Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Connecting Your SIEM Tool with Akamai Security ...

Akamai Developer
October 11, 2017
Technology
0
61

Connecting Your SIEM Tool with Akamai Security Events

Integrating security events from all of your network and security systems is critical to solving problems quickly and keeping your environment secure. The ideal solution puts you in control and continues to work even during a DDoS attack. In this session, you'll learn how you can use the Akamai SIEM Integration product to feed security events from Akamai Cloud Security products into your environment. Also in this session, we’ll demonstrate how to use Luna administration tools to set up user, API, and security settings giving you the benefits of having Akamai security events integrated into your overall security event monitoring solution.

Akamai Developer

October 11, 2017
Tweet

More Decks by Akamai Developer

See All by Akamai Developer
Best Practices: Tuning Performance, Offload, and Operational Efficiency with Akamai
akamaidev
0
43
Visualizing Cellular Audience for Streaming KPIs
akamaidev
0
31
How Akamai Made ESI Testing Simpler
akamaidev
0
48
Using Server-Time for App and CDN Monitoring
akamaidev
1
32
Taking Self-Serviceability to the Moon Using PM Variables
akamaidev
0
53
The Road to Ultra Low Latency
akamaidev
0
46
Hands-on Automation of Akamai with PAPI and Python
akamaidev
0
88
Self-Serviceability- Taking it Up a Notch!
akamaidev
0
54
Optimizing your API to Perform at Scale
akamaidev
0
33

Other Decks in Technology

See All in Technology
【令和最新版】ロボットシミュレータ Genesis x ROS 2で始める快適AIロボット開発
hakuturu583
2
1.2k
能動的ドメイン名ライフサイクル管理のすゝめ / Practice on Active Domain Name Lifecycle Management
nttcom
0
300
OCI技術資料 : ファイル・ストレージ 概要
ocise
3
11k
スケールし続ける事業とサービスを支える組織とアーキテクチャの生き残り戦略 / The survival strategy for Money Forward’s engineering.
moneyforward
0
160
メンタル面でもつよつよエンジニアになる/登壇資料(井田 献一朗)
hacobu
0
150
AI×医用画像の現状と可能性_2024年版/AI×medical_imaging_in_japan_2024
tdys13
0
720
社内イベント管理システムを1週間でAKSからACAに移行した話し
shingo_kawahara
0
230
ハイテク休憩
sat
PRO
2
190
非機能品質を作り込むための実践アーキテクチャ
knih
6
1.7k
サイバー攻撃を想定したセキュリティガイドライン 策定とASM及びCNAPPの活用方法
syoshie
3
1.6k
生成AIのガバナンスの全体像と現実解
fnifni
1
240
Oracle Cloud Infrastructure:2024年12月度サービス・アップデート
oracle4engineer
PRO
1
390

Featured

See All Featured
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
10
830
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
33
2.7k
Gamification - CAS2011
davidbonilla
80
5.1k
A designer walks into a library…
pauljervisheath
205
24k
Done Done
chrislema
182
16k
How to train your dragon (web standard)
notwaldorf
88
5.8k
Building Better People: How to give real-time feedback that sticks.
wjessup
366
19k
We Have a Design System, Now What?
morganepeng
51
7.3k
A Modern Web Designer's Workflow
chriscoyier
693
190k
Fireside Chat
paigeccino
34
3.1k
How to Ace a Technical Interview
jacobian
276
23k
The World Runs on Bad Software
bkeepers
PRO
66
11k

Transcript

  1. © AKAMAI - EDGE 2017 Connecting your SIEM tool with

    Akamai security events

  2. © AKAMAI - EDGE 2017 Agenda • Introduction • The

    SIEM Integration Product • Integration Steps • Demo of Data Analysis • More about SIEM Integration • Q&A

  3. © AKAMAI - EDGE 2017 Introduction Security Information and Event

    Management “Real-time analysis of security alerts generated by network hardware and applications.” Ø Data Aggregation Ø Correlation Ø Alerting Ø Dashboards Ø Compliance Ø Retention Ø Forensic Analysis

