Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cloudadmins Barcelona: Meetup 19/12/2020

Cloudadmins Barcelona
November 19, 2020
Technology
1
83

Cloudadmins Barcelona: Meetup 19/12/2020

Wazuh presentation: The Opensource security platform

Cloudadmins Barcelona

November 19, 2020
Tweet

More Decks by Cloudadmins Barcelona

See All by Cloudadmins Barcelona
Cloudadmins Barcelona: Meetup 19/12/2020
cloudadmins
1
35

Other Decks in Technology

See All in Technology
FaaS における Java 起動時間の比較 (AWS / Azure / GCP) #jjug_ccc #jjug_ccc_d
tacck
2
900
アクセシビリティへの取り組みにおいての内発的動機付け
junkifurukawa
0
240
推薦によるプロダクト改善とマイクロサービスが噛み合った話
hazumirr
2
670
Spotify API を使ったアイマス楽曲の楽しみ方
takemikami
0
130
しつこくじわじわパフォーマンスチューニング
netmarkjp
0
460
WWDC「間」を復習しよう
line_developers
PRO
0
390
Sprasia, Inc. - Sprasia Engineers Culture Deck
sprasiainc
0
110
ChatGPTを活用した 便利ツールの紹介
hankehly
1
540
Exadata Database Cloud (Exadata Cloud Service) サービス技術詳細
oracle4engineer
PRO
0
29k
net/http/httptest.Server のアプローチをテスト戦略に活用する / Go Conference 2023
k1low
7
1.2k
copilot-cli(Fargate)でRailsを運用するためのTips / JAWS-UG Okayama 2023
interu
1
360
When to use a Lambda function? And when not?!
jeromevdl
1
120

Featured

See All Featured
Code Review Best Practice
trishagee
53
12k
Documentation Writing (for coders)
carmenintech
53
3.1k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
7
1k
How to train your dragon (web standard)
notwaldorf
69
4.4k
Teambox: Starting and Learning
jrom
124
8k
How GitHub Uses GitHub to Build GitHub
holman
466
280k
Scaling GitHub
holman
453
140k
Why Our Code Smells
bkeepers
PRO
327
55k
StorybookのUI Testing Handbookを読んだ
zakiyama
9
3.6k
Rebuilding a faster, lazier Slack
samanthasiow
70
7.7k
KATA
mclloyd
13
10k
VelocityConf: Rendering Performance Case Studies
addyosmani
317
22k

Transcript

  1. View Slide

  2. Our mission
    “To provide a free, open source and
    enterprise-ready security monitoring
    platform.”
    Headquartered in San Jose, California with offices in Granada, Spain
    and Argentina.
    Founded in 2015

    View Slide

  3. Why organizations choose Wazuh?
    ● Hosted in the cloud.
    ● Get up and running in 60 minutes or less.
    ● Delivers threat intelligence.
    ● Affordable subscription-based cost
    model. Buy only what you need, expand
    later!
    ● Essential security controls in a single
    platform.
    ● Reduced overhead costs due to a single
    platform.
    ● Eliminate blind spots.
    ● Get visibility across cloud and on-premise
    environments.

    View Slide

  4. Who we serve
    Customer Ecosystem
    • Banks
    • Credit Unions
    • Payment
    Platforms
    • Hospitals
    • Health
    Organizations
    • Federal
    Government
    • State Agencies
    • Municipalities
    • Universities
    • Public School
    System
    • MSSPs
    • Telco's
    • Hosting
    providers
    •Energy
    •Technology
    •Hospitality
    •Aeronautical
    •Retail
    •Insurance
    •Manufacture

    View Slide

  5. Features and capabilities
    End-Point Detection &
    Response / HIDS
    SIEM / Log Management
    Compliance & Security
    Management
    ❏ Anomaly and signature-based
    detection
    ❏ Monitor user activities
    ❏ Assess system configuration
    ❏ Vulnerability detection
    ❏ Provides security controls for
    PCI DSS, HIPAA, GDPR,
    SOC2, GPG13, NIST, and
    others.
    ❏ Collect, analyze and correlate
    data
    ❏ Delivers threat detection
    ❏ Compliance management
    ❏ Incident response capabilities

    View Slide

  6. Security visibility
    Wazuh performs real-time analysis of security alerts generated by network
    devices, servers and applications.
    •Event correlation
    •Security analytics
    •Data enrichment
    •Risk assessment
    •Threat intelligence
    •Active responses
    •Automated workflows
    •Regulatory compliance

    View Slide

  7. Wazuh Cloud
    ✔ SaaS based solution hosted in the cloud
    ✔ Includes hot storage & cold storage
    ✔ Managed and maintained by Wazuh
    ✔ Centralized security monitoring for your cloud, on-premises, and hybrid IT environments
    ✔ PCI DSS Certified
    Wazuh On-premises
    ✔ Locally deployed
    ✔ Centralized security monitoring for your cloud, on-premises, and hybrid IT environments
    ✔ Splunk application available
    Service offering

    View Slide

  8. Agent architecture
    •Log and events collection
    •File integrity monitoring
    •Intrusion detection
    •Policy monitoring
    •Vulnerability detection
    •Rootkits / malware detection
    Wazuh multi-platform security agent capabilities are:

    View Slide

  9. Manager architecture
    •Log analysis based IDS
    •Compliance mappings
    •FIM Databases
    •Centralized management
    •RESTful API
    Agents report to a central manager, where data is analyzed and processed.

    View Slide

  10. Wazuh data flow

    View Slide

  11. Advantages of Wazuh
    Advantages of Wazuh
    ❖ Single lightweight agent that supports multiple platforms - Linux,
    Windows, Mac, Solaris, AIX and HP-UX.
    ❖ Single security monitoring platform that performs real-time analysis.
    ❖ Compliance reporting for PCI, HIPAA, GDPR, NIST, GPG13.
    ❖ Highly scalable due to Wazuh cluster architecture.
    ❖ Infrastructure monitoring
    ➢ Cloud - Cloud services: AWS, Azure, Google.
    ➢ Container - Docker, Kubernetes.
    ➢ Virtual & physical.
    ❖ Cloud & on-premises deployment options.
    ❖ 100% open source.
    Common Use Cases
    ❖ SIEM/log management.
    ❖ Compliance & security management.
    ❖ Endpoint detection & response.
    ❖ File integrity monitoring.
    ❖ Threat detection.
    ❖ Configuration assessment.
    ❖ Cloud monitoring.
    ❖ Containers and kubernetes security.

    View Slide

  12. View Slide

  13. Our user community
    ~15,000 community customers
    ~ 27,000 enterprise users
    ~ 60,000 downloads per month
    https://wazuh.com/community
    ~ 4,000,000 monitored servers

    View Slide