SlideShare a Scribd company logo

Ce hv6 module 66 security convergence

Vi Tính Hoàng Nam
Vi Tính Hoàng Nam

Ce hv6 module 66 security convergence

Technology
1 of 23
Download to read offline
E hi l H ki dEthical Hacking and Countermeasures V i 6Version 6 Module LXVIModule LXVI Security Convergence
Module Objective This module with familiarize you with: • Security Convergence • Challenges on Security Convergence • RAMCAPRAMCAP • Open Security Exchange (OSE) • Enterprise Security Management (ESM) Log Collection• Log Collection • Event Storage EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Module Flow Open Security ExchangeOpen Security Exchange (OSE) Security Convergence Challenges on Security Convergence Enterprise Security Management (ESM) g Log Collection RAMCAP Event Storage EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited g
Security Convergence Convergence is a process of reusing and blending various technologies to create new or improved capabilities and productsnew or improved capabilities and products It is the integration of security functions and information into a common IP network Security convergence can leverage technology to improve the performance of the security function both physically and logically It is a three-pronged approach composed of technologies, security processes, and people EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Challenges Confronting an Effective Security Convergence Policyy g y Understanding the challenges inherent in the original Internet design specificationsspecifications The ramifications of uncontrolled Internet growth and its effect on the administration policythe administration policy The security issues involved with the Transmission Control Protocol/Internet Protocol (TCP/IP)Protocol/Internet Protocol (TCP/IP) Evolution of the Internet as a global platform for security solutions is expanding aggressively to accommodate convergenceexpanding aggressively to accommodate convergence EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Benefits of Using Risk Management in Planning IT Security Administrationg y Benefits for adopting a proactive and positive attitude towards IT security are: • Better demonstration of IT security investment to the board positive attitude towards IT security are: • More meaningful demonstration of business risk management to investors, especially the institutional investors that largely dictate stock prices d i f b i i k• Better demonstration of business risk management to customers • Better employee awareness EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
RAMCAP Risk Analysis and Management for Critical Asset Protection (RAMCAP) i i i i d b D f H l d(RAMCAP) is a program initiated by Department of Homeland Security (DHS) It is an innovative process for security policy based upon global risk assessment in collaboration with DHS It promotes understanding of the various vulnerabilities that may lead attacker to select a particular target It is composed of integrated steps to evaluate the threat potential, vulnerability, and possibility of a successful attack and its consequences EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited consequences
Open Security Exchange (OSE) OSE integrates various components of the security infrastructure It is a cross-industry forum dedicated to merge physical and IT security solutions across an enterprise It provides the enterprise with increased operational efficiencies and intelligent security It specifies Physical Security Bridge to IT Security (PHYSBITS) to assist in the integration of physical and IT security management It provides technical integration on three levels:It provides technical integration on three levels: • Common administration of users, privileges, and credentials • Common strong authentication for accessing physical facilities and cyber systems h h h f d l d i l EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited through the use of dual-purpose credentials • Common point of security management and event audit ability
CISO (Chief Information Security Officer)Security Officer) CISO is typically focused on the issues involved with IT security d i k CISO focuses on information security strategy and IT risk management I f ti it i i d l t CISO focuses on information security strategy within an organization that includes: • Information security mission development • Information security office governance • Information security policy development and management I f i i i i d d l• Information security training and awareness development • Information security project portfolio development • Supervision/management of ethical hackers and chief h k ffi EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited hacker officer
Elements of Building Secure OperationsOperations Elements of fully secured enterprise operations include: • A sound, comprehensive enterprise protection architecture augmented by a schema of well-documented, well-understood, operations include: and routinely practiced business processes • A rigorous system for the detection, analysis of, and, when appropriate, alert to and protection from threats to enterprise operations and systemsoperations and systems • The ability to sustain continuity of operations during any conceivable threat • Rapid recovery mechanisms to restore full operations once a h ll dthreat is controlled • The ability to analyze and apply forensics to determine what happens when an incident occurs and to incorporate lessons learned to improve future risk mitigation processes EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited learned to improve future risk mitigation processes
Enterprise Security Management (ESM)(ESM) Enterprise Security Management (ESM) is a general term that hase p se Secu y a age e ( S ) s a ge e a e a as been applied to security event monitoring and analysis solutions ESM is an enhancement and combination of: EEM E t i E t M t• EEM Enterprise Event Management • SIM Security Information Management • SEM Security Event Management • SIEM Security Information and Event Management• SIEM Security Information and Event Management The focus of ESM is to allow an analyst to monitor an organization’s infrastructure in real time, regardless of product, vendor, and version EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited , g p , ,
ESM Deployment Strategies ESM solutions can be deployed in standard, high-availability, and geographically dispersed configurations ESM systems are designed to receive and process logsESM systems are designed to receive and process logs Log collection appliances provide a solid solution for organizations to adopt an easy-to deploy appliance In case there is no log aggregation strategy, it is possible to simply send logs directly from the point devices to the ESM manager To move logs from point devices to the ESM manager, deploy log connectors at any natural aggregation points such as device EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited connectors at any natural aggregation points, such as device managers
