Security Analytics

보안 분석

보안 위협에 정해진 틀은 없습니다. 위협에 대응하는 방식 또한 마찬가지입니다. Elastic Stack은 현재와 미래의 공격 매체에 긴밀하게 대응할 수 있는 도구를 제공합니다. 여기서 그 도구를 자세히 만나 보세요.

Elastic의 보안 분석을 직접 경험해 보세요 시작하기

New A detailed look at how Elastic security features can accelerate your path to GDPR compliance. 더 보기

무엇보다 발빠르게 움직여야 합니다

보안 공격은 발생 가능성이 아니라 발생 시기에 초점을 두고 대응해야 합니다. 이 위협이 시스템 안에 얼마 동안 머무르길 원하시나요?

빠른 속도를 자랑하는 Elastic은 데이터를 처리함과 동시에 색인합니다. 이러한 작업은 정보 제공 시간을 초 단위로 줄여주며, 실시간 쿼리 실행 및 시각화를 가능하게 합니다.

데이터를 버려두지 말고 한곳에 모으세요

보안 위협을 감지하는 작업에서 가장 명심해야 할 사실은 위협이 언제 어디서나 발생할 수 있다는 것입니다. 그렇기 때문에 시스템에서 어떤 일이 일어나고 있는지 전체적인 상황을 실시간으로 파악하는 것이 중요합니다.

Elasticsearch는 방화벽, 프록시, 감지 시스템 등 유형에 관계없이 모든 페타바이트 규모의 데이터를 처리할 수 있습니다. 이제 보안은 Elasticsearch에 맡기세요.

Other
search...
0 matched | 0 scanned
0 Unique Request
Elastic
search...
hits
Unique Request

조사를 위해 데이터를 온라인에 장기간 보관하세요

이 위협은 언제 침투했을까요? 어디로 이동했을까요? 대체 무엇을 하고 간걸까요? 영향을 받은 부분은 어디일까요?

고작 일주일 동안 데이터를 살펴보는 것만으로는 이런 질문에 답변하기 어려울지도 모릅니다. 보통의 보안 위협은 완벽히 해결될 때까지 100일이 넘는 잠복기를 가질 수도 있습니다. Elastic은 장기간의 과거 데이터 검색을 통해 보다 쉽고 빠르고 실용적인 방식으로 이러한 보안 위협을 해결할 수 있게 도와줍니다.

새로운 솔루션을 구축하고, 기존의 SIEM을 더욱 발전시키세요

Slack과 같이 아무것도 없는 백지 상태에서 시작해 보안 솔루션을 구축하거나 USAA와 같이 기존에 사용하고 있는 SIEM 도구를 더욱 강력하게 발전시킬 수 있습니다. Elastic의 가장 큰 장점은 바로 유연성에 있습니다. 필요한 솔루션을 찾을 수 없다면 직접 만들어 보거나 커뮤니티의 도움을 받을 수도 있습니다.

시작 해 보세요

작게 시작하여 크게 나아가세요. 모든 것은 여러분의 선택에 달려있습니다. 최신 버전을 설치하고, 탐색하고, 새로운 것들을 발견 해 나아가세요.
  • Register, if you do not already have an account. Free 14-day trial available.
  • Log into the Elastic Cloud console
To create a cluster, in Elastic Cloud console:
  • Select Create Deployment, and specify the Deployment Name
  • Modify the other deployment options as needed (or not, the defaults are great to get started)
  • Click Create Deployment
  • Save the Cloud ID and the cluster Password for your records, we will refer to these as <cloud.id> and <password> below
  • Wait until deployment creation completes

Download and unpack Filebeat

Open terminal (varies depending on your client OS) and in the Metricbeat install directory, type:

Paste in the <password> for the elastic user when prompted

Paste in the <cloud.id> for the cluster when prompted

Open Kibana from Kibana section of the Elastic Cloud console (login: elastic/<password>)
Open dashboard:
"[Filebeat System] SSH login attempts" or "[Filebeat System] Sudo commands"
What just happened?
Filebeat created an index pattern in Kibana with defined fields, searches, visualizations, and dashboards. In a matter of minutes you can start viewing latest system log messages, and reporting on SSH login attempts and other authentication events.
Didn't work for you?

Filebeat module assumes default log locations, unmodified file formats, and supported versions of the products generating the logs. See the documentation for more details.

