Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Connecting Your SIEM Tool with Akamai Security Events

Akamai Developer
October 11, 2017
Technology
0
52

Connecting Your SIEM Tool with Akamai Security Events

Integrating security events from all of your network and security systems is critical to solving problems quickly and keeping your environment secure. The ideal solution puts you in control and continues to work even during a DDoS attack. In this session, you'll learn how you can use the Akamai SIEM Integration product to feed security events from Akamai Cloud Security products into your environment. Also in this session, we’ll demonstrate how to use Luna administration tools to set up user, API, and security settings giving you the benefits of having Akamai security events integrated into your overall security event monitoring solution.

Akamai Developer

October 11, 2017
Tweet

More Decks by Akamai Developer

See All by Akamai Developer
Best Practices: Tuning Performance, Offload, and Operational Efficiency with Akamai
akamaidev
0
41
Visualizing Cellular Audience for Streaming KPIs
akamaidev
0
25
How Akamai Made ESI Testing Simpler
akamaidev
0
42
Using Server-Time for App and CDN Monitoring
akamaidev
1
23
Taking Self-Serviceability to the Moon Using PM Variables
akamaidev
0
40
The Road to Ultra Low Latency
akamaidev
0
41
Hands-on Automation of Akamai with PAPI and Python
akamaidev
0
85
Self-Serviceability- Taking it Up a Notch!
akamaidev
0
49
Optimizing your API to Perform at Scale
akamaidev
0
28

Other Decks in Technology

See All in Technology
エンジニア候補者向け資料2024.04.24.pdf
macloud
0
3.3k
AWS学習者向けにAzureの解説スライドを作成した話
handy
3
150
Handling focus in 2024
tahia910
0
200
EMとして2023年度に頑張ったこと / What we did well in FY2023 as a EM
pauli
1
200
require(ESM)とECMAScript仕様
uhyo
4
940
Google Cloud Next '24でブログを10本書いた方法と勉強会を沸かせた方法
yasumuusan
0
320
MLOpsの「壁」を乗り越える、LINEヤフーの Data Quality as Code
lycorptech_jp
PRO
8
610
Babylon.jsと色々なものを組み合わせる:ブラウザのAPIやガジェットや2D描画ライブラリなど / Babylon.js 勉強会 vol.3
you
PRO
0
150
LLM開発・活用の舞台裏@2024.04.25
yushin_n
3
1.1k
MixIT 2024 - Pulumi : Gérer son infra avec son langage de programmation préféré
ju_hnny5
1
110
Kernel MemoryでAzure OpenAI Serviceとお手軽データソース連携
mitsuzono
1
270
生産性向上チームの紹介
cybozuinsideout
PRO
1
900

Featured

See All Featured
Docker and Python
trallard
35
2.7k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
21
1.4k
Music & Morning Musume
bryan
41
5.6k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
245
20k
How To Stay Up To Date on Web Technology
chriscoyier
782
250k
The MySQL Ecosystem @ GitHub 2015
samlambert
244
12k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
660
120k
Automating Front-end Workflow
addyosmani
1357
200k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
352
28k
No one is an island. Learnings from fostering a developers community.
thoeni
16
2.1k
Designing on Purpose - Digital PM Summit 2013
jponch
111
6.5k
Testing 201, or: Great Expectations
jmmastey
29
6.4k

Transcript

  1. © AKAMAI - EDGE 2017 Connecting your SIEM tool with

    Akamai security events

  2. © AKAMAI - EDGE 2017 Agenda • Introduction • The

    SIEM Integration Product • Integration Steps • Demo of Data Analysis • More about SIEM Integration • Q&A

  3. © AKAMAI - EDGE 2017 Introduction Security Information and Event

    Management “Real-time analysis of security alerts generated by network hardware and applications.” Ø Data Aggregation Ø Correlation Ø Alerting Ø Dashboards Ø Compliance Ø Retention Ø Forensic Analysis

