Cloudadmins Barcelona: Meetup 19/12/2020

Transcript

1. None

2. Our mission “To provide a free, open source and enterprise-ready

   security monitoring platform.” Headquartered in San Jose, California with offices in Granada, Spain and Argentina. Founded in 2015

3. Why organizations choose Wazuh? • Hosted in the cloud. •

   Get up and running in 60 minutes or less. • Delivers threat intelligence. • Affordable subscription-based cost model. Buy only what you need, expand later! • Essential security controls in a single platform. • Reduced overhead costs due to a single platform. • Eliminate blind spots. • Get visibility across cloud and on-premise environments.

4. Who we serve Customer Ecosystem • Banks • Credit Unions

   • Payment Platforms • Hospitals • Health Organizations • Federal Government • State Agencies • Municipalities • Universities • Public School System • MSSPs • Telco's • Hosting providers •Energy •Technology •Hospitality •Aeronautical •Retail •Insurance •Manufacture

5. Features and capabilities End-Point Detection & Response / HIDS SIEM

   / Log Management Compliance & Security Management ❏ Anomaly and signature-based detection ❏ Monitor user activities ❏ Assess system configuration ❏ Vulnerability detection ❏ Provides security controls for PCI DSS, HIPAA, GDPR, SOC2, GPG13, NIST, and others. ❏ Collect, analyze and correlate data ❏ Delivers threat detection ❏ Compliance management ❏ Incident response capabilities

6. Security visibility Wazuh performs real-time analysis of security alerts generated

   by network devices, servers and applications. •Event correlation •Security analytics •Data enrichment •Risk assessment •Threat intelligence •Active responses •Automated workflows •Regulatory compliance

7. Wazuh Cloud ✔ SaaS based solution hosted in the cloud

   ✔ Includes hot storage & cold storage ✔ Managed and maintained by Wazuh ✔ Centralized security monitoring for your cloud, on-premises, and hybrid IT environments ✔ PCI DSS Certified Wazuh On-premises ✔ Locally deployed ✔ Centralized security monitoring for your cloud, on-premises, and hybrid IT environments ✔ Splunk application available Service offering

8. Agent architecture •Log and events collection •File integrity monitoring •Intrusion

   detection •Policy monitoring •Vulnerability detection •Rootkits / malware detection Wazuh multi-platform security agent capabilities are:

9. Manager architecture •Log analysis based IDS •Compliance mappings •FIM Databases

   •Centralized management •RESTful API Agents report to a central manager, where data is analyzed and processed.

10. Wazuh data flow

11. Advantages of Wazuh Advantages of Wazuh ❖ Single lightweight agent

    that supports multiple platforms - Linux, Windows, Mac, Solaris, AIX and HP-UX. ❖ Single security monitoring platform that performs real-time analysis. ❖ Compliance reporting for PCI, HIPAA, GDPR, NIST, GPG13. ❖ Highly scalable due to Wazuh cluster architecture. ❖ Infrastructure monitoring ➢ Cloud - Cloud services: AWS, Azure, Google. ➢ Container - Docker, Kubernetes. ➢ Virtual & physical. ❖ Cloud & on-premises deployment options. ❖ 100% open source. Common Use Cases ❖ SIEM/log management. ❖ Compliance & security management. ❖ Endpoint detection & response. ❖ File integrity monitoring. ❖ Threat detection. ❖ Configuration assessment. ❖ Cloud monitoring. ❖ Containers and kubernetes security.
12. None

13. Our user community ~15,000 community customers ~ 27,000 enterprise users

    ~ 60,000 downloads per month https://wazuh.com/community ~ 4,000,000 monitored servers