SlideShare una empresa de Scribd logo

SOC/NOC Convergence by Spire Research

A
AccelOps

SANS presentation on SOC/NOC Convergence presented by Spire Security and AccelOps

TecnologíaEmpresariales
1 de 23
The Future of SEM and Log Management “NOC your SOCs Off” Pete Lindstrom, CISSP Research Director Spire Security, LLC www.spiresecurity.com petelind@spiresecurity.com Sponsored by: AccelOps, Inc. © 2009 Spire Security. All rights reserved.
Introducing IT Service Management  ITSM parallels the move towards service-orientation architectures and business.  ITSM incorporates control, administration, and monitoring of the entire infrastructure.  ITSM leverages COBIT, ITIL, and ISO standards. 2 2 © 2009 Spire Security. All rights reserved.
Towards Service Management IT Service Management Increasing levels of abstraction MORE FLEXIBILITY Config, logs, location, context MORE DETAILS Users Data Applications Systems Network Components 3 © 2009 Spire Security. All rights reserved.
Today, silos are common Budget Budget Tools Tools Budget Budget People People Tools Tools Vulnerability Mgt Service Mgt People People Directory Mgt Network Ops Budget Tools Budget Budget People Budget Tools Tools Trust Mgt Tools People People People Identity Mgt Config Mgt Security Ops 4 4 © 2009 Spire Security. All rights reserved.
But we need to increase efficiency Budget Budget Budget Budget Tools Tools Tools Tools People People People People Identity Mgt Directory Mgt Trust Mgt Service Mgt Budget Budget Budget Budget Tools Tools Tools Tools People People People People Network Ops Security Ops Vuln Mgt Config Mgt 5 © 2009 Spire Security. All rights reserved.
…and organize by function Budget Budget Budget Budget Tools Tools Tools Tools People People People People Identity Mgt Directory Mgt Trust Mgt Service Mgt Budget Budget Budget Budget Tools Tools Tools Tools People People People People Network Ops Security Ops Vuln Mgt Config Mgt 6 © 2009 Spire Security. All rights reserved.
From the security side… Identity Management Trust Management -Privileged user management -Managing policies -Identity tracking / integration -Process management -Administrative controls Threat Management Vulnerability Management - Monitoring of security events -Configuration Management -Monitoring of network events -Vuln/Patch Management -Convergence of NOC / SOC -Asset Management 7 7 7 © 2009 Spire Security. All rights reserved.
Why SOC/NOC Convergence  Optimize resources  Align team services and gain operational leverage o Procedures o Controls o Workflows o Reporting  Be more responsive to the business 8 © 2009 Spire Security. All rights reserved.
Parallel Processing Net Ops Center Security Ops Center  Network fault  Network behavior tolerance anomaly detection  Switch/router configuration  Intrusion detection  Sniffing troubleshooting  Log management  Systems  Network monitoring forensics 9 9 © 2009 Spire Security. All rights reserved.
Typical Control Gaps  Network anomalies and system changes (underlying issue, vulnerability)  Identity and location (who and where)  Violation or incident affect on business (diminished means to understand impact) 10 10 © 2009 Spire Security. All rights reserved.
Challenges of SOC/NOC Monitoring  Every incident requires multiple paths and troubleshooting  Different tools across op silos (is all the data available and how related)  Modest correlation across op silos (hinders root-cause, modest collaboration) 11 11 © 2009 Spire Security. All rights reserved.
Choosing Pertinent Tenets  Assessing mandates and best practices  Defining supporting controls o Identifying have’s, have not’s and can not’s o Identifying compensating controls  Documenting o Policy and business value  Review, verification and endorsement o Stakeholders, internal auditors, external auditors  Tasks, tools and controls among SOC/NOC 12 © 2009 Spire Security. All rights reserved.
Considerations for the future  Evaluate and integrate complementary technologies o CMDB, NBA and Network Flow, Directory services, Service-desk?  Converge with SOC o Monitoring changes o Monitoring traffic patterns o Monitoring identity and acceptable use policy o Integrating incident response with service desk 13 13 © 2009 Spire Security. All rights reserved.
