BR Focus On Five Siem Requirements PDF

VE
ND
SAFE RELENTLESS
GLOBAL
24/7
TLESS
RELENTLESS
24/7
7 Focus on five
24/7
GLOBAL
VE LENTLESS
DEFEND
SESSIVE
GLOBAL
OBALT OBSESIVO EIFRIG ABWEHREN SICURO OSSESSIVAMENTE 24X7 INLASSABLEMENT DEFEND SCURIT OBSESSIVAMENTE DFENDRE 24/24 7/7 SKYDD G GLOBALE OB ENT SICHER GRELENTLESS 24/7 STNDIGT SAFE OAVBRUTET UNERMDLICH LOBALE OBSESSIVE DEFENDER IMPLACAVELMENTE G SKERT ININTERROTTAMENTE DIFEN MDLICH GSEGURO GIMPLACABLE CONSTAMMENT IMPLACABI TE DIFENDERE GLOBALT OBSESIVO EIFRIG ABWEHREN SICURO OSSESSIVAMENTE CABILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENTE DFENDRE 24/24 7/7 SK NTE 24X7 INLASSABLEMENT SICHER GRELENTLESS 24/7 STNDIGT SAFE OAVBRU SKYDD G GLOBALE OBSESSIVE DEFENDER IMPLACAVELMENTE G SKERT ININ OAVBRUTET UNERMDLICH GSEGURO GIMPLACABLE CONSTAMMENT ERT ININTERROTTAMENTE DIFENDERE GLOBALT OBSESIVO EIFRIG ABWEHREN SIC MENT IMPLACABILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENTE DFENDRE 24 N SICURO OSSESSIVAMENTE 24X7 INLASSABLEMENT SICHER G RELENTLESS 24/7 ST SKYDD GGLOBALE OBSESSIVE DEFENDER IMPLACAVELMEN FENDRE 24/24 7/7 RELENTLESS 4/7 STNDIGT SAFE OAVBRUTET UNERMDLICH GSEGURO GIMPLACAB ENTE GSKERT ININTERROTTAMENTE DIFENDERE GLOBALT OBSESIVO EIFRIG BLE CONSTAMMENT IMPLACABILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENTE ABWEHREN SICURO OSSESSIVAMENTE 24X7 INLASSABLEMENT SICHER G RELENT VAMENTE DFENDRE 24/24 7/7 SKYDD GGLOBALE OBSESSIVE DEFENDER IMP RELENTLESS 24/7 STNDIGT SAFE OAVBRUTET UNERMDLICH G SEGURO DER IMPLACAVELMENTE GSKERT ININTERROTTAMENTE DIFENDERE GLOBALT OBS G IMPLACABLE CONSTAMMENT IMPLACABILMENTE GLOBAL DEFEND SCUR OBALT OBSESIVO EIFRIG ABWEHREN SICURO OSSESSIVAMENTE 24X7 INLASSABLEMENT DEFEND SCURIT OBSESSIVAMENTE DFENDRE 24/24 7/7 SKYDD G GLOBALE OB ENT SICHER GRELENTLESS 24/7 STNDIGT SAFE OAVBRUTET UNERMDLICH RELENTLESS LOBALE OBSESSIVE DEFENDER IMPLACAVELMENTE G SKERT ININTERROTTAMENTE DIFEN MDLICH GSEGURO GIMPLACABLE CONSTAMMENT IMPLACABI TE DIFENDERE GLOBALT OBSESIVO EIFRIG ABWEHREN SICURO OSSESSIVAMENTE CABILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENTE DFENDRE 24/24 7/7 SK NTE 24X7 INLASSABLEMENT SICHER GRELENTLESS 24/7 STNDIGT SAFE OAVBRU SKYDD G GLOBALE OBSESSIVE DEFENDER IMPLACAVELMENTE G SKERT ININ OAVBRUTET UNERMDLICH GSEGURO GIMPLACABLE CONSTAMMENT ERT ININTERROTTAMENTE DIFENDERE GLOBALT OBSESIVO EIFRIG ABWEHREN SIC MENT IMPLACABILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENTE DFENDRE 24 N SICURO OSSESSIVAMENTE 24X7 INLASSABLEMENT SICHER G RELENTLESS 24/7 ST FENDRE 24/24 7/7 SKYDD GGLOBALE OBSESSIVE DEFENDER IMPLACAVELMEN 4/7 STNDIGT SAFE OAVBRUTET UNERMDLICH GSEGURO GIMPLACAB ENTE GSKERT ININTERROTTAMENTE DIFENDERE GLOBALT OBSESIVO EIFRIG BLE CONSTAMMENT IMPLACABILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENTE ABWEHREN SICURO OSSESSIVAMENTE 24X7 INLASSABLEMENT SICHER G RELENT VAMENTE DFENDRE 24/24 7/7 SKYDD GGLOBALE OBSESSIVE DEFENDER IMP RELENTLESS 24/7 STNDIGT SAFE OAVBRUTET UNERMDLICH G SEGURO DER IMPLACAVELMENTE GSKERT