Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Complex Event Processing (CEP) for Next-Generation Security Event Management, Fraud and Intrusion Detection

8,993 views

Published on

Complex Event Processing (CEP) for Next-Generation Security Event Management, Fraud and Intrusion Detection , April 17, 2007 (First Draft), London, Tim Bass, CISSP, Director, Principal Global Architect
Emerging Technologies Group

Published in: Technology, Business
  • Manage EVENTs, Invite and TRACK People GROUP Wize on Map through TRACKO Android App https://play.google.com/store/apps/details?id=com.tracko
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • interesting presentation . Good idea to run our cars. by Move transport http://www.movetransport.com/ Car Transport, Vehicle Shipping, Auto Transport, Car Shipping, Vehicle Transport
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • i need this ppt for my project please help me, my mail id is sandy.hora@gmail.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Complex Event Processing (CEP) for Next-Generation Security Event Management, Fraud and Intrusion Detection

  1. 1. Tim Bass, CISSP Director, Principal Global Architect Emerging Technologies Group Complex Event Processing (CEP) for Next-Generation Security Event Management, Fraud and Intrusion Detection April 17, 2007 (First Draft) London
  2. 2. Our Agenda <ul><li>Brief Overview of TIBCO Software Inc. </li></ul><ul><li>PredictiveBusiness® and CEP </li></ul><ul><li>SEM, FDS and IDS Reference Architecture </li></ul><ul><li>Solutions Architecture and Case Study </li></ul><ul><li>Wrap Up & Open Discussion </li></ul>
  3. 3. Who We Are and What We Do We help our customers… Improve operational visibility, collaboration and ability to be proactive Increase operational efficiency and effectiveness Accelerate projects, initiatives and go-to-market cycles A leading provider of business integration and process management software.
  4. 4. How TIBCO Delivers for Customers Accelerate projects, initiatives, and go-to-market cycles Increase operational efficiency and effectiveness. Improve operational visibility, security, collaboration and responsiveness
  5. 5. TIBCO is Trusted by Thousands of Companies <ul><li>47 of the World’s 100 Largest Companies are TIBCO Customers </li></ul>* By annual revenues except for investment banking which is measured by assets Retail Banking — 17 of top 20 Consumer Package Goods — 5 of top 10 Energy — 5 of top 10 Hi-Tech Manufacturing — 15 of top 20 Investment Banking — 9 of top 10 Manufacturing (non High-tech) — 5 of top 10 Pharmaceutical — 6 of top 10 Telecommunications — 8 of top 10 Transportation — 4 of top 10
  6. 6. TIBCO History and Acquisitions IPO 1999 eXtensibility InConcert Staffware TIBCO Today Teknekron 2000 2002 2001 2003 2004 2005 2005 <ul><li>1,600+ employees </li></ul><ul><li>Consistently profitable </li></ul><ul><li>Worldwide presence </li></ul><ul><li>Recognized market leader </li></ul><ul><li>2500+ customers </li></ul>Acquired by Reuters Est. 1980s Palo Alto Campus Est. 1997 2004
  7. 7. TIBCO Runs a Strong and Viable Business 14 consecutive quarters of yr/yr total revenue growth <ul><li>$284M USD invested in R&D in past 4 years </li></ul><ul><li>$540M USD in cash + short term investments in the bank and growing </li></ul><ul><li>Market cap of $1.9 billion (USD) </li></ul>
  8. 8. Revenue Numbers FY 2004 – 2006 (in thousands of dollars) 15.8% $61,060 $73,715 $387,220 FY2004 16.4% $73,127 $67,081 $445,910 FY2005 16.6% $85,923  $90,558 $517,279  FY 2006 R&D SPEND AS A % OF REVENUE R&D SPEND PRE-TAX PROFIT REVENUE
  9. 9. Our Agenda <ul><li>Brief Overview of TIBCO Software Inc. </li></ul><ul><li>PredictiveBusiness® and CEP </li></ul><ul><li>SEM, FDS and IDS Reference Architecture </li></ul><ul><li>Solutions Architecture and Case Study </li></ul><ul><li>Wrap Up & Open Discussion </li></ul>
  10. 10. PredictiveBusiness TM Source: Ranadiv é , V., The Power to Predict , 2006.
