Security Operation Center for NCHC

Slides:



Advertisements
Similar presentations
Unified Communications Bill Palmer ADNET Technologies, Inc.
Advertisements

PRAGMA 14 Geosciences WG Activities Update G. S. Chang, W. F. Tsai NARL, Taiwan March 11, 2008.
Its a new digital world with new digital dangers….
Distributed Data Processing
Not to be distributed or reproduced by anyone other than Qwest entities. Copyright © 2010 Qwest. All Rights Reserved. Government Services TIC from an Industry.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
LittleOrange Internet Security an Endpoint Security Appliance.
(Geneva, Switzerland, September 2014)
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.
IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.
Introduction to Honeypot, Botnet, and Security Measurement
Securing Information Systems
A First Course in Information Security
SEC835 Database and Web application security Information Security Architecture.
1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB
Presentation title SUB TITLE HERE Intelligent 21st Century Strategies for Broadband and Cyber Infrastructures Security By Dr. Emmanuel Hooper, PhD, PhD,
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
ShareTech 2015 Next-Gen UTM.
Dell Connected Security Solutions Simplify & unify.
WHAT IS VIRUS? NAE GRAND CHALLENGE SECURE CYBERSPACE.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
1 R&E Network Planning, Engineering and OA&M Capabilities in Taiwan 2006 / 04 / 26 Jing-Jou Yen NCHC, Taiwan.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
1 The New Security Blueprint : Challenges & Opportunities Ajay Goel, Managing Director, Symantec India & SAARC Sept 1, 2011.
In the Crossfire International Cooperation and Computer Crime Stewart Baker.
The Changing World of Endpoint Protection
Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.
Recent Cyber Attacks and Countermeasures September 2006.
1 Commonwealth Security Information Resource Center Michael Watson Security Incident Management Director 10/17/2008
Ali Alhamdan, PhD National Information Center Ministry of Interior
Network security Product Group 2 McAfee Network Security Platform.
NICI IPv6 Infrastructure Development Status IPv6 Summit in Taiwan 2005 Aug. 23 rd, 2005 Jing-Jou Yen National Center for High-Performance Computing.
How we work as a national CERT in China ZHOU Yonglin CNCERT/CC, China 2 Addressing security challenges on a global scaleGeneva, 6-7 December 2010.
Threat Management Service October Crypteia Networks 2 Awards PCCW Global acquired Crypteia Networks in 2014 Crypteia Networks was founded as a Security-as-a-
1© Copyright 2014 EMC Corporation. All rights reserved. Applying the Power of Data Analytics to Cyber Security Dr. Robert W. Griffin Chief Security Architect.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. State of Network Security.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
The Practices of CERT -- Building National Computer Network Emergency Response Capability Mingqi CHEN CNCERT/CC APCERT APAN Bangkok.
2© Copyright 2013 EMC Corporation. All rights reserved. Cyber Intelligence Fighting Cyber Crime Insert Event Date LEADERS EDGE.
EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
An Introduction to Deception Based Technology Asif Yaqub Nick Palmer February 5, 2016.
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
Information Security in Laurier Grant Li Wilfrid Laurier University.
Reach us at Call: | Visit:
Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.
Blue Coat Cloud Continuum
Global Cyber Security Market by Manufacturers, Regions, Type and Application, Forecast to 2021 Published: December 2016 Single User PDF: US$ 3480 Order.
SIEM Rotem Mesika System security engineering
2017 Security Predictions from FortiGuard Labs
OIT Security Operations
Avenues International Inc.
Real-time protection for web sites and web apps against ATTACKS
Detection and Analysis of Threats to the Energy Sector (DATES)
Securing Information Systems
Cyber Security in New Jersey State Government
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
AKAMAI INTELLIGENT PLATFORM™
Home Internet Vulnerabilities
Chapter 4: Protecting the Organization
(With Hybrid Network Support)
Microsoft Data Insights Summit
In the attack index…what number is your Company?
Presentation transcript:

Security Operation Center for NCHC Professor Ce-Kuen Shieh General Director, National Center for High-performance Computing National Cheng Kung University

Outline Brief Introduction to NCHC Purpose of Security Operation Center Architecture of SOC Features of NCHC SOC Main Achievements Summary

Consultation Committee NARLabs Organization Board of Directors President Consultation Committee Vice President National Center for High-performance Computing Taiwan Typhoon & Flood Research Institute National Center for Research on Earthquake Engineering National Chip Implementation Center 企劃考核室 業務推廣室 行政管理室 財務會計室 稽核室 資訊管理室 Taiwan Ocean Research Institute Instrument Technology Research Center National Laboratory Animal Center National Space Organization Science & Technology Policy Research and Information Center National Nano Device Laboratories

Taichung Office Opened Hsinchu Headquarters Opened NCHC Milestones 2008 Taichung Office Opened 2005 Tainan Office Opened 2003 Became Incorporated 1993 Hsinchu Headquarters Opened 1991 Officially Founded

Categories of NCHC’s Tasks Service Computing Storage Networking Research & Development Modeling & Simulation Big Data Applications Open Source Software Development Software Defined Network

HPC, Storage and Network Services Open to academic, research, and Industrial users Supporting 700+ research projects per year ALPS, 2011: Rmax 177 TFLOPS, 442.00 MFLOPS/W Formosa series built by ourselves NCHC Total Computing Capacity Rmax(TF) Storage Capacity Three-site, 3-tier backup Total capacity 5.4 PB TaiWan Advanced Research and Education Network (TWAREN) 20Gbps backbone (Toward 100 G) 5Gbps international connection Year

