Presentation is loading. Please wait.

Presentation is loading. Please wait.

Centralized Logging and Reporting for Managed Security Services Providers.

Published byAlexis Bryan Modified over 8 years ago

Similar presentations

Presentation on theme: "Centralized Logging and Reporting for Managed Security Services Providers."— Presentation transcript:

1 Centralized Logging and Reporting for Managed Security Services Providers

2 eMail Office Apps IM Collaboration Apps VoIP Enterprise Apps Web Apps POS Increasing number of employees Partners & Suppliers Customers Organization’s Network Users Applications Devices Increasing mobile workforce Evolving Enterprise Networks More Windows of Vulnerabilities More Data being Generated Increasing Network Complexity

3 Malicious insiders Unintended actions by insiders Increasing external attacks New vulnerabilities Changing Threat Landscape

4 Challenge faced by IT managers

5 Distributed security deployment across Customers Managed Security Ltd HQ, SC, USA John, SOC manager Managed Security Ltd RISE HIGH SCHOOL LIFE PHARMA UNIVERSAL ENGINEERING PROFIT BANK

6 MSP Customer # 2 Customer # 3 Customer # 4 Highly time Consuming Complex Higher Operational Costs Customer # 1 Managing a Multitude of Customers and Appliances

7 10100101021012012 02103.10.03230.100 01021210010002102 00102010102101120 02102010002100120 01010001000210201 10100101021012012 02102010002100120 01021210010002102 00102010102101120 02103.10.03230.100 00102010102101120 02102010002100120 01010001000210201 10100101021012012 02103.10.03230.100 01021210010002102 02102010002100120 00102010102101120 10100101021012012 01010001000210201 02103.10.03230.100 01021210010002102 10100101021012012 01021210010002102 02103.10.03230.100 00102010102101120 01010001000210201 02102010002100120 01010001000210201 02102010002100120 10100101021012012 01021210010002102 02103.10.03230.100 00102010102101120 01010001000210201 02102010002100120 10100101021012012 01021210010002102 02103.10.03230.100 02102010002100120 00102010102101120 01010001000210201 10100101021012012 02103.10.03230.100 01021210010002102 10100101021012012 02103.10.03230.100 01021210010002102 00102010102101120 02102010002100120 01010001000210201 10100101021012012 02102010002100120 01021210010002102 00102010102101120 02103.10.03230.100 00102010102101120 02102010002100120 01010001000210201 10100101021012012 02103.10.03230.100 01021210010002102 02102010002100120 00102010102101120 10100101021012012 01010001000210201 02103.10.03230.100 01021210010002102 10100101021012012 01021210010002102 02103.10.03230.100 00102010102101120 01010001000210201 02102010002100120 01010001000210201 02102010002100120 10100101021012012 01021210010002102 02103.10.03230.100 00102010102101120 01010001000210201 02102010002100120 10100101021012012 01021210010002102 02103.10.03230.100 02102010002100120 00102010102101120 01010001000210201 10100101021012012 02103.10.03230.100 01021210010002102 10100101021012012 02103.10.03230.100 01021210010002102 00102010102101120 02102010002100120 01010001000210201 10100101021012012 02102010002100120 01021210010002102 00102010102101120 02103.10.03230.100 00102010102101120 02102010002100120 01010001000210201 10100101021012012 02103.10.03230.100 01021210010002102 02102010002100120 00102010102101120 10100101021012012 01010001000210201 02103.10.03230.100 01021210010002102 10100101021012012 01021210010002102 02103.10.03230.100 00102010102101120 01010001000210201 02102010002100120 01010001000210201 02102010002100120 10100101021012012 01021210010002102 02103.10.03230.100 00102010102101120 01010001000210201 02102010002100120 10100101021012012 01021210010002102 02103.10.03230.100 02102010002100120 00102010102101120 01010001000210201 10100101021012012 02103.10.03230.100 01021210010002102 10100101021012012 02103.10.03230.100 01021210010002102 00102010102101120 02102010002100120 01010001000210201 10100101021012012 02102010002100120 01021210010002102 00102010102101120 02103.10.03230.100 00102010102101120 02102010002100120 01010001000210201 10100101021012012 02103.10.03230.100 01021210010002102 02102010002100120 00102010102101120 10100101021012012 01010001000210201 02103.10.03230.100 01021210010002102 10100101021012012 01021210010002102 02103.10.03230.100 00102010102101120 01010001000210201 02102010002100120 01010001000210201 02102010002100120 10100101021012012 01021210010002102 02103.10.03230.100 00102010102101120 01010001000210201 02102010002100120 10100101021012012 01021210010002102 02103.10.03230.100 02102010002100120 00102010102101120 01010001000210201 10100101021012012 02103.10.03230.100 01021210010002102 IMPOSSIBLE TASK! Going through Logs on Separate devices to identify possible threats Even For SINGLE Customer: Mammoth of logs; Difficult to Identify Threats Network and Security Devices deployed at various customer sites…. Generates lots and lots of logs… Site 3 Site 1 Site 4 John, SOC manager Managed Security Ltd Site 2 For Customer: LIFE PHARMA

