Management of Security Information and Events in Future Internet

Similar documents
PRIVACY IMPLICATIONS FOR NEXT GENERATION SIEMs AND OTHER META-SYSTEMS

MASSIF: A Promising Solution to Enhance Olympic Games IT Security

Enhancing Security and Trustworthiness with Next-Generation Security Information and Event Management

Security Issues in Cloud Computing

CAPABILITY STATEMENT

Trust areas: a security paradigm for the Future Internet

Unified Threat Management, Managed Security, and the Cloud Services Model

TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6. TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4

Chapter 11 Cloud Application Development

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

CHAPTER 8 CLOUD COMPUTING

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

Using MASSIF to Protect a Critical Infrastructure: Dam Use Case

Table of Contents. Abstract... Error! Bookmark not defined. Chapter 1... Error! Bookmark not defined. 1. Introduction... Error! Bookmark not defined.

Offer Highly Available SAAS Solutions with Huawei. Huang Li Executive Vice President of isoftstone

Managing Cloud Computing Risk

Cloud Computing Technology

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

A Resilient Protection Device for SIEM Systems

Cloud and Regulations: A match made in heaven, or the worst blind date ever?

Chapter 2: Transparent Computing and Cloud Computing. Contents of the lecture

Thales Communications Perspectives to the Future Internet 2 nd June Luxembourg

Clavister InSight TM. Protecting Values

Securing the Cloud with IBM Security Systems. IBM Security Systems IBM Corporation IBM IBM Corporation Corporation

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

IBM EXAM QUESTIONS & ANSWERS

A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining Privacy in Multi-Cloud Environments

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Optimizing Service Levels in Public Cloud Deployments

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

Vortex White Paper. Simplifying Real-time Information Integration in Industrial Internet of Things (IIoT) Control Systems

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

The Advantages of Security as a Service versus On-Premise Security

Performance Evaluation of Intrusion Detection Systems

Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.

Public, Private, Hybrid:

Solution for Virtualization to Ensure Optimal Network Security Environment

State of Security Monitoring of Public Cloud

Essential Characteristics of Cloud Computing: On-Demand Self-Service Rapid Elasticity Location Independence Resource Pooling Measured Service

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

CALNET 3 Category 7 Network Based Management Security. Table of Contents

Module 1: Facilitated e-learning

Enterprise Application Enablement for the Internet of Things

Security and Reliability Requirements for Advanced Security Event Management

THE BLUENOSE SECURITY FRAMEWORK

Topics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted.

The Education Fellowship Finance Centralisation IT Security Strategy

Federal Aviation Administration. efast. Cloud Computing Services. 25 October Federal Aviation Administration

Abstract 1. INTRODUCTION

The Private Cloud Your Controlled Access Infrastructure

Keyword: Cloud computing, service model, deployment model, network layer security.

Gabriel Coimbra Research & Consulting Director IDC Portugal. Porto, 29 de Maio

Planning in Transport and Logistics Future Internet Solutions for Improved Integration and Collaboration

Why Private Cloud? Nenad BUNCIC VPSI 29-JUNE-2015 EPFL, SI-EXHEB

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide

Chapter 1: Introduction

Cloud Computing; What is it, How long has it been here, and Where is it going?

Seamless ICT Infrastructure Security.

Product Factsheet MANAGED SECURITY SERVICES - FIREWALLS - FACT SHEET

VPN. Date: 4/15/2004 By: Heena Patel

A Model-based Methodology for Developing Secure VoIP Systems

Cloud Computing, and REST-based Architectures Reid Holmes

GOOD PRACTICE GUIDE 13 (GPG13)

Payment Card Industry Data Security Standard

Cisco Remote Management Services for Security

Web Application Hosting Cloud Architecture

1.1.1 Introduction to Cloud Computing

Implementing Cisco IOS Network Security

NCTA Cloud Architecture

Grid Computing Vs. Cloud Computing

Security of Cloud Computing for the Power Grid

DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing WHAT IS CLOUD COMPUTING? 2

