• Save
SOC/NOC Convergence by Spire Research
Upcoming SlideShare
Loading in...5
×
 

SOC/NOC Convergence by Spire Research

on

  • 1,702 views

SANS presentation on SOC/NOC Convergence presented by Spire Security and AccelOps

SANS presentation on SOC/NOC Convergence presented by Spire Security and AccelOps

Statistics

Views

Total Views
1,702
Views on SlideShare
1,701
Embed Views
1

Actions

Likes
0
Downloads
0
Comments
1

1 Embed 1

http://www.docshut.com 1

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

11 of 1

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • Dear AccelOps, i want to download this, as i have to present about NOC / SOC to higher management in my company. Plz guide me how to download this.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    SOC/NOC Convergence by Spire Research SOC/NOC Convergence by Spire Research Presentation Transcript

    • The Future of SEM and Log Management “NOC your SOCs Off” Pete Lindstrom, CISSP Research Director Spire Security, LLC www.spiresecurity.com petelind@spiresecurity.com Sponsored by: AccelOps, Inc. © 2009 Spire Security. All rights reserved.
    • Introducing IT Service Management  ITSM parallels the move towards service-orientation architectures and business.  ITSM incorporates control, administration, and monitoring of the entire infrastructure.  ITSM leverages COBIT, ITIL, and ISO standards. 2 2 © 2009 Spire Security. All rights reserved.
    • Towards Service Management IT Service Management Increasing levels of abstraction MORE FLEXIBILITY Config, logs, location, context MORE DETAILS Users Data Applications Systems Network Components 3 © 2009 Spire Security. All rights reserved.
    • Today, silos are common Budget Budget Tools Tools Budget Budget People People Tools Tools Vulnerability Mgt Service Mgt People People Directory Mgt Network Ops Budget Tools Budget Budget People Budget Tools Tools Trust Mgt Tools People People People Identity Mgt Config Mgt Security Ops 4 4 © 2009 Spire Security. All rights reserved.
    • But we need to increase efficiency Budget Budget Budget Budget Tools Tools Tools Tools People People People People Identity Mgt Directory Mgt Trust Mgt Service Mgt Budget Budget Budget Budget Tools Tools Tools Tools People People People People Network Ops Security Ops Vuln Mgt Config Mgt 5 © 2009 Spire Security. All rights reserved.
    • …and organize by function Budget Budget Budget Budget Tools Tools Tools Tools People People People People Identity Mgt Directory Mgt Trust Mgt Service Mgt Budget Budget Budget Budget Tools Tools Tools Tools People People People People Network Ops Security Ops Vuln Mgt Config Mgt 6 © 2009 Spire Security. All rights reserved.
    • From the security side… Identity Management Trust Management -Privileged user management -Managing policies -Identity tracking / integration -Process management -Administrative controls Threat Management Vulnerability Management - Monitoring of security events -Configuration Management -Monitoring of network events -Vuln/Patch Management -Convergence of NOC / SOC -Asset Management 7 7 7 © 2009 Spire Security. All rights reserved.
    • Why SOC/NOC Convergence  Optimize resources  Align team services and gain operational leverage o Procedures o Controls o Workflows o Reporting  Be more responsive to the business 8 © 2009 Spire Security. All rights reserved.
    • Parallel Processing Net Ops Center Security Ops Center  Network fault  Network behavior tolerance anomaly detection  Switch/router configuration  Intrusion detection  Sniffing troubleshooting  Log management  Systems  Network monitoring forensics 9 9 © 2009 Spire Security. All rights reserved.
    • Typical Control Gaps  Network anomalies and system changes (underlying issue, vulnerability)  Identity and location (who and where)  Violation or incident affect on business (diminished means to understand impact) 10 10 © 2009 Spire Security. All rights reserved.
    • Challenges of SOC/NOC Monitoring  Every incident requires multiple paths and troubleshooting  Different tools across op silos (is all the data available and how related)  Modest correlation across op silos (hinders root-cause, modest collaboration) 11 11 © 2009 Spire Security. All rights reserved.
    • Choosing Pertinent Tenets  Assessing mandates and best practices  Defining supporting controls o Identifying have’s, have not’s and can not’s o Identifying compensating controls  Documenting o Policy and business value  Review, verification and endorsement o Stakeholders, internal auditors, external auditors  Tasks, tools and controls among SOC/NOC 12 © 2009 Spire Security. All rights reserved.