  4. © AKAMAI - EDGE 2017 Benefits of using a SIEM

    product • Streamline reporting • Easier to produce reports • Built-in compliance reporting in some SIEM products • Detect incidents that would otherwise not be detected • Correlate events across systems • Initiate prevention • Improve the efficiency of incident handling activities • Faster response reduces damage

  5. © AKAMAI - EDGE 2017 Akamai Solutions Cloud Monitor for

    Security Events SIEM Integration Push Model Pull Model Custom integration with SIEM required, done by customer Sample Connectors available for Splunk, CEF (HPE ArcSight and others) and (soon) Qradar Custom connectors can be built using the SIEM OPEN API. Configured using Property Manager Configured in Security Configuration and Luna Administration WAF Events only KSD, Client Reputation, WAP, Bot Manager (soon)

  6. © AKAMAI - EDGE 2017 Data Freshness and Retention Security

    Monitor Security Center Cloud Monitor for Security Events SIEM Integration Delay from when event happens to when published 2 minutes < 1 minute < 7 minutes (but usually less) How long data is retained 3 days (Security Monitor) 14 days (report details) 90 days (report summaries) N/A 12 hours via SIEM API In SIEM tool: as long as you want

  7. © AKAMAI - EDGE 2017 How SIEM Integration Works Edge

    Server Collector Edge Server Edge Server Edge Server SIEM OPEN API endpoint SIEM Product Connector OPEN API Client

  8. © AKAMAI - EDGE 2017 Integration Steps Step 1: Turn

    on SIEM Integration in the Security Configuration Step 2: Create a user to own the SIEM OPEN API Client Step 3: Create a SIEM OPEN API Client and get the credentials Step 4: Install a connector to insert events into your SIEM tool

  9. © AKAMAI - EDGE 2017 Integration Steps Step 1: Turn

    on SIEM Integration in the Security Configuration Activate it on the production network

  10. © AKAMAI - EDGE 2017 Integration Steps Step 2: Create

    a user with Manage SIEM role

  11. © AKAMAI - EDGE 2017 Integration Steps Step 3: Provision

    the SIEM OPEN API Client…

  12. © AKAMAI - EDGE 2017 Integration Steps Step 3 (continued):

    …and get the API credentials

  13. © AKAMAI - EDGE 2017 Integration Steps Step 4: Download

    the Connector from developer.akamai.com/tools

  14. © AKAMAI - EDGE 2017 Integration Steps Step 4 (continued):

    Install the Connector

  15. © AKAMAI - EDGE 2017 Integration Steps Step 4 (continued):

    Configure the Connector Hostname, Client Token, Client Secret are the OPEN API credentials Epoch Times can be use to re-fetch data

  16. © AKAMAI - EDGE 2017 Integration Steps Not working? •

    Check log file (e.g. ta_akamai_siem_akamai_siem_api.log) for errors Most Common Issue? Outbound Firewall Requirements • Must support whitelisting domains • *.cloudsecurity.akamaiapis.net,*.edgekey.net, *.akamaiedge.net, *.akamaitechnologies.com • Must not modify HTTP Request Headers for the OPEN API requests

  17. © AKAMAI - EDGE 2017 Other Useful Information CEF Connector

    • Runs as batch program • Sends data to syslog in CEF format Custom Connector • Use the SIEM Integration API to write your own custom connector • Source code for Splunk and CEF connectors will be available as samples

  18. © AKAMAI - EDGE 2017 Demo ELK stack (Elastic, LogStash,

    Kibana) • Custom Elastic SIEM connector • Details of available data • Data Analysis • Use of RequestID

  19. © AKAMAI - EDGE 2017 Services and Support A services

    package is available to assist you with setup, understanding the data, and how to integrate it into your environment. Sample Connector source will be available on the developer.akamai.com site.

  20. © AKAMAI - EDGE 2017 Questions ?

  21. © AKAMAI - EDGE 2017