  11. 11. Complex Event Processing &quot; Events in several forms, from simple events to complex events, will become very widely used in business applications during 2004 through 2008 &quot; --- Gartner July 2003
  12. 12. What is Complex Event Processing? Detecting Threats and Opportunities with PredictiveBusiness®
  13. 13. When Do You Need to Think About CEP? <ul><li>“ CEP applies to a very broad spectrum of challenges in information systems. A short list includes:” </li></ul><ul><ul><li>Business process automation </li></ul></ul><ul><ul><li>Computer systems to automate scheduling and control network-based processes and processing </li></ul></ul><ul><ul><li>Network monitoring and performance prediction </li></ul></ul><ul><ul><li>Detection intrusion, fraud and other network attacks . </li></ul></ul>The Power of Events , Addison Wesley, ISBN: 0-201-72789-7, 2002
  14. 14. Bloor Report on Event Processing Event Processing and Decision Making Automated Operational Decisions Automated Predictive Decisions Human Predictive Decisions Human Operational Decisions Decision Latency Event Complexity Process Complexity Pattern Matching and Inferencing Anti-Money Laundering Credit-Card Fraud Exchange Compliance Database Monitoring Algorithmic Trading Trade Desk Monitoring Customer Interaction Order Routing RFID Tariff Look-Up Rail Networks Search & Rescue Baggage Handling Liquidity Management
  15. 15. Our Agenda <ul><li>Brief Overview of TIBCO Software Inc. </li></ul><ul><li>PredictiveBusiness® and CEP </li></ul><ul><li>SEM, FDS and IDS Reference Architecture </li></ul><ul><li>Solutions Architecture and Case Study </li></ul><ul><li>Wrap Up & Open Discussion </li></ul>
  16. 16. <ul><li>Firewalls, Stand-Alone or Purpose-Built Fraud and Intrusion Detection Systems, Cryptography, Access Control, are Simply Not Sufficient. </li></ul><ul><li>Malicious Users are Using Legitimate Internet Application Protocols, such as HTTP, HTTPS and SOAP to Defraud Businesses. </li></ul><ul><li>A 2006 CyberSource reports that $2,800,000,000 (2.8B USD) was lost to on-line fraud in the US and Canada in 2005. </li></ul><ul><li>eCommerce online fraud continues to grow (US and Canada) at a 20% annual rate. </li></ul><ul><li>Risk for international transactions is 3 times the average risk. </li></ul>Industry and Business Drivers A Sample of the Problems with Network Security and Fraud Detection
  17. 17. <ul><li>Rapidly detect threats with a low rate of false alarms and a high level of situational detection confidence … </li></ul>Detection-Oriented Systems - Design Goals What are the overall design goals for detection systems? (Illustrative Purposes Only)
  18. 18. Classification of Intrusion and Fraud Detection Systems Traditional View Before Data Fusion Approach to FDS and IDS Distributed Fraud and Intrusion Detection Systems, Logs Detection Approach Systems Protected Architecture Data Sources Analysis Timing Detection Actions HIDS NIDS Hybrid Audit Logs Net Traffic System Stats Real Time Data Mining Anomaly Detection Signature Detection Centralized Distributed Active Passive Agent Based Security “Stovepipes” Centralized
  19. 19. Intrusion Detection and Data Fusion (2000) Next-Generation Intrusion Detection Systems Source: Bass, T., CACM, 2000
  20. 20. PredictiveBusiness TM
