1 / 46

Net Report  Presentation

Net Report  Presentation. Version 5 2009. Agenda. Company Overview Product Overview Key Features Log Centralisation & Archival Dashboard Generation & Reporting Event Correlation & Alerting Forensic Analysis & Data Manipulation Summary. Company Overview. About Net Report.

kirby
Télécharger la présentation

Net Report  Presentation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Net Report Presentation Version 5 2009

  2. Agenda • Company Overview • Product Overview • Key Features • Log Centralisation & Archival • Dashboard Generation & Reporting • Event Correlation & Alerting • Forensic Analysis & Data Manipulation • Summary

  3. Company Overview

  4. About Net Report • Created in 2002 following the buy-out of the Business Intelligence product DataSet which was created in 1985. • 2007 Sales Turnover 1.5 M USD. • Private and Employee Shareholders. • Over 200 Large Account Clients. • Over 15 MSSP Centres. • Present in over 20 countries.

  5. Net Report: SIEM Solution • End-to-end Log Lifecycle Management • Comprehensivecover for all your Business needs: • Log centralization and archival. • Dashboard generation and reporting. • Event correlation and alerting. • Forensicanalysis and data manipulation. • Veritable Business Intelligence Solution • Transformyourrawsecurityevent data into real Business Intelligence Knowledge. • RegulatoryCompliance • Ensurecompliancewith International Directives, such as Sarbanes-Oxley, Basel II and the LSF.

  6. Key Questions • What’s going on in your network? • Are your employees using your IT-infrastructure for business or personal purposes? • Is your IT-infrastructure tailored to your needs? • Does your security policy match the reality of the network? • Do you comply with International Regulations such as Sarbanes-Oxley, Basel II and LSF?

  7. Key Functional Needs • On-demand reporting on critical information on disparate devices: Firewall/BPN, IDS/IPS, Proxy, Mail Server, Anti-Virus Gateway and Web Server. • Reduce the cost of managing heterogeneous network euipment via a single console and an automated process. • Ensure appropriate resource andnetwork use by employees. • Optimize system and network resource use. • Easily investigate events. • Create your own reports.

  8. Product Overview

  9. Four Products A packaged solution for log analysis, reporting and customisable dashboards. A real-time security event management platform, including a raw Data Storage and Archival Module, a Correlation and Alerting Console and Net Report Log Analyser. Analyse huge volumes of data from any angle on multiple data sources, create ad hoc queries and customisable reports with your company’s look & feel. Easy to deploy and administer Net Report Appliance Models 1 & 2 offer configuration flexibility in a 2U chassis for organizations that require space-conscious internal storage capacity.

  10. Architecture Correlate Enhance Data LDAP, ADS, SQL, RDNS Appliance OLAP Cubes

  11. Data Architecture Log (Raw format) Data stored for 7-15 days Every event is available Daily Aggregation Data stored for 62-93 days Counts each event per day Write enriched contextual flat file, copy of database information (CSV) Monthly Aggregation Data stored for 6 months to 7 years Counts each event per month Generate flat file to prepare legal archival (XML-Syslog trace) CSV Long-termArchival Zone (6 months to severalyears) Temporary Storage Zone (2 days)

  12. Products Supported

  13. Key Features

  14. Complete Solution Business Intelligence & Compliance

  15. Centralisation & Archival

  16. Centralizes all your Data All data iscentralized in a database for dashboardgeneration and forensic investigation. Log Formats Archived Net Report archives all your log files in the following formats: Syslog, Flat File and proprietary API formats. Legal Value Log data isarchived in its native format to ensure its credibility when used as evidence before a court. IntegrityChecks, Encryption & Compression Log data can be compressed (zipped) and encrypted on a daily basis (files named by device type and/or date). Log Centralisation & Archival

  17. Archival Architecture

  18. Dashboards & Reporting

  19. Dashboards • ConsolidatedDashboards • Net Report interprets and presents your log data statistics in easy-to-read, systematically categorized, graphical Dashboards. • Dashboard publication • Dashboards are generated and scheduled according to the Parameters you entered in the Net Report Web Portal. • Drill-Down • Scheduled aggregation and purge features enable Net Report to reduce the size of your database volume by 25. Intuitive drill-down to the information you need. • ChronologicallyInterlinked Files • Dynamic Previous and Next arrows enable you to navigate between reports from different days, months and years.

  20. * * Our Dashboards * DefaultCategories * * Available in 2008

  21. UTM Dashboards

  22. Firewall Dashboards

  23. IDS / IPS Dashboards

  24. Content Filtering Dashboards

  25. Web Traffic Statistics Dashboards

  26. Mail Server Dashboards

  27. Proxy Dashboards

  28. Microsoft WMI Dashboards

  29. Alerting & Correlation

  30. Alerting & Correlation • EasierDecisionMaking • We correlate events from a wide range of network devices to provide faster decision making and greater enterprise security. • Automate Alerting • By defining the appropriate patterns (keys), thresholds, rules and actions. • ReduceAministrationCosts • Thanks to automatedsecurityevent management, youimproveyourteam’savailability and efficiency. • Real-Time Analysis • Net Report mines and analyses huge volumes of data and correlatesalertscomingfromdifferentdevices. Objective Onlyraisealerts and events youhopedyou’dneversee!