Cloud Computing Security Issues And Methods to Overcome

Plant Software in the Cloud Fact vs. Myth

Security Coordination with IF-MAP

Cyberoam Perspective BFSI Security Guidelines. Overview

Network Security Administrator

Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA

The Internet of ANYthing

Cisco Advanced Services for Network Security

Four Top Emagined Security Services

Enabling the SmartGrid through Cloud Computing

Building More Reliable Cloud Services The CUMULUS Project

CLOUD COMPUTING IN RURAL EDUCATIONAL SECTOR:ENLIGHTENING BENEFITS AND CHALLENGES

Steve Lusk Alex Amirnovin Tim Collins

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

Injazat s Managed Services Portfolio

How To Protect Your Cloud From Attack

IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011

Secure Cloud Computing


Learning Management Redefined. Acadox Infrastructure & Architecture

Fundamental Concepts and Models

The High Availability and Resiliency of the Pertino Cloud Network Engine

A HELPING HAND TO PROTECT YOUR REPUTATION

Agenda. Understanding of Firewall s definition and Categorization. Understanding of Firewall s Deployment Architectures

Swisscom Cloud. Building a secure cloud. SIGS, Christof Jungo

Information Technology Policy

Transcription:

Management of Security Information and Events in Future Internet Who? Andrew Hutchison 1 Roland Rieke 2 From? 1 T-Systems South Africa 2 Fraunhofer Institute for Secure Information Technology SIT When? CS-GA 2011

Overview Changes and developments Vision Challenges Solutions and implied RTD needs Management of Security Information and Events (SIEM) in Future Internet (FI) New opportunities & new risks Security, resilience, privacy Current and future research

Security Information and Event Management Systems Product oriented view SIEM technology provides real-time analysis of security alerts generated by network hardware and applications. SIEM solutions come as software, appliances or managed services, and are also used to log security data and generate reports for compliance purposes. (Wikipedia, May 2011)

Systems Come in Threes!... a judgemental system, is involved in determining whether any particular activity (or inactivity) of a system in a given environment constitutes or would constitute - from its viewpoint - a failure. (Brian Randell, IFIP WG 10.4, Guadeloupe, 2007) judgemental system system environment

Changes and developments Future Internet (FI) is driving a complete re-think of the paradigm whereby organisations deploy and manage their own services and infrastructure *National Institute of Standards and Technology (NIST) Service Models Deployment Models customers Cloud applications SaaS Cloud platforms PaaS Public Clouds: Resources and Services from the Internet App Hybrid Clouds: The best of both worlds Private Clouds: Resources and Community services from secure Clouds: sources Platfor groups Characteristics m * self services access Infrastructu Rapid elasticity service re Source: T-Systems Fro special interest Cloud infrastructures Broad IaaS On demand network Services get outsourced into clouds Measured Resource pooling Infrastructures evolve hybrid - real & virtual & spread across administrative domains and physical sites

Changes and developments Cyber-physical Systems of Systems (SoS) get connected to the Internet Smart Grid IoT Car-to-X Use of meshed wireless communication structures > physical actuators get in reach of attackers Source: MASSIF project (Epsilon)

Vision Services & infrastructure in clouds leads to deployment of SIEM in clouds Internet Cloud Mail Content Management: SOC e.g. Anti-Virus, Anti-Spam Router Mail Relay Firewall & IPS Internet Gateway Firewall & IPS Firewall & IPS Internet Gateway Router Remote Proxy Server Internet Content Authentication Management: Server e.g. URL Filtering Security Operations Centre Monitoring Event Vulnerability Correlator Analysis Local Authentication Server Security Update Repository HIPS Anti-Virus Anti-Spyware Disk Encryption Campus/Remote Site Firewall & Firewall & IPS Identity IPS Servers Mail Server Management Site Router Data Centre Router HIPS Security Anti-Virus Management Anti-Virus Anti-Spam Anti-Spyware Data Centre Source: T-Systems Managed SIEM Today, multiple sources are collected centrally within the realm of the provider organisation

Vision Services & infrastructure in clouds leads to deployment of SIEM in clouds Source: T-Systems Future SIEM Scalable, inter-organisational, cross-level