  21. 21. A Business Optimization Perspective What Classes of Rule-Based Problems Do Businesses Need to Solve? Rule-Based <ul><li>Pattern Recognition </li></ul><ul><li>Anomaly Detection </li></ul><ul><li>Track and Trace </li></ul><ul><li>Monitoring (BAM) </li></ul><ul><li>Dynamic Resource Allocation </li></ul><ul><li>Adaptive Resource Allocation </li></ul><ul><li>Constraint Satisfaction (CSP) </li></ul><ul><li>Dynamic CSP </li></ul><ul><li>Adaptive Marketing </li></ul><ul><li>Dynamic CRM </li></ul><ul><li>Fault Management </li></ul><ul><li>Impact Assessment </li></ul>Detection Prediction Scheduling <ul><li>Fraud Detection </li></ul><ul><li>Intrusion Detection </li></ul><ul><li>Fault Detection </li></ul><ul><li>Rule-Based Access Control </li></ul><ul><li>Exception Management </li></ul><ul><li>Compliance Work Flow </li></ul><ul><li>Risk Management </li></ul><ul><li>Fault Analysis </li></ul><ul><li>Impact Assessment </li></ul>Example PredictiveBusiness® Applications
  22. 22. Emerging Event-Decision Architecture Customer Profiles Purpose-Built Analytics Secure, Distributed Messaging Backbone Internet/Extranet Sensors Human Sensors Edge/POC Sensors Operations Center Other Reference Data Rule-Based Event Processors
  23. 23. Complex Event Processing Reference Architecture Next-Generation Functional Architecture for Fraud and Intrusion Detection 24 EVENT PRE-PROCESSING EVENT SOURCES EXTERNAL . . . LEVEL ONE EVENT TRACKING Visualization, BAM, User Interaction CEP Reference Architecture DB MANAGEMENT Historical Data Profiles & Patterns DISTRIBUTED LOCAL EVENT SERVICES . . EVENT PROFILES . . DATA BASES . . OTHER DATA LEVEL TWO SITUATION DETECTION LEVEL THREE PREDICTIVE ANALYSIS LEVEL FOUR ADAPTIVE BPM
  24. 24. CEP – Situation Detection Hierarchy 22 Adapted from: Waltz, E. & Llinas, J., Multisensor Data Fusion, 1990 Impact Assessment Situational Assessment Relationship of Events Identify Events Location, Times and Rates of Events of Interest Existence of Possible Event of Interest Data/Event Cloud Analysis of Situation & Plans Contextual and Causal Analysis, Rules Causal Analysis, Bayesian Belief Networks, Rules, NNs, Correlation, State Estimation, Classification Use of Distributed Sensors for Estimations Raw Sensor Data (Passive and Active) HIGH LOW MED
  25. 25. CEP High Level Architecture 22 Adapted from: Engelmore, R. S., Morgan, A.J., & and Nii, H. P., Blackboard Systems, 1988 & Luckham, D., The Power of Events, 2002 EVENT CLOUD (DISTRIBUTED DATA SET) KS KS KS KS KS KS KS KS KS KS KS KS KS KS
  26. 26. <ul><li>Sensors </li></ul><ul><ul><li>Systems that provide data and events to the inference models and humans </li></ul></ul><ul><li>Actuators </li></ul><ul><ul><li>Systems that take action based on inference models and human interactions </li></ul></ul><ul><li>Knowledge Processors </li></ul><ul><ul><li>Systems that take in data and events, process the data and events, and output refined, correlated, or inferred data or events </li></ul></ul>HLA - Knowledge Sources KS KS KS
  27. 27. Complex Event Processing Reference Architecture Next-Generation Functional Architecture for Fraud and Intrusion Detection 24 EVENT PRE-PROCESSING EVENT SOURCES EXTERNAL . . . LEVEL ONE EVENT TRACKING Visualization, BAM, User Interaction CEP Reference Architecture DB MANAGEMENT Historical Data Profiles & Patterns DISTRIBUTED LOCAL EVENT SERVICES . . EVENT PROFILES . . DATA BASES . . OTHER DATA LEVEL TWO SITUATION DETECTION LEVEL THREE PREDICTIVE ANALYSIS LEVEL FOUR ADAPTIVE BPM