Your feedback is essential! Pete Lindstrom petelind@spiresecurity.com Blog: spiresecurity.typepad.com © 2009 Spire Security. All rights reserved.
Better SIEM. Beyond SIEM. May, 2010 © 2010 AccelOps, Inc. - Operationalize Security May, 2010 15 © 2009 Spire Security. All rights reserved.
SIEM Requirements Have Evolved  Users want o Monitor and report against more source attributes o Online data: real-time correlation and long-term analysis o Ongoing, vendor neutral 3rd party device support  In addition o Business service impact and priority o Efficient problem/violation detection and investigation  Sophisticated attacks & discern security from non-security root-cause o Integrated approach for SOC/NOC convergence o Able to justify for budget: security as part of IT service delivery © 2010 AccelOps, Inc. - Operationalize Security May, 2010 16
AccelOps: Better SIEM. Beyond SIEM. Challenges Answers Complex Threats and Environment Limited Monitoring & Reporting Difficult to Scale Out  Single pane of glass – Intelligence at your fingertips Timely Device Support  End-to-end visibility – service, performance, availability, security, change and compliance management  Efficiency – proactive monitoring, expedited root-cause analysis Lack IT Service flexible search/reporting Awareness  Increased uptime and secure delivery of service Budget for  Value – easy to use, implement and scale with rich feature set Isolated Security Tools  Virtual Appliance or SaaS © 2010 AccelOps, Inc. - Operationalize Security May, 2010 17
Cross-Correlated DC/Cloud Monitoring Platform Rich, Powerful Set of Capabilities: SIEM and Beyond Integrated, Cross-correlated IT monitoring functions: quickly root-out security from non-security incidents Configuratio Business Application Network Systems n Security/Log Virtualization Service Performance Management Management Management Management Management Management Management / CMDB Event Identity & Data Center Compliance Management Asset Network Ticketing Location Hardware Automation / Enterprise Management Visualization System Management Management Search Foundation AccelOps Platform Discovery, CMDB, Analytics, Reports, Data Management, Clustering © 2010 AccelOps, Inc. - Operationalize Security May, 2010 18
Comprehensive Security Event Information Management with Customizable Dashboards Readily track security and compliance relevant issues © 2010 AccelOps, Inc. - Operationalize Security May, 2010 19
Automated Compliance Monitoring and Reporting Built-in and extensible rules and reports mapped to compliance standards © 2010 AccelOps, Inc. - Operationalize Security May, 2010 20
Breakdown Operational Silos: Performance, Availability, Security and Change Mgmt. Rapidly see where problems exist via interactive hotspots and alerts – instant drill see where Rapidly through to problems exist via incident details for complete operational KPIs, “who, what,hotpsots and how & why, when, alerts where” details © 2010 AccelOps, Inc. - Operationalize Security May, 2010 21
Advance Service-Oriented Management: Proactive Monitoring and Efficient Root-cause Service-carousel enables IT team to collaborate and respond to service issues Identify issues, problems, root-cause and be able to prioritize based on business service © 2010 AccelOps, Inc. - Operationalize Security May, 2010 22
AccelOps – Integrated Datacenter Monitoring Intelligent. Proactive. Secure  Integrated Datacenter and Cloud Monitoring Solution o Performance & Availability o Security & Compliance o Change Management With a Business Service Perspective  Better SIEM, Beyond SIEM o Single pane of glass: end-to-end visibility o Operational security: enable IT become part of SLA delivery o Operational efficiency: proactive & rapid root-cause analysis (< MTTR) o Increased uptime and service reliability  Implementation flexibility and scale o Virtual Appliance o SaaS AO-VA AO-SaaS © 2010 AccelOps, Inc. - Operationalize Security May, 2010 23