Convergence of Network Operations and Security Operationsand Security Operations Network operation centers (NOCs) and Security operation centers (SOC ) f d b i i t th h d d(SOCs) are more focused on business impact than hardware and software impact S ti f d ti d h k d b l i t t tSeparation of duties and checks and balances are important concepts to maintain when any groups converge Th NOC i d ith k i thi i ffi i tl d thThe NOC is concerned with keeping things moving efficiently and the SOC is concerned with security, rendered through analysis within the ESM EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Log Collection Log collection is important to increase operational efficiencies, reduce risk, and enhance an organization’s security posture A log collection mechanism needs to be scalable, extensible, and flexible ESM solution needs to be able to process the raw log data and turn it into actionable information Mechanism to collect logs is to simply send logs directly to the ESM manager for processing The Log collectors installed on various operating systems listen for raw logs being sent to them preprocess the logs enrich them and EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited raw logs being sent to them, preprocess the logs, enrich them, and prepare them for transport
Log Normalization In log normalization, each log data field is converted to a particular d t t ti d t i d i t tldata representation and categorized consistently Most common use of normalization is to store dates and times in a single formatsingle format Normalizing the data makes analysis and reporting much easier when multiple log formats are in usemultiple log formats are in use In Normalization, the logs need to be parsed without deleting any information by defaultinformation by default Log parsing is the process of extracting data from a log so that the parsed values can be used as input for another logging process EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited p p gg g p
Log Severity E h l h i it l l i d t itEach log source may have a unique severity level assigned to it The severity of what the point device discovered correlated with otherThe severity of what the point device discovered correlated with other logs, asset information, business relevance, and other factors can yield an overall priority score within most ESMs Device severity captures the language used by the data source to describe its interpretation of the danger posed by a particular log Connector severity is the translation of device severity into a normalized value EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited normalized value
Log Time Correction An important factor in log analysis is timeAn important factor in log analysis is time In an idealistic situation, everything would be synced with the N k Ti P l (NTP) d h NTP d i ld i iNetwork Time Protocol (NTP) and the NTP device would get its time from a reliable source Most ESM connectors are configurable to allow for time correction EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Log Categorization A methodology for describing logs, which enables analysts to understand h l f f l l d f d ff dthe real significance of a particular log as reported from different devices is called categorization Categorization can be applied to several other fields within a log besides the actual field expressing the content of the log It includes detailing the log’s behavior, which techniques it uses, its outcome, and various other categories EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Event Storage ESMs uses a variety of databases mostly enterprise-level databases due toESMs uses a variety of databases, mostly enterprise-level databases, due to its advanced features d b k d d i l iFor data management, backups, and data restoration, many ESM solutions divide the stored events into logical segments R dl f th d t b i t d ffli li ESM tiliRegardless of the data being stored offline or online, ESMs utilizes compression and indexing techniques to save space and reduce search times respectively ESMs feature hashing of the database partitions to ensure that a tape loaded from several years ago has content that matches what was backed up EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Discovering and Interacting with PatternsInteracting with Patterns Pattern discovery features are designed to identify patterns amongPattern discovery features are designed to identify patterns among events that an analyst may not have been specifically looking for An analyst may desire to run a pattern discovery sweep across an hour, day, month, or more of the historic data in search of patterns Interactive discovery reports are dynamic and allow an analyst or even a nontechnical individual to review and manipulate the data Events can be displayed in various graphical representations, sections can be highlighted, and the output can be easily shared and reviewed i i di id l f i i i i EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited among various individuals performing an investigation
Discovering and Interacting with Patterns: Data SourcesPatterns: Data Sources T d t t f d l t ti it d li i ’ b h iTo detect fraudulent activity and anomalies in user’s behavior, you need to analyze more than just intrusion detection system data Similar to intrusion detection systems Information Leak PreventionSimilar to intrusion detection systems, Information Leak Prevention (ILP) products go through the content as it crosses the network E-mail transactions generally are not analyzed in real time; they haveg y y y been used as part of forensic investigations EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Intelligent Platform Management Interface (IPMI) StandardInterface (IPMI) Standard IPMI is a standard for monitoring and managing computer systems They are out-of-band interfaces, meaning that even if a system is powered down, communication is still possible IPMI standard consists of the following key information:IPMI standard consists of the following key information: • Packet format • Other communication mechanisms• Other communication mechanisms • Sensor codes • How to retrieve information EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Summary Security convergence can leverage technology to improve the f f th it f tiperformance of the security function Security convergence is the identification of security risks and interdependencies between business functions and processes withininterdependencies between business functions and processes within the enterprise RAMCAP is an innovative process for security policy based upon l b l i k i ll b i i h DHSglobal risk assessment in collaboration with DHS Enterprise Security Management (ESM) is a general term that has b li d i i i d l i l ibeen applied to security event monitoring and analysis solutions IPMI is a standard for monitoring and managing computer systems EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited IPMI is a standard for monitoring and managing computer systems

