Professional Documents
Culture Documents
Sandra Hilt
Senior Regional Sales Manager, Channel CEE
March 2011
Industry Recognition
www.arcsight.com
www.arcsight.com 2010
2010 ArcSight
ArcSight Confidential
Confidential 22
ArcSight Understands Security
Which machines do I
quarantine and repair?
Which machines do I
wipe and rebuild?
www.arcsight.com
www.arcsight.com 2010
2010 ArcSight
ArcSight Confidential
Confidential 77
Modern Breaches Share a Pattern
www.arcsight.com
www.arcsight.com 2010
2010 ArcSight
ArcSight Confidential
Confidential 88
You Cant Fight What You Cant See
0010000
0000000
0010000 1010001
Unknown 0001000 100010011 0000100
0010000 001000000 0010000
110100000 1001000
Networked Systems 100001001 0 0 1 0 10 00 10 1 0 0 0 0
0 001100010000010010 00100000
Zero-day Threats 1 100100010110010001 00100001
1000000001 0 0 0 0 0 00100100
0100000111 0 0 0 0 0 10000011
Critical Data Stores 0000010000 0 0 0 0 1
1100001000
0010000001
Privileged Users
0010000
1101011
Network Connections 0001000
0010000
Fraud Techniques 1010001
00100000
00110001 00000010
00100000 10000000
Application Risk 00100000 10000010
00100
10010001 000010 00011010 00000
10001000 000001 10000
10101010 001100
000001
www.arcsight.com
www.arcsight.com 2010
2010 ArcSight
ArcSight Confidential
Confidential 99
Organizations Have More Risks
More Outsourcing
More Contractors
More Trusted Outsiders
Where is the
Perimeter?
The Business
Network
Perimeter
Applications
Applications
Applications
Applications
Firewalls
Firewalls Intrusion Applications
Applications Anti
Firewalls
Firewalls
Firewalls/ Vulnerability Network Server and Applications
Applications Anti
Firewalls Detection Anti-Virus Applications
Applications Virus
Databases
Virus
VPN Assessment Equipment Desktop OS
Systems
Sign-On
Identity
Sign-On Directory User Physical Business
Mainframes
Management Services Attributes Infrastructure Processes
Applications
Applications
Applications
Applications
Firewalls
Firewalls Intrusion Applications
Applications Anti
Firewalls
Firewalls
Firewalls/ Vulnerability Network Server and Applications
Applications Anti
Firewalls Detection Anti-Virus Applications
Applications Virus
Databases
Virus
VPN Assessment Equipment Desktop OS
Systems
Sign-On
Identity
Sign-On Directory User Physical Business
Mainframes
Management Services Attributes Infrastructure Processes
Collect
Analyze Report
& &
Alert Archive
Respond
www.arcsight.com
www.arcsight.com 2010
2010 ArcSight
ArcSight Confidential
Confidential 1818
Data Capture
Connectors
Any structured or unstructured log data
Collect native log formats from 275+ products
FlexConnector Wizards to collect custom log sources
Categorization (CEF) for future proofing and intuitive analysis
Send to centralized engines via secure, reliable delivery
Available as:
OS/390
Failed Login Event
UNIX
Failed Login Event
Oracle
Failed Login Event
Windows
Failed Login Event
Badge Reader
Entry Denied
Common model for describing any event across devices and device types
Understand the real importance of events from different devices
Enable plain language and device independent analysis
Leverage device independent content
versus
Time (Event Device Category Category Category Category
Time) name Vendor deviceProduct Behavior DeviceGroup Outcome Significance
/Informational/
6/17/2009 9:29 Deny CISCO ASA /Access /Firewall /Failure Warning
/Informational/
6/17/2009 9:30 Deny NetScreen Firewall/VPN /Access/Start /Firewall /Failure Warning
/Informational/
6/17/2009 9:31 Deny CISCO ASA /Access /Firewall /Failure Warning
/Informational/
6/17/2009 9:32 Deny NetScreen Firewall/VPN /Access/Start /Firewall /Failure Warning
Unstructured: Structured:
Raw original event Plain language
Audit Quality Data Device independent format
Gurus understand it SQL-compatible
www.arcsight.com
www.arcsight.com 2010
2010 ArcSight
ArcSight Confidential
Confidential 2222
Log Management Logger 5
www.arcsight.com
www.arcsight.com 2009
2010 ArcSight
ArcSight Confidential
Confidential 2323
Event Correlation
Available as:
Top attackers
Prevent Intrusions & Viruses Infected systems
Database logins
Protect Personal Data Database errors and warnings
Business:
Installable Software IdentityView Pre-configured Appliance
Fraud Detection
Sensitive Data Protection
Unmatched in
www.arcsight.com
www.arcsight.com 2009 ArcSight
Confidential
2010 ArcSight Confidential 3434
ArcSight Customers: EMEA (partial list)