Recomendados

Reducing IT Costs and Improving Security with Purpose Built Network Appliances
Reducing IT Costs and Improving Security with Purpose Built Network AppliancesReducing IT Costs and Improving Security with Purpose Built Network Appliances
Reducing IT Costs and Improving Security with Purpose Built Network AppliancesIBMGovernmentCA
 
Securing Mobile - A Business Centric Approach
Securing Mobile - A Business Centric ApproachSecuring Mobile - A Business Centric Approach
Securing Mobile - A Business Centric ApproachSalahuddin Khawaja
 
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, GiuxIBMSSA
 
Dr. Uwe Jendricke. Kibernetinis saugumas Vokietijos Federacinėje Respublikoje...
Dr. Uwe Jendricke. Kibernetinis saugumas Vokietijos Federacinėje Respublikoje...Dr. Uwe Jendricke. Kibernetinis saugumas Vokietijos Federacinėje Respublikoje...
Dr. Uwe Jendricke. Kibernetinis saugumas Vokietijos Federacinėje Respublikoje...TEO LT, AB
 
Infrastructure Services Market 2009
Infrastructure Services Market 2009Infrastructure Services Market 2009
Infrastructure Services Market 2009Dr. Jimmy Schwarzkopf
 
Sense of security - Virtualisation Security for Regulated Environments
Sense of security - Virtualisation Security for Regulated EnvironmentsSense of security - Virtualisation Security for Regulated Environments
Sense of security - Virtualisation Security for Regulated EnvironmentsJason Edelstein
 
Improving Your Information Security Program
Improving Your Information Security ProgramImproving Your Information Security Program
Improving Your Information Security ProgramSeccuris Inc.
 
Jeffrey Nick
Jeffrey NickJeffrey Nick
Jeffrey Nickguestb8e086
 

Recomendados

Reducing IT Costs and Improving Security with Purpose Built Network Appliances
Reducing IT Costs and Improving Security with Purpose Built Network AppliancesReducing IT Costs and Improving Security with Purpose Built Network Appliances
Reducing IT Costs and Improving Security with Purpose Built Network AppliancesIBMGovernmentCA
 
Securing Mobile - A Business Centric Approach
Securing Mobile - A Business Centric ApproachSecuring Mobile - A Business Centric Approach
Securing Mobile - A Business Centric ApproachSalahuddin Khawaja
 
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, GiuxIBMSSA
 
Dr. Uwe Jendricke. Kibernetinis saugumas Vokietijos Federacinėje Respublikoje...
Dr. Uwe Jendricke. Kibernetinis saugumas Vokietijos Federacinėje Respublikoje...Dr. Uwe Jendricke. Kibernetinis saugumas Vokietijos Federacinėje Respublikoje...
Dr. Uwe Jendricke. Kibernetinis saugumas Vokietijos Federacinėje Respublikoje...TEO LT, AB
 
Infrastructure Services Market 2009
Infrastructure Services Market 2009Infrastructure Services Market 2009
Infrastructure Services Market 2009Dr. Jimmy Schwarzkopf
 
Sense of security - Virtualisation Security for Regulated Environments
Sense of security - Virtualisation Security for Regulated EnvironmentsSense of security - Virtualisation Security for Regulated Environments
Sense of security - Virtualisation Security for Regulated EnvironmentsJason Edelstein
 
Improving Your Information Security Program
Improving Your Information Security ProgramImproving Your Information Security Program
Improving Your Information Security ProgramSeccuris Inc.
 
Jeffrey Nick
Jeffrey NickJeffrey Nick
Jeffrey Nickguestb8e086
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSridhar Karnam
 
SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011 SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011 Andris Soroka
 
Network Monitoring & Alarming
Network Monitoring & Alarming Network Monitoring & Alarming
Network Monitoring & Alarming Anuson K
 
Building a World-Class Proactive Integrated Security and Network Ops Center
Building a World-Class Proactive Integrated Security and Network Ops CenterBuilding a World-Class Proactive Integrated Security and Network Ops Center
Building a World-Class Proactive Integrated Security and Network Ops CenterPriyanka Aash
 
AccelOps &amp; SOC-NOC Convergence
AccelOps &amp; SOC-NOC ConvergenceAccelOps &amp; SOC-NOC Convergence
AccelOps &amp; SOC-NOC ConvergenceStephen Tsuchiyama
 
Noc and soc deck
Noc and soc deckNoc and soc deck
Noc and soc deckkevin_donovan
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Ben Rothke
 
SIEM and SOC
SIEM and SOCSIEM and SOC
SIEM and SOCAbolfazl Naderi
 
Workshop on Identity & Access Management.
Workshop on Identity & Access Management.Workshop on Identity & Access Management.
Workshop on Identity & Access Management.cisoplatform
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:Anton Chuvakin
 
