www.wallix.

com

Study and deployment of a SIEM to

reinforce the security of an IS
Internship Presentation
 

By UZIEL SIMOU: Student at Ucac-Icam Institute

MR WILLIAM FOFIE MR EWOLO IGOR

COMPANY TUTOR IT TUTOR AT UCAC-ICAM INSTITUTE
 www.wallix.com

SUMMARY
Presentation of the company

Introduction, context and problem

Presentation of the project

Study of the project

Demonstration & Conclusion

1
 www.wallix.com
Founded in 2018
 SIEGE :
Cameroon, Douala
 4 BRANCHES :
Cameroon / Tchad / RCA / Congo
Brazzaville (SITEC Global Consulting)
 1 Technical office
RDC

Presentation of
the company

2
 www.wallix.com

INFORMATOIN SYSTEM
SOLUTIONS

INFRASTRUCTURE AND NETWORK

SOLUTIONS

CERTIFIED TRAINERS

Presentation of
SYSTEM ADMINISTRATION
the company

3
 www.wallix.com

INTRODUCTION & CONTEXT

SECURITY INFORMATION AND EVENT MANAGEMENT

DATA SECURITY SECURITY DEVICES

4
 www.wallix.com

THE PROBLEM
Don’t know what
 Device is happening in
monitoring too real-time on his
decentralized IS
and painful

Can’t know what

happened after an
The Chief Security Officer Decision-making
attack not always
obvious

5
 www.wallix.com

Presentation of the Study of the project

project

Plan Depoyement Demonstration

Conclusion

6
 www.wallix.com

POJECT MANAGEMENT
 provisional schedule

The project ran from 03 October to 20 January 2023

7
 www.wallix.com

POJECT MANAGEMENT
 Actual provisional

The project ran from 03 October to 20 January 2023

8
How does SIEM works ?
www.wallix.com

11
 www.wallix.com

GOALS AND ISSUES

Manage the large volume of

logs from multiple sources

Identify threats and potential

breaches
GOALS & ISSUES

Help in security decision-

OF THE PROJECT
making

Monitor and understand the

company's security posture

Add of a new product to

Nextin solution catalog

10
 www.wallix.com

UTILITIES

11
 www.wallix.com

Presentation of the Study of the project

project

Plan Depoyement Demonstration

Conclusion

12
WHAT IS A LOG ?
www.wallix.com

A log is a time-stamped logbook, which orders the various events that

have occurred on a computer, server, etc.

13
 www.wallix.com
15

Log collection and aggregation

• In 4 ways

1 Syslog
2 By an agent installed on the device

3 Event Streaming 4 By direct acces

CLICK TO DISCOVER

14
 www.wallix.com

Log normalization

This step allows the SIEM to put the logs in the same unique format to make them more usable

 Exemple of a Syslog log normalization

15
www.wallix.com

19
 www.wallix.com

LOG CORRELATION
First of all, to correlate is to connect

20
 www.wallix.com

ARCHICTETURE

SIEM
Architecture

14
 www.wallix.com

SIEM solutions
 A distinction is made between open source and paid
solutions

Among the open source solutions...

22
 www.wallix.com

Among paiying solutions...

23
 www.wallix.com

Matrix of choice

 Legend

Featured
Not featured

24
 www.wallix.com

SOLUTIONS CHOSED

 open source

Paid
25
 www.wallix.com

 Budget

 The total cost of the project is 14 266 000 FCFA

26
 www.wallix.com

Presentation of the Study of the project

project

Plan Depoyement Demonstration

Conclusion

24
 www.wallix.com

Project architecture

25
ADDING AND AGENT
www.wallix.com

5
26
 www.wallix.com

ADD OF A RULE

5
27
 www.wallix.com

RESULTS

28
 www.wallix.com

DEMONSTRATION

29
 www.wallix.com

PFI PLAN
Main Goal Become a cybersecurity consultant

Soft skills Technical skills

 Leadership Advanced notions in:
 Project management  Networking
 Security
 System administration
 Cloud
Certification plan
Comptia Security risk and
CCNA Management certifications
security +

NSE Azure & AWS

1,2,3,4,5 cloud
certifications
30
 www.wallix.com

CONCLUSION

Goals
Global Is it saleable ?
achievement
review
review

31
 www.wallix.com

THANK YOU FOR YOUR

ATTENTION

31