  28. 28. Structured Processing for Event-Decision <ul><li>Multi-level inference in a distributed event-decision architectures </li></ul><ul><ul><li>User Interface </li></ul></ul><ul><ul><ul><li>Human visualization, monitoring, interaction and situation management </li></ul></ul></ul><ul><ul><li>Level 4 – Process Refinement </li></ul></ul><ul><ul><ul><li>Decide on control feedback, for example resource allocation, sensor and state management, parametric and algorithm adjustment </li></ul></ul></ul><ul><ul><li>Level 3 – Impact Assessment </li></ul></ul><ul><ul><ul><li>Impact assessment, i.e. assess intent on the basis of situation development, recognition and prediction </li></ul></ul></ul><ul><ul><li>Level 2 – Situation Refinement </li></ul></ul><ul><ul><ul><li>Identify situations based on sets of complex events, state estimation, etc. </li></ul></ul></ul><ul><ul><li>Level 1 – Event Refinement </li></ul></ul><ul><ul><ul><li>Identify events & make initial decisions based on association and correlation </li></ul></ul></ul><ul><ul><li>Level 0 – Event Preprocessing </li></ul></ul><ul><ul><ul><li>Cleansing of event-stream to produce semantically understandable data </li></ul></ul></ul>Level of Inference Low Med High
  29. 29. CEP Level 0 – Event Preprocessing <ul><li>Cleanse/Refine/Normalize Data for Upstream Processing </li></ul><ul><li>Calibrate Raw Event Cloud: </li></ul><ul><ul><li>Web Server Farm Event Stream Example - </li></ul></ul><ul><ul><ul><li>Group HTTP REQUESTS and RESPONSES </li></ul></ul></ul><ul><ul><ul><li>Reduce and Extract Required Data from Transaction </li></ul></ul></ul><ul><ul><ul><li>Format into Event for Upstream Processing </li></ul></ul></ul><ul><ul><li>Agent-Based Log File Event Steam Example - </li></ul></ul><ul><ul><ul><li>Parse Log File for Sensor Information </li></ul></ul></ul><ul><ul><ul><li>Match Patterns and Convert Tokens to JMS Properties </li></ul></ul></ul><ul><li>Reduces System Load by Preprocessing Events </li></ul><ul><li>Enables Upstream to Concentrate on Most Relevant Events </li></ul><ul><li>Focuses on Objects/Events </li></ul>
  30. 30. CEP Level 1 – Event Refinement <ul><li>Problem: Which Events in the Event Stream Are “Interesting”? </li></ul><ul><li>Event Refinement Example (Association & Classification): </li></ul><ul><ul><li>Hypothesis Generation (HG) </li></ul></ul><ul><ul><ul><li>Processing incoming events, data and reports </li></ul></ul></ul><ul><ul><ul><li>Hypothesis: This Group of Events May Need to be Tracked </li></ul></ul></ul><ul><ul><ul><li>Output: Scorecard or Matrix </li></ul></ul></ul><ul><ul><li>Hypothesis Evaluation (HE) </li></ul></ul><ul><ul><ul><li>Evaluates Scorecard/Matrix for likelihood evaluation </li></ul></ul></ul><ul><ul><ul><li>Rank Evaluation: These Events have a Higher Likelihood </li></ul></ul></ul><ul><ul><ul><li>Output: Fills Scorecard/Matrix with relative likelihood estimation </li></ul></ul></ul><ul><ul><li>Hypothesis Selection (HS) </li></ul></ul><ul><ul><ul><li>Evaluates Scorecard/Matrix for best fit into scenario </li></ul></ul></ul><ul><ul><ul><li>Evaluation: Provide an Estimate (Name) of the Scenario Activity </li></ul></ul></ul><ul><ul><ul><li>Output: Assignment of scenario - activity estimate to event </li></ul></ul></ul>