Landscape of Web Identity Management
Landscape of Web Identity ManagementLandscape of Web Identity Management
Landscape of Web Identity ManagementFraunhofer AISEC
 
NIST 800-92 Log Management Guide in the Real World
NIST 800-92 Log Management Guide in the Real WorldNIST 800-92 Log Management Guide in the Real World
NIST 800-92 Log Management Guide in the Real WorldAnton Chuvakin
 
Elastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & KibanaElastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & KibanaSpringPeople
 
Network Operations Center - Marlabs
Network Operations Center - MarlabsNetwork Operations Center - Marlabs
Network Operations Center - MarlabsMarlabs
 
Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationSridhar Karnam
 
NETWORK OPERATION CENTER
NETWORK OPERATION CENTERNETWORK OPERATION CENTER
NETWORK OPERATION CENTERRolando Rodriguez
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Monitoring and Log Management for
Monitoring and Log Management forMonitoring and Log Management for
Monitoring and Log Management forSematext Group, Inc.
 
Image processing Presentation
Image processing PresentationImage processing Presentation
Image processing PresentationValia koonambaikulathamma college of engineering and technology
 
Basics of Image Processing using MATLAB
Basics of Image Processing using MATLABBasics of Image Processing using MATLAB
Basics of Image Processing using MATLABvkn13
 
CDS in Regenstrief's New Gopher CPOE
CDS in Regenstrief's New Gopher CPOECDS in Regenstrief's New Gopher CPOE
CDS in Regenstrief's New Gopher CPOEJon Duke, MD, MS
 
Information Management on Mobile Steroids
Information Management on Mobile SteroidsInformation Management on Mobile Steroids
Information Management on Mobile SteroidsJohn Mancini
 

Más contenido relacionado

Destacado

Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSridhar Karnam
 
SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011 SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011 Andris Soroka
 
Network Monitoring & Alarming
Network Monitoring & Alarming Network Monitoring & Alarming
Network Monitoring & Alarming Anuson K
 
Building a World-Class Proactive Integrated Security and Network Ops Center
Building a World-Class Proactive Integrated Security and Network Ops CenterBuilding a World-Class Proactive Integrated Security and Network Ops Center
Building a World-Class Proactive Integrated Security and Network Ops CenterPriyanka Aash
 
AccelOps &amp; SOC-NOC Convergence
AccelOps &amp; SOC-NOC ConvergenceAccelOps &amp; SOC-NOC Convergence
AccelOps &amp; SOC-NOC ConvergenceStephen Tsuchiyama
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Ben Rothke
 
Workshop on Identity & Access Management.
Workshop on Identity & Access Management.Workshop on Identity & Access Management.
Workshop on Identity & Access Management.cisoplatform
 
Landscape of Web Identity Management
Landscape of Web Identity ManagementLandscape of Web Identity Management
Landscape of Web Identity ManagementFraunhofer AISEC
 
NIST 800-92 Log Management Guide in the Real World
NIST 800-92 Log Management Guide in the Real WorldNIST 800-92 Log Management Guide in the Real World
NIST 800-92 Log Management Guide in the Real WorldAnton Chuvakin
 
Elastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & KibanaElastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & KibanaSpringPeople
 
Network Operations Center - Marlabs
Network Operations Center - MarlabsNetwork Operations Center - Marlabs
Network Operations Center - MarlabsMarlabs
 
Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationSridhar Karnam
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Basics of Image Processing using MATLAB
Basics of Image Processing using MATLABBasics of Image Processing using MATLAB
Basics of Image Processing using MATLABvkn13
 

Destacado (20)

Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWP
 
SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011 SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011
 
Network Monitoring & Alarming
Network Monitoring & Alarming Network Monitoring & Alarming
Network Monitoring & Alarming
 
Building a World-Class Proactive Integrated Security and Network Ops Center
Building a World-Class Proactive Integrated Security and Network Ops CenterBuilding a World-Class Proactive Integrated Security and Network Ops Center
Building a World-Class Proactive Integrated Security and Network Ops Center
 