8 Site 3 Site 1 Site 4 Site 2 10100101021012012 02103.10.03230.100 01021210010002102 00102010102101120 02102010002100120 01010001000210201 10100101021012012 02102010002100120 01021210010002102 00102010102101120 02103.10.03230.100 00102010102101120 02102010002100120 01010001000210201 10100101021012012 02103.10.03230.100 01021210010002102 02102010002100120 00102010102101120 10100101021012012 01010001000210201 02103.10.03230.100 01021210010002102 10100101021012012 01021210010002102 02103.10.03230.100 00102010102101120 01010001000210201 02102010002100120 01010001000210201 02102010002100120 10100101021012012 01021210010002102 02103.10.03230.100 00102010102101120 01010001000210201 02102010002100120 10100101021012012 01021210010002102 02103.10.03230.100 02102010002100120 00102010102101120 01010001000210201 10100101021012012 02103.10.03230.100 01021210010002102 10100101021012012 02103.10.03230.100 01021210010002102 00102010102101120 02102010002100120 01010001000210201 10100101021012012 02102010002100120 01021210010002102 00102010102101120 02103.10.03230.100 00102010102101120 02102010002100120 01010001000210201 10100101021012012 02103.10.03230.100 01021210010002102 02102010002100120 00102010102101120 10100101021012012 01010001000210201 02103.10.03230.100 01021210010002102 10100101021012012 01021210010002102 02103.10.03230.100 00102010102101120 01010001000210201 02102010002100120 01010001000210201 02102010002100120 10100101021012012 01021210010002102 02103.10.03230.100 00102010102101120 01010001000210201 02102010002100120 10100101021012012 01021210010002102 02103.10.03230.100 02102010002100120 00102010102101120 01010001000210201 10100101021012012 02103.10.03230.100 01021210010002102 10100101021012012 02103.10.03230.100 01021210010002102 00102010102101120 02102010002100120 01010001000210201 10100101021012012 02102010002100120 01021210010002102 00102010102101120 02103.10.03230.100 00102010102101120 02102010002100120 01010001000210201 10100101021012012 02103.10.03230.100 01021210010002102 02102010002100120 00102010102101120 10100101021012012 01010001000210201 02103.10.03230.100 01021210010002102 10100101021012012 01021210010002102 02103.10.03230.100 00102010102101120 01010001000210201 02102010002100120 01010001000210201 02102010002100120 10100101021012012 01021210010002102 02103.10.03230.100 00102010102101120 01010001000210201 02102010002100120 10100101021012012 01021210010002102 02103.10.03230.100 02102010002100120 00102010102101120 01010001000210201 10100101021012012 02103.10.03230.100 01021210010002102 10100101021012012 02103.10.03230.100 01021210010002102 00102010102101120 02102010002100120 01010001000210201 10100101021012012 02102010002100120 01021210010002102 00102010102101120 02103.10.03230.100 00102010102101120 02102010002100120 01010001000210201 10100101021012012 02103.10.03230.100 01021210010002102 02102010002100120 00102010102101120 10100101021012012 01010001000210201 02103.10.03230.100 01021210010002102 10100101021012012 01021210010002102 02103.10.03230.100 00102010102101120 01010001000210201 02102010002100120 01010001000210201 02102010002100120 10100101021012012 01021210010002102 02103.10.03230.100 00102010102101120 01010001000210201 02102010002100120 10100101021012012 01021210010002102 02103.10.03230.100 02102010002100120 00102010102101120 01010001000210201 10100101021012012 02103.10.03230.100 01021210010002102 Threats may go un-noticed!! Mac:Hey John, Mac this side. I am not able to access the internet today. John:Hey Mac. Let me see what is happening. Once in a while someone calls up with a problem; John logs into that specific device, sees the logs and resolves it John:Gotcha Mac. Your problem has been resolved. BUT, John might not have received any calls for a mishap that is later identified after several months Mac, Nw Admin John, SOC manager Managed Security Ltd For Customer: LIFE PHARMA