  31. 31. CEP Level 2 – Situation Refinement <ul><li>What is the Context of the Identified Events? </li></ul><ul><li>Focuses on Relationships and States Between Events </li></ul><ul><li>Situation Refinement </li></ul><ul><ul><li>Event-Event Relationship Networks </li></ul></ul><ul><ul><li>Temporal and State Relationships </li></ul></ul><ul><ul><li>Geographic or Topological Proximity </li></ul></ul><ul><ul><li>Environmental Context </li></ul></ul><ul><ul><ul><li>Example: Brand currently used by phishing site in Internet increasing probability of fraud and identity theft </li></ul></ul></ul><ul><li>Event / Activity Correlation – Relational Networks </li></ul><ul><li>Pattern, Profile and Signature Recognition Processing </li></ul>
  32. 32. CEP Level 3 – Impact Assessment <ul><li>Predict Intention of Subject (Fraudster example) </li></ul><ul><ul><li>Make changes to account identity information? </li></ul></ul><ul><ul><li>Transfer funds out of account? </li></ul></ul><ul><ul><li>Test for access and return at later time? </li></ul></ul><ul><li>Estimate Capabilities of Fraudster </li></ul><ul><ul><li>Organized Gang or Individual Fraudster? </li></ul></ul><ul><ul><li>Expert or Novice? </li></ul></ul><ul><li>Estimate Potential Losses if Successful </li></ul><ul><li>Identify Other Threat Opportunities </li></ul>
  33. 33. CEP Level 4 – Process Refinement <ul><li>Evaluate Process Performance and Effectiveness </li></ul><ul><ul><li>Exception Detection, Response Efficiency and Mitigation </li></ul></ul><ul><ul><li>Knowledge Development </li></ul></ul><ul><li>Identify Changes to System Parameters </li></ul><ul><ul><li>Adjust Event Stream Processing Variables </li></ul></ul><ul><ul><li>Fine Tune Filters, Algorithms and Correlators </li></ul></ul><ul><li>Determine If Other Source Specific Resources are Required </li></ul><ul><li>Recommend Allocation and Direction of Resources </li></ul>
  34. 34. Database Management Examples <ul><li>Reference Database </li></ul><ul><ul><li>User Profiles </li></ul></ul><ul><ul><li>Activity and Event Signatures and Profiles </li></ul></ul><ul><ul><li>Environmental Profiles </li></ul></ul><ul><li>Inference Database </li></ul><ul><ul><li>Subject Identification </li></ul></ul><ul><ul><li>Situation and Threat Assessment </li></ul></ul><ul><ul><li>Knowledge Mining </li></ul></ul><ul><li>Referential Mapping Database Examples </li></ul><ul><ul><li>Mapping Between IP Address and Domain </li></ul></ul><ul><ul><li>Mapping Between Known Anonymous Proxies </li></ul></ul>
  35. 35. User Interface / Interaction <ul><li>Operational Visualization at all “Levels” </li></ul><ul><ul><li>Dynamic Graphical Representations of Situations </li></ul></ul><ul><ul><li>Supports the Decision Making Process of Analytics Personnel </li></ul></ul><ul><li>Process and Resource Control </li></ul><ul><ul><li>Supports Resource Allocation and Process Refinement </li></ul></ul><ul><li>Display Control & Personalization </li></ul><ul><ul><li>Different Operator Views Based on Job Function and Situation </li></ul></ul>
  36. 36. Business Optimization Summary A Simplified View of the CEP Reference Architecture Flexible SOA and Event-Driven Architecture
  37. 37. Our Agenda <ul><li>Brief Overview of TIBCO Software Inc. </li></ul><ul><li>PredictiveBusiness® and CEP </li></ul><ul><li>SEM, FDS and IDS Reference Architecture </li></ul><ul><li>Solutions Architecture and Case Study </li></ul><ul><li>Wrap Up & Open Discussion </li></ul>