Vision New opportunities Inter-organisational analyses are possible Adaptive countermeasures SaaS PaaS IaaS and new Risks Privacy and integrity of the events of any particular company Virtualisation layers introduce new vulnerabilities IoT enables new remote attacks against critical services & infrastructures

Vision New opportunities Inter-organisational analyses are possible Adaptive countermeasures SaaS PaaS IaaS and new Risks Privacy and integrity of the events of any particular company Virtualisation layers introduce new vulnerabilities IoT enables new remote attacks against critical services & infrastructures

Vision New SIEM deployment entails different thinking about the revenue model Source: T-Systems

Challenges Security, resilience, privacy Security for cloud applications & service infrastructures Intrusion tolerance, self-protection and self-healing QoS guarantees to ensure reliable and timeous arrival of security event information from the sensors The debate on Internet net-neutrality could also refer here since there could be a case for expediting control traffic such as SIEM event feeds New cryptographic techniques enabling processing of data in a privacy-preserving manner

Challenges High-level situational security awareness Application Attacker SaaS PaaS IaaS SIEM reasoning Resource Provide cross-layer, cross-domain security information given that the cloud hides technical delivery of the service from the SIEM provider (typically increasing for higher level services) SIEM needs limited transparency

Challenges High-level situational security awareness Application Attacker SaaS PaaS IaaS SIEM reasoning Resource Provide cross-layer, cross-domain security information given that the cloud hides technical delivery of the service from the SIEM provider (typically increasing for higher level services) SIEM needs limited transparency

Challenges Adaptive response Security Event Abstraction Process Model Attack Model Predictive analysis of upcoming security problems given that customers have no insights on risk mitigation mechanisms of cloud providers and overall status Anticipatory impact analysis & decision support Technical but also legal challenges

Solutions and implied RTD needs Resilient, trust-enabling SIEM architecture Unforgeability provisions Authenticated component event reporting Information flow defense Trustworthy event collection Trusted collection of security-relevant data from highly heterogeneous trusted networked devices (IoT) Resilient Internet-based backbone communication

Solutions and implied RTD needs Scalable security situation assessment Service Infrastructure SOI Events Network Devices Service Infrastructure SOI Logs Authentication Devices Authentication Events Security Devices Network Events Security Events Event Collection Event Processing Engine Event Correlation Languages External Language Events Internal Language Events Alarms Scalable distribution of acquisition & parallel processing Seamless function splitting core engines/edge collectors Parallel data streaming to SIEM in clouds Multi-level, multi-domain security event processing

Solutions and implied RTD needs Cross-layer reasoning & mitigation Predictive Alerts Countermeasure Evaluation Process Simulation Engine Attack Simulation Engine Multi-level security event modelling aims at a holistic solution to protect service infrastructures of FI Predictive security monitoring enables to fight attacks proactively by predicting their future actions Adaptive configuration of policies & countermeasures

A platform around which these thoughts are crystallizing! Multi-domain parallel-running processes Olympic Games Highly-scalable, dependable and multi-level event collection Predictive security analysis Multi-level security event modeling Alert and reaction generation Trustworthy event collection Actions and Countermeasures Languages Mobile money transfer service EVENTS POLICIES RELATIONS REACTIONS Security analysis and notification CI Process Control (Dam) Multi-level event correlation Process and attack simulation Resilient framework architecture Security-aware processes Managed Enterprise Service Infrastructures Event and Information Collection Event, Process Models and Attack Models Scenarios Prototypes Resilient event processing and integration Advanced SIEM Framework www.massif-project.eu

Conclusions Changes and developments Vision Challenges Solutions and implied RTD needs FI is driving a complete re-think of the paradigm whereby organisations deploy and manage their own services and infrastructure Cyber-physical SoS get connected to the Internet Services & infrastructure in clouds leads to deployment of SIEM in clouds New opportunities and revenue models & new risks Security, resilience, privacy High-level situational security awareness Adaptive response Resilient, trust-enabling SIEM architecture Scalable security situation assessment Cross-layer reasoning & mitigation judgemental system system environment

Landscape of European Security Projects Source: Frances Cleary (EFFECTS+ project)

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information