ININTERROTTAMENTE DIFENDERE GLOBALT OB G IMPLACABLE CONSTAMMENT IMPLACABILMENTE GLOBAL DEFEND SCUR OBALT OBSESIVO EIFRIG ABWEHREN SICURO OSSESSIVAMENTE 24X7 INLASSABLEMENT DEFEND SCURIT OBSESSIVAMENTE DFENDRE 24/24 7/7 SKYDD G GLOBALE OB ENT SICHER GRELENTLESS 24/7 STNDIGT SAFE OAVBRUTET UNERMDLICH LOBALE OBSESSIVE DEFENDER IMPLACAVELMENTE G SKERT ININTERROTTAMENTE DIFEN MDLICH GSEGURO GIMPLACABLE CONSTAMMENT IMPLACABI TE DIFENDERE GLOBALT OBSESIVO EIFRIG ABWEHREN SICURO OSSESSIVAMENTE CABILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENTE DFENDRE 24/24 7/7 SK NTE 24X7 INLASSABLEMENT SICHER GRELENTLESS 24/7 STNDIGT SAFE OAVBRU SKYDD G GLOBALE OBSESSIVE DEFENDER IMPLACAVELMENTE G SKERT ININ OAVBRUTET UNERMDLICH GSEGURO GIMPLACABLE CONSTAMMENT ERT ININTERROTTAMENTE DIFENDERE GLOBALT OBSESIVO EIFRIG ABWEHREN SIC MENT IMPLACABILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENTE DFENDRE 24 N SICURO OSSESSIVAMENTE 24X7 INLASSABLEMENT SICHER G RELENTLESS 24/7 ST FENDRE 24/24 7/7 SKYDD GGLOBALE OBSESSIVE DEFENDER IMPLACAVELMEN 4/7 STNDIGT SAFE OAVBRUTET UNERMDLICH GSEGURO GIMPLACAB ENTE GSKERT ININTERROTTAMENTE DIFENDERE GLOBALT OBSESIVO EIFRIG BLE CONSTAMMENT IMPLACABILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENTE ABWEHREN SICURO OSSESSIVAMENTE 24X7 INLASSABLEMENT SICHER G RELENT
OBSESSIVE
OBSESSIVE
OBSESSIVE DEFEND
DEFEND
GLOBAL
24/7 RELENTLESS SAF 24 GLOBAL
GLOBAL
SAFE
24
DEFEND OB OBSESSIVE
SAF
SAFE
24/7
RELENTLESS
DEFEND SIEM Requirements
SAFE
OBSES
ND
SAFE RELENTLESS
GLOBAL
24/7
TLESS
VE LENTLESS
24/7
DEFEND
SESSIVE
GLOBAL
DEFEND SCURIT OBSESSIVAMENTE DFENDRE 24/24 7/7 SKYDD G GLOBALE O MENT SICHER GRELENTLESS 24/7 STNDIGT SAFE OAVBRUTET UNERMDLICH LOBALE OBSESSIVE DEFENDER IMPLACAVELMENTE G SKERT ININTERROTTAMENTE DIFEN MDLICH GSEGURO GIMPLACABLE CONSTAMMENT IMPLACAB TE DIFENDERE GLOBALT OBSESIVO EIFRIG ABWEHREN SICURO OSSESSIVAMENTE ACABILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENTE DFENDRE 24/24 7/7 SK ENTE 24X7 INLASSABLEMENT SICHER GRELENTLESS 24/7 STNDIGT SAFE OAVBRU SKYDD G GLOBALE OBSESSIVE DEFENDER IMPLACAVELMENTE G SKERT INI OAVBRUTET UNERMDLICH GSEGURO GIMPLACABLE CONSTAMMEN ERT ININTERROTTAMENTE DIFENDERE GLOBALT OBSESIVO EIFRIG ABWEHREN SIC MENT IMPLACABILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENTE DFENDRE 2 EN SICURO OSSESSIVAMENTE 24X7 INLASSABLEMENT SICHER G RELENTLESS 24/7 ST FENDRE 24/24 7/7 SKYDD GGLOBALE OBSESSIVE DEFENDER IMPLACAVELME RELENTLESS 4/7 STNDIGT SAFE OAVBRUTET UNERMDLICH GSEGURO GIMPLACA ENTE GSKERT ININTERROTTAMENTE DIFENDERE GLOBALT OBSESIVO EIFRIG BLE CONSTAMMENT IMPLACABILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENTE ABWEHREN SICURO OSSESSIVAMENTE 24X7 INLASSABLEMENT SICHER G RELEN VAMENTE DFENDRE 24/24 7/7 SKYDD GGLOBALE OBSESSIVE DEFENDER IMP RELENTLESS 24/7 STNDIGT SAFE OAVBRUTET UNERMDLICH G SEGURO DER IMPLACAVELMENTE GSKERT ININTERROTTAMENTE DIFENDERE GLOBALT OB G IMPLACABLE CONSTAMMENT IMPLACABILMENTE GLOBAL DEFEND SCU OBALT OBSESIVO EIFRIG ABWEHREN SICURO OSSESSIVAMENTE 24X7 