  • Register, if you do not already have an account. Free 14-day trial available.
  • Log into the Elastic Cloud console
To create a cluster, in Elastic Cloud console:
  • Select Create Deployment, and specify the Deployment Name
  • Modify the other deployment options as needed (or not, the defaults are great to get started)
  • Click Create Deployment
  • Save the Cloud ID and the cluster Password for your records, we will refer to these as <cloud.id> and <password> below
  • Wait until deployment creation completes

Download and unpack Auditbeat

Open terminal (varies depending on your client OS) and in the Auditbeat install directory, type:

Paste in the <password> for the elastic user when prompted

Paste in the <cloud.id> for the cluster when prompted

Open Kibana from Kibana section of the Elastic Cloud console (login: elastic/<password>)
Open dashboard:
"[Auditbeat File] File Integrity"
What just happened?
Auditbeat created an index pattern in Kibana with defined fields, searches, visualizations, and dashboards. In a matter of minutes you can start viewing latest system audit information.
Didn't work for you?

Auditbeat module assumes default operating system configuration. See the documentation for more details.

  • Register, if you do not already have an account. Free 14-day trial available.
  • Log into the Elastic Cloud console
To create a cluster, in Elastic Cloud console:
  • Select Create Deployment, and specify the Deployment Name
  • Modify the other deployment options as needed (or not, the defaults are great to get started)
  • Click Create Deployment
  • Save the Cloud ID and the cluster Password for your records, we will refer to these as <cloud.id> and <password> below
  • Wait until deployment creation completes

Download and unpack Logstash

Open terminal (varies depending on your client OS) and in the Logstash install directory, type:

Modify logstash.yml to set ArcSight module details

modules:
- name: arcsight
  var.inputs: smartconnector
  var.elasticsearch.username: "elastic"
  var.elasticsearch.password: "<password>"
				

Configure Smart Connectors to send CEF events to Logstash via TCP on default port 5000.

Open Kibana from Kibana section of the Elastic Cloud console (login: elastic/<password>)
Open dashboard:
"[ArcSight] Network Overview Dashboard"
What just happened?

Logstash created an index pattern in Kibana with defined fields, searches, visualizations, and dashboards. In a matter of minutes you can start viewing Arcsight events.

Didn't work for you?

Logstash module makes a set of assumptions around default configuration of the ArcSight solution, however you can override defaults. See the documentation for more details.

  • Register, if you do not already have an account. Free 14-day trial available.
  • Log into the Elastic Cloud console
To create a cluster, in Elastic Cloud console:
  • Select Create Deployment, and specify the Deployment Name
  • Modify the other deployment options as needed (or not, the defaults are great to get started)
  • Click Create Deployment
  • Save the Cloud ID and the cluster Password for your records, we will refer to these as <cloud.id> and <password> below
  • Wait until deployment creation completes

Download and unpack Packetbeat

Open terminal (varies depending on your client OS) and in the Packetbeat install directory, type:

Paste in the <password> for the elastic user when prompted

Paste in the <cloud.id> for the cluster when prompted

Open Kibana from Kibana section of the Elastic Cloud console (login: elastic/<password>)
Open dashboard:
"[Packetbeat] DNS Tunneling"
What just happened?

Packetbeat created an index pattern in Kibana with defined fields, searches, visualizations, and dashboards. In a matter of minutes you can start viewing details of your DNS traffic.

Didn't work for you?

Packetbeat makes a set of assumptions around defaults, such as default network ports. See the documentation for more details on how to further configure your deployment.

  • Register, if you do not already have an account. Free 14-day trial available.
  • Log into the Elastic Cloud console
To create a cluster, in Elastic Cloud console:
  • Select Create Deployment, and specify the Deployment Name
  • Modify the other deployment options as needed (or not, the defaults are great to get started)
  • Click Create Deployment
  • Save the Cloud ID and the cluster Password for your records, we will refer to these as <cloud.id> and <password> below
  • Wait until deployment creation completes

Download and unpack Logstash

Open terminal (varies depending on your client OS) and in the Logstash install directory, type:

Paste in the <password> for the elastic user when prompted

Modify logstash.yml to set Netflow module details

cloud.id: <cloud.id>
     cloud.auth: elastic:${ES_PWD}
     modules:
       - name: netflow
         var.input.udp.port: <netflow_port>
				

Configure NetFlow to export flow events to Logstash via UDP on default port 2055.

Open Kibana from Kibana section of the Elastic Cloud console (login: elastic/<password>)
Open dashboard:
"Netflow: Overview"
What just happened?

Logstash created an index pattern in Kibana with defined fields, searches, visualizations, and dashboards. In a matter of minutes you can start viewing Netflow events.

Didn't work for you?

Logstash module makes a set of assumptions around default configuration of the Netflow solution, however you can override defaults. See the documentation for more details.

