SlideShare is now on Android. 15 million presentations at your fingertips.  Get the app

×
  • Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
 

Architecting Solutions for Security Investigations and Monitoring (2012 San Diego)

by on Jun 19, 2012

  • 1,555 views

This is a new session for 2012. Over 10 years, security threats have grown from network annoyances to attacks on sensitive infrastructure. Evidence indicates that security threats are growing more ...

This is a new session for 2012. Over 10 years, security threats have grown from network annoyances to attacks on sensitive infrastructure. Evidence indicates that security threats are growing more sophisticated and aimed at embedding malware in infrastructure. This presentation will share Cisco CSIRT's evolving architecture for addressing sophisticated, embedded threats. Topics will describe how CSIRT has evolved its network infrastructure over the past 10 years, and will give detailed architectural examples and guidance regarding their multi-petabyte global deployments of: * Log/event collection of syslog, DNS, web proxy logs, ModSecurity logs * NetFlow collection * Host and user attribution techniques (using DHCP, NAT, VPN logs to identify users) It will also include a description of how CSIRT Engineering is integrating the following solutions into their global deployment: * Challenges and solutions for multiple filtered detection using SPANs and taps (IDS, DNS collection, web proxy, DLP) * Rapid operationalization of collaborative, commercial, and home-grown intelligence * Pulling this all together in a free-form custom SEIM. Security experts from Cisco's Computer Security Incident Response Team (CSIRT) demonstrate how to detect security incidents on your global network. This session will include in-depth discussions on 1) using network telemetry to build contextual information about your network, 2) putting this powerful information to work inside your security monitoring toolkit, and 3) overlaying this knowledge against corporate security policies to produce actionable results. This session will also present methods to ensure critical security monitoring data sources are kept online and available. This session will help you make certain that event data needed for investigations is captured, relevant, and available during critical incident response.

Cisco Live 365: https://www.ciscolive365.com/connect/sessionDetail.ww?SESSION_ID=4607

Statistics

Views

Total Views
1,555
Views on SlideShare
1,555
Embed Views
0

Actions

Likes
2
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via SlideShare as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
Post Comment
Edit your comment

 Architecting Solutions for Security Investigations and Monitoring (2012 San Diego) Architecting Solutions for Security Investigations and Monitoring (2012 San Diego) Presentation Transcript