INLASSABLEMENT DEFEND SCURIT OBSESSIVAMENTE DFENDRE 24/24 7/7 SKYDD G GLOBALE O MENT SICHER GRELENTLESS 24/7 STNDIGT SAFE OAVBRUTET UNERMDLICH RELENTLESS LOBALE OBSESSIVE DEFENDER IMPLACAVELMENTE G SKERT ININTERROTTAMENTE DIFEN MDLICH GSEGURO GIMPLACABLE CONSTAMMENT IMPLACAB 1 Big Security Data TE DIFENDERE GLOBALT OBSESIVO EIFRIG ABWEHREN SICURO OSSESSIVAMENTE 2 Content and User Awareness ACABILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENTE DFENDRE 24/24 7/7 SK ENTE 24X7 INLASSABLEMENT SICHER G RELENTLESS 24/7 STNDIGT SAFE OAVBRU 3 Dynamic Context SKYDD G GLOBALE OBSESSIVE DEFENDER IMPLACAVELMENTE G SKERT INI 4 Solution Customization OAVBRUTET UNERMDLICH GSEGURO GIMPLACABLE CONSTAMMEN ERT ININTERROTTAMENTE DIFENDERE GLOBALT OBSESIVO EIFRIG ABWEHREN SIC 5 Business Value MENT IMPLACABILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENTE DFENDRE 2 EN SICURO OSSESSIVAMENTE 24X7 INLASSABLEMENT SICHER G RELENTLESS 24/7 ST FENDRE 24/24 7/7 SKYDD GGLOBALE OBSESSIVE DEFENDER IMPLACAVELME 4/7 STNDIGT SAFE OAVBRUTET UNERMDLICH GSEGURO GIMPLACA ENTE GSKERT ININTERROTTAMENTE DIFENDERE GLOBALT OBSESIVO EIFRIG BLE CONSTAMMENT IMPLACABILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENTE ABWEHREN SICURO OSSESSIVAMENTE 24X7 INLASSABLEMENT SICHER G RELEN VAMENTE DFENDRE 24/24 7/7 SKYDD GGLOBALE OBSESSIVE DEFENDER IMP RELENTLESS 24/7 STNDIGT SAFE OAVBRUTET UNERMDLICH G SEGURO DER IMPLACAVELMENTE GSKERT ININTERROTTAMENTE DIFENDERE GLOBALT OB G IMPLACABLE CONSTAMMENT IMPLACABILMENTE GLOBAL DEFEND SCU OBALT OBSESIVO EIFRIG ABWEHREN SICURO OSSESSIVAMENTE 24X7 INLASSABLEMENT DEFEND SCURIT OBSESSIVAMENTE DFENDRE 24/24 7/7 SKYDD G GLOBALE O MENT SICHER GRELENTLESS 24/7 STNDIGT SAFE OAVBRUTET UNERMDLICH LOBALE OBSESSIVE DEFENDER IMPLACAVELMENTE G SKERT ININTERROTTAMENTE DIFEN MDLICH GSEGURO GIMPLACABLE CONSTAMMENT IMPLACAB TE DIFENDERE GLOBALT OBSESIVO EIFRIG ABWEHREN SICURO OSSESSIVAMENTE ACABILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENTE DFENDRE 24/24 7/7 SK ENTE 24X7 INLASSABLEMENT SICHER GRELENTLESS 24/7 STNDIGT SAFE OAVBRU SKYDD G GLOBALE OBSESSIVE DEFENDER IMPLACAVELMENTE G SKERT INI OAVBRUTET UNERMDLICH GSEGURO GIMPLACABLE CONSTAMMEN ERT ININTERROTTAMENTE DIFENDERE GLOBALT OBSESIVO EIFRIG ABWEHREN SIC MENT IMPLACABILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENTE DFENDRE 2 EN SICURO OSSESSIVAMENTE 24X7 INLASSABLEMENT SICHER G RELENTLESS 24/7 ST FENDRE 24/24 7/7 SKYDD GGLOBALE OBSESSIVE DEFENDER IMPLACAVELME 4/7 STNDIGT SAFE OAVBRUTET UNERMDLICH GSEGURO GIMPLACA ENTE GSKERT ININTERROTTAMENTE DIFENDERE GLOBALT OBSESIVO EIFRIG BLE CONSTAMMENT IMPLACABILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENTE ABWEHREN SICURO OSSESSIVAMENTE 24X7 INLASSABLEMENT SICHER G RELEN
VE
OBSESSIVE
siem
OBSESSIVE
OBSESSIVE DEFEND
DEFEND
GLOBAL
24/7 RELENTLESS SA GLOBAL 24
RELENTLESS
24/7
GLOBAL
SAFE
24
DEFEND OB OBSESSIVE
GLOBAL
SAF
SAFE
24/7
RELENTLESS
DEFEND
SAFE
OBSES
RELENTLESS RELENTLESS AFE OBSESSIVE
FE
BSESSIVE
GLOBAL
DEFEND
SSIVE OBSESSIVE SAFE DEFEND GLOBAL 24/7