  38. 38. TIBCO’s Real-Time Agent-Based SEM Approach A Multisensor Data Fusion Approach to Security Event Management Distributed Fraud and Intrusion Detection Systems, Logs Detection Approach Systems Protected Architecture Data Sources Analysis Timing Detection Actions HIDS NIDS Hybrid Audit Logs Net Traffic System Stats Real Time Data Mining Anomaly Detection Signature Detection Centralized Distributed Active Passive Agent Based Enterprise Correlation of Security Events
  39. 39. Security Event Management High Level Event-Driven Architecture (EDA) for SEM (CEP and BPM) JAVA MESSAGING SERVICE (JMS) DISTRIBUTED EVENTS (TIBCO EMS) HIGH PERFORMANCE RULES-ENGINE (TIBCO BE) HIGH PERFORMANCE RULES-ENGINE (TIBCO BE) HIGH PERFORMANCE RULES-ENGINE (TIBCO BE) SENSOR NETWORK RULES NETWORK FDS BW JMS LOGFILE JMS BW LOGFILE JMS BW LOGFILE JMS BW IDS JMS BW FDS JMS BW SQL DB BW JMS ADB SQL DB BW JMS ADB MESSAGING NETWORK SYSTEM SYSTEM SYSTEM SYSTEM SYSTEM SYSTEM SYSTEM SYSTEM BPM Compliance Workflow (TIBCO iProcess)
  40. 40. TIBCO BusinessEvents™ Solutions Overview BusinessEvents™ Solutions Space Data: Events & Databases -Real-Time & Historical Data Models: Statistical Financial Optimization Comms: Pub/Sub Messaging Queues Topics UIs Knowledge: Facts & Rules
  41. 41. TIBCO BusinessEvents™ Overview <ul><li>High performance, low latency business rules engine. </li></ul><ul><li>Top down business process modeling. </li></ul><ul><li>Real-time event processing. </li></ul><ul><li>Cross-application and cross-process integration. </li></ul><ul><li>Analytical and predictive models. </li></ul>Modeling Tools, Statefulness, Business Rules and Process Integration UML Conceptual UML State Business Rules Business Users Event Analyzer
  42. 42. TIBCO BusinessEvents™ Overview Collection, Normalization Metric of Managed Objects, Normalized Non-Contextual Events Metadata Repository Event Management, Correlation, Aggregation, Inference and Analysis Correlated, Analyzed, Contextual Dialogue Events Rules, Knowledge, Patterns, Models Visualization, Reporting, Alert Management Application Interface Feeds Visualization: Detection Metrics Agents Synthetic Warehouse Visualization: Process View Dialogue Manager Inference Engine FDS/IDS Logfiles Edge Devs Semantic Model Events Rules Design Environment State Model Sensors
  43. 43. TIBCO BusinessEvents™ Awards 2006 Best Complex Event Processing Software Winner: TIBCO 2006 Event Processing General Purpose Gold Award Winner
  44. 44. CEP and BusinessEvents™ Case Study: Real-Time On-Line Fraud Detection Requirements <ul><li>Identify characteristics of fraud, such as continuous behavior changes, and identify new patterns of fraud </li></ul><ul><li>Stop new account setups from fraudulent IP addresses </li></ul><ul><li>Stop online registrations from fraudulent IP addresses </li></ul><ul><li>Verify user identity in every transaction based on click-behavior </li></ul><ul><li>Identify multiple users trying to login from same IP address </li></ul><ul><li>Identify single user logins from multiple IP addresses within a time span </li></ul><ul><li>Prevent phishing by tracking IP addresses that mass download institutional web pages </li></ul><ul><li>Prevent phishing, pharming and man-in-the-middle attacks by checking against a list for fraudulent IP’s in real-time </li></ul>
  45. 45. On-Line Fraud Detection Use Case Architecture and Capacity Planning Approx. 12,000 Hits Per Second During Peak Period Across the Three Sites – One Instance Of TIBCO BusinessEvents™ Capable of Handling Maximum Hits Overall 100 Million Hits Handled Between 3PM – 4 PM Peak Approx. 250 Million Hits Per Day Across the Three Sites TIBCO EMS™ TIBCO Business Events™ Session Info Three Server Farms ~600-700 Application Servers