  4. © AKAMAI - EDGE 2017 Benefits of using a SIEM

    product • Streamline reporting • Easier to produce reports • Built-in compliance reporting in some SIEM products • Detect incidents that would otherwise not be detected • Correlate events across systems • Initiate prevention • Improve the efficiency of incident handling activities • Faster response reduces damage

  5. © AKAMAI - EDGE 2017 Akamai Solutions Cloud Monitor for

    Security Events SIEM Integration Push Model Pull Model Custom integration with SIEM required, done by customer Sample Connectors available for Splunk, CEF (HPE ArcSight and others) and (soon) Qradar Custom connectors can be built using the SIEM OPEN API. Configured using Property Manager Configured in Security Configuration and Luna Administration WAF Events only KSD, Client Reputation, WAP, Bot Manager (soon)

  6. © AKAMAI - EDGE 2017 Data Freshness and Retention Security

    Monitor Security Center Cloud Monitor for Security Events SIEM Integration Delay from when event happens to when published 2 minutes < 1 minute < 7 minutes (but usually less) How long data is retained 3 days (Security Monitor) 14 days (report details) 90 days (report summaries) N/A 12 hours via SIEM API In SIEM tool: as long as you want

  7. © AKAMAI - EDGE 2017 How SIEM Integration Works Edge

    Server Collector Edge Server Edge Server Edge Server SIEM OPEN API endpoint SIEM Product Connector OPEN API Client

  8. © AKAMAI - EDGE 2017 Integration Steps Step 1: Turn

    on SIEM Integration in the Security Configuration Step 2: Create a user to own the SIEM OPEN API Client Step 3: Create a SIEM OPEN API Client and get the credentials Step 4: Install a connector to insert events into your SIEM tool

  9. © AKAMAI - EDGE 2017 Integration Steps Step 1: Turn

    on SIEM Integration in the Security Configuration Activate it on the production network

  10. © AKAMAI - EDGE 2017 Integration Steps Step 2: Create

    a user with Manage SIEM role

  11. © AKAMAI - EDGE 2017 Integration Steps Step 3: Provision

    the SIEM OPEN API Client…

  12. © AKAMAI - EDGE 2017 Integration Steps Step 3 (continued):

    …and get the API credentials

  13. © AKAMAI - EDGE 2017 Integration Steps Step 4: Download

    the Connector from developer.akamai.com/tools

  14. © AKAMAI - EDGE 2017 Integration Steps Step 4 (continued):

    Install the Connector

  15. © AKAMAI - EDGE 2017 Integration Steps Step 4 (continued):

    Configure the Connector Hostname, Client Token, Client Secret are the OPEN API credentials Epoch Times can be use to re-fetch data

  16. © AKAMAI - EDGE 2017 Integration Steps Not working? •

    Check log file (e.g. ta_akamai_siem_akamai_siem_api.log) for errors Most Common Issue? Outbound Firewall Requirements • Must support whitelisting domains • *.cloudsecurity.akamaiapis.net,*.edgekey.net, *.akamaiedge.net, *.akamaitechnologies.com • Must not modify HTTP Request Headers for the OPEN API requests

  17. © AKAMAI - EDGE 2017 Other Useful Information CEF Connector

    • Runs as batch program • Sends data to syslog in CEF format Custom Connector • Use the SIEM Integration API to write your own custom connector • Source code for Splunk and CEF connectors will be available as samples

  18. © AKAMAI - EDGE 2017 Demo ELK stack (Elastic, LogStash,

    Kibana) • Custom Elastic SIEM connector • Details of available data • Data Analysis • Use of RequestID

  19. © AKAMAI - EDGE 2017 Services and Support A services

    package is available to assist you with setup, understanding the data, and how to integrate it into your environment. Sample Connector source will be available on the developer.akamai.com site.

  20. © AKAMAI - EDGE 2017 Questions ?

  21. © AKAMAI - EDGE 2017