24/7
OBSESSIVE DEFENDER IMPLACAVELMENTE G SKERT ININTERROTTAMENTE DIFENDERE GSEGURO GIMPLACABLE CONSTAMMENT IMPLACABILMENTE NDERE GLOBALT OBSESIVO EIFRIG ABWEHREN SICURO OSSESSIVAMENTE 24X BILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENTE DFENDRE 24/24 7/7 SKYD E 24X7 INLASSABLEMENT SICHER GRELENTLESS 24/7 STNDIGT SAFE OAVBRUTE KYDD GGLOBALE OBSESSIVE DEFENDER IMPLACAVELMENTE GSKERT ININTERROTTA UTET UNERMDLICH GSEGURO GIMPLACABLE CONSTAMMENT INTERROTTAMENTE DIFENDERE GLOBALT OBSESIVO EIFRIG ABWEHREN SICUR NT IMPLACABILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENTE DFENDRE 24/2 CURO OSSESSIVAMENTE 24X7 INLASSABLEMENT SICHER GRELENTLESS 24/7 STNDIG 24/24 7/7 SKYDD GGLOBALE OBSESSIVE DEFENDER IMPLACAVELMENTE TNDIGT SAFE OAVBRUTET UNERMDLICH G SEGURO G IMPLACABL ENTE GSKERT ININTERROTTAMENTE DIFENDERE GLOBALT OBSESIVO EIFRIG ABLE CONSTAMMENT IMPLACABILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENT ABWEHREN SICURO OSSESSIVAMENTE 24X7 INLASSABLEMENT SICHER GRELENTLES E DFENDRE 24/24 7/7 SKYDD GGLOBALE OBSESSIVE DEFENDER IMPLACAVEL NTLESS 24/7 STNDIGT SAFE OAVBRUTET UNERMDLICH G SEGURO PLACAVELMENTE G SKERT ININTERROTTAMENTE DIFENDERE environments, GLOBALT OBSESIV After more than a decade functioning in production G IMPLACABLE CONSTAMMENT IMPLACABILMENTE GLOBAL DEFEND SCURIT security information and event management (SIEM) solutions BSESIVO EIFRIG ABWEHREN SICURO OSSESSIVAMENTE 24X7 INLASSABLEMENT SICHE are now considered mature. Capabilities such as event collection, URIT OBSESSIVAMENTE DFENDRE 24/24 7/7 SKYDD G GLOBALE OBSESSIVE SICHER G RELENTLESS SAFE OAVBRUTET UNERMDLICH correlation, alerting,24/7 andSTNDIGT demonstrating compliance with regulatoryG SEGUR OBSESSIVE DEFENDER IMPLACAVELMENTE G SKERT ININTERROTTAMENTE DIFENDERE mandates are table stakes, and most SIEM solutions address these GSEGURO G IMPLACABLE CONSTAMMENT IMPLACABILMENTE GLOBALT OBSESIVO EIFRIG ABWEHREN SICURO OSSESSIVAMENTE 24X NDERE needs. But the landscape is changing. Organizations face new threats BILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENTE DFENDRE 24/24 7/7 SKYD RELENTLESS such as targeted and persistent attacks, new trends like mobile, E 24X7 INLASSABLEMENT SICHER GRELENTLESS 24/7 STNDIGT SAFE OAVBRUTE cloud, and virtualization, and shifting business priorities around KYDD G GLOBALE OBSESSIVE DEFENDER IMPLACAVELMENTE G SKERT ININTERROTTA UTET UNERMDLICH G SEGURO G IMPLACABLE CONSTAMMENT customer acquisition, operational efficiencies and cost savings. INTERROTTAMENTE DIFENDERE GLOBALT OBSESIVO EIFRIG ABWEHREN SICUR As aIMPLACABILMENTE result, SIEM use cases require more advanced capabilities DFENDRE 24/2 NT GLOBAL DEFEND SCURIT OBSESSIVAMENTE 24X7 INLASSABLEMENT SICHER G RELENTLESS 24/7 STNDIG CURO OSSESSIVAMENTE to solve bigger business issues. 24/24 7/7 SKYDD GGLOBALE OBSESSIVE DEFENDER IMPLACAVELMENTE TNDIGT SAFE talked OAVBRUTET UNERMDLICH G SEGURO McAfee to customers and asked them to tell us about G IMPLACABL ENTE GSKERT ININTERROTTAMENTE DIFENDERE GLOBALT OBSESIVO EIFRIG their primary issues with SIEM. Here are the top five issues as ABLE CONSTAMMENT IMPLACABILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENT explained us: ABWEHREN SICURO to OSSESSIVAMENTE 24X7 INLASSABLEMENT SICHER GRELENTLES E DFENDRE 24/24 7/7 SKYDD GGLOBALE OBSESSIVE DEFENDER IMPLACAVEL Big Security Data STNDIGT SAFE OAVBRUTET UNERMDLICH G SEGURO NTLESS 24/7 PLACAVELMENTE G SKERT DIFENDERE GLOBALT OBSESIV Content and UserININTERROTTAMENTE Awareness G IMPLACABLE CONSTAMMENT IMPLACABILMENTE GLOBAL DEFEND SCURIT Dynamic ContextSICURO OSSESSIVAMENTE 24X7 INLASSABLEMENT SICHE BSESIVO EIFRIG ABWEHREN URIT OBSESSIVAMENTE DFENDRE 24/24 7/7 SKYDD G GLOBALE OBSESSIVE Solution Customization SICHER G RELENTLESS 24/7 STNDIGT SAFE OAVBRUTET UNERMDLICH G SEGUR Business Value OBSESSIVE DEFENDER IMPLACAVELMENTE G SKERT ININTERROTTAMENTE DIFENDERE GSEGURO GIMPLACABLE CONSTAMMENT IMPLACABILMENTE In order for GLOBALT SIEM to OBSESIVO help usher in more effective security and NDERE EIFRIG ABWEHREN SICURO OSSESSIVAMENTE 24X GLOBAL DEFENDstrategiesparticularly SCURIT OBSESSIVAMENTE 24/24 SKYD BILMENTE risk management asDFENDRE they relate to 7/7 threat E 24X7 INLASSABLEMENT SICHER GRELENTLESS 24/7 STNDIGT SAFE OAVBRUTE mitigation, embracing trends, and aligning with business priorities KYDD GGLOBALE OBSESSIVE DEFENDER IMPLACAVELMENTE GSKERT ININTERROTTA these five G issues must be solved. Each G issue IMPLACABLE is described here UTET UNERMDLICH SEGURO CONSTAMMENT INTERROTTAMENTE DIFENDERE GLOBALT OBSESIVO EIFRIG ABWEHREN SICUR along with corresponding customer case studies and use cases. NT IMPLACABILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENTE DFENDRE 24/2 CURO OSSESSIVAMENTE 24X7 INLASSABLEMENT SICHER GRELENTLESS 24/7 STNDIG 24/24 7/7 SKYDD GGLOBALE OBSESSIVE DEFENDER IMPLACAVELMENTE TNDIGT SAFE OAVBRUTET UNERMDLICH G SEGURO G IMPLACABL ENTE GSKERT ININTERROTTAMENTE DIFENDERE GLOBALT OBSESIVO EIFRIG ABLE CONSTAMMENT IMPLACABILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENT ABWEHREN SICURO OSSESSIVAMENTE 24X7 INLASSABLEMENT SICHER GRELENTLES E DFENDRE 24/24 7/7 SKYDD GGLOBALE OBSESSIVE DEFENDER IMPLACAVEL NTLESS 24/7 STNDIGT SAFE OAVBRUTET UNERMDLICH G SEGURO
