PowerPoint
Co-Founder, CEO [email protected]. 2017
2
SIEM: - (, )3
3
(/malware/ //) (, ) 4
5
User actionsNetworkHardwareApplications
RAW Events
NormalizeReal-time processingSave&Search&Report
Active checks
6
7
1) - (LM). , , , .2) SIEM (ES - Enterprise Security Console). ,
-, . , EPS.3) (ESS - Enterprise Security System).4) (NS Network
Sensor). 3GB/s. , , , . 5) .8
9
RuSIEM (all-in-one)
syslog
1 1
N
11
LMESCESSNS
MQ
MQLM/ESC
1 LM (minimal)1 SIEM (minimal)2 LM + 1 SIEM SIEM + LM1 SIEM +
AnalyticsSIEM + Analytics + Network sensor12:
SIEMSIEM/Analytics/Network sensor
13
1 2 3 - ,
MQ-1-2
14
1 1 1
-1-2
15
1 1 1 ()
1 2 3
MQ
RuSIEMOff-box. Windows 2003+ .net 4.0+ , :-
ftp/sftp/ftpsMySQLOracle1C 8.3MS SQLHash process mapWMI
querySDEEWindows Event Log16
dhcp/arp_proxy - - -
17
/ - / / 18
VS , , , , 3 3 19
( )- sslstrip: ( ) /20
: : https://www.rusiem.com
: [email protected] [email protected] (skype, mail)
[email protected]
? !35