  46. 46. Characteristics of Solutions Architecture <ul><li>Fusion of SEM information from across the enterprise, including: </li></ul><ul><ul><li>Log files </li></ul></ul><ul><ul><li>Existing FDS and IDS (host and network based) devices </li></ul></ul><ul><ul><li>Network traffic monitors </li></ul></ul><ul><ul><li>Host statistics </li></ul></ul><ul><ul><li>Passive Web-stream “edge devices” </li></ul></ul><ul><li>Secure, standards-based JAVA Messaging Service (JMS) for messaging: </li></ul><ul><ul><li>Events parsed into JMS Application Properties </li></ul></ul><ul><ul><li>SSL transport for JMS messages </li></ul></ul><ul><li>TIBCO technology for next-generation detection, prediction, rule-based intrusion response, and adaptive control </li></ul><ul><ul><li>TIBCO Business Works™ as required, to transform, map or cleanse data </li></ul></ul><ul><ul><li>TIBCO BusinessEvents™ for rule-based IDS analytics </li></ul></ul><ul><ul><li>TIBCO Active Database Adapter as required </li></ul></ul>
  47. 47. Potential Extensions to Solutions Architecture <ul><li>Extension of SEM to rules-based access control </li></ul><ul><ul><li>Integration of SEM with access control </li></ul></ul><ul><ul><li>TIBCO BusinessEvents™ for rule-based access control </li></ul></ul><ul><li>Extension of SEM and access control to incident response </li></ul><ul><ul><li>Event-triggered work flow </li></ul></ul><ul><ul><li>TIBCO iProcess™ BPM for incident response </li></ul></ul><ul><ul><li>TIBCO iProcess™ BPM security entitlement work flow </li></ul></ul><ul><ul><li>TIBCO BusinessEvents™ for rule-based access control </li></ul></ul><ul><li>Extensions for other risk and compliance requirements </li></ul><ul><ul><li>Basel II, SOX, and JSOX - for example </li></ul></ul><ul><ul><li>Other possibilities to be discussed later </li></ul></ul><ul><li>Extensions for IT management requirements </li></ul><ul><ul><li>Monitoring and fault management, service management, ITIL </li></ul></ul>
  48. 48. TIBCO SOA and BPM Architecture
  49. 49. Key Takeaways <ul><li>Enterprise SEM requires the correlation and fusion of information from numerous event sources across the enterprise: </li></ul><ul><ul><li>Model all IDS Devices, Log Files, Sniffers, etc. as Sensors </li></ul></ul><ul><ul><li>Use Secure Standards-based Messaging for Communications </li></ul></ul><ul><li>Next-Gen IDS Requires a Number of Technologies: </li></ul><ul><ul><li>Distributed Computing, Publish/Subscribe and SOA </li></ul></ul><ul><ul><li>Hierarchical, Cooperative Inference Processing </li></ul></ul><ul><ul><li>High Speed, Real Time Rules Processing with State Management </li></ul></ul><ul><ul><li>Event-Decision Architecture for Complex Events / Situations </li></ul></ul><ul><li>Solution Expandable to Other Security, Compliance and IT Management Areas (as required) </li></ul>
  50. 50. Our Agenda <ul><li>Brief Overview of TIBCO Software Inc. </li></ul><ul><li>PredictiveBusiness® and CEP </li></ul><ul><li>SEM, FDS and IDS Reference Architecture </li></ul><ul><li>Solutions Architecture and Case Study </li></ul><ul><li>Wrap Up & Open Discussion </li></ul>
  51. 51. Thank You! Tim Bass, CISSP Director, Principal Global Architect Emerging Technologies Group [email_address] Event Processing at TIBCO

×