    • Considerations for the future  Evaluate and integrate complementary technologies o CMDB, NBA and Network Flow, Directory services, Service-desk?  Converge with SOC o Monitoring changes o Monitoring traffic patterns o Monitoring identity and acceptable use policy o Integrating incident response with service desk 13 13 © 2009 Spire Security. All rights reserved.
    • Your feedback is essential! Pete Lindstrom petelind@spiresecurity.com Blog: spiresecurity.typepad.com © 2009 Spire Security. All rights reserved.
    • Better SIEM. Beyond SIEM. May, 2010 © 2010 AccelOps, Inc. - Operationalize Security May, 2010 15 © 2009 Spire Security. All rights reserved.
    • SIEM Requirements Have Evolved  Users want o Monitor and report against more source attributes o Online data: real-time correlation and long-term analysis o Ongoing, vendor neutral 3rd party device support  In addition o Business service impact and priority o Efficient problem/violation detection and investigation  Sophisticated attacks & discern security from non-security root-cause o Integrated approach for SOC/NOC convergence o Able to justify for budget: security as part of IT service delivery © 2010 AccelOps, Inc. - Operationalize Security May, 2010 16
    • AccelOps: Better SIEM. Beyond SIEM. Challenges Answers Complex Threats and Environment Limited Monitoring & Reporting Difficult to Scale Out  Single pane of glass – Intelligence at your fingertips Timely Device Support  End-to-end visibility – service, performance, availability, security, change and compliance management  Efficiency – proactive monitoring, expedited root-cause analysis Lack IT Service flexible search/reporting Awareness  Increased uptime and secure delivery of service Budget for  Value – easy to use, implement and scale with rich feature set Isolated Security Tools  Virtual Appliance or SaaS © 2010 AccelOps, Inc. - Operationalize Security May, 2010 17
    • Cross-Correlated DC/Cloud Monitoring Platform Rich, Powerful Set of Capabilities: SIEM and Beyond Integrated, Cross-correlated IT monitoring functions: quickly root-out security from non-security incidents Configuratio Business Application Network Systems n Security/Log Virtualization Service Performance Management Management Management Management Management Management Management / CMDB Event Identity & Data Center Compliance Management Asset Network Ticketing Location Hardware Automation / Enterprise Management Visualization System Management Management Search Foundation AccelOps Platform Discovery, CMDB, Analytics, Reports, Data Management, Clustering © 2010 AccelOps, Inc. - Operationalize Security May, 2010 18
    • Comprehensive Security Event Information Management with Customizable Dashboards Readily track security and compliance relevant issues © 2010 AccelOps, Inc. - Operationalize Security May, 2010 19
    • Automated Compliance Monitoring and Reporting Built-in and extensible rules and reports mapped to compliance standards © 2010 AccelOps, Inc. - Operationalize Security May, 2010 20
    • Breakdown Operational Silos: Performance, Availability, Security and Change Mgmt. Rapidly see where problems exist via interactive hotspots and alerts – instant drill see where Rapidly through to problems exist via incident details for complete operational KPIs, “who, what,hotpsots and how & why, when, alerts where” details © 2010 AccelOps, Inc. - Operationalize Security May, 2010 21
    • Advance Service-Oriented Management: Proactive Monitoring and Efficient Root-cause Service-carousel enables IT team to collaborate and respond to service issues Identify issues, problems, root-cause and be able to prioritize based on business service © 2010 AccelOps, Inc. - Operationalize Security May, 2010 22
    • AccelOps – Integrated Datacenter Monitoring Intelligent. Proactive. Secure  Integrated Datacenter and Cloud Monitoring Solution o Performance & Availability o Security & Compliance o Change Management With a Business Service Perspective  Better SIEM, Beyond SIEM o Single pane of glass: end-to-end visibility o Operational security: enable IT become part of SLA delivery o Operational efficiency: proactive & rapid root-cause analysis (< MTTR) o Increased uptime and service reliability  Implementation flexibility and scale o Virtual Appliance o SaaS AO-VA AO-SaaS © 2010 AccelOps, Inc. - Operationalize Security May, 2010 23