Recommended

Ce hv6 module 50 software piracy and warez
Ce hv6 module 50 software piracy and warezCe hv6 module 50 software piracy and warez
Ce hv6 module 50 software piracy and warezVi Tính Hoàng Nam
 
Ce hv6 module 46 securing laptop computers
Ce hv6 module 46 securing laptop computersCe hv6 module 46 securing laptop computers
Ce hv6 module 46 securing laptop computersVi Tính Hoàng Nam
 
Ce hv6 module 56 hacking global positioning system
Ce hv6 module 56 hacking global positioning systemCe hv6 module 56 hacking global positioning system
Ce hv6 module 56 hacking global positioning systemVi Tính Hoàng Nam
 
Ce hv6 module 55 preventing data loss
Ce hv6 module 55 preventing data lossCe hv6 module 55 preventing data loss
Ce hv6 module 55 preventing data lossVi Tính Hoàng Nam
 
Ceh v5 module 17 physical security
Ceh v5 module 17 physical securityCeh v5 module 17 physical security
Ceh v5 module 17 physical securityVi Tính Hoàng Nam
 
Ce hv6 module 47 spying technologies
Ce hv6 module 47 spying technologiesCe hv6 module 47 spying technologies
Ce hv6 module 47 spying technologiesVi Tính Hoàng Nam
 
File000136
File000136File000136
File000136Desmond Devendran
 
Ce hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atomCe hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atomVi Tính Hoàng Nam
 

Recommended

Ce hv6 module 50 software piracy and warez
Ce hv6 module 50 software piracy and warezCe hv6 module 50 software piracy and warez
Ce hv6 module 50 software piracy and warezVi Tính Hoàng Nam
 
Ce hv6 module 46 securing laptop computers
Ce hv6 module 46 securing laptop computersCe hv6 module 46 securing laptop computers
Ce hv6 module 46 securing laptop computersVi Tính Hoàng Nam
 
Ce hv6 module 56 hacking global positioning system
Ce hv6 module 56 hacking global positioning systemCe hv6 module 56 hacking global positioning system
Ce hv6 module 56 hacking global positioning systemVi Tính Hoàng Nam
 
Ce hv6 module 55 preventing data loss
Ce hv6 module 55 preventing data lossCe hv6 module 55 preventing data loss
Ce hv6 module 55 preventing data lossVi Tính Hoàng Nam
 
Ceh v5 module 17 physical security
Ceh v5 module 17 physical securityCeh v5 module 17 physical security
Ceh v5 module 17 physical securityVi Tính Hoàng Nam
 
Ce hv6 module 47 spying technologies
Ce hv6 module 47 spying technologiesCe hv6 module 47 spying technologies
Ce hv6 module 47 spying technologiesVi Tính Hoàng Nam
 
File000136
File000136File000136
File000136Desmond Devendran
 
Ce hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atomCe hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atomVi Tính Hoàng Nam
 
Ce hv6 module 41 hacking usb devices
Ce hv6 module 41 hacking usb devicesCe hv6 module 41 hacking usb devices
Ce hv6 module 41 hacking usb devicesVi Tính Hoàng Nam
 
Ce Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesCe Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesKislaychd
 
File000119
File000119File000119
File000119Desmond Devendran
 
File000138
File000138File000138
File000138Desmond Devendran
 
File000139
File000139File000139
File000139Desmond Devendran
 
Ce hv6 module 49 creating security policies
Ce hv6 module 49 creating security policiesCe hv6 module 49 creating security policies
Ce hv6 module 49 creating security policiesVi Tính Hoàng Nam
 
File000149
File000149File000149
File000149Desmond Devendran
 
File000114
File000114File000114
File000114Desmond Devendran
 
File000175
File000175File000175
File000175Desmond Devendran
 
File000120
File000120File000120
File000120Desmond Devendran
 
File000143
File000143File000143
File000143Desmond Devendran
 
Ceh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilitiesCeh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilitiesVi Tính Hoàng Nam
 
File000117
File000117File000117
File000117Desmond Devendran
 
File000115
File000115File000115
File000115Desmond Devendran
 
Ceh v5 module 15 hacking wireless networks
Ceh v5 module 15 hacking wireless networksCeh v5 module 15 hacking wireless networks
Ceh v5 module 15 hacking wireless networksVi Tính Hoàng Nam
 
Ceh v5 module 16 virus and worms
Ceh v5 module 16 virus and wormsCeh v5 module 16 virus and worms
Ceh v5 module 16 virus and wormsVi Tính Hoàng Nam
 
Week 12
Week 12Week 12
Week 12Joey Pierce
 
Ccna+sec+ch01+ +overview+security
Ccna+sec+ch01+ +overview+securityCcna+sec+ch01+ +overview+security
Ccna+sec+ch01+ +overview+securitymysoria
 
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...Cellebrite
 
System monitoring and network intrusion using DDS and CEP
System monitoring and network intrusion using DDS and CEPSystem monitoring and network intrusion using DDS and CEP
System monitoring and network intrusion using DDS and CEPGerardo Pardo-Castellote
 
Ce hv6 module 65 patch management
Ce hv6 module 65 patch managementCe hv6 module 65 patch management
Ce hv6 module 65 patch managementVi Tính Hoàng Nam
 
Ceh v5 module 00 student introduction
Ceh v5 module 00 student introductionCeh v5 module 00 student introduction
Ceh v5 module 00 student introductionVi Tính Hoàng Nam
 

