Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cloudadmins Barcelona: Meetup 19/12/2020

Cloudadmins Barcelona: Meetup 19/12/2020

Wazuh presentation: The Opensource security platform

Cloudadmins Barcelona

November 19, 2020
Tweet

More Decks by Cloudadmins Barcelona

Other Decks in Technology

Transcript

  1. Our mission
    “To provide a free, open source and
    enterprise-ready security monitoring
    platform.”
    Headquartered in San Jose, California with offices in Granada, Spain
    and Argentina.
    Founded in 2015

    View full-size slide

  2. Why organizations choose Wazuh?
    ● Hosted in the cloud.
    ● Get up and running in 60 minutes or less.
    ● Delivers threat intelligence.
    ● Affordable subscription-based cost
    model. Buy only what you need, expand
    later!
    ● Essential security controls in a single
    platform.
    ● Reduced overhead costs due to a single
    platform.
    ● Eliminate blind spots.
    ● Get visibility across cloud and on-premise
    environments.

    View full-size slide

  3. Who we serve
    Customer Ecosystem
    • Banks
    • Credit Unions
    • Payment
    Platforms
    • Hospitals
    • Health
    Organizations
    • Federal
    Government
    • State Agencies
    • Municipalities
    • Universities
    • Public School
    System
    • MSSPs
    • Telco's
    • Hosting
    providers
    •Energy
    •Technology
    •Hospitality
    •Aeronautical
    •Retail
    •Insurance
    •Manufacture

    View full-size slide

  4. Features and capabilities
    End-Point Detection &
    Response / HIDS
    SIEM / Log Management
    Compliance & Security
    Management
    ❏ Anomaly and signature-based
    detection
    ❏ Monitor user activities
    ❏ Assess system configuration
    ❏ Vulnerability detection
    ❏ Provides security controls for
    PCI DSS, HIPAA, GDPR,
    SOC2, GPG13, NIST, and
    others.
    ❏ Collect, analyze and correlate
    data
    ❏ Delivers threat detection
    ❏ Compliance management
    ❏ Incident response capabilities

    View full-size slide

  5. Security visibility
    Wazuh performs real-time analysis of security alerts generated by network
    devices, servers and applications.
    •Event correlation
    •Security analytics
    •Data enrichment
    •Risk assessment
    •Threat intelligence
    •Active responses
    •Automated workflows
    •Regulatory compliance

    View full-size slide

  6. Wazuh Cloud
    ✔ SaaS based solution hosted in the cloud
    ✔ Includes hot storage & cold storage
    ✔ Managed and maintained by Wazuh
    ✔ Centralized security monitoring for your cloud, on-premises, and hybrid IT environments
    ✔ PCI DSS Certified
    Wazuh On-premises
    ✔ Locally deployed
    ✔ Centralized security monitoring for your cloud, on-premises, and hybrid IT environments
    ✔ Splunk application available
    Service offering

    View full-size slide

  7. Agent architecture
    •Log and events collection
    •File integrity monitoring
    •Intrusion detection
    •Policy monitoring
    •Vulnerability detection
    •Rootkits / malware detection
    Wazuh multi-platform security agent capabilities are:

    View full-size slide

  8. Manager architecture
    •Log analysis based IDS
    •Compliance mappings
    •FIM Databases
    •Centralized management
    •RESTful API
    Agents report to a central manager, where data is analyzed and processed.

    View full-size slide

  9. Wazuh data flow

    View full-size slide

  10. Advantages of Wazuh
    Advantages of Wazuh
    ❖ Single lightweight agent that supports multiple platforms - Linux,
    Windows, Mac, Solaris, AIX and HP-UX.
    ❖ Single security monitoring platform that performs real-time analysis.
    ❖ Compliance reporting for PCI, HIPAA, GDPR, NIST, GPG13.
    ❖ Highly scalable due to Wazuh cluster architecture.
    ❖ Infrastructure monitoring
    ➢ Cloud - Cloud services: AWS, Azure, Google.
    ➢ Container - Docker, Kubernetes.
    ➢ Virtual & physical.
    ❖ Cloud & on-premises deployment options.
    ❖ 100% open source.
    Common Use Cases
    ❖ SIEM/log management.
    ❖ Compliance & security management.
    ❖ Endpoint detection & response.
    ❖ File integrity monitoring.
    ❖ Threat detection.
    ❖ Configuration assessment.
    ❖ Cloud monitoring.
    ❖ Containers and kubernetes security.

    View full-size slide

  11. Our user community
    ~15,000 community customers
    ~ 27,000 enterprise users
    ~ 60,000 downloads per month
    https://wazuh.com/community
    ~ 4,000,000 monitored servers

    View full-size slide