Self-built Cluster Computers 2012 Formosa 5 Cloud Cluster Big memory Hybrid-Computing Platform 2011 Formosa 4 2010 Formosa 3 Cloud Cluster Virtualization and Green Computing Cloud IaaS Service 2005 Formosa 2 Cloud Cluster GPU accelerator 2003 Formosa 1 The first 64-bit PC Cluster for online service 64-bit Dual-Core CPU and InfiniBand The first PC Cluster for online service 2011 TOP500 #232 2011 TOP500 #234 2011 Green500 #62 2011 Green500 #37 2003 TOP500 #135

Backbone Network Service TWAREN TaiWan Advanced & REsearch Network TWAREN Domestic backbone : 20Gbps 12 regional networks 95 universities & research institutes 500K users International connection : 5Gbps w/35 int’l research networks Network usability : 99.99% Shared with TANET (managed by MOE) 4000 schools, 4M users TWAREN跨國連網圖 TWAREN Domestic Backbone TWAREN International Connection 100Gbps backbone is coming by the end of this year

Cyber Threats to Taiwan Taiwan is at the frontline in an emerging global battle for cyberspace No.4 of Most Botnet Activity in 2013 No.5 of Top Attack Traffic Originating Countries in 2013 Top Attack Traffic Originating Countries Country Q4'13 Traffic % Q3'13 % China 43% 35% US 19% 11% Canada 10% 0.40% Indonesia 5.70% 20% Taiwan 3.40% 5.20% Netherlands 2.70% 0.50% Russia 1.50% 2.60% Brazil 1.10% 2.10% Romania 0.90% 1.70% Germany 0.80% Other 12% 17% Source from: Symantec 2014 Internet Security Threat Report, Volume 19 4 5 Source from: AKAMEAI’s state of the Internet, Q4 2013 report

Purpose of SOC Security Operation Center (SOC) is to ensure information security of internet users by Security device management Vulnerability management Network threat detection Security event management Incident response

Architecture of SOC Procedure People Software Hardware Level 1 Level 2 Device Management Threat and Vulnerability Management Incident Response Procedure Level 1 Level 2 Security Operators Security Analysts Software Engineers Incident Handlers People Software Security Information and Event Management (SIEM) Security and Network Devices Hardware

Features of NCHC SOC Hybrid Intrusion Detection System Security Intelligence Dashboard and Visualization of Information Security Sharing intelligences with Information Sharing and Analysis Center (A-ISAC) Joint Defense among TANet partners

Hybrid Intrusion Detection System DDoS Detecting Known network attacks by signatures and patterns. Network Intrusion Detection System Hackers SIEM Network Worms Distributed Honeynet System Event Correlation and incident identification Phishing emails Collecting Unknown network threats and malware samples for further analysis.

Hybrid Intrusion Detection System Network Intrusion Detection System Enterprise and Open-source solutions APT Mail Detector Secure Web Gateway Distributed Honeynet System Low-interaction honeypots Simulating vulnerable systems for network threats Collecting malware samples and suspicious exploit traffic for further research Analyzing Malware behavior for potential threats

Distributed Honeynet System Using 6000+ IP address for sensor deployment and data collection Cooperating with 11 National Universities Collecting 1,500,000+ malware samples Providing network threat list for TANet partners weekly Establishing Malware Database

Cyber Intelligence Dashboard A web-based system for monitoring, managing, reporting and notifying of events for IP enabled devices A Self-developed system based on open source software to provides cost-efficient network management services

Features of NCHC SOC -Security Visualization

Information Sharing and Analysis NCHC SOC shares intelligence with other partners through Information Sharing and Analysis Centers . Government Service Network G-ISAC Taiwan Academic Network A-ISAC GSN Incidents Hinet Incidents GSN Incidents HiNet Incidents ISPs NCC-ISAC NCHC SOC

Incident Reported by NCHC SOC Incidents from TANet users Over 6,000 Incidents reported by NCHC SOC in one month. Incidents from Taiwan ISPs NCHC SOC detected more than 10,000 Incidents of network attacks in one month

Joint Defense of TANet partners 24/7 operation for ensuring the efficiency of incident handling. NCHC cooperates with 7 regional network centers of Taiwan Academic Network for network monitoring and threat detection. Providing digital forensics, malware analysis and other technical supports

Main Achievements Ensuring Information Security Protecting 4,000+ schools and 5 Million users Reporting real-time Incidents(Avg.) Taiwan: 12,000+ tickets/month International: 2,500+ tickets/month Malware Collection Malware Samples: 1.5 Million(since 2009) Big Data(Avg.) Honeypot: 60GB/day Malware: 1200+ sample/day G-ISAC Telecom ISAC Academic GOV Agencies TWNIC TWCERT/CC EC-Cert MSSP/SOC NCHC ASOC NTU Search Engine Netflow Analysis Malicious list Honeynet SPAM Mails TWAREN Campus Malware Forensics Incident Management TWMAN Analysis ISAC CERT CSIRT

Summary To adapt with the changing network threats, Hybrid Intrusion Detection Systems is essential for bettering security protection and provide efficient security services. Distributed Honeynet System not only collects network threat samples, but also brings values to information security researches. Strengthening International technological exchange and academic-industry cooperation to extend the scope of our Joint Defense Alliance are the our future job.

Q & A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.