9 Site 3 Site 1 Site 4 Site 2 10100101021012012 02103.10.03230.100 01021210010002102 00102010102101120 02102010002100120 01010001000210201 10100101021012012 02102010002100120 01021210010002102 00102010102101120 02103.10.03230.100 00102010102101120 02102010002100120 01010001000210201 10100101021012012 02103.10.03230.100 01021210010002102 02102010002100120 00102010102101120 10100101021012012 01010001000210201 02103.10.03230.100 01021210010002102 10100101021012012 01021210010002102 02103.10.03230.100 00102010102101120 01010001000210201 02102010002100120 01010001000210201 02102010002100120 10100101021012012 01021210010002102 02103.10.03230.100 00102010102101120 01010001000210201 02102010002100120 10100101021012012 01021210010002102 02103.10.03230.100 02102010002100120 00102010102101120 01010001000210201 10100101021012012 02103.10.03230.100 01021210010002102 10100101021012012 02103.10.03230.100 01021210010002102 00102010102101120 02102010002100120 01010001000210201 10100101021012012 02102010002100120 01021210010002102 00102010102101120 02103.10.03230.100 00102010102101120 02102010002100120 01010001000210201 10100101021012012 02103.10.03230.100 01021210010002102 02102010002100120 00102010102101120 10100101021012012 01010001000210201 02103.10.03230.100 01021210010002102 10100101021012012 01021210010002102 02103.10.03230.100 00102010102101120 01010001000210201 02102010002100120 01010001000210201 02102010002100120 10100101021012012 01021210010002102 02103.10.03230.100 00102010102101120 01010001000210201 02102010002100120 10100101021012012 01021210010002102 02103.10.03230.100 02102010002100120 00102010102101120 01010001000210201 10100101021012012 02103.10.03230.100 01021210010002102 10100101021012012 02103.10.03230.100 01021210010002102 00102010102101120 02102010002100120 01010001000210201 10100101021012012 02102010002100120 01021210010002102 00102010102101120 02103.10.03230.100 00102010102101120 02102010002100120 01010001000210201 10100101021012012 02103.10.03230.100 01021210010002102 02102010002100120 00102010102101120 10100101021012012 01010001000210201 02103.10.03230.100 01021210010002102 10100101021012012 01021210010002102 02103.10.03230.100 00102010102101120 01010001000210201 02102010002100120 01010001000210201 02102010002100120 10100101021012012 01021210010002102 02103.10.03230.100 00102010102101120 01010001000210201 02102010002100120 10100101021012012 01021210010002102 02103.10.03230.100 02102010002100120 00102010102101120 01010001000210201 10100101021012012 02103.10.03230.100 01021210010002102 10100101021012012 02103.10.03230.100 01021210010002102 00102010102101120 02102010002100120 01010001000210201 10100101021012012 02102010002100120 01021210010002102 00102010102101120 02103.10.03230.100 00102010102101120 02102010002100120 01010001000210201 10100101021012012 02103.10.03230.100 01021210010002102 02102010002100120 00102010102101120 10100101021012012 01010001000210201 02103.10.03230.100 01021210010002102 10100101021012012 01021210010002102 02103.10.03230.100 00102010102101120 01010001000210201 02102010002100120 01010001000210201 02102010002100120 10100101021012012 01021210010002102 02103.10.03230.100 00102010102101120 01010001000210201 02102010002100120 10100101021012012 01021210010002102 02103.10.03230.100 02102010002100120 00102010102101120 01010001000210201 10100101021012012 02103.10.03230.100 01021210010002102 10100101021012012 02103.10.03230.100 01021210010002102 00102010102101120 02102010002100120 01010001000210201 10100101021012012 02102010002100120 01021210010002102 00102010102101120 02103.10.03230.100 00102010102101120 02102010002100120 01010001000210201 10100101021012012 02103.10.03230.100 01021210010002102 02102010002100120 00102010102101120 10100101021012012 01010001000210201 02103.10.03230.100 01021210010002102 10100101021012012 01021210010002102 02103.10.03230.100 00102010102101120 01010001000210201 02102010002100120 01010001000210201 02102010002100120 10100101021012012 01021210010002102 02103.10.03230.100 00102010102101120 01010001000210201 02102010002100120 10100101021012012 01021210010002102 02103.10.03230.100 02102010002100120 00102010102101120 01010001000210201 10100101021012012 02103.10.03230.100 01021210010002102 10100101021012012 02103.10.03230.100 01021210010002102 00102010102101120 02102010002100120 01010001000210201 10100101021012012 02102010002100120 01021210010002102 00102010102101120 02103.10.03230.100 00102010102101120 02102010002100120 01010001000210201 10100101021012012 02103.10.03230.100 01021210010002102 02102010002100120 00102010102101120 10100101021012012 01010001000210201 02103.10.03230.100 01021210010002102 10100101021012012 01021210010002102 02103.10.03230.100 00102010102101120 01010001000210201 02102010002100120 01010001000210201 02102010002100120 10100101021012012 01021210010002102 02103.10.03230.100 00102010102101120 01010001000210201 02102010002100120 10100101021012012 01021210010002102 02103.10.03230.100 02102010002100120 00102010102101120 01010001000210201 10100101021012012 02103.10.03230.100 01021210010002102 John had to submit a forensic root cause report for the unfortunate attack happened at Life Pharma a week before Threats may go un-noticed!! John, SOC manager Managed Security Ltd This is a humongous task!! and I might run into mistakes!! For Customer: LIFE PHARMA