24/7 4/7 DEFEND GLOBAL SIEM: Solve for the Bigger Business Issues
DEFEND
OBSESSIVE OBSESSIVE
OBSESSIVE
DEFEND
24/7
4/7
RELENTLESS
OBSESSIVE
DEFEND
GLOBAL GLOBAL RELENTLESS
SAFE
DEFEND
24/7
RELENTLESS
SAFE
1
2
big SECURITY data
Big Security Data can be extremely valuableif youre able to use it. Legacy SIEM solutions werent designed to integrate with such a broad number of endpoint, network, and data sources, nor intended to process such high event rates or maintain such long retention policies. As a result, relational databases and similar SIEM shortcomings designed primarily with network-centric events in mind simply dont work in todays environments. They lack the speed, extensibility, and scalability to be effective and usable.
use cases
Expanding event feeds from more relevant sources Building larger datasets in which to preform analytics Continuing to reduce resources needed for reporting Increasing employee and process efficiencies
Case Study
Federal Government A large government agency was interested in applying advanced analytics to the Big Security Data stored within its SIEMs multipetabyte, relational database. But even simple reports took hours to render and some took more than a day, making the agencys SIEM unusable for forensics. By switching to a SIEM solution from McAfee, the agency was able to expand the number and types of integrated devicesadding more data- and user-centric context to its analytics. The agency also increased event rates and stored data. Now, reports render in minutes, improving the entire approach to forensic analysis.
2
4
content and user awareness
There was once a time when SIEM was simply a tool to correlate events across firewalls and intrusion detection systems, and then maybe apply some vulnerability assessment data. Even today, there are some SIEMs that rely primarily on network flow data. While all of these sources are important, they need to be enriched with application, data content, and identity information. Without that, its virtually impossible to understand events with enough empirical evidence to be actionable.
use cases
Enriching situational awareness with more identity solutions Resolving who, when, how, where, and what Answering how long, who else, and what else Embracing even more BYOD assets such as laptops and smartphones
Case Study
Healthcare Provider A regional healthcare provider embraced the idea of bring your own device (BYOD) to increase staff agility by supporting personal tablets. Because of past incidents, the provider was concerned about insider abuse. The existing SIEM solution lacked the ability to understand which users were interacting with sensitive data regardless of the devicelaptop, desktop, tablet, or virtual desktop. With the McAfee SIEM solution, the healthcare provider connected with identity and mobility management, active directory, and LDAP products to gain user and device awareness. Because of integration with structured and unstructured data stores such as native database support, as well as integration with data loss prevention (DLP) and database active monitoring (DAM), there was more complete situational awareness and improved insider threat mitigation.
3
6
Dynamic Context
One of the earliest SIEM use cases was log managementcollect, store, and query with a few extra bells and whistles. Logs are still a foundational component of SIEM, but todays SIEMs also need dynamic context. Examples of dynamic context are McAfee Global Threat Intelligence (McAfee GTI) and McAfee Risk Advisor. McAfee GTI provides a real-time, cloud-based reputation service and Risk Advisor collects organizational information about attacks, vulnerabilities, and deployed countermeasures.
use cases
Understanding threats inside and outside the environment Improving SIEM capabilities with dynamic context Reducing incident identification time and response times Prioritizing future security investments by understanding countermeasures juxtaposed with SIEM information on targets and attacks
Case Study
Retailer A Fortune 100 retailer without a production SIEM and no McAfee solutions conducted a proof of concept. Within the first week, the retailer identified that over 30 percent of the traffic attempting to enter its network was from malicious sources and/or contained malicious payloads. Utilizing SIEM to correlate existing event information with McAfee GTI, the retailer quickly identified which assets were being targeted across all their store locations and data centers, as well as understanding the types of attacks. By consuming McAfee Risk Advisor countermeasure information, the SIEM determined the highest level of severity and then prioritized a response. SIEM paired with dynamic context allowed for more rapid threat acquisition, prioritization, and remediation.
