The Future of SEM and Log
                                 Management
                               “NOC your SOCs Off”
 ...
Introducing IT Service
                    Management
                     ITSM parallels the move towards
              ...
Towards Service Management
                                 IT Service Management




                                    ...
Today, silos are common
                                                   Budget                           Budget

      ...
But we need to increase
                    efficiency
                                       Budget      Budget         B...
…and organize by function

                                       Budget      Budget         Budget       Budget

        ...
From the security side…
         Identity Management                           Trust Management
         -Privileged user ...
Why SOC/NOC Convergence
                     Optimize resources
                     Align team services and gain operat...
Parallel Processing
                    Net Ops Center            Security Ops Center
                     Network fault ...
Typical Control Gaps
                     Network anomalies and system
                      changes (underlying issue,
 ...
Challenges of SOC/NOC
                    Monitoring
                     Every incident requires multiple
              ...
Choosing Pertinent Tenets
                     Assessing mandates and best practices
                     Defining suppo...
Considerations for the future
                     Evaluate and integrate complementary
                      technologie...
Your feedback is essential!

         Pete Lindstrom
  petelind@spiresecurity.com

Blog: spiresecurity.typepad.com


     ...
Better SIEM. Beyond SIEM.

                         May, 2010

   © 2010 AccelOps, Inc. - Operationalize Security   May, 2...
SIEM Requirements Have Evolved


 Users want
    o   Monitor and report against more source attributes
    o   Online dat...
AccelOps: Better SIEM. Beyond SIEM.
 Challenges                                                             Answers

Compl...
Cross-Correlated DC/Cloud Monitoring Platform
Rich, Powerful Set of Capabilities: SIEM and Beyond

                       ...
Comprehensive Security Event Information Management with
Customizable Dashboards




                                     ...
Automated Compliance Monitoring and Reporting




                                                                        ...
Breakdown Operational Silos:
Performance, Availability, Security and Change
Mgmt.




                                    ...
Advance Service-Oriented Management:
Proactive Monitoring and Efficient Root-cause




                                   ...
AccelOps – Integrated Datacenter Monitoring
Intelligent. Proactive. Secure
   Integrated Datacenter and Cloud Monitoring ...
Upcoming SlideShare
Loading in...5
×

SOC/NOC Convergence by Spire Research

1,826

Published on

SANS presentation on SOC/NOC Convergence presented by Spire Security and AccelOps

Published in: Technology, Business
1 Comment
0 Likes
Statistics
Notes
  • Dear AccelOps, i want to download this, as i have to present about NOC / SOC to higher management in my company. Plz guide me how to download this.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total Views
1,826
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
1
Likes
0
Embeds 0
No embeds

