SlideShare a Scribd company logo

Using Event Processing to Enable Enterprise Security

Tim Bass
Tim Bass

Webinar: Using Event Processing to Enable Enterprise Security, July 20, 2006, Tim Bass, CISSP, Principal Global Architec Alan Lundberg, Senior Product Marketing Manager, TIBCO Software Inc.

Technology
1 of 23
Using Event Processing to Enable Enterprise Security July 20, 2006 Tim Bass, CISSP Principal Global Architect Alan Lundberg Senior Product Marketing Manager TIBCO Software Inc.
Key Takeaways of Webinar ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],A Sample of the Problems with Network Security malicious users malicious users
Background – the Current state of IDS “ Today over 70% of attacks against a company’s website or web application come at the ‘Application Layer’ not the Network or System layer.” - Gartner Group Most of Firewalls, IDS (Intrusion Detection System), IPS (Intrusion Prevention System) are act at the Network/System Layer, not at the “ Application Layer ”.
Proactive Security ,[object Object],[object Object],[object Object],[object Object],[object Object],Catch the attacker before … they break-in!
The Requirements ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Introduction to Intrusion Detection (ID) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],Intrusion Detection System Design Goals What are the overall design goals for IDS? (Illustrative Purposes Only)
Classification of Intrusion Detection Systems Traditional View Before Data Fusion Approach to IDS Intrusion Detection Systems Agent Based Detection Approach Systems Protected Architecture Data Sources Analysis Timing Detection Actions HIDS NIDS Hybrid Audit Logs Net Traffic System Stats Real Time Data Mining Anomaly Detection Signature Detection Centralized Distributed Active Passive
TIBCO’s Real-Time Agent-Based IDS Approach A Multisensor Data Fusion Approach to IDS Intrusion Detection Systems Detection Approach Systems Protected Architecture Data Sources Analysis Timing Detection