4
8
Solution Customization
Legacy SIEMs have very rigid architectures and lack a few essential capabilities. For example, they dont easily integrate with previously unsupported devices to make information usable. But a next-generation SIEM, on the other hand, is like soft clay there are many ways to mold it to fit any given environment. This is exactly what makes a next-generation SIEM strategic for so many organizations.
use cases
Deploying SIEM with dynamic whitelisting and hardware-assisted security to protect fixed-function devices Centralizing the enforcement of policies across all three zones Integrating SIEM with firewall and IPS for rapid incident response Gaining more life from legacy assets because of improved security
Case Study
Utility A major utility company needed to employ security controls to address Stuxnet-like attacks from impacting the infrastructure and causing blackouts for millions of customers. With a McAfee SIEM, the utility achieved situational awareness across corporate IT, SCADA, and industrial control system (ICS) zones with native device, application, and protocol support. The McAfee SIEM provided the customer with the tools to do their own custom integration with the SCADA and ICS devices. That in turn allowed correlation, anomaly detection, and trend analysis across all three zones. Beyond customized event collection, the customer quickly and easily built unique dashboards, reports, correlation rules, and alerts. This made the SIEM an invaluable tool for security, demonstrating compliance with regulatory mandates and availabilityin other words, keeping the lights on.
9
5
10
Business Value
SIEM is an important component of any strategic security initiative, but its still just one of many. In fact, the sheer number of security and compliance solutions has created added cost and their non-integrated architecture has created complexity. Exactly why security has remained largely tactical instead of becoming more strategic and aligned with business priorities.
use cases
Reducing security-related helpdesk tickets Monitoring all headquarter and branch locations with fewer FTEs Redeploying FTEs, formerly focused on monitoring, more strategically Leveraging integrated security to help streamline business initiatives such as business merger integration, cost reduction through datacenter consolidation, and customer acquisition, retention through mobile solution support
Case Study
Financial Services A multinational banking customer owned a wealth of disparate products from various vendors. Some products were in production, but many were not regularly used or maintained because of limited resources. The bank determined that by leveraging SIEM in conjunction with integrated endpoint, network, and data controls it could more effectively mitigate risk and reduce costs while also making security more business-relevant. The bank reduced the number of vendors and gained economies of scalereducing training costs, reducing agents, consoles, servers, and more. This also lowered contract costs and a multitude of associated expenses. Beyond cost savings, the bank ensured that all existing and future solutions were fully integrated with McAfee SIEM to ensure better controls and visibility to its security posture.
11
take action
How much are existing SIEM or manual information management process delays costing your security team? Who are the stakeholders of security visibility in your organization? Are they getting the data they need when they need it? Does your organization have the visibility it needs to identify attacks, internally and externally? What are the top three time delays that increase time-to-respond? What are the primary barriers to the collection, storage, and analysis of the security data we need?
What worked in the previous decade with legacy SIEMs simply doesnt address todays requirements. From Big Security Data, content and user awareness, and dynamic context, to solution customization, and business value, SIEM use cases have matured. Organizations should demand more from their SIEM solutions. SIEMs should be fast and easy to use. They should reduce complexity, not create it.
Todays SIEMs need to operate as part of a larger, connected security framework where security and business priorities are aligned. SIEM plays an important role in making security more strategic and providing real business value. As security professionals continue to be more essential in broader business deliberations, SIEM will act as one of their trusted solutions for making timely, relevant decisions.
12
RELENTLESS RELENTLESS AFE OBSESSIVE
FE
BSESSIVE
GLOBAL
DEFEND
SSIVE OBSESSIVE SAFE DEFEND GLOBAL 24/7

