2005 HR Retreat: Employment Teampriority-health.comSecurity Event Management February GR ISSA Meeting Security Event Management Correlation, Categorization,

Slides:



Advertisements
Similar presentations
Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.
Advertisements

Intrusion Detection System(IDS) Overview Manglers Gopal Paliwal Gopal Paliwal Roshni Zawar Roshni Zawar SenthilRaja Velu SenthilRaja Velu Sreevathsa Sathyanarayana.
Stonesoft Roadmap WHAT FEATURES WILL COME IN
SIEM Based Intrusion Detection Jim Beechey May 2010 GSEC, GCIA, GCIH, GCFA, GCWN twitter: jim_beechey.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.
The Most Analytical and Comprehensive Defense Network in a Box.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,
Cyber Security Discussion Craig D’Abreo – VP Security Operations.
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Network Security Testing Techniques Presented By:- Sachin Vador.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Centralizing and Analyzing Security Events: Deploying Security Information Management Systems Lynn Ray Towson University Copyright Lynn Ray, This.
Department Of Computer Engineering
Intrusion Detection System Marmagna Desai [ 520 Presentation]
EDUCAUSE Security 2006 Internet John Brown University.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
Scanners Inventory all machines on site; 12,000+ nmap farm All machines usually twice a day Find critical vulnerabilities and issue blocks Nessus Homegrown.
Auditing for Security Management By Cyril Onwubiko Network Security Analyst at COLT Telecom Invited Guest Lecture delivered at London Metropolitan University,
Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
The Most Analytical and Comprehensive Defense Network in a Box.
Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.
PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.
Web Application Firewall (WAF) RSA ® Conference 2013.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Intrusion Detection and Prevention. Objectives ● Purpose of IDS's ● Function of IDS's in a secure network design ● Install and use an IDS ● Customize.
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.
1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.
Linux Networking and Security
By Jim White WiredCity, Div. of OSIsoft Copyright c 2004 OSIsoft Inc. All rights reserved. Cyber Security Tools.
IEEE Communications Surveys & Tutorials 1st Quarter 2008.
Chapter 5: Implementing Intrusion Prevention
Maintaining and Updating Windows Server Monitoring Windows Server It is important to monitor your Server system to make sure it is running smoothly.
SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
The Real Deal With SIM/SEM The Promise of Security Information / Event Management Scott Sidel Sr. Security Manager Computer Sciences Corp.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
1 Figure 10-4: Intrusion Detection Systems (IDSs) HOST IDSs  Protocol Stack Monitor (like NIDS) Collects the same type of information as a NIDS Collects.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
S E C U R E C O M P U T I N G Not For Public Release 1 Intrusion Tolerant Server Infrastructure Dick O’Brien OASIS PI Meeting July 25, 2001.
Security Information and Event Management
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Intrusion Detection and Incidence Response Course Name – IT Intrusion Detection and Incidence.
WebWatcher A Lightweight Tool for Analyzing Web Server Logs Hervé DEBAR IBM Zurich Research Laboratory Global Security Analysis Laboratory
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
Kevin Watson and Ammar Ammar IT Asset Visibility.
Some Great Open Source Intrusion Detection Systems (IDSs)
INTRODUCTION Sam Wachira
SIEM Rotem Mesika System security engineering
IoT Security Part 2, The Malware
IDS Intrusion Detection Systems
SECURITY INFORMATION AND EVENT MANAGEMENT
Building a Security Operations Center
Security Operations Without Going Blind
Intrusion Detection & Prevention
ISMS Information Security Management System
Specification of Countermeasures for CYRAIL
Enhanced alerting and collaborative incident management
Intrusion Detection system
AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.
IoT in Healthcare: Life or Death
Presentation transcript:

2005 HR Retreat: Employment Teampriority-health.comSecurity Event Management February GR ISSA Meeting Security Event Management Correlation, Categorization, and Threat Modeling

2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting SEM/SIM Security Event/Information Management Collect and analyze log & alert data from multiple sources Manage and modify event data within a single application Make pretty graphs & reports that impress the boss and mean something!

2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting Correlation Find commonalities between events from different data sources Quickly find and analyze the log trail of an attack Lay the foundation for finding patterns and anomalies in security data

2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting Correlation Practical application is straightforward –Firewall + IDS Correlation “Did that attack get through my firewall?” –Firewall + Server Correlation “Did that connection successfully authenticate?” –IDS + Monitoring Tools Correlation “Did that DoS attack take its target down?”

2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting Categorization Group similar event types from different sources Determine event outcomes such as success or failure Add “intelligence” to correlation Done primarily through parsing

2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting Categorization Practical application –Combine and manage events of similar type RealSecure + Snort = NIDS PIX + SonicWall = Firewall –Use outcomes and correlation to identify significant security events IDS attack + Firewall pass = Big Deal IDS attack + Firewall drop = No Big Deal

2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting Threat Modeling Additional data layer designed to provide higher degree of intelligence to event prioritization Typically asset-based (e.g. IP Address) Integrate network scanner results into the security event equation Good data requires lots of discovery and data entry

2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting Threat Modeling Practical Application –Use asset and vulnerability data to prioritize relevant events Web attack on web server = Medium Priority Attack on vulnerable server/port = High Priority –Note: This is only as useful as your asset data is accurate.

2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting Real Life Priority Health uses ArcSight v3 –Security event monitoring –Threshold and pattern based alerting –Case management & reporting –Compliance monitoring and log review NTP or some other form of time synchronization is critical to getting the most out of any SIM/SEM product.

2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

2005 HR Retreat: Employment Teampriority-health.comSecurity Event Management February GR ISSA Meeting Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.