AccelOps &amp; SOC-NOC Convergence
AccelOps &amp; SOC-NOC ConvergenceAccelOps &amp; SOC-NOC Convergence
AccelOps &amp; SOC-NOC Convergence
 
Noc and soc deck
Noc and soc deckNoc and soc deck
Noc and soc deck
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
 
SIEM and SOC
SIEM and SOCSIEM and SOC
SIEM and SOC
 
Workshop on Identity & Access Management.
Workshop on Identity & Access Management.Workshop on Identity & Access Management.
Workshop on Identity & Access Management.
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:
 
Landscape of Web Identity Management
Landscape of Web Identity ManagementLandscape of Web Identity Management
Landscape of Web Identity Management
 
NIST 800-92 Log Management Guide in the Real World
NIST 800-92 Log Management Guide in the Real WorldNIST 800-92 Log Management Guide in the Real World
NIST 800-92 Log Management Guide in the Real World
 
Elastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & KibanaElastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & Kibana
 
Network Operations Center - Marlabs
Network Operations Center - MarlabsNetwork Operations Center - Marlabs
Network Operations Center - Marlabs
 
Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integration
 
NETWORK OPERATION CENTER
NETWORK OPERATION CENTERNETWORK OPERATION CENTER
NETWORK OPERATION CENTER
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Monitoring and Log Management for
Monitoring and Log Management forMonitoring and Log Management for
Monitoring and Log Management for
 
Image processing Presentation
Image processing PresentationImage processing Presentation
Image processing Presentation
 
Basics of Image Processing using MATLAB
Basics of Image Processing using MATLABBasics of Image Processing using MATLAB
Basics of Image Processing using MATLAB
 

Similar a SOC/NOC Convergence by Spire Research

CDS in Regenstrief's New Gopher CPOE
CDS in Regenstrief's New Gopher CPOECDS in Regenstrief's New Gopher CPOE
CDS in Regenstrief's New Gopher CPOEJon Duke, MD, MS
 
Information Management on Mobile Steroids
Information Management on Mobile SteroidsInformation Management on Mobile Steroids
Information Management on Mobile SteroidsJohn Mancini
 
Managing the Data Center with JBoss SOA-P
Managing the Data Center with JBoss SOA-PManaging the Data Center with JBoss SOA-P
Managing the Data Center with JBoss SOA-PColloquium
 
SmartData - Monetizing Data Assets
SmartData - Monetizing Data AssetsSmartData - Monetizing Data Assets
SmartData - Monetizing Data AssetsEd Dodds
 
Строим сообщество ( или общество единомышленников ) в Интернете . Web -2 нам ...
Строим сообщество ( или общество единомышленников ) в Интернете . Web -2 нам ...Строим сообщество ( или общество единомышленников ) в Интернете . Web -2 нам ...
Строим сообщество ( или общество единомышленников ) в Интернете . Web -2 нам ...Dmitry Tseitlin
 
Summary HIMSS Preparation Briefing
Summary HIMSS Preparation BriefingSummary HIMSS Preparation Briefing
Summary HIMSS Preparation BriefingPaul Woudstra
 
Tech editors conf tucker yen-jacoby revised final for may 24 2012
Tech editors conf tucker yen-jacoby revised final for may 24 2012Tech editors conf tucker yen-jacoby revised final for may 24 2012
Tech editors conf tucker yen-jacoby revised final for may 24 2012Cisco Public Relations
 
Security Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To ConsumeSecurity Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To ConsumeJeff Johnson
 
IBM Rational - Från skriptbaserad ALM till "ALM as a Service" och ALM i Cloud...
IBM Rational - Från skriptbaserad ALM till "ALM as a Service" och ALM i Cloud...IBM Rational - Från skriptbaserad ALM till "ALM as a Service" och ALM i Cloud...
IBM Rational - Från skriptbaserad ALM till "ALM as a Service" och ALM i Cloud...IBM Sverige
 
When where why cloud
When where why cloudWhen where why cloud
When where why cloudreshmaroberts
 
When Where Why Cloud
When Where Why CloudWhen Where Why Cloud
When Where Why Cloudreshmaroberts
 
What is an information professional?
What is an information professional?What is an information professional?
What is an information professional?John Mancini
 
