Click to edit Master title style

Log Management and Compliance Reporting for SIEM

2

About ManageEngineEventLog Analyzer – An IntroWhy EventLog Analyzer (ELA)?The problems it solves

Few use casesProduct UniquenessCustomer Speaks Summary

AGENDA

3

ManageEngine IT Management Software division of Zoho

Corporation Established in 2002 ManageEngine covers the complete gamut

of IT solutions 21 Products | 20 Free tools | 2 SAAS offerings

Trusted by over 72,000 customers across 200+ countries

3 out of every 5 Fortune 500 companies are ManageEngine customers

Introduction

4

Introduction – ManageEngine IT Security solutions

• EventLog Analyzer – Log Management and Compliance Reporting for SIEM

• AD Audit Plus – AD Auditing and Reporting

• Security Manager Plus – Vulnerability assessment and patching

• Firewall Analyzer – Periphery Devices Management

• DeviceExpert – Network Configuration & Security Management

• Password Manager Pro – Identity access and Password Management

• Desktop Central – Desktop and Mobile Device Management

Servers and Applications Security Mgmt. Periphery devices, Network Devices Mgmt.

Password Management

Desktop and Mobile Management

5

Information Security threats are increasing both in sophistication and frequency across the world.

Protecting data against internal and external security threats has become essential.

Why need a SIEM solution?

Source: Infosecurity-magazine.com, Mcafee.com & Foxbusiness.com

6

Centralizing Logs across IT sources helps Audit IT performance and security Safeguard your network from security

breaches Achieve operational efficiency Conduct forensic analysis/ root cause

analysis Stay compliant with statutory requirements

Why need a Log Management & SIEM solution?

Auditing is an integral part of IT security

7

EventLog Analyzer – An Intro

Log Management & Compliance Reporting software for SIEM

Collect data form log sources Correlates Events Alerts Security

incidents

Generates IT security &

compliance reports

Archive Logs for Forensic Analysis

8

Supported Log Sources• Servers (Physical/ Virtual)– Microsoft Windows, VMware

ESX/ ESXi, Linux, HP US, IBM AIX, Solaris & Any Unix flavor host

• Network Sources – Routers, Switches, Firewalls & Any Syslog sources

• Applications – MS SQL, IIS (FTP, File Server), Print Server, MS Exchange, Java, Apache, .Net, Oracle, MySQL & other human readable formats (ULPI*)

Out-of-the-box Compliance Reports• PCI DSS, FISMA, HIPAA, SOX, GLBA – Ability to

customize reports as you need• Create new compliance reports – Viz. ISO 27001,

NERC-CIP& more

Real-time Event correlation• 50+ out-of-the-box correlation rules• Real-time alerts and reports to

proactively manage threats• Customize rules to meet internal

security policies• Better insights to security incidents

with Intuitive Dashboards

File Integrity Monitoring• Know what was

accessed/created/modified, who accessed/created/modified when, was it accessed/created/modified & more…

Log Archival & Security• Encryption & Time Stamping –

Tamper-proof archival, AES encryption

• User Authentication – Active Directory and RADIUS

EventLog Analyzer – An Intro

9

The IT office Grants permission to IT assets and services for employees,

consultants and contractors. Inadvertently few new administrators created users with

administrator privileges. Result

Few tech savvy consultants started misusing the privileges to access critical government documents, which wasn’t under their purview.

The espionage was caught by real-time security alerts Privilege User Access | New user creation| Object access |

Audit policy changes | Audit logs cleared

The problem ELA solves – Audit: Use case 1A government organization2700+ employees statewide

Real-time alerts – Internal Security Threat

10

The IT office One of the drive connected to Exchange server was likely to be

affected by a RAID failure and kept logging the event at ‘System’ entries.

Impact of Failure If these log entries were left unnoticed for few more days, all the

RAID would get affected due to excessive workload. Email service would have been down for 2 days at least, since the

vendor shipment has to reach the datacenter.

Real-time security alerts/ remediation EventLog Analyzer alerted the administrator about the likely

failure of RAID. IT team placed an order with Vendor for RAID replacement, which took 2 days for shipping.

Temporary load balancing was arranged for mail server. Decision to upgrade the physical hardware of their MS Exchange

server was made immediately and necessary PO were processed.

The problem ELA solves – Audit: Use case 2A Leading real-estate service co.23,000+ employees worldwide

Prevention – Aiding IT Operations

11

The IT office Had their corporate blogs hosted in Amazon Web Server,

running WordPress installation. No security monitoring was done, except regular content back-

up. Result

A professional hacker used the default admin user name and hacked into the blogs after 300+ login attempts in 3 days span and added all spam contents as comments.

After implementing ManageEngine solution Configured log-in failures notification along with the user name. Configured to run-a-script in the event of such security

incidents to block the user name and mail the admin after 3 consecutive login failure attempts.

The problem ELA solves – Audit: Use case 3An online media company

300+ employeesAlert & Prevention – External Security Threat

12

Universal Log Parsing and Indexing. Processes any human readable

log formats, generate patterns for indexing, alerting and reporting

Import logs automatically on specified time intervals or on demand.

EventLog Analyzer – Uniqueness

13

Powerful Search Helps conduct root cause

analysis and generate forensic reports in minutes.

Tag complex search queries for quick reference

Search using Wild-cards, Phrases and Boolean operators

EventLog Analyzer – Uniqueness

14

Real-time security alerts Generates alerts when

suspicious activities occur on the network

Exclusive reports for Privileged User access information.

Notifications are send in real-time via Email and SMS

EventLog Analyzer – Uniqueness

15

Secure log archiving Archive for custom period Tamper-proof data storage with

encryption and time stamping Load archived data to the

product at anytime to generate compliance reports, conduct forensic analysis and audit.

EventLog Analyzer – Uniqueness

16

Easy to use and affordable Intuitive GUI Easy of deploy & maintenance Lesser datacenter footprints Affordable – 100 Hosts

premium edition cost $3195 annual (Pricing starts at $795 for 25 hosts).

EventLog Analyzer – Uniqueness

17

5,000+ customers across 110+ countries

18

EventLog Analyzer (ELA) is a comprehensive log management and compliance reporting software for SIEM.

ELA helps Safeguard your network from security breaches with real-time alerts Achieve operational efficiency by collecting and centralizing log data across IT resources Conduct forensic analysis, root cause analysis & helps generate IT audit reports Stay compliant with statutory requirements out-of-the box for PCI DSS, FISMA, HIPAA,

SOX, GLBA & more… Easy to deploy, use and maintain Affordable

A part of ManageEngine’s IT management solutions.

Summary

19

Thank youSupport: eventlog-support@manageengine.com

Sales: sales@manageengine.com