No notes for slide

SOC/NOC Convergence by Spire Research

  1. 1. The Future of SEM and Log Management “NOC your SOCs Off” Pete Lindstrom, CISSP Research Director Spire Security, LLC www.spiresecurity.com petelind@spiresecurity.com Sponsored by: AccelOps, Inc. © 2009 Spire Security. All rights reserved.
  2. 2. Introducing IT Service Management  ITSM parallels the move towards service-orientation architectures and business.  ITSM incorporates control, administration, and monitoring of the entire infrastructure.  ITSM leverages COBIT, ITIL, and ISO standards. 2 2 © 2009 Spire Security. All rights reserved.
  3. 3. Towards Service Management IT Service Management Increasing levels of abstraction MORE FLEXIBILITY Config, logs, location, context MORE DETAILS Users Data Applications Systems Network Components 3 © 2009 Spire Security. All rights reserved.
  4. 4. Today, silos are common Budget Budget Tools Tools Budget Budget People People Tools Tools Vulnerability Mgt Service Mgt People People Directory Mgt Network Ops Budget Tools Budget Budget People Budget Tools Tools Trust Mgt Tools People People People Identity Mgt Config Mgt Security Ops 4 4 © 2009 Spire Security. All rights reserved.
  5. 5. But we need to increase efficiency Budget Budget Budget Budget Tools Tools Tools Tools People People People People Identity Mgt Directory Mgt Trust Mgt Service Mgt Budget Budget Budget Budget Tools Tools Tools Tools People People People People Network Ops Security Ops Vuln Mgt Config Mgt 5 © 2009 Spire Security. All rights reserved.
  6. 6. …and organize by function Budget Budget Budget Budget Tools Tools Tools Tools People People People People Identity Mgt Directory Mgt Trust Mgt Service Mgt Budget Budget Budget Budget Tools Tools Tools Tools People People People People Network Ops Security Ops Vuln Mgt Config Mgt 6 © 2009 Spire Security. All rights reserved.
  7. 7. From the security side… Identity Management Trust Management -Privileged user management -Managing policies -Identity tracking / integration -Process management -Administrative controls Threat Management Vulnerability Management - Monitoring of security events -Configuration Management -Monitoring of network events -Vuln/Patch Management -Convergence of NOC / SOC -Asset Management 7 7 7 © 2009 Spire Security. All rights reserved.
  8. 8. Why SOC/NOC Convergence  Optimize resources  Align team services and gain operational leverage o Procedures o Controls o Workflows o Reporting  Be more responsive to the business 8 © 2009 Spire Security. All rights reserved.
  9. 9. Parallel Processing Net Ops Center Security Ops Center  Network fault  Network behavior tolerance anomaly detection  Switch/router configuration  Intrusion detection  Sniffing troubleshooting  Log management  Systems  Network monitoring forensics 9 9 © 2009 Spire Security. All rights reserved.
  10. 10. Typical Control Gaps  Network anomalies and system changes (underlying issue, vulnerability)  Identity and location (who and where)  Violation or incident affect on business (diminished means to understand impact) 10 10 © 2009 Spire Security. All rights reserved.
  11. 11. Challenges of SOC/NOC Monitoring  Every incident requires multiple paths and troubleshooting  Different tools across op silos (is all the data available and how related)  Modest correlation across op silos (hinders root-cause, modest collaboration) 11 11 © 2009 Spire Security. All rights reserved.
  12. 12. Choosing Pertinent Tenets  Assessing mandates and best practices  Defining supporting controls o Identifying have’s, have not’s and can not’s o Identifying compensating controls  Documenting o Policy and business value  Review, verification and endorsement o Stakeholders, internal auditors, external auditors  Tasks, tools and controls among SOC/NOC 12 © 2009 Spire Security. All rights reserved.
  13. 13. Considerations for the future  Evaluate and integrate complementary technologies o CMDB, NBA and Network Flow, Directory services, Service-desk?  Converge with SOC o Monitoring changes o Monitoring traffic patterns o Monitoring identity and acceptable use policy o Integrating incident response with service desk 13 13 © 2009 Spire Security. All rights reserved.
  14. 14. Your feedback is essential! Pete Lindstrom petelind@spiresecurity.com Blog: spiresecurity.typepad.com © 2009 Spire Security. All rights reserved.
  15. 15. Better SIEM. Beyond SIEM. May, 2010 © 2010 AccelOps, Inc. - Operationalize Security May, 2010 15 © 2009 Spire Security. All rights reserved.
  16. 16. SIEM Requirements Have Evolved  Users want o Monitor and report against more source attributes o Online data: real-time correlation and long-term analysis o Ongoing, vendor neutral 3rd party device support  In addition o Business service impact and priority o Efficient problem/violation detection and investigation  Sophisticated attacks & discern security from non-security root-cause o Integrated approach for SOC/NOC convergence o Able to justify for budget: security as part of IT service delivery © 2010 AccelOps, Inc. - Operationalize Security May, 2010 16
  17. 17. AccelOps: Better SIEM. Beyond SIEM. Challenges Answers Complex Threats and Environment Limited Monitoring & Reporting Difficult to Scale Out  Single pane of glass – Intelligence at your fingertips Timely Device Support  End-to-end visibility – service, performance, availability, security, change and compliance management  Efficiency – proactive monitoring, expedited root-cause analysis Lack IT Service flexible search/reporting Awareness  Increased uptime and secure delivery of service Budget for  Value – easy to use, implement and scale with rich feature set Isolated Security Tools  Virtual Appliance or SaaS © 2010 AccelOps, Inc. - Operationalize Security May, 2010 17
  18. 18. Cross-Correlated DC/Cloud Monitoring Platform Rich, Powerful Set of Capabilities: SIEM and Beyond Integrated, Cross-correlated IT monitoring functions: quickly root-out security from non-security incidents Configuratio Business Application Network Systems n Security/Log Virtualization Service Performance Management Management Management Management Management Management Management / CMDB Event Identity & Data Center Compliance Management Asset Network Ticketing Location Hardware Automation / Enterprise Management Visualization System Management Management Search Foundation AccelOps Platform Discovery, CMDB, Analytics, Reports, Data Management, Clustering © 2010 AccelOps, Inc. - Operationalize Security May, 2010 18
  19. 19. Comprehensive Security Event Information Management with Customizable Dashboards Readily track security and compliance relevant issues © 2010 AccelOps, Inc. - Operationalize Security May, 2010 19
  20. 20. Automated Compliance Monitoring and Reporting Built-in and extensible rules and reports mapped to compliance standards © 2010 AccelOps, Inc. - Operationalize Security May, 2010 20
  21. 21. Breakdown Operational Silos: Performance, Availability, Security and Change Mgmt. Rapidly see where problems exist via interactive hotspots and alerts – instant drill see where Rapidly through to problems exist via incident details for complete operational KPIs, “who, what,hotpsots and how & why, when, alerts where” details © 2010 AccelOps, Inc. - Operationalize Security May, 2010 21
  22. 22. Advance Service-Oriented Management: Proactive Monitoring and Efficient Root-cause Service-carousel enables IT team to collaborate and respond to service issues Identify issues, problems, root-cause and be able to prioritize based on business service © 2010 AccelOps, Inc. - Operationalize Security May, 2010 22
  23. 23. AccelOps – Integrated Datacenter Monitoring Intelligent. Proactive. Secure  Integrated Datacenter and Cloud Monitoring Solution o Performance & Availability o Security & Compliance o Change Management With a Business Service Perspective  Better SIEM, Beyond SIEM o Single pane of glass: end-to-end visibility o Operational security: enable IT become part of SLA delivery o Operational efficiency: proactive & rapid root-cause analysis (< MTTR) o Increased uptime and service reliability  Implementation flexibility and scale o Virtual Appliance o SaaS AO-VA AO-SaaS © 2010 AccelOps, Inc. - Operationalize Security May, 2010 23

×