How can social technologies be used to drive processes and innovation?
How can social technologies be used to drive processes and innovation?How can social technologies be used to drive processes and innovation?
How can social technologies be used to drive processes and innovation?John Mancini
 
Bull Open Source Feedback OW2con11, Nov 24-25, Paris
Bull Open Source Feedback OW2con11, Nov 24-25, ParisBull Open Source Feedback OW2con11, Nov 24-25, Paris
Bull Open Source Feedback OW2con11, Nov 24-25, ParisOW2
 
Scala in our BRMS
Scala in our BRMSScala in our BRMS
Scala in our BRMSscalaconfjp
 
Agile BI : meeting the best of both worlds from departmental and enterprise BI
Agile BI : meeting the best of both worlds from departmental and enterprise BIAgile BI : meeting the best of both worlds from departmental and enterprise BI
Agile BI : meeting the best of both worlds from departmental and enterprise BIJean-Michel Franco
 

Similar a SOC/NOC Convergence by Spire Research (20)

CDS in Regenstrief's New Gopher CPOE
CDS in Regenstrief's New Gopher CPOECDS in Regenstrief's New Gopher CPOE
CDS in Regenstrief's New Gopher CPOE
 
Information Management on Mobile Steroids
Information Management on Mobile SteroidsInformation Management on Mobile Steroids
Information Management on Mobile Steroids
 
Managing the Data Center with JBoss SOA-P
Managing the Data Center with JBoss SOA-PManaging the Data Center with JBoss SOA-P
Managing the Data Center with JBoss SOA-P
 
SmartData - Monetizing Data Assets
SmartData - Monetizing Data AssetsSmartData - Monetizing Data Assets
SmartData - Monetizing Data Assets
 
How to succeed in the cloud
How to succeed in the cloudHow to succeed in the cloud
How to succeed in the cloud
 
Infor EAM ASE
Infor EAM ASEInfor EAM ASE
Infor EAM ASE
 
Строим сообщество ( или общество единомышленников ) в Интернете . Web -2 нам ...
Строим сообщество ( или общество единомышленников ) в Интернете . Web -2 нам ...Строим сообщество ( или общество единомышленников ) в Интернете . Web -2 нам ...
Строим сообщество ( или общество единомышленников ) в Интернете . Web -2 нам ...
 
Summary HIMSS Preparation Briefing
Summary HIMSS Preparation BriefingSummary HIMSS Preparation Briefing
Summary HIMSS Preparation Briefing
 
Tech editors conf tucker yen-jacoby revised final for may 24 2012
Tech editors conf tucker yen-jacoby revised final for may 24 2012Tech editors conf tucker yen-jacoby revised final for may 24 2012
Tech editors conf tucker yen-jacoby revised final for may 24 2012
 
Security Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To ConsumeSecurity Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To Consume
 
CeBIT-Preview Hamburg
CeBIT-Preview HamburgCeBIT-Preview Hamburg
CeBIT-Preview Hamburg
 
Preventing CRM failures
Preventing CRM failuresPreventing CRM failures
Preventing CRM failures
 
IBM Rational - Från skriptbaserad ALM till "ALM as a Service" och ALM i Cloud...
IBM Rational - Från skriptbaserad ALM till "ALM as a Service" och ALM i Cloud...IBM Rational - Från skriptbaserad ALM till "ALM as a Service" och ALM i Cloud...
IBM Rational - Från skriptbaserad ALM till "ALM as a Service" och ALM i Cloud...
 
When where why cloud
When where why cloudWhen where why cloud
When where why cloud
 
When Where Why Cloud
When Where Why CloudWhen Where Why Cloud
When Where Why Cloud
 
What is an information professional?
What is an information professional?What is an information professional?
What is an information professional?
 
How can social technologies be used to drive processes and innovation?
How can social technologies be used to drive processes and innovation?How can social technologies be used to drive processes and innovation?
How can social technologies be used to drive processes and innovation?
 
Bull Open Source Feedback OW2con11, Nov 24-25, Paris
Bull Open Source Feedback OW2con11, Nov 24-25, ParisBull Open Source Feedback OW2con11, Nov 24-25, Paris
Bull Open Source Feedback OW2con11, Nov 24-25, Paris
 
Scala in our BRMS
Scala in our BRMSScala in our BRMS
Scala in our BRMS
 
Agile BI : meeting the best of both worlds from departmental and enterprise BI
Agile BI : meeting the best of both worlds from departmental and enterprise BIAgile BI : meeting the best of both worlds from departmental and enterprise BI
Agile BI : meeting the best of both worlds from departmental and enterprise BI
 

Último

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Último (20)

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

SOC/NOC Convergence by Spire Research

  • 1. The Future of SEM and Log Management “NOC your SOCs Off” Pete Lindstrom, CISSP Research Director Spire Security, LLC www.spiresecurity.com petelind@spiresecurity.com Sponsored by: AccelOps, Inc. © 2009 Spire Security. All rights reserved.
  • 2. Introducing IT Service Management  ITSM parallels the move towards service-orientation architectures and business.  ITSM incorporates control, administration, and monitoring of the entire infrastructure.  ITSM leverages COBIT, ITIL, and ISO standards. 2 2 © 2009 Spire Security. All rights reserved.
  • 3. Towards Service Management IT Service Management Increasing levels of abstraction MORE FLEXIBILITY Config, logs, location, context MORE DETAILS Users Data Applications Systems Network Components 3 © 2009 Spire Security. All rights reserved.
  • 4. Today, silos are common Budget Budget Tools Tools Budget Budget People People Tools Tools Vulnerability Mgt Service Mgt People People Directory Mgt Network Ops Budget Tools Budget Budget People Budget Tools Tools Trust Mgt Tools People People People Identity Mgt Config Mgt Security Ops 4 4 © 2009 Spire Security. All rights reserved.
  • 5. But we need to increase efficiency Budget Budget Budget Budget Tools Tools Tools Tools People People People People Identity Mgt Directory Mgt Trust Mgt Service Mgt Budget Budget Budget Budget Tools Tools Tools Tools People People People People Network Ops Security Ops Vuln Mgt Config Mgt 5 © 2009 Spire Security. All rights reserved.
  • 6. …and organize by function Budget Budget Budget Budget Tools Tools Tools Tools People People People People Identity Mgt Directory Mgt Trust Mgt Service Mgt Budget Budget Budget Budget Tools Tools Tools Tools People People People People Network Ops Security Ops Vuln Mgt Config Mgt 6 © 2009 Spire Security. All rights reserved.
  • 7. From the security side… Identity Management Trust Management -Privileged user management -Managing policies -Identity tracking / integration -Process management -Administrative controls Threat Management Vulnerability Management - Monitoring of security events -Configuration Management -Monitoring of network events -Vuln/Patch Management -Convergence of NOC / SOC -Asset Management 7 7 7 © 2009 Spire Security. All rights reserved.
  • 8. Why SOC/NOC Convergence  Optimize resources  Align team services and gain operational leverage o Procedures o Controls o Workflows o Reporting  Be more responsive to the business 8 © 2009 Spire Security. All rights reserved.
  • 9. Parallel Processing Net Ops Center Security Ops Center  Network fault  Network behavior tolerance anomaly detection  Switch/router configuration  Intrusion detection  Sniffing troubleshooting  Log management  Systems  Network monitoring forensics 9 9 © 2009 Spire Security. All rights reserved.
  • 10. Typical Control Gaps  Network anomalies and system changes (underlying issue, vulnerability)  Identity and location (who and where)  Violation or incident affect on business (diminished means to understand impact) 10 10 © 2009 Spire Security. All rights reserved.
  • 11. Challenges of SOC/NOC Monitoring  Every incident requires multiple paths and troubleshooting  Different tools across op silos (is all the data available and how related)  Modest correlation across op silos (hinders root-cause, modest collaboration) 11 11 © 2009 Spire Security. All rights reserved.
  • 12. Choosing Pertinent Tenets  Assessing mandates and best practices  Defining supporting controls o Identifying have’s, have not’s and can not’s o Identifying compensating controls  Documenting o Policy and business value  Review, verification and endorsement o Stakeholders, internal auditors, external auditors  Tasks, tools and controls among SOC/NOC 12 © 2009 Spire Security. All rights reserved.
  • 13. Considerations for the future  Evaluate and integrate complementary technologies o CMDB, NBA and Network Flow, Directory services, Service-desk?  Converge with SOC o Monitoring changes o Monitoring traffic patterns o Monitoring identity and acceptable use policy o Integrating incident response with service desk 13 13 © 2009 Spire Security. All rights reserved.
  • 14. Your feedback is essential! Pete Lindstrom petelind@spiresecurity.com Blog: spiresecurity.typepad.com © 2009 Spire Security. All rights reserved.
  • 15. Better SIEM. Beyond SIEM. May, 2010 © 2010 AccelOps, Inc. - Operationalize Security May, 2010 15 © 2009 Spire Security. All rights reserved.
  • 16. SIEM Requirements Have Evolved  Users want o Monitor and report against more source attributes o Online data: real-time correlation and long-term analysis o Ongoing, vendor neutral 3rd party device support  In addition o Business service impact and priority o Efficient problem/violation detection and investigation  Sophisticated attacks & discern security from non-security root-cause o Integrated approach for SOC/NOC convergence o Able to justify for budget: security as part of IT service delivery © 2010 AccelOps, Inc. - Operationalize Security May, 2010 16
  • 17. AccelOps: Better SIEM. Beyond SIEM. Challenges Answers Complex Threats and Environment Limited Monitoring & Reporting Difficult to Scale Out  Single pane of glass – Intelligence at your fingertips Timely Device Support  End-to-end visibility – service, performance, availability, security, change and compliance management  Efficiency – proactive monitoring, expedited root-cause analysis Lack IT Service flexible search/reporting Awareness  Increased uptime and secure delivery of service Budget for  Value – easy to use, implement and scale with rich feature set Isolated Security Tools  Virtual Appliance or SaaS © 2010 AccelOps, Inc. - Operationalize Security May, 2010 17
  • 18. Cross-Correlated DC/Cloud Monitoring Platform Rich, Powerful Set of Capabilities: SIEM and Beyond Integrated, Cross-correlated IT monitoring functions: quickly root-out security from non-security incidents Configuratio Business Application Network Systems n Security/Log Virtualization Service Performance Management Management Management Management Management Management Management / CMDB Event Identity & Data Center Compliance Management Asset Network Ticketing Location Hardware Automation / Enterprise Management Visualization System Management Management Search Foundation AccelOps Platform Discovery, CMDB, Analytics, Reports, Data Management, Clustering © 2010 AccelOps, Inc. - Operationalize Security May, 2010 18
  • 19. Comprehensive Security Event Information Management with Customizable Dashboards Readily track security and compliance relevant issues © 2010 AccelOps, Inc. - Operationalize Security May, 2010 19
  • 20. Automated Compliance Monitoring and Reporting Built-in and extensible rules and reports mapped to compliance standards © 2010 AccelOps, Inc. - Operationalize Security May, 2010 20
  • 21. Breakdown Operational Silos: Performance, Availability, Security and Change Mgmt. Rapidly see where problems exist via interactive hotspots and alerts – instant drill see where Rapidly through to problems exist via incident details for complete operational KPIs, “who, what,hotpsots and how & why, when, alerts where” details © 2010 AccelOps, Inc. - Operationalize Security May, 2010 21
  • 22. Advance Service-Oriented Management: Proactive Monitoring and Efficient Root-cause Service-carousel enables IT team to collaborate and respond to service issues Identify issues, problems, root-cause and be able to prioritize based on business service © 2010 AccelOps, Inc. - Operationalize Security May, 2010 22
  • 23. AccelOps – Integrated Datacenter Monitoring Intelligent. Proactive. Secure  Integrated Datacenter and Cloud Monitoring Solution o Performance & Availability o Security & Compliance o Change Management With a Business Service Perspective  Better SIEM, Beyond SIEM o Single pane of glass: end-to-end visibility o Operational security: enable IT become part of SLA delivery o Operational efficiency: proactive & rapid root-cause analysis (< MTTR) o Increased uptime and service reliability  Implementation flexibility and scale o Virtual Appliance o SaaS AO-VA AO-SaaS © 2010 AccelOps, Inc. - Operationalize Security May, 2010 23