More Related Content

What's hot

Ce hv6 module 41 hacking usb devices
Ce hv6 module 41 hacking usb devicesCe hv6 module 41 hacking usb devices
Ce hv6 module 41 hacking usb devicesVi Tính Hoàng Nam
 
Ce Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesCe Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesKislaychd
 
Ce hv6 module 49 creating security policies
Ce hv6 module 49 creating security policiesCe hv6 module 49 creating security policies
Ce hv6 module 49 creating security policiesVi Tính Hoàng Nam
 
Ceh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilitiesCeh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilitiesVi Tính Hoàng Nam
 
Ceh v5 module 15 hacking wireless networks
Ceh v5 module 15 hacking wireless networksCeh v5 module 15 hacking wireless networks
Ceh v5 module 15 hacking wireless networksVi Tính Hoàng Nam
 
Ceh v5 module 16 virus and worms
Ceh v5 module 16 virus and wormsCeh v5 module 16 virus and worms
Ceh v5 module 16 virus and wormsVi Tính Hoàng Nam
 
Ccna+sec+ch01+ +overview+security
Ccna+sec+ch01+ +overview+securityCcna+sec+ch01+ +overview+security
Ccna+sec+ch01+ +overview+securitymysoria
 
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...Cellebrite
 
System monitoring and network intrusion using DDS and CEP
System monitoring and network intrusion using DDS and CEPSystem monitoring and network intrusion using DDS and CEP
System monitoring and network intrusion using DDS and CEPGerardo Pardo-Castellote
 

What's hot (20)

Ce hv6 module 41 hacking usb devices
Ce hv6 module 41 hacking usb devicesCe hv6 module 41 hacking usb devices
Ce hv6 module 41 hacking usb devices
 
Ce Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesCe Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering Techniques
 
File000119
File000119File000119
File000119
 
File000138
File000138File000138
File000138
 
File000139
File000139File000139
File000139
 
Ce hv6 module 49 creating security policies
Ce hv6 module 49 creating security policiesCe hv6 module 49 creating security policies
Ce hv6 module 49 creating security policies
 
File000149
File000149File000149
File000149
 
File000114
File000114File000114
File000114
 
File000175
File000175File000175
File000175
 
File000120
File000120File000120
File000120
 
File000143
File000143File000143
File000143
 
Ceh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilitiesCeh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilities
 
File000117
File000117File000117
File000117
 
File000115
File000115File000115
File000115
 
Ceh v5 module 15 hacking wireless networks
Ceh v5 module 15 hacking wireless networksCeh v5 module 15 hacking wireless networks
Ceh v5 module 15 hacking wireless networks
 
Ceh v5 module 16 virus and worms
Ceh v5 module 16 virus and wormsCeh v5 module 16 virus and worms
Ceh v5 module 16 virus and worms
 
Week 12
Week 12Week 12
Week 12
 
Ccna+sec+ch01+ +overview+security
Ccna+sec+ch01+ +overview+securityCcna+sec+ch01+ +overview+security
Ccna+sec+ch01+ +overview+security
 
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
 
System monitoring and network intrusion using DDS and CEP
System monitoring and network intrusion using DDS and CEPSystem monitoring and network intrusion using DDS and CEP
System monitoring and network intrusion using DDS and CEP
 

Viewers also liked

Ce hv6 module 65 patch management
Ce hv6 module 65 patch managementCe hv6 module 65 patch management
Ce hv6 module 65 patch managementVi Tính Hoàng Nam
 
Ceh v5 module 00 student introduction
Ceh v5 module 00 student introductionCeh v5 module 00 student introduction
Ceh v5 module 00 student introductionVi Tính Hoàng Nam
 
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingCeh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingVi Tính Hoàng Nam
 
CATALOGUE QUESTEK (Tiếng Việt)
CATALOGUE QUESTEK (Tiếng Việt)CATALOGUE QUESTEK (Tiếng Việt)
CATALOGUE QUESTEK (Tiếng Việt)Vi Tính Hoàng Nam
 
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?ITpreneurs
 
Ethical Hacking Certification Path You Should Follow
Ethical Hacking Certification Path You Should FollowEthical Hacking Certification Path You Should Follow
Ethical Hacking Certification Path You Should FollowMercury Solutions Limited
 

Viewers also liked (6)

Ce hv6 module 65 patch management
Ce hv6 module 65 patch managementCe hv6 module 65 patch management
Ce hv6 module 65 patch management
 
Ceh v5 module 00 student introduction
Ceh v5 module 00 student introductionCeh v5 module 00 student introduction
Ceh v5 module 00 student introduction
 
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingCeh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hacking
 
CATALOGUE QUESTEK (Tiếng Việt)
CATALOGUE QUESTEK (Tiếng Việt)CATALOGUE QUESTEK (Tiếng Việt)
CATALOGUE QUESTEK (Tiếng Việt)
 
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
 
Ethical Hacking Certification Path You Should Follow
Ethical Hacking Certification Path You Should FollowEthical Hacking Certification Path You Should Follow
Ethical Hacking Certification Path You Should Follow
 

Similar to Ce hv6 module 66 security convergence

OpShield 운영기술 환경 보안 솔루션
OpShield 운영기술 환경 보안 솔루션 OpShield 운영기술 환경 보안 솔루션
OpShield 운영기술 환경 보안 솔루션 GE코리아
 
