1 / 20

SmartEvent (Intro)

SmartEvent (Intro). Антон Разумов arazumov@checkpoint.com Консультант по безопасности Check Point Software Technologies. Agenda. 1. 2. 3. Eventia vs SmartEvent. SmartEvent look and feel. Packaging. SmartEvent vs Eventia.

roland
Télécharger la présentation

SmartEvent (Intro)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SmartEvent (Intro) Антон Разумов arazumov@checkpoint.com Консультант по безопасности CheckPointSoftwareTechnologies

  2. Agenda 1 2 3 Eventia vs SmartEvent SmartEvent look and feel Packaging

  3. SmartEvent vs Eventia • SmartEvent blade is based on Eventia Analyzer technology, designed and tuned for event management leveraging Eventia’s sophisticated engines and displays • SmartEvent Intro is tuned for a specific product (like IPS or DLP in R71).

  4. SmartEvent Intro vs. SmartEvent Full

  5. SmartEvent deployment Adding an additional SmartEvent (Full) Correlation Unit + Log Server SmartEvent Intro has a default correlation unit on every Log Server In addition SmartEvent Into Package does not require any policy configuration or policy install Additional SmartEvent Correlation Unit + Log Server Corporate Network Extranet Partners Security Management + Log Server Remote Users Internet SmartEvent Server + Correlation Unit + Log server NOC + SOC SmartEvent GUI Branch Offices

  6. Agenda 1 2 3 Eventia vs SmartEvent SmartEvent look and feel Packaging

  7. SmartEvent Intro features Timelines – See real time information, trends, and anomalies at a glance. Charts – View event statistics in bar charts or pie graphs. Maps – Locate source or destination IP on a world map. Forensics – Drill down by double clicking on Timelines, Charts or Maps. Group By – Group events based on severity, source, destination or other fields. Ticketing – Assign events to administrators for analysis ClientInfo – Right click IP address to see processes, hotfixes, and vulnerabilities User Identification – Every log can be associated with Active Directory user names.

  8. Monitor Only what is Important! Timeline view Recent critical events Monitor what is Important • Timeline view • Number and severity of attacks over time • Simple mouse-click drill down to forensic analysis • Customizable – allows user to define his own timelines Recent critical events • At-a-glance view of recent critical events • Simple mouse-click drill down to forensic analysis

  9. Search in any field Search in any field or combination of fields • Timeline view • Number and severity of attacks over time • Simple mouse-click drill down to forensic analysis • Customizable – allows user to define his own timelines Recent critical events • At-a-glance view of recent critical events • Simple mouse-click drill down to forensic analysis

  10. Easy Analysis Top views simplify analysis and allow easy drill-down

  11. Group Events for Better Understanding Data can be grouped by any field or combination of fields

  12. Assign a Ticket Attacks must be investigated Jim is assigned to investigate Hacker Land Hacker Land Hacker Land Hacker Land Hacker Land Hacker Land Hacker Land Hacker Land Hacker Land Hacker Land Hacker Land

  13. User and Machine Names within Eventia Jim looks up the User Name and Machine Info Jim can also see the client and server types

  14. View Client Information Jim wants more information about the client machine

  15. Client Information ClientInfo provides full details about the client machine: software and security patches installed, processes and services running and more using WMI (Windows Management Instrumentation) By Comparing this info ClientInfo can also state whether the client machine is vulnerable to specific Microsoft issues ClientInfo investigates a specific attack that exploits a vulnerability based on Microsoft Security Bulletin ClientInfo requires credentials with administrator-level privileges on the target computer.

  16. Sending an event Jim can decide to send the event by mail to Mark his colleague for further investigation Jim can decide to report the event to Check Point with or without packet capture The information is analyzed to better understand customer environments and potential false positives Hacker Land Hacker Land Hacker Land Hacker Land Hacker Land Hacker Land Hacker Land Hacker Land Hacker Land Hacker Land Hacker Land

  17. IPS Events • Packet capture – retrieves the data packet that caused the attack if it is still stored on the gateway • Add exception, go to protection launches SmartDashboard • Advisory, Protection Description attack description as in SmartDashboard • CVEs – hyperlink to Mitre and other standard sources • Follow-up for new events • Report to Check Point (Note: we don’t give the user any status update)

  18. Agenda 1 2 3 Eventia vs SmartEvent SmartEvent look and feel Packaging

  19. Pricing & Packaging • Available packages: • Pre-defined Systems • Intro package included in SM2506 and SMU007 pre-defined systems

  20. Спасибо! Антон Разумов arazumov@checkpoint.com Консультант по безопасности CheckPointSoftwareTechnologies

More Related