nren siem deployment project
play

NREN SIEM Deployment Project Speakers: Alex Dow, Barb Carra, Jill - PowerPoint PPT Presentation

Conference 2018 Conference 2018 NREN SIEM Deployment Project Speakers: Alex Dow, Barb Carra, Jill Kowalchuk, Todd Williams and Ivor MacKay Speakers Alex Dow, Consultant Mirai Security Barb Carra, Chief Operating Officer Cybera Jill


  1. Conference 2018 Conference 2018 NREN SIEM Deployment Project Speakers: Alex Dow, Barb Carra, Jill Kowalchuk, Todd Williams and Ivor MacKay

  2. Speakers Alex Dow, Consultant Mirai Security Barb Carra, Chief Operating Officer Cybera Jill Kowalchuk, NREN Coordination Manager CANARIE Inc. Todd Williams, Executive Director ACORN Ivor MacKay, Manager, Information Technology BCNET 2 Conference 2018

  3. Agenda 1. Background and terminology a. What is SIEM (Security Information and Event Management). Why is it important to cybersecurity? b. What is the NREN? 2. NREN SIEM Deployment Project a. Background on how the project came about; i. why the NREN is interested in security; ii. why the SIEM project was chosen. b. Description of the first phase of the project; c. Description of second phase; d. Future considerations; 6 Conference 2018

  4. Agenda cont’d 3. How is Cybera approaching the SIEM Project? 4. How is ACORN-NS approaching the SIEM project? 5. How is BCNET approaching the SIEM project? 6. Q&A 7. Workshop On SIEM Thursday 9:00 am 3 Conference 2018

  5. Background and Terminology What is SIEM (Security Information and Event Management) why is it important to cybersecurity? Data Sources Collection Analytics Consumption Syslog Security Analyst WMI/SMB Normalization & Enrichment Indexing File Asset/Network Models, DNS, GeoIP, Vuln Database, etc Transport ODBC API Caching, encryption, compression, bandwidth management 5 Conference 2018

  6. NREN SIEM Deployment Project Jill Kowalchuk, NREN Coordination Manager | BCNET Conference | April 24, 2018 canarie.ca | @ canarie_inc

  7. The NREN connects Canada’s research, education, and innovation communities via ultra high-speed (up to 100G) networks. canarie.ca | @canarie_inc 7

  8. The NREN makes access to global research instruments and vast data stores seamless so that distance is irrelevant. • Genomics Databases • 30 Meter Telescope • Neptune 2.0 • Large Hadron Collider • Worldwide sensor • Canadian Light Source networks canarie.ca | @canarie_inc 8

  9. How does the NREN operate? Governed and managed by: NREN Governance Committee (presidents of the provincial and territorial networks and of the federal partner, CANARIE) Initiatives guided by: NREN Strategic Plan (priority projects that evolve the NREN and maximize its value for stakeholders) canarie.ca | @canarie_inc 9

  10. NREN Security canarie.ca | @canarie_inc 10

  11. Security Information and Event Management (SIEM) Deployment Project People Process Technology canarie.ca | @canarie_inc 11

  12. SIEM Deployment Project Internet NREN Operational SIEM SIEM RAN(s) Alarms Infrastructure SIEM Console SIEM Monitored Admin SIEM Log IT Security Logs Collectors Skills & Training RAN(s) Network IT Security Event Response RAN End-User Member(s) Institutions canarie.ca | @canarie_inc 12

  13. SIEM Deployment Project & Institutions Internet NREN Operational SIEM SIEM RAN(s) Alarms Infrastructure SIEM Console SIEM Monitored Admin SIEM Log IT Security Logs Collectors Skills & Training RAN(s) Network IT Security Event Response RAN Monitored End-User Logs Member(s) Institutions canarie.ca | @canarie_inc 13

  14. Future Considerations Imag Image e source: e: https://gbhac acker ers.com canarie.ca | @canarie_inc 14

  15. canarie.ca | @ canarie_inc

  16. The Other Regional Network Approaches How is Cybera approaching the SIEM Project? § § How is ACORN-NS approaching the SIEM project? § How is BCNET approaching the SIEM project? 3 Conference 2018

  17. Q & A Conference 2018

  18. Workshop On SIEM Thursday 9:00 am Conference 2018

Recommend


More recommend