Dynamic RWX ACM Model Optimizing the Risk on Real Time Unix File System
Dynamic RWX ACM Model Optimizing the Risk on Real Time Unix File SystemDynamic RWX ACM Model Optimizing the Risk on Real Time Unix File System
Dynamic RWX ACM Model Optimizing the Risk on Real Time Unix File SystemRadita Apriana
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsEnergySec
 
Embedded presentation
Embedded presentationEmbedded presentation
Embedded presentationrohancool
 
Segurinfo2014 virtualizacion segura_ardita_cavanna draft v01
Segurinfo2014 virtualizacion segura_ardita_cavanna draft v01Segurinfo2014 virtualizacion segura_ardita_cavanna draft v01
Segurinfo2014 virtualizacion segura_ardita_cavanna draft v01Santiago Cavanna
 
Safety Verification and Software aspects of Automotive SoC
Safety Verification and Software aspects of Automotive SoCSafety Verification and Software aspects of Automotive SoC
Safety Verification and Software aspects of Automotive SoCPankaj Singh
 
CS3STHLM_2019_krotofil_kopeytsev
CS3STHLM_2019_krotofil_kopeytsevCS3STHLM_2019_krotofil_kopeytsev
CS3STHLM_2019_krotofil_kopeytsevMarina Krotofil
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1Hamed Moghaddam
 
Top Cyber Threat Intelligence Tools in 2021.pdf
Top Cyber Threat Intelligence Tools in 2021.pdfTop Cyber Threat Intelligence Tools in 2021.pdf
Top Cyber Threat Intelligence Tools in 2021.pdfinfosec train
 
Ooredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesOoredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesMuhammad Mudassar
 
Audit and security application
Audit and security applicationAudit and security application
Audit and security applicationRihab Chebbah
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'Splunk
 
SIEM brochure A4 8pp FINAL WEB
SIEM brochure A4 8pp FINAL WEBSIEM brochure A4 8pp FINAL WEB
SIEM brochure A4 8pp FINAL WEBMerlin Govender
 
Security-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureSecurity-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureThe Open Group SA
 

Similar to Ce hv6 module 66 security convergence (20)

Automating security hardening
Automating security hardeningAutomating security hardening
Automating security hardening
 
Logicalis Security Conference
Logicalis Security ConferenceLogicalis Security Conference
Logicalis Security Conference
 
OpShield 운영기술 환경 보안 솔루션
OpShield 운영기술 환경 보안 솔루션 OpShield 운영기술 환경 보안 솔루션
OpShield 운영기술 환경 보안 솔루션
 
Dynamic RWX ACM Model Optimizing the Risk on Real Time Unix File System
Dynamic RWX ACM Model Optimizing the Risk on Real Time Unix File SystemDynamic RWX ACM Model Optimizing the Risk on Real Time Unix File System
Dynamic RWX ACM Model Optimizing the Risk on Real Time Unix File System
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
 
HP ArcSight
HP ArcSight HP ArcSight
HP ArcSight
 
Embedded presentation
Embedded presentationEmbedded presentation
Embedded presentation
 
Segurinfo2014 virtualizacion segura_ardita_cavanna draft v01
Segurinfo2014 virtualizacion segura_ardita_cavanna draft v01Segurinfo2014 virtualizacion segura_ardita_cavanna draft v01
Segurinfo2014 virtualizacion segura_ardita_cavanna draft v01
 
Safety Verification and Software aspects of Automotive SoC
Safety Verification and Software aspects of Automotive SoCSafety Verification and Software aspects of Automotive SoC
Safety Verification and Software aspects of Automotive SoC
 
CS3STHLM_2019_krotofil_kopeytsev
CS3STHLM_2019_krotofil_kopeytsevCS3STHLM_2019_krotofil_kopeytsev
CS3STHLM_2019_krotofil_kopeytsev
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1
 
Top Cyber Threat Intelligence Tools in 2021.pdf
Top Cyber Threat Intelligence Tools in 2021.pdfTop Cyber Threat Intelligence Tools in 2021.pdf
Top Cyber Threat Intelligence Tools in 2021.pdf
 
Ooredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesOoredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20Services
 
File000169
File000169File000169
File000169
 
Audit and security application
Audit and security applicationAudit and security application
Audit and security application
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk
 
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'
 
SIEM brochure A4 8pp FINAL WEB
SIEM brochure A4 8pp FINAL WEBSIEM brochure A4 8pp FINAL WEB
SIEM brochure A4 8pp FINAL WEB
 
Security-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureSecurity-by-Design in Enterprise Architecture
Security-by-Design in Enterprise Architecture
 

More from Vi Tính Hoàng Nam

CATALOG KBVISION (Tiếng Việt)
CATALOG KBVISION (Tiếng Việt)CATALOG KBVISION (Tiếng Việt)
CATALOG KBVISION (Tiếng Việt)Vi Tính Hoàng Nam
 
Tl wr740 n-v4_user_guide_1910010682_vn
Tl wr740 n-v4_user_guide_1910010682_vnTl wr740 n-v4_user_guide_1910010682_vn
Tl wr740 n-v4_user_guide_1910010682_vnVi Tính Hoàng Nam
 
