Presentation is loading. Please wait.

Presentation is loading. Please wait.

2005 HR Retreat: Employment Teampriority-health.comSecurity Event Management February GR ISSA Meeting Security Event Management Correlation, Categorization,

Published byWilliam Allison Modified over 9 years ago

Similar presentations

Presentation on theme: "2005 HR Retreat: Employment Teampriority-health.comSecurity Event Management February GR ISSA Meeting Security Event Management Correlation, Categorization,"— Presentation transcript:

1 2005 HR Retreat: Employment Teampriority-health.comSecurity Event Management February GR ISSA Meeting Security Event Management Correlation, Categorization, and Threat Modeling Paul.Melson@PriorityHealth.com

2 2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting SEM/SIM Security Event/Information Management Collect and analyze log & alert data from multiple sources Manage and modify event data within a single application Make pretty graphs & reports that impress the boss and mean something!

3 2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting Correlation Find commonalities between events from different data sources Quickly find and analyze the log trail of an attack Lay the foundation for finding patterns and anomalies in security data

4 2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

5 2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting Correlation Practical application is straightforward –Firewall + IDS Correlation “Did that attack get through my firewall?” –Firewall + Server Correlation “Did that connection successfully authenticate?” –IDS + Monitoring Tools Correlation “Did that DoS attack take its target down?”

6 2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting Categorization Group similar event types from different sources Determine event outcomes such as success or failure Add “intelligence” to correlation Done primarily through parsing

7 2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

8 2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting Categorization Practical application –Combine and manage events of similar type RealSecure + Snort = NIDS PIX + SonicWall = Firewall –Use outcomes and correlation to identify significant security events IDS attack + Firewall pass = Big Deal IDS attack + Firewall drop = No Big Deal

9 2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting Threat Modeling Additional data layer designed to provide higher degree of intelligence to event prioritization Typically asset-based (e.g. IP Address) Integrate network scanner results into the security event equation Good data requires lots of discovery and data entry

10 2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

11 2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting Threat Modeling Practical Application –Use asset and vulnerability data to prioritize relevant events Web attack on web server = Medium Priority Attack on vulnerable server/port = High Priority –Note: This is only as useful as your asset data is accurate.

12 2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting Real Life Priority Health uses ArcSight v3 –Security event monitoring –Threshold and pattern based alerting –Case management & reporting –Compliance monitoring and log review NTP or some other form of time synchronization is critical to getting the most out of any SIM/SEM product.

13 2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

14 2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

15 2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

16 2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

17 2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

18 2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

19 2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

20 2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

21 2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

22 2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

23 2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

24 2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

25 2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

26 2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

27 2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

28 2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

29 2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

30 2005 HR Retreat: Employment Teampriority-health.comSecurity Event ManagementFebruary GR ISSA Meeting

31 2005 HR Retreat: Employment Teampriority-health.comSecurity Event Management February GR ISSA Meeting Questions? Paul.Melson@PriorityHealth.com

Download ppt "2005 HR Retreat: Employment Teampriority-health.comSecurity Event Management February GR ISSA Meeting Security Event Management Correlation, Categorization,"

Similar presentations

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.
Intrusion Detection System(IDS) Overview Manglers Gopal Paliwal Gopal Paliwal Roshni Zawar Roshni Zawar SenthilRaja Velu SenthilRaja Velu Sreevathsa Sathyanarayana.

Intrusion Detection System(IDS) Overview Manglers Gopal Paliwal Gopal Paliwal Roshni Zawar Roshni Zawar SenthilRaja Velu SenthilRaja Velu Sreevathsa Sathyanarayana.
Stonesoft Roadmap WHAT FEATURES WILL COME IN 2013-2014.

Stonesoft Roadmap WHAT FEATURES WILL COME IN
SIEM Based Intrusion Detection Jim Beechey May 2010 GSEC, GCIA, GCIH, GCFA, GCWN twitter: jim_beechey.

SIEM Based Intrusion Detection Jim Beechey May 2010 GSEC, GCIA, GCIH, GCFA, GCWN twitter: jim_beechey.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.

Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,

1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,
Cyber Security Discussion Craig D’Abreo – VP Security Operations.

Cyber Security Discussion Craig D’Abreo – VP Security Operations.
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Centralizing and Analyzing Security Events: Deploying Security Information Management Systems Lynn Ray Towson University Copyright Lynn Ray, 2007. This.

Centralizing and Analyzing Security Events: Deploying Security Information Management Systems Lynn Ray Towson University Copyright Lynn Ray, This.
Department Of Computer Engineering

Department Of Computer Engineering
Intrusion Detection System Marmagna Desai [ 520 Presentation]

Intrusion Detection System Marmagna Desai [ 520 Presentation]
EDUCAUSE Security 2006 Internet John Brown University.

EDUCAUSE Security 2006 Internet John Brown University.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.

1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

Similar presentations

Ads by Google