presentación de powerpoint - cloud access · asset inventoty pci 11.2 quarterly vulnerability...
TRANSCRIPT
SIEM
Incident
Management
Risk
Intelligence Storage
Unified SIEM
Management
Detection
IDS/IPS
WIDS
HIDS
File Integrity
Prevention
Vulnerability
Assessment
Threat
Assessment
Awareness
Identity
Inventory
Resources
Security
Technology
UNIFICATION OF TECHNOLOGIES
www.cloudaccess.com
1.SIEM
3. Sensor
2. Logger
Monitoring & Management
Intelligent Correlation
Security Dashboard
Transaction
Data
Security Information
HOW IT WORKS: 3 INTERACTIVE COMPONENTS
www.cloudaccess.com
WHY UNIFIED SIEM?
• Intelligence
• Compliance
• Time
• Cost
www.cloudaccess.com
PROCESSING
1. Attacks & Logs
2. Vulnerabilities & Threats
3. Inventory
4. Users 5. Network & Resources
6. Applications &
Data
7. Ext. Reputation
CONTEXT
1. INTELLIGENCE: Security intelligence comes from context information processing
www.cloudaccess.com
Attack
Inventory Vulnerability /
Threat
50% 30%
20%
False Positive
Cleaning Prioritization
Effective
Impact
Analysis
100%
1. INTELLIGENCE: SIEM products have achieved great intelligence, but they are rarely
fed with the information to use it
www.cloudaccess.com
Detection
IDS/IPS
WIDS
HIDS
File Integrity
Prevention
Vulnerability
Assessment
Threat
Assessment
Awareness
Identity
Inventory
Resources
SIEM
Incident
Management
Risk
Intelligence Storage
PCI 11.4 requires
NIDS/ IPS deployment
PCI 11.1: WIDS and
Rogue AP
detection
PCI 11.4 requires HIDS
PCI 11.5 File integrity
PCI 6.2 identify new
threats ISO 10.10 requires
monitoring system
resources
PCI 1.1.5, PCI WG,
ISO 7.1.1 require
asset inventoty
PCI 11.2 quarterly
vulnerability scans FISMA, HIPAA, ISO 12.6:
periodic security testing
PCI 12.9 respond
immediately to breach
SOX, ISO, PCI
SOX 304 & PCI 10.5 Secure
audit trails
2. COMPLIANCE: All security technologies required by Compliance Regulations
www.cloudaccess.com
Inventory
Attacks
Threats
1 100 second … … second … 300 … second …
2. TIME: Effective Security Posture and Analysis delivered in 300 seconds
www.cloudaccess.com
1. Unified Licenses & Hardware
2. Integration Services
3. Maintenance & Support
Up to
90% Cost Reduction
3. COST: Experience dramatic reduction
www.cloudaccess.com
COMPETITIVE POSITIONING
• Why CloudAccess Matters (Differentiation)
• Unified SIEM vs. Pure SIEM
• The sensor advantage
• Low Barrier to entry
• Hybrid Architecture
WHY CLOUD ACCESS MATTERS
• 24/7 monitoring on request
• Multi-tenant
• OPEX or CAPEX Supported
• Unique Pattern Recognition Engine (REACT)
• Integrated suite of products including SIEM/Log, IAM and REACT
• Lower Cost
• Go-To-Market strategy immediate
• Leading and Unique Technologies
• EASY TO USE!!!
SIEM
Incident
Management
Risk
Intelligence Storage
Management
Detection
IDS/IPS
WIDS
HIDS
File Integrity
Prevention
Vulnerability
Assessment
Threat
Assessment
Awareness
Identity
Inventory
Resources
Security
Context
CLOUD ACCESS VERSUS “PURE” SIEM
www.cloudaccess.com
Out-of-the-box full
Security Visibility
THE SENSOR ADVANTAGE
• Fast: Customer Security Posture from the
first second
• Stealthy: Will not break the customer’s
network
• Complete: Provide all security services in a
single box
www.cloudaccess.com
Cloud
LOW BARRIER TO ENTRY: With elastic scaling in performance and complexity
• SaaS Web Services
• Elastic
• Performance Scaling
• Multi-tier hybrid architecture
Customer Premises
www.cloudaccess.com
Function Deploy Lev
1 Analysis Cloud
2 Storage Cloud | CP
3 Vulnerability Mgmt
A. External
B. Internal
Cloud
CP
4 Detection & Awareness CP
www.cloudaccess.com
HYBRID ARCHITECTURE:
Cloud
Customer Premises
Detection & Awareness
Local Vulnerability Scan Tiered 2nd Level
Collection
Customer3 is using Local Vulnerability Scanning, CloudAccess Sensor on Customer Premise
Customer2 is using Managed IDS service, CloudAccess Sensor on Customer Premise
Customer1 has no on-site gear, sends logs to CloudAccess
Customer4 has complete CloudAccess solution on premise, Managed by CloudAccess
CLOUD ACCESS FLEXIBLE ARCHITECTURE:
www.cloudaccess.com
CloudAccess Unified SIEM
Version 4
INTRODUCING
www.cloudaccess.com
Function Technology
Identity Monitoring • Active Directory
• LDAP
• Authentication logs
Network Auto-Discovery
Topology Map Recurrent snmp scans
Inventory • Passive fingerprinting
• Active fingerprinting
• Host agent
• WMI
Profiling Time-Service-Usage profiling
Resource Monitoring
Network Monitoring Flows
Network Availability Snmp
Host Resources Snmp
Anomaly detection Any resource
UNIFIED SITUATIONAL AWARENESS:
AUTO DISCOVERY
www.cloudaccess.com
PCI Requirement Solution
11.1 “Deploy a WIDS/WIPS “ CloudAccess Sensor includes a WIDS/WIPS
WG “Maintain an up-to-date wireless hardware
inventory”
Automatically done by Situational Awareness
WG “Detect Rogue AP and unauthorized wireless
connections”
Correlate information between WIDS and
Inventory
4.1.1 “Ensure strong cryptography .. WEP is prohibited” Monitored by WIDS default
OUT-OF THE-BOX PCI WIRELESS COMPLIANCE
www.cloudaccess.com
• Policy Management
• Visualization
• Compliance
• Reporting
• Detection/analytics
• Integration
• Incident Response
• Host Security
• Vulnerability Assessment
• Asset Management
• Network Monitoring
• User Management
• Network Discovery
• Dashboards
• Usability
• Performance
Enhancements in all areas of function:
OTHER FEATURES & ENHANCEMENTS
www.cloudaccess.com
1 unique Login
1 unique Asset Structure 1 unique User Structure
UNIFED MANAGEMENT
www.cloudaccess.com
SEIM: A “SINGLE PANE OF GLASS”
www.cloudaccess.com
LOG MANAGEMENT
www.cloudaccess.com
UNIFIED VULNERABILITY SCANNER
www.cloudaccess.com
NETWORK IDS
www.cloudaccess.com
HOST IDS
www.cloudaccess.com
UNIFIED SITUATIONAL AWARENESS
www.cloudaccess.com
UNIFIED REPORTING
www.cloudaccess.com
• CloudAccess Unified SIEM 4.0 is a unique offering in the market
• Compliance, Time and Cost advantages makes CloudAccess Unified SIEM 4.0 the most competitive solution
• CloudAccess enables broad enterprise adoption
CloudAccess Unified SIEM 4.0 changes the game for
SIEM customers.
SUMMARY
www.cloudaccess.com