24/7
OBSESSIVE DEFENDER IMPLACAVELMENTE G SKERT ININTERROTTAMENTE DIFENDERE GSEGURO GIMPLACABLE CONSTAMMENT IMPLACABILMENTE NDERE GLOBALT OBSESIVO EIFRIG ABWEHREN SICURO OSSESSIVAMENTE 24X BILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENTE DFENDRE 24/24 7/7 SKYD E 24X7 INLASSABLEMENT SICHER GRELENTLESS 24/7 STNDIGT SAFE OAVBRUTE KYDD GGLOBALE OBSESSIVE DEFENDER IMPLACAVELMENTE GSKERT ININTERROTTA UTET UNERMDLICH GSEGURO GIMPLACABLE CONSTAMMENT INTERROTTAMENTE DIFENDERE GLOBALT OBSESIVO EIFRIG ABWEHREN SICUR NT IMPLACABILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENTE DFENDRE 24/2 CURO OSSESSIVAMENTE 24X7 INLASSABLEMENT SICHER GRELENTLESS 24/7 STNDIG 24/24 7/7 SKYDD GGLOBALE OBSESSIVE DEFENDER IMPLACAVELMENTE TNDIGT SAFE OAVBRUTET UNERMDLICH G SEGURO G IMPLACABL ENTE GSKERT ININTERROTTAMENTE DIFENDERE GLOBALT OBSESIVO EIFRIG ABLE CONSTAMMENT IMPLACABILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENT ABWEHREN SICURO OSSESSIVAMENTE 24X7 INLASSABLEMENT SICHER GRELENTLES E DFENDRE 24/24 7/7 SKYDD GGLOBALE OBSESSIVE DEFENDER IMPLACAVEL To learn more about SIEM NTLESS 24/7 STNDIGT SAFE OAVBRUTET UNERMDLICH G SEGURO solutions from McAfee, please PLACAVELMENTE GSKERT ININTERROTTAMENTE DIFENDERE GLOBALT OBSESIV G IMPLACABLE CONSTAMMENT IMPLACABILMENTE GLOBAL DEFEND SCURIT visit: www.mcafee.com/SIEM BSESIVO EIFRIG ABWEHREN SICURO OSSESSIVAMENTE 24X7 INLASSABLEMENT SICHE URIT OBSESSIVAMENTE DFENDRE 24/24 7/7 SKYDD G GLOBALE OBSESSIVE SICHER G RELENTLESS 24/7 STNDIGT SAFE OAVBRUTET UNERMDLICH G SEGUR OBSESSIVE DEFENDER IMPLACAVELMENTE G SKERT ININTERROTTAMENTE DIFENDERE GSEGURO GIMPLACABLE CONSTAMMENT IMPLACABILMENTE NDERE GLOBALT OBSESIVO EIFRIG ABWEHREN SICURO OSSESSIVAMENTE 24X BILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENTE DFENDRE 24/24 7/7 SKYD RELENTLESS E 24X7 INLASSABLEMENT SICHER GRELENTLESS 24/7 STNDIGT SAFE OAVBRUTE KYDD GGLOBALE OBSESSIVE DEFENDER IMPLACAVELMENTE GSKERT ININTERROTTA UTET UNERMDLICH GSEGURO GIMPLACABLE CONSTAMMENT INTERROTTAMENTE DIFENDERE GLOBALT OBSESIVO EIFRIG ABWEHREN SICUR NT IMPLACABILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENTE DFENDRE 24/2 CURO OSSESSIVAMENTE 24X7 INLASSABLEMENT SICHER GRELENTLESS 24/7 STNDIG 24/24 7/7 SKYDD GGLOBALE OBSESSIVE DEFENDER IMPLACAVELMENTE TNDIGT SAFE OAVBRUTET UNERMDLICH G SEGURO G IMPLACABL ENTE GSKERT ININTERROTTAMENTE DIFENDERE GLOBALT OBSESIVO EIFRIG Security Connected ABLE CONSTAMMENT IMPLACABILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENT ABWEHREN SICURO OSSESSIVAMENTE 24X7 INLASSABLEMENT SICHER GRELENTLES cost effectiveness, and align security McAfee SIEM is part of the Security E DFENDRE 24/24 7/7 SKYDD GGLOBALE OBSESSIVE DEFENDER IMPLACAVEL strategically with business initiatives. Connected framework McAfee STNDIGT SAFE from OAVBRUTET UNERMDLICH G SEGURO NTLESS 24/7 PLACAVELMENTE G SKERT ININTERROTTAMENTE DIFENDERE GLOBALT OBSESIV The Security Connected Reference that