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108Vi Tính Hoàng Nam
 
Brochua đầu ghi hình QTD-6100 Series
Brochua đầu ghi hình QTD-6100 SeriesBrochua đầu ghi hình QTD-6100 Series
Brochua đầu ghi hình QTD-6100 SeriesVi Tính Hoàng Nam
 
NSRT: Dụng cụ tháo đầu báo
NSRT: Dụng cụ tháo đầu báoNSRT: Dụng cụ tháo đầu báo
NSRT: Dụng cụ tháo đầu báoVi Tính Hoàng Nam
 
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quangSLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quangVi Tính Hoàng Nam
 
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quangSLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quangVi Tính Hoàng Nam
 
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQPEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQVi Tính Hoàng Nam
 
HRA-1000: Hiển thị phụ cho TT HCP-1008E
HRA-1000: Hiển thị phụ cho TT HCP-1008EHRA-1000: Hiển thị phụ cho TT HCP-1008E
HRA-1000: Hiển thị phụ cho TT HCP-1008EVi Tính Hoàng Nam
 
RPP-ABW: TT báo cháy 10-20 kênh
RPP-ABW: TT báo cháy 10-20 kênhRPP-ABW: TT báo cháy 10-20 kênh
RPP-ABW: TT báo cháy 10-20 kênhVi Tính Hoàng Nam
 
RPP-ECW: TT báo cháy 3-5 kênh
RPP-ECW: TT báo cháy 3-5 kênhRPP-ECW: TT báo cháy 3-5 kênh
RPP-ECW: TT báo cháy 3-5 kênhVi Tính Hoàng Nam
 
HCP-1008E: TT báo cháy 8-24 kênh
HCP-1008E: TT báo cháy 8-24 kênhHCP-1008E: TT báo cháy 8-24 kênh
HCP-1008E: TT báo cháy 8-24 kênhVi Tính Hoàng Nam
 
HCV-2/4/8: TT báo cháy 2,4,8 kênh
HCV-2/4/8: TT báo cháy 2,4,8 kênhHCV-2/4/8: TT báo cháy 2,4,8 kênh
HCV-2/4/8: TT báo cháy 2,4,8 kênhVi Tính Hoàng Nam
 

More from Vi Tính Hoàng Nam (20)

CATALOG KBVISION (Tiếng Việt)
CATALOG KBVISION (Tiếng Việt)CATALOG KBVISION (Tiếng Việt)
CATALOG KBVISION (Tiếng Việt)
 
Catalogue 2015
Catalogue 2015Catalogue 2015
Catalogue 2015
 
Tl wr740 n-v4_user_guide_1910010682_vn
Tl wr740 n-v4_user_guide_1910010682_vnTl wr740 n-v4_user_guide_1910010682_vn
Tl wr740 n-v4_user_guide_1910010682_vn
 
CATALOGUE CAMERA GIÁM SÁT
CATALOGUE CAMERA GIÁM SÁTCATALOGUE CAMERA GIÁM SÁT
CATALOGUE CAMERA GIÁM SÁT
 
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
 
Các loại cáp mạng
Các loại cáp mạngCác loại cáp mạng
Các loại cáp mạng
 
Catalogue 10-2014-new
Catalogue 10-2014-newCatalogue 10-2014-new
Catalogue 10-2014-new
 
Qtx 6404
Qtx 6404Qtx 6404
Qtx 6404
 
Camera QTX-1210
Camera QTX-1210Camera QTX-1210
Camera QTX-1210
 
Brochua đầu ghi hình QTD-6100 Series
Brochua đầu ghi hình QTD-6100 SeriesBrochua đầu ghi hình QTD-6100 Series
Brochua đầu ghi hình QTD-6100 Series
 
NSRT: Dụng cụ tháo đầu báo
NSRT: Dụng cụ tháo đầu báoNSRT: Dụng cụ tháo đầu báo
NSRT: Dụng cụ tháo đầu báo
 
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quangSLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
 
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quangSLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
 
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQPEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
 
HRA-1000: Hiển thị phụ cho TT HCP-1008E
HRA-1000: Hiển thị phụ cho TT HCP-1008EHRA-1000: Hiển thị phụ cho TT HCP-1008E
HRA-1000: Hiển thị phụ cho TT HCP-1008E
 
RPP-ABW: TT báo cháy 10-20 kênh
RPP-ABW: TT báo cháy 10-20 kênhRPP-ABW: TT báo cháy 10-20 kênh
RPP-ABW: TT báo cháy 10-20 kênh
 
RPP-ECW: TT báo cháy 3-5 kênh
RPP-ECW: TT báo cháy 3-5 kênhRPP-ECW: TT báo cháy 3-5 kênh
RPP-ECW: TT báo cháy 3-5 kênh
 
HCP-1008E: TT báo cháy 8-24 kênh
HCP-1008E: TT báo cháy 8-24 kênhHCP-1008E: TT báo cháy 8-24 kênh
HCP-1008E: TT báo cháy 8-24 kênh
 
HCV-2/4/8: TT báo cháy 2,4,8 kênh
HCV-2/4/8: TT báo cháy 2,4,8 kênhHCV-2/4/8: TT báo cháy 2,4,8 kênh
HCV-2/4/8: TT báo cháy 2,4,8 kênh
 