  31. Alerting Administration • Alert Summary • Displays alerts that are either to be acknowledged or in progress. Alerts can easily be managed by clicking the In Progress or To be Acknowledged icons in the Status column. • Information • Displays Information type alerts. • Resolved • Displays the alerts that have been treated and resolved. • Search • Displays all the alerts, clicking any of the icons or hyperlinks enables you to filter and group alerts. For example, filter events through an IP Address.

  32. Correlation Scenario Examples (1) • For IPS/IDS Devices • A vulnerability assessment based on the CVE code sent by the IDS or IPS on the alert and the reality of the vulnerability on the target (integration of information coming from vulnerability scanners in the vulnerability base IP;CVE;RESULT, alerting on the real vulnerabilities. • IPS blocked IP addresses are memorized for correlation with firewalls (placed after the former) accepting traffic from the attacker, alerting that the attacker has penetrated the internal network. • Other IPS alarms are sent as “information” by the console for aggregation/classic correlation. • For Firewall/Router type devices with an Access List • Firewall security policy control via the control of authorized ports in a database/dictionary, including the following information: DEVICE;PORT;STATUS alerts if the security policy is violated. • Repeated blocked actions from identical IP addresses are controlled, “Information” alerts are sent when thresholds are breached over a certain period of time (for example, 10 times in 10 minutes).

  33. Correlation Scenario Examples (2) • For Anti Virus / Anti Spam / Anti(x) Devices • An Alert is sent as soon as an outbound virus is identified • An Information alert is sent for outbound spam on the 10th spam from the same user in the last 10 minutes. • An Alert is sent for an inbound virus gauged on a threshold based on the average number* of monthly viruses (*=please contact me for more information concerning all the possible calculations) received during five minutes. • An Information alert is sent for an inbound virus gauged on a threshold based on the average number* of daily viruses received during five minutes. • For E-mail, E-mail Server Devices: • An Alert is sent for outbound e-mail messages sending more than 500 e-mail messages over five minutes (except for mailing lists which are excluded from this alert category). • For Authentication Systems: • An Information alert is sent for repeated authentication failures (several alert levels, brute force controls).

  34. Correlation Scenario Examples (3) • For QOS / Load Balancing Systems • An Alert is sent for repeated and lasting node failures (it is important to pay attention to possible duplicates with network monitoring systems such as nagios, HPOV…). • For Proxy Systems • Suspicious or excessive web use (for example 30 sites in 30 minutes). • Proxy bypassing, direction internet connection (via a Firewall). • For Windows, Domain Controller, File Servers: • Permissions/Groups modification which violates the normal security policy (for example, users changing their own privileges). • A user tries to modify their privileges in order to join a new user group and succeeds in doing so. • Brute force attack, with one success (10 attempts and 1 success). • A non-authorized user (according to the security policy) succeeds in deleting files in specific directories on a server

  35. Forensic Analysis & Data Manipulation 36

  36. Multi-Device/Multi-Source Traceability Report Forensic Analysis • Net Report Tool Kit • Flexible and powerful database query tool • Cubes – Dynamic Cross Tables • OLAP Cubes

  37. Proxy Cubes

  38. Proxy Cubes

  39. OLAP IPS Cubes

  40. WMI Cubes

  41. Net Report Tool Kit (1)

  42. Net Report Tool Kit (2) • Flexible Database Query Tool • Net Report Tool Kit enables you to: • Create new reports. • Modify existing reports. • Create Inter-Device reports. • Customize reports to tailor them to your Enterprise’s look & feel. • Create new cubes.

  43. Net Report Appliance Models 1 & 2 • Objective • Reduce the complexity of managingsecurity log data for both large and smalenterprises. • Advantages • Easy to deploy and administer Net Report Appliance Models 1 & 2 offer configuration flexibility in a 2U chassis for organizations that require space-conscious internal storage capacity. • Flexibility • Net Report Appliance Models 1 & 2 incorporate the latest version of Net Report Monitoring Center and add quick installation options for increased deployment and configuration flexibility. • Powerful • Net Report Appliances allow companies to analyse thousands of events per second to several dozens of millions of events per day.

  44. Net Report Appliance Model 1 • Rack 2U, 1 Quad Core Processor 2.33 Ghtz • 4 GB RAM • 3 Disks 15 K rpm with 146 GB in RAID 5 (292 GB usable ) • Redundant Power Supply • Windows 2003 Server + SQL Server 2005 OEM Licenses • On-site Maintenance for 1-3 years • Net Report Appliance Monitoring License. • Net Report Appliance Model 2 • Rack 2U, 2 Quad Core Processors 2,33 Ghtz • 4 GB RAM • 3 Disks 15 K rpm with 300 GB in RAID 5 (600 GB) • Redundant Power Supply • Windows 2003 Server + SQL Server 2005 OEM Licenses • On-site Maintenance for 1-3 years • Net Report Appliance Monitoring License.

  45. Summary

  46. A Unique Solution Net Report is a unique solution which offers you: • A complete and integrated solution. • Regulatory Compliance for security log management controls. • Powerful top flight reporting. • Easy investigation via OLAP Cubes. • Real-time correlation and incident management. Reasonable purchase prices and small operational cost

More Related