leverage your siem tool with rightswatch
TRANSCRIPT
Leverage your SIEM tool with RightsWATCH
Rui Melo BiscaiaWatchful Software
05/01/2023 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 2
Is there a problem that needs to be addressed?
90% of large businesses had a security breach in
2015 (up from 81% in 2014)
European Commission Press release, Brussels, 15 December 2015: ‘Agreement on Commission’s EU data protection reform
will boost Digital Single Market’
90%
74% of small businesses had a security breach in
2015 (up from 60% in 2014)
Dept for Business Innovation & Skills: 2015 Information Security Breaches Survey – PWC
74%
50% of cyber breaches derive
from human errorhttp://www.telegraph.co.uk/sponsored/business/british-
standards-institution/12012517/top-10-cyber-security-must-dos.html
50%
05/01/2023 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 3
What do I need to do to control information disclosure?
Manage users: understanding who
and when
Manage Information: understanding who,
when, which and where
Manage devices: understanding
which and where
05/01/2023 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 4
What’s the Enterprise Security “Puzzle”?
05/01/2023 5
Content Rich DB for Comprehensive Audit Trails
Information Tracking for Forensic Analysis
Event Correlation
Dashboards, KPIs, Alarms and Reports
All-in-one Centralized Management
Scalable Architecture & Secure Implementation
RightsWATCH server stores the logs in SQL Database
A SIEM is fed by RightWATCH‘s database for knowledge generation
Metrics/KPIs
Reports
Alarms
Leveraging your SIEM tool to generate Information and knowledge
© Copyright www.watchfulsoftware.com. 2016 All Rights Reserved.
05/01/2023 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 6
Logging by RightsWATCH
05/01/2023 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 7
RightsWATCH’s Monitoring Web-Interface
05/01/2023 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 8
User Activity
05/01/2023 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 9
User Activity Log details
05/01/2023 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 10
User Activity Use Case
Reclassification of sensitive files in a bulk fashion
My company wants to understand who, when and what happens, whenever a user downgrades, in a bulk fashion, the classification of files that are highly sensitive
My company wishes not only to flag the event, but also generate a report on it for forensic analysis
More importantly, my company demands to be able to trigger risk mitigation actions in a timely fashion so that it can lower/eliminate corporate liability in case of a data leak.
05/01/2023 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 11
User Activity Use Case
Sharing of sensitive files with non corporate email domain accounts
My company wants to understand who, when and what happens, whenever a user tries to send sensitive files to non corporate email domain addresses, such as .gmail, .Hotmail and the likes
My company demands not to flag the event, but to stop the email from actually being sent if and when it defies corporate security policy
Moreover, my company wishes to be able to generate a report for forensic analysis every time a user tries to do it or does it by overwriting a corporate security policy and signing the digital disclaimer for non repudiation, RightsWATCH presents him/her with.
05/01/2023 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 12
Information Tracking
05/01/2023 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 13
Information Tracking Use Case
Who saved those sensitive documents into Dropbox
My company wants to understand the who, what and when, whenever a user tries to save sensitive files into their personal cloud based drive, like Dropbox and the likes
My company demands to stop the user from actually being able to save those files into non managed cloud based drives, if and when the action defies corporate security policy
Moreover, my company wishes not only to flag the event, but also to generate a report for forensic analysis and trigger mitigation actions, like deploying Data Discovery agents or setting up its CASB appropriately.
05/01/2023 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 14
Information Tracking Use Case
Who printed those sensitive documents
My company wants to understand who, when and which sensitive documents are printed by users to shared open space printers
My company demands not only to flag the event, but also to generate a report for forensic analysis every time a user does it
Also, my company wishes to be able to stop the user from actually being able to print the files if and when the action defies corporate security policy
05/01/2023 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 15
Admin Activity
05/01/2023 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 16
Admin Activity Log details
05/01/2023 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 17
1 Policy-Driven Data Classification & Labelling
2 Role-Based Access Control Policies
3 Dynamic Watermarking and Tagging
4 Unstructured Data Visibility & Monitoring
5 Complementing the Enterprise Security “Puzzle”
RightsWATCH in a nutshell
Leverage your SIEM tool with RightsWATCH
Rui Melo BiscaiaWatchful Software