In Elasticsearch install directory:
Ctrl + C to Copy
In Kibana install directory:
Ctrl + C to Copy
In Filebeat install directory:
Ctrl + C to Copy
What just happened?

Filebeat created an index pattern in Kibana with defined fields, searches, visualizations, and dashboards. In a matter of minutes you can start viewing latest system log messages, and reporting on SSH login attempts and other authentication events.

Didn't work for you?

Filebeat module assumes default log locations, unmodified file formats, and supported versions of the products generating the logs. See the documentation for more details.

In Elasticsearch install directory:
Ctrl + C to Copy
In Kibana install directory:
Ctrl + C to Copy
In Auditbeat install directory:
Ctrl + C to Copy
What just happened?
Auditbeat created an index pattern in Kibana with defined fields, searches, visualizations, and dashboards. In a matter of minutes you can start viewing latest system audit information.
Didn't work for you?

Auditbeat module assumes default operating system configuration. See the documentation for more details.

In Elasticsearch install directory:
Ctrl + C to Copy
In Kibana install directory:
Ctrl + C to Copy
In Logstash install directory:

Modify logstash.yml to set ArcSight module details

modules:
       - name: arcsight
         var.inputs: smartconnector
			
Ctrl + C to Copy

Configure Smart Connectors to send CEF events to Logstash via TCP on default port 5000.

What just happened?

Logstash created an index pattern in Kibana with defined fields, searches, visualizations, and dashboards. In a matter of minutes you can start viewing ArcSight events.

Didn't work for you?

Logstash module makes a set of assumptions around default configuration of the ArcSight solution, however you can override defaults. See the documentation for more details.

In Elasticsearch install directory:
Ctrl + C to Copy
In Kibana install directory:
Ctrl + C to Copy
In Packetbeat install directory:
Ctrl + C to Copy
What just happened?

Packetbeat created an index pattern in Kibana with defined fields, searches, visualizations, and dashboards. In a matter of minutes you can start viewing details of your DNS traffic.

Didn't work for you?

Packetbeat makes a set of assumptions around defaults, such as default network ports. See the documentation for more details on how to further configure your deployment.

In Elasticsearch install directory:
Ctrl + C to Copy
In Kibana install directory:
Ctrl + C to Copy
In Logstash install directory:

Modify logstash.yml to set Netflow module details

modules:
       - name: netflow
         var.input.udp.port: <netflow_port>
			
Ctrl + C to Copy

Configure NetFlow to export flow events to Logstash via UDP on default port 2055.

What just happened?

Logstash created an index pattern in Kibana with defined fields, searches, visualizations, and dashboards. In a matter of minutes you can start viewing Netflow events.

Didn't work for you?

Logstash module makes a set of assumptions around default configuration of the Netflow solution, however you can override defaults. See the documentation for more details.

변칙 감지를 자동화하고, 의심되는 접속을 살펴보세요

수십억 개의 징후를 실시간으로 확인하려면 어떻게 해야 할까요? 수백만 개의 IP 주소에서 의미 있는 연결을 찾을 수 있을까요? Elastic의 머신러닝과 그래프 분석 기능을 추가하여 예측 가능한 사이버 위협과 예측 불가능한 위협을 빠르게 탐지하세요.

여러분의 동반자가 되어 함께합니다

보안 랩에서 몇 개의 Elasticsearch 노드로 개발을 시작한 USAA는 현재 ArcSight SIEM의 확장 제품으로 광범위한 개발을 진행하고 있습니다. Elasticsearch를 도입하기 전에는 위협 분석을 위한 쿼리 응답에 몇 분(또는 몇 시간)의 기다림이 필요했으나 Elasticsearch를 사용한 이후부터는 시간 낭비를 현저히 줄일 수 있었습니다.

Elastic을 보안 시스템에 활용한 곳은 USAA뿐만이 아닙니다. 더 많은 사례를 확인하세요.

보안 분석은 단순히 보안 이벤트에 그치는 것이 아닙니다

메트릭 데이터, 인프라 로그, 텍스트 문서 등 모든 자료를 Elastic Stack으로 통합하여 분석 범위를 확대할 수 있습니다. 아키텍처를 단순화하고 위험을 최소화하세요.

로그분석

빠르고 확장 가능하며 중단되지 않는 실시간 로깅.

더 보기

메트릭

CPU, 메모리 및 그 외의 다양한 수치 분석.

더 보기

사이트 검색

손쉽게 만들고 추가하는 사이트 검색의 경험.

더 보기

APM

애플리케이션 성능에 대한 통찰력 강화.

더 보기

앱 검색

문서, 위치정보 및 그 이상의 검색.

더 보기