Braintech S.r.L. Sede legale : Corso Trieste 61 - 00198 Roma Sede operativa: Via Giacomo Trevis 76 – 00147 Roma Tel : 0677209906 Carlo De Luca Email : [email protected] Cellulare : +39 3398972294 Partner ARAKNOS reseller AKAB2 Roma Maggio 2015 AKAB2 - SIEM+ (Security Information Event Management) www.braint.it Akab2 Integrated Security Platform Partner ARAKNOS reseller AKAB2 www.braint.it Akab2 Akab2 is a modular and scalable SIEM+ (Security Information Event Management) built upon appliances (AkabSensor) for the collection, normalization, correlation and visualization of information coming from different external sources. Akab2 realizes a real-time unified vision of the events and of the context (Situational Awareness): this allows the identification of suspect activities and threats. What?...a SIEM+?? Yes! ...because a SIEM+ answers to these questions: What are my Users doing? Are my Data and Systems secure? Am I liable or (better) Compliant? ...and finally... Is my Organization...secure? : a SIEM+ Akab2 is a SIEM+ because, in addition to SIEM functions, offers: + Network Security Monitoring: capture and analysis of network traffic, flow accounting/policing + Security Audit Correlation: VA/PT for correlation + Anomaly Detection: Log & Packet, Network Behavior, Semantic + User Awareness: integration with IAM/IDM + Database Activity Monitoring (DAM): SQLServer and Oracle + Forensic Recording + Natively integrated Intrusion Detection ...is a Situational Awareness System! Goals / Functions Global Situational Awareness Security Mgmt Compliance User Awareness Configurat. Patch/Vuln. Mgmt Mgmt Data Mining/ Stats Analysis* Data Sources IT Logs/ DBMS Domains Intrusion Detection Net&Sys Security NetTraffic Physical Security Video Data Security Event Correlation Database Activity Mon. Traffic Monitoring Risk Analysis Dynamic Risk Mgmt Applicat Security Log Management Early Warning Virtualiz& Cloud Incident Mgmt Anomaly Detection Other CERTs (Akab) Exchange Network Awareness Security Audit Forensic Recording Vulnerab. Assess. / Penetr. Testing Counter Measures Mgmt Policy Mgmt SCADA Access Honeypots Contr.Sys Net.Mgmt Integration IAM/IDM Security Cons.Svcs Industrial Security OSINT Goals / Functions Use case: Security Monitoring Security Mgmt Compliance User Awareness Configurat. Patch/Vuln. Mgmt Mgmt Data Mining/ Stats Analysis* Data Sources IT Logs/ DBMS NetTraffic Domains Intrusion Detection Net&Sys Security Physical Security Video Data Security Event Correlation Database Activity Mon. Traffic Monitoring Risk Analysis Dynamic Risk Mgmt Applicat Security Policy Mgmt Log Management Early Warning Virtualiz& Cloud Incident Mgmt Anomaly Detection Other CERTs (Akab) Exchange Network Awareness Security Audit Forensic Recording Vulnerab. Assess. / Penetr. Testing Counter Measures Mgmt SCADA IAM/IDM Access Net.Mgmt Honeypots Contr.Sys Integration Security Cons.Svcs Industrial Security OSINT Goals / Functions Use case: Gov Intelligence Security Mgmt Compliance User Awareness Configurat. Patch/Vuln. Mgmt Mgmt Data Mining/ Stats Analysis* Data Sources IT Logs/ DBMS NetTraffic Domains Intrusion Detection Net&Sys Security Physical Security Video Data Security Event Correlation Database Activity Mon. Traffic Monitoring Risk Analysis Dynamic Risk Mgmt Applicat Security Log Management Early Warning Virtualiz& Cloud Incident Mgmt Anomaly Detection Other CERTs (Akab) Exchange Network Awareness Security Audit Forensic Recording Vulnerab. Assess. / Penetr. Testing Counter Measures Mgmt Policy Mgmt SCADA IAM/IDM Access Net.Mgmt Honeypots Contr.Sys Integration Security Cons.Svcs Industrial Security OSINT Use case: Compliance Security Mgmt Goals / Functions Compliance User Awareness Configurat. Patch/Vuln. Mgmt Mgmt Data Mining/ Stats Analysis* Data Sources IT Logs/ DBMS NetTraffic Domains Intrusion Detection Net&Sys Security Physical Security Video Data Security Event Correlation Database Activity Mon. Traffic Monitoring Risk Analysis Dynamic Risk Mgmt Applicat Security Policy Mgmt Log Management Early Warning Virtualiz& Cloud Incident Mgmt Anomaly Detection Other CERTs (Akab) Exchange Network Awareness Security Audit Forensic Recording Vulnerab. Assess. / Penetr. Testing Counter Measures Mgmt SCADA IAM/IDM Access Net.Mgmt Honeypots Contr.Sys Integration Security Cons.Svcs Industrial Security OSINT Goals / Functions Use case: TELCOs Risk Mgmt Security Mgmt Compliance User Awareness Configurat. Patch/Vuln. Mgmt Mgmt Data Mining/ Stats Analysis* Data Sources IT Logs/ DBMS NetTraffic Domains Intrusion Detection Net&Sys Security Physical Security Video Data Security Event Correlation Database Activity Mon. Traffic Monitoring Risk Analysis Dynamic Risk Mgmt Applicat Security Log Management Early Warning Virtualiz& Cloud Incident Mgmt Anomaly Detection Other CERTs (Akab) Exchange Network Awareness Security Audit Forensic Recording Vulnerab. Assess. / Penetr. Testing Counter Measures Mgmt Policy Mgmt SCADA IAM/IDM Access Net.Mgmt Honeypots Contr.Sys Integration Security Cons.Svcs Industrial Security OSINT Use Cases sample Here are a sample of Use Cases for Akab2: + Privileged Users Monitoring: one of the main Security Issues + Applications/Users Matrix: what/how Users are using/doing? + Compliance Support: ISO27001, PCI-DSS,... + APT Detection: Advanced Persistent Threat + Assets Monitoring: status/trends/malfunctionings.. + Forensic application: “live” artifacts from logs and traffic data + Cross-correlation: CyOP between different domains + Incident handling support: “live” data from assets and users ...and so on! Monitoring/1 Monitoring/2 Exploration Inspection Akab2: Main Features Real Time In-Memory Correlation Multitenancy RBAC HighAvailability Erncrypted Comms between Appliances Hardened AraknOS Remote Support Akab2 Conclusions A Complete Integrated Platform with Powerful Correlation Engine and Hierarchical Multitenancy and Correlation for the Security of Users, Data and Systems
© Copyright 2025 Paperzz