enables integration of multiple G IMPLACABLE CONSTAMMENT IMPLACABILMENTE GLOBAL DEFEND Architecture provides a concrete path SCURIT products, services, and partnerships BSESIVO EIFRIG ABWEHREN SICURO OSSESSIVAMENTE 24X7 INLASSABLEMENT SICHE from ideas to implementation. Use for centralized, efficient, and effecURIT OBSESSIVAMENTE DFENDRE 24/24 7/7 SKYDD G GLOBALE OBSESSIVE it to adapt the Security Connected G SEGUR tive risk mitigation. Built on more SICHER G RELENTLESS 24/7 STNDIGT SAFE OAVBRUTET UNERMDLICH concepts your unique risks, DIFENDERE than two decades of proven security G OBSESSIVE DEFENDER IMPLACAVELMENTE SKERTto ININTERROTTAMENTE GSEGURO G IMPLACABLE CONSTAMMENT IMPLACABILMENTE infrastructure, and business objecpractices, the Security Connected NDERE GLOBALT OBSESIVO EIFRIG tives. ABWEHREN SICURO OSSESSIVAMENTE 24X McAfee is relentlessly focused approach helps organizations of all BILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENTE DFENDRE 24/24 7/7 SKYD on finding new ways to keep our sizes and segmentsacross all geogE 24X7 INLASSABLEMENT SICHER GRELENTLESS 24/7 STNDIGT SAFE OAVBRUTE customers safe. raphiesimprove security postures, KYDD GGLOBALE OBSESSIVE DEFENDER IMPLACAVELMENTE GSKERT ININTERROTTA optimize security for greater UTET UNERMDLICH GSEGURO GIMPLACABLE CONSTAMMENT INTERROTTAMENTE DIFENDERE GLOBALT OBSESIVO EIFRIG ABWEHREN SICUR NT IMPLACABILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENTE DFENDRE 24/2 CURO OSSESSIVAMENTE 24X7 INLASSABLEMENT SICHER GRELENTLESS 24/7 STNDIG 24/24 7/7 SKYDD GGLOBALE OBSESSIVE DEFENDER IMPLACAVELMENTE TNDIGT SAFE OAVBRUTET UNERMDLICH G SEGURO G IMPLACABL ENTE GSKERT ININTERROTTAMENTE DIFENDERE GLOBALT OBSESIVO EIFRIG ABLE CONSTAMMENT IMPLACABILMENTE GLOBAL DEFEND SCURIT OBSESSIVAMENT ABWEHREN SICURO OSSESSIVAMENTE 24X7 INLASSABLEMENT SICHER GRELENTLES E DFENDRE 24/24 7/7 SKYDD GGLOBALE OBSESSIVE DEFENDER IMPLACAVEL NTLESS 24/7 STNDIGT SAFE OAVBRUTET UNERMDLICH G SEGURO
4/7 GLOBAL
OBSESSIVE
24/7
DEFEND
DEFEND
DEFEND
OBSESSIVE OBSESSIVE
24/7
4/7
RELENTLESS
OBSESSIVE
DEFEND
GLOBAL GLOBAL RELENTLESS
SAFE
DEFEND
24/7
RELENTLESS
SAFE
2821 Mission College Boulevard Santa Clara, CA 95054 888 847 8766 www.mcafee.com
McAfee, the McAfee logo, McAfee Global Threat Intelligence, and McAfee GTI are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright 2012 McAfee, Inc. 41714br_siem_05012

BR Focus On Five Siem Requirements PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

BR Focus On Five Siem Requirements PDF

Загружено:

Авторское право:

Доступные форматы

VE

24/7 RELENTLESS SAF 24 GLOBAL

DEFEND SIEM Requirements

24/7 RELENTLESS SA GLOBAL 24

RELENTLESS RELENTLESS AFE OBSESSIVE

SSIVE OBSESSIVE SAFE DEFEND GLOBAL 24/7

GLOBAL GLOBAL RELENTLESS

big SECURITY data

content and user awareness

RELENTLESS RELENTLESS AFE OBSESSIVE

SSIVE OBSESSIVE SAFE DEFEND GLOBAL 24/7

GLOBAL GLOBAL RELENTLESS

Вам также может понравиться