10 Challenge: Multiple security devices, Many logs, Shortage of resources Identifying trends /patterns to form story and not just see logs for better decision making Easy to provide Monitoring Services - Viewing reports & logs of all customers at one place Timely attentiveness for EVENTS - Quickly responding to incidents by identifying security attacks and incidents Troubleshoot problems easily; Quick Forensic investigation Identifying unusual activity within the network Generating compliance reports in minutes rather than taking hours

11 Introducing Cyberoam iView Next Generation Intelligent Logging and Reporting Appliances

12 Get centralized visibility into distributed networks Servers Firewalls IDP / IPS Switches Routers UTM / NGFW Applications Desktop systems Logs & Events Compliance Management Forensic Analysis Log Management Security Management Identity LoggingReporting

13 Centralized Logging & Reporting of user and network activities of multiple devices across locations Centralized Visibility Search and Filter through Logs and Bookmark search results for re-use Log Management Comprehensive Reporting; 1300+ predefined Reports, Customized Reports, Report Scheduling Security Management Inbuilt Compliance Reports - PCI DSS, SOX, GLBA, FISMA, HIPAA Compliance Management Allow Administrative or Viewer rights for individual or group of devices Security Administration Graphical summary and Details of all Network activities with customized Dashboards and Views Forensic Analysis What does CYBEROAM iView offer?

14 How iView helps John… John deploys Cyberoam’s iView appliance at Managed Security Ltd Managed Security Ltd Life Pharma Rise High School Universal Engineering Internet John, SOC manager Managed Security Ltd iView Next Generation Intelligent Logging and Reporting Appliance Cyberoam Central Console

15 iView helps with…

16 Customer-wise Grouping of Security Appliances View Customer specific Dashboard Get centralized visibility into customer networks

17 Give your customers visibility into network activities with Custom dashboards Traffic Dashboard Security Dashboard Executive Dashboard

18 1200+ predefined reports

19 Help customers identify employees consuming most bandwidth

20 Users accessing P2P Applications Unproductive Web surfing and Users behind it Help customers identify the employees using P2P AND Unproductive Surfing

21 Top Websites Give information on Web sites and Applications used in customer networks

22 Top Risky Applications Help customer identify Risky applications used within the network

23 Visibility into Attacks, attackers and the victims Give visibility on network attacks to customers

24 Top viruses detected and blocked Give visibility on Virus detected and blocked to customers

25 Save days of effort with the help of inbuilt compliance reports Help your customers achieve compliance

26 More Features to meet Customer’s special needs Bookmark reports for later reference Schedule Reports & Get them emailed Customer-wise User Access – Only viewer or admin rights can be assigned

27 Powerful Hardware with Reliable Storage Appliance Features  RAID 5 Technology  Ultra fast Processing with Quad core chips  Hardened OS for security against future attacks and system downtime  Dual and Redundant Power Supply for Higher Availability and Reliability Appliance Benefits  Simplicity in deployment -Turnkey Logging & Reporting Solution -Eliminates need for Technical expertise to set up  Terabytes of storage space – Available upto 16TB -Compliance needs -Long-term reporting/archiving needs in Enterprises  Data Redundancy -Faster data retrieval, event investigation -Storage reliability  Safety of logs, reports in case of disk failure  Reliable support through telephone, chat and email -8x5 and 24x7 support -Annual Maintenance Contracts

28 Features of Cyberoam iView Log Management  Near real-time log retrieval  Archival and Search facility Forensic Analysis  Reconstructing sequence of events in a security breach  Reporting stands in the face of legal scrutiny Compliance Management  Reduces compliance costs  Single click access to reports - Simplified compliance management  Easy visibility into access by users Security Management  iView dashboard – Shows network attacks on single screen  Drill-down reports – 3rd level drill-down for attack details  Identity-based logging and reporting – Pinpoints the user  1300+ Reports

29 Security Benefits  Centralized control  Identifies attacks based on – -Attack Reports (Type of Reports) -Deviation from norm in access or usage of resources  Allows quick investigation and determination of cause of breach Compliance Benefits  Access and Usage logs of -Activity in critical applications, databases -Data transmitted to external entities  Enables setting user identity-based thresholds for acceptable use Productivity Benefits  Shows deviation in resource consumption Financial Benefits  Low capital requirements  Low technical manpower requirements Benefits of Cyberoam iView

30 Thank You Thank you!

Download ppt "Centralized Logging and Reporting for Managed Security Services Providers."

Similar presentations

Network Systems Sales LLC

Network Systems Sales LLC
Mission Critical Messaging Platform Roni Havas Unified Communications Solution Specialist Specialists Technology Unit – EPG - Microsoft Israel

Mission Critical Messaging Platform Roni Havas Unified Communications Solution Specialist Specialists Technology Unit – EPG - Microsoft Israel
The Threat Within September 2004. Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.

The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.
BalaBit Shell Control Box

BalaBit Shell Control Box
Which server is right for you? Get in Contact with us 021- 671 2170

Which server is right for you? Get in Contact with us
Www.cyberoam.com © Copyright 2012 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. Securing You Cyberoam Virtual UTM Our Products Unified Threat Management.

© Copyright 2012 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. Securing You Cyberoam Virtual UTM Our Products Unified Threat Management.
ACER CONFIDENTIAL Acer Chromebooks for Education.

ACER CONFIDENTIAL Acer Chromebooks for Education.
Network Instruments Troubleshooting Techniques. What to look for in network monitoring solutions… Key Elements Real Time Statistics Visual Network Traffic.

Network Instruments Troubleshooting Techniques. What to look for in network monitoring solutions… Key Elements Real Time Statistics Visual Network Traffic.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Citrix Partner Update The Citrix Delivery Centre.

Citrix Partner Update The Citrix Delivery Centre.
Www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Unified Threat Management Cyberoam End Point Data.

© Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Unified Threat Management Cyberoam End Point Data.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
by Evolve IP Managed Services

by Evolve IP Managed Services
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
© 2004-2014. Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.

© Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.

Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.

©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.
Acceleratio Ltd. is a software development company based in Zagreb, Croatia, founded in 2009. We create innovative software solutions for SharePoint,

Acceleratio Ltd. is a software development company based in Zagreb, Croatia, founded in We create innovative software solutions for SharePoint,
1 Monday, June 27, 2011Copyright© 2011 Dragnet Dragnet ® Cloud Service Introduction Matthew McLeod, Managing Director

1 Monday, June 27, 2011Copyright© 2011 Dragnet Dragnet ® Cloud Service Introduction Matthew McLeod, Managing Director

Similar presentations

Ads by Google