Conference 2018 Conference 2018 NREN SIEM Deployment Project Speakers: Alex Dow, Barb Carra, Jill Kowalchuk, Todd Williams and Ivor MacKay
Speakers Alex Dow, Consultant Mirai Security Barb Carra, Chief Operating Officer Cybera Jill Kowalchuk, NREN Coordination Manager CANARIE Inc. Todd Williams, Executive Director ACORN Ivor MacKay, Manager, Information Technology BCNET 2 Conference 2018
Agenda 1. Background and terminology a. What is SIEM (Security Information and Event Management). Why is it important to cybersecurity? b. What is the NREN? 2. NREN SIEM Deployment Project a. Background on how the project came about; i. why the NREN is interested in security; ii. why the SIEM project was chosen. b. Description of the first phase of the project; c. Description of second phase; d. Future considerations; 6 Conference 2018
Agenda cont’d 3. How is Cybera approaching the SIEM Project? 4. How is ACORN-NS approaching the SIEM project? 5. How is BCNET approaching the SIEM project? 6. Q&A 7. Workshop On SIEM Thursday 9:00 am 3 Conference 2018
Background and Terminology What is SIEM (Security Information and Event Management) why is it important to cybersecurity? Data Sources Collection Analytics Consumption Syslog Security Analyst WMI/SMB Normalization & Enrichment Indexing File Asset/Network Models, DNS, GeoIP, Vuln Database, etc Transport ODBC API Caching, encryption, compression, bandwidth management 5 Conference 2018
NREN SIEM Deployment Project Jill Kowalchuk, NREN Coordination Manager | BCNET Conference | April 24, 2018 canarie.ca | @ canarie_inc
The NREN connects Canada’s research, education, and innovation communities via ultra high-speed (up to 100G) networks. canarie.ca | @canarie_inc 7
The NREN makes access to global research instruments and vast data stores seamless so that distance is irrelevant. • Genomics Databases • 30 Meter Telescope • Neptune 2.0 • Large Hadron Collider • Worldwide sensor • Canadian Light Source networks canarie.ca | @canarie_inc 8
How does the NREN operate? Governed and managed by: NREN Governance Committee (presidents of the provincial and territorial networks and of the federal partner, CANARIE) Initiatives guided by: NREN Strategic Plan (priority projects that evolve the NREN and maximize its value for stakeholders) canarie.ca | @canarie_inc 9
NREN Security canarie.ca | @canarie_inc 10
Security Information and Event Management (SIEM) Deployment Project People Process Technology canarie.ca | @canarie_inc 11
SIEM Deployment Project Internet NREN Operational SIEM SIEM RAN(s) Alarms Infrastructure SIEM Console SIEM Monitored Admin SIEM Log IT Security Logs Collectors Skills & Training RAN(s) Network IT Security Event Response RAN End-User Member(s) Institutions canarie.ca | @canarie_inc 12
SIEM Deployment Project & Institutions Internet NREN Operational SIEM SIEM RAN(s) Alarms Infrastructure SIEM Console SIEM Monitored Admin SIEM Log IT Security Logs Collectors Skills & Training RAN(s) Network IT Security Event Response RAN Monitored End-User Logs Member(s) Institutions canarie.ca | @canarie_inc 13
Future Considerations Imag Image e source: e: https://gbhac acker ers.com canarie.ca | @canarie_inc 14
canarie.ca | @ canarie_inc
The Other Regional Network Approaches How is Cybera approaching the SIEM Project? § § How is ACORN-NS approaching the SIEM project? § How is BCNET approaching the SIEM project? 3 Conference 2018
Q & A Conference 2018
Workshop On SIEM Thursday 9:00 am Conference 2018
Recommend
More recommend