I phone v1.2_e
I phone v1.2_eI phone v1.2_e
I phone v1.2_e
 

Recently uploaded

How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 

Recently uploaded (20)

How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 

Ce hv6 module 66 security convergence

  • 1. E hi l H ki dEthical Hacking and Countermeasures V i 6Version 6 Module LXVIModule LXVI Security Convergence
  • 2. Module Objective This module with familiarize you with: • Security Convergence • Challenges on Security Convergence • RAMCAPRAMCAP • Open Security Exchange (OSE) • Enterprise Security Management (ESM) Log Collection• Log Collection • Event Storage EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 3. Module Flow Open Security ExchangeOpen Security Exchange (OSE) Security Convergence Challenges on Security Convergence Enterprise Security Management (ESM) g Log Collection RAMCAP Event Storage EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited g
  • 4. Security Convergence Convergence is a process of reusing and blending various technologies to create new or improved capabilities and productsnew or improved capabilities and products It is the integration of security functions and information into a common IP network Security convergence can leverage technology to improve the performance of the security function both physically and logically It is a three-pronged approach composed of technologies, security processes, and people EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 5. Challenges Confronting an Effective Security Convergence Policyy g y Understanding the challenges inherent in the original Internet design specificationsspecifications The ramifications of uncontrolled Internet growth and its effect on the administration policythe administration policy The security issues involved with the Transmission Control Protocol/Internet Protocol (TCP/IP)Protocol/Internet Protocol (TCP/IP) Evolution of the Internet as a global platform for security solutions is expanding aggressively to accommodate convergenceexpanding aggressively to accommodate convergence EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 6. Benefits of Using Risk Management in Planning IT Security Administrationg y Benefits for adopting a proactive and positive attitude towards IT security are: • Better demonstration of IT security investment to the board positive attitude towards IT security are: • More meaningful demonstration of business risk management to investors, especially the institutional investors that largely dictate stock prices d i f b i i k• Better demonstration of business risk management to customers • Better employee awareness EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 7. RAMCAP Risk Analysis and Management for Critical Asset Protection (RAMCAP) i i i i d b D f H l d(RAMCAP) is a program initiated by Department of Homeland Security (DHS) It is an innovative process for security policy based upon global risk assessment in collaboration with DHS It promotes understanding of the various vulnerabilities that may lead attacker to select a particular target It is composed of integrated steps to evaluate the threat potential, vulnerability, and possibility of a successful attack and its consequences EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited consequences
  • 8. Open Security Exchange (OSE) OSE integrates various components of the security infrastructure It is a cross-industry forum dedicated to merge physical and IT security solutions across an enterprise It provides the enterprise with increased operational efficiencies and intelligent security It specifies Physical Security Bridge to IT Security (PHYSBITS) to assist in the integration of physical and IT security management It provides technical integration on three levels:It provides technical integration on three levels: • Common administration of users, privileges, and credentials • Common strong authentication for accessing physical facilities and cyber systems h h h f d l d i l EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited through the use of dual-purpose credentials • Common point of security management and event audit ability
  • 9. CISO (Chief Information Security Officer)Security Officer) CISO is typically focused on the issues involved with IT security d i k CISO focuses on information security strategy and IT risk management I f ti it i i d l t CISO focuses on information security strategy within an organization that includes: • Information security mission development • Information security office governance • Information security policy development and management I f i i i i d d l• Information security training and awareness development • Information security project portfolio development • Supervision/management of ethical hackers and chief h k ffi EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited hacker officer
  • 10. Elements of Building Secure OperationsOperations Elements of fully secured enterprise operations include: • A sound, comprehensive enterprise protection architecture augmented by a schema of well-documented, well-understood, operations include: and routinely practiced business processes • A rigorous system for the detection, analysis of, and, when appropriate, alert to and protection from threats to enterprise operations and systemsoperations and systems • The ability to sustain continuity of operations during any conceivable threat • Rapid recovery mechanisms to restore full operations once a h ll dthreat is controlled • The ability to analyze and apply forensics to determine what happens when an incident occurs and to incorporate lessons learned to improve future risk mitigation processes EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited learned to improve future risk mitigation processes
  • 11. Enterprise Security Management (ESM)(ESM) Enterprise Security Management (ESM) is a general term that hase p se Secu y a age e ( S ) s a ge e a e a as been applied to security event monitoring and analysis solutions ESM is an enhancement and combination of: EEM E t i E t M t• EEM Enterprise Event Management • SIM Security Information Management • SEM Security Event Management • SIEM Security Information and Event Management• SIEM Security Information and Event Management The focus of ESM is to allow an analyst to monitor an organization’s infrastructure in real time, regardless of product, vendor, and version EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited , g p , ,
  • 12. ESM Deployment Strategies ESM solutions can be deployed in standard, high-availability, and geographically dispersed configurations ESM systems are designed to receive and process logsESM systems are designed to receive and process logs Log collection appliances provide a solid solution for organizations to adopt an easy-to deploy appliance In case there is no log aggregation strategy, it is possible to simply send logs directly from the point devices to the ESM manager To move logs from point devices to the ESM manager, deploy log connectors at any natural aggregation points such as device EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited connectors at any natural aggregation points, such as device managers
  • 13. Convergence of Network Operations and Security Operationsand Security Operations Network operation centers (NOCs) and Security operation centers (SOC ) f d b i i t th h d d(SOCs) are more focused on business impact than hardware and software impact S ti f d ti d h k d b l i t t tSeparation of duties and checks and balances are important concepts to maintain when any groups converge Th NOC i d ith k i thi i ffi i tl d thThe NOC is concerned with keeping things moving efficiently and the SOC is concerned with security, rendered through analysis within the ESM EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 14. Log Collection Log collection is important to increase operational efficiencies, reduce risk, and enhance an organization’s security posture A log collection mechanism needs to be scalable, extensible, and flexible ESM solution needs to be able to process the raw log data and turn it into actionable information Mechanism to collect logs is to simply send logs directly to the ESM manager for processing The Log collectors installed on various operating systems listen for raw logs being sent to them preprocess the logs enrich them and EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited raw logs being sent to them, preprocess the logs, enrich them, and prepare them for transport
  • 15. Log Normalization In log normalization, each log data field is converted to a particular d t t ti d t i d i t tldata representation and categorized consistently Most common use of normalization is to store dates and times in a single formatsingle format Normalizing the data makes analysis and reporting much easier when multiple log formats are in usemultiple log formats are in use In Normalization, the logs need to be parsed without deleting any information by defaultinformation by default Log parsing is the process of extracting data from a log so that the parsed values can be used as input for another logging process EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited p p gg g p
  • 16. Log Severity E h l h i it l l i d t itEach log source may have a unique severity level assigned to it The severity of what the point device discovered correlated with otherThe severity of what the point device discovered correlated with other logs, asset information, business relevance, and other factors can yield an overall priority score within most ESMs Device severity captures the language used by the data source to describe its interpretation of the danger posed by a particular log Connector severity is the translation of device severity into a normalized value EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited normalized value
  • 17. Log Time Correction An important factor in log analysis is timeAn important factor in log analysis is time In an idealistic situation, everything would be synced with the N k Ti P l (NTP) d h NTP d i ld i iNetwork Time Protocol (NTP) and the NTP device would get its time from a reliable source Most ESM connectors are configurable to allow for time correction EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 18. Log Categorization A methodology for describing logs, which enables analysts to understand h l f f l l d f d ff dthe real significance of a particular log as reported from different devices is called categorization Categorization can be applied to several other fields within a log besides the actual field expressing the content of the log It includes detailing the log’s behavior, which techniques it uses, its outcome, and various other categories EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 19. Event Storage ESMs uses a variety of databases mostly enterprise-level databases due toESMs uses a variety of databases, mostly enterprise-level databases, due to its advanced features d b k d d i l iFor data management, backups, and data restoration, many ESM solutions divide the stored events into logical segments R dl f th d t b i t d ffli li ESM tiliRegardless of the data being stored offline or online, ESMs utilizes compression and indexing techniques to save space and reduce search times respectively ESMs feature hashing of the database partitions to ensure that a tape loaded from several years ago has content that matches what was backed up EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 20. Discovering and Interacting with PatternsInteracting with Patterns Pattern discovery features are designed to identify patterns amongPattern discovery features are designed to identify patterns among events that an analyst may not have been specifically looking for An analyst may desire to run a pattern discovery sweep across an hour, day, month, or more of the historic data in search of patterns Interactive discovery reports are dynamic and allow an analyst or even a nontechnical individual to review and manipulate the data Events can be displayed in various graphical representations, sections can be highlighted, and the output can be easily shared and reviewed i i di id l f i i i i EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited among various individuals performing an investigation
  • 21. Discovering and Interacting with Patterns: Data SourcesPatterns: Data Sources T d t t f d l t ti it d li i ’ b h iTo detect fraudulent activity and anomalies in user’s behavior, you need to analyze more than just intrusion detection system data Similar to intrusion detection systems Information Leak PreventionSimilar to intrusion detection systems, Information Leak Prevention (ILP) products go through the content as it crosses the network E-mail transactions generally are not analyzed in real time; they haveg y y y been used as part of forensic investigations EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 22. Intelligent Platform Management Interface (IPMI) StandardInterface (IPMI) Standard IPMI is a standard for monitoring and managing computer systems They are out-of-band interfaces, meaning that even if a system is powered down, communication is still possible IPMI standard consists of the following key information:IPMI standard consists of the following key information: • Packet format • Other communication mechanisms• Other communication mechanisms • Sensor codes • How to retrieve information EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 23. Summary Security convergence can leverage technology to improve the f f th it f tiperformance of the security function Security convergence is the identification of security risks and interdependencies between business functions and processes withininterdependencies between business functions and processes within the enterprise RAMCAP is an innovative process for security policy based upon l b l i k i ll b i i h DHSglobal risk assessment in collaboration with DHS Enterprise Security Management (ESM) is a general term that has b li d i i i d l i l ibeen applied to security event monitoring and analysis solutions IPMI is a standard for monitoring and managing computer systems EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited IPMI is a standard for monitoring and managing computer systems