Active Insight for SIEM (Security Information and Event Management)
-
Upload
activeinsight -
Category
Technology
-
view
2.119 -
download
2
description
Transcript of Active Insight for SIEM (Security Information and Event Management)
![Page 1: Active Insight for SIEM (Security Information and Event Management)](https://reader033.fdocuments.us/reader033/viewer/2022051609/546c23b3af795953298b4db4/html5/thumbnails/1.jpg)
www.activeinsight.net
![Page 2: Active Insight for SIEM (Security Information and Event Management)](https://reader033.fdocuments.us/reader033/viewer/2022051609/546c23b3af795953298b4db4/html5/thumbnails/2.jpg)
www.activeinsight.net
Real-time Detection and Reaction to User Behavior
ActiveInsight for SIEM
ACTIVE INSIGHT
![Page 3: Active Insight for SIEM (Security Information and Event Management)](https://reader033.fdocuments.us/reader033/viewer/2022051609/546c23b3af795953298b4db4/html5/thumbnails/3.jpg)
Background
Successful SIEM deployments have been
collecting data and events from infrastructure
and security devices
![Page 4: Active Insight for SIEM (Security Information and Event Management)](https://reader033.fdocuments.us/reader033/viewer/2022051609/546c23b3af795953298b4db4/html5/thumbnails/4.jpg)
Background
Various regulations and business needs
require application-level event collection,
audit trail and correlation (FISMA, HIPPA, PCI,
357/257, etc.)
![Page 5: Active Insight for SIEM (Security Information and Event Management)](https://reader033.fdocuments.us/reader033/viewer/2022051609/546c23b3af795953298b4db4/html5/thumbnails/5.jpg)
Background
The business application tier is where actual
business events occur and where damage can
be done
“Application layer monitoring for fraud detection or internal
threat management is emerging as a new use case for SIEM
technology” Gartner Magic Quadrant for Security Information and Event Management, 2008.
![Page 6: Active Insight for SIEM (Security Information and Event Management)](https://reader033.fdocuments.us/reader033/viewer/2022051609/546c23b3af795953298b4db4/html5/thumbnails/6.jpg)
The Business Need Application level audit trail Detailed user-session-application level data Real-time visibility of user behavior and application
events Real-time, value-based, event detection and reaction “Zero-touch” application event detection (no code
modifications or complex log configuration and management)
“Zero-impact” on application performance and user experience
Quick deployment
![Page 7: Active Insight for SIEM (Security Information and Event Management)](https://reader033.fdocuments.us/reader033/viewer/2022051609/546c23b3af795953298b4db4/html5/thumbnails/7.jpg)
7
ACTIVE INSIGHT
ExternalUsers
System Mgmt
Risk Mgmt
SIEM
Fraud Detection
ACTIVE INSIGHT
Detect React
InternalUsers
Device API
![Page 8: Active Insight for SIEM (Security Information and Event Management)](https://reader033.fdocuments.us/reader033/viewer/2022051609/546c23b3af795953298b4db4/html5/thumbnails/8.jpg)
ActiveInsight Unique Value Proposition
Deeper, richer user-application level data
Non-intrusive, event driven architecture
Zero-touch, zero-impact deployment
Real-time visibility and reactions
Minimized integration efforts
Multiple feeders for various risk mgmt applications
Computational, I/O and log management off-loading
![Page 9: Active Insight for SIEM (Security Information and Event Management)](https://reader033.fdocuments.us/reader033/viewer/2022051609/546c23b3af795953298b4db4/html5/thumbnails/9.jpg)
Main Technological Challenges
Detecting relevant user-application events, in real-time, without
harming application performance and availability
Reacting to relevant events by feeding SIEM or other security/risk
management applications or initiating defensive actions
Offloading application servers and provide a central log source bus
Providing a simple, flexible and non-intrusive solution that can be
deployed without requiring application code changes
![Page 10: Active Insight for SIEM (Security Information and Event Management)](https://reader033.fdocuments.us/reader033/viewer/2022051609/546c23b3af795953298b4db4/html5/thumbnails/10.jpg)
Technology Distributed, high-performance, extreme transaction processing
technology
Integrated in-memory distributed data caching
Unlimited server scale-out (scalable by design)
A-sync or sync (w/o time-out) processing
Low latency computational de-coupling
Unique and simple, xml based, “behavioral processing language”
Asynchronous, multi target feeders
Real-time, pattern based, 2-way user interaction
![Page 11: Active Insight for SIEM (Security Information and Event Management)](https://reader033.fdocuments.us/reader033/viewer/2022051609/546c23b3af795953298b4db4/html5/thumbnails/11.jpg)
Summary
![Page 12: Active Insight for SIEM (Security Information and Event Management)](https://reader033.fdocuments.us/reader033/viewer/2022051609/546c23b3af795953298b4db4/html5/thumbnails/12.jpg)
Q&A
Thank you!
http://www.activeinsight.net