • Monitors application to identify possible cyber attack ( Event) • Real time Monitoring • Log Collection, Analysis • Reporting/Custom Views • Post Incident Analysis • Forensic • Investigation • Automatic Remediation SAP Cloud Security 8 • Central Location to collect information on • External threats • Internal Threats • User activity • Loss of Personal or sensitive data • Provide evidence in investigations
  • 9. Isn't a firewall, IDS or AVS enough ? • Firewall is active and known by attackers • Protect systems , not users • Anti-Virus • Lag time to catch new threats • Matches file, but not patterns SAP Cloud Security 9 • IDS alerts but does not provide context • System Logs, • Proxy Logs, • DNS Logs • Information from other sources
  • 10. IBM Qradar Solution Portfolio and vision SAP Cloud Security 10
  • 11. SIEM based Risk Management SAP Cloud Security 11
  • 12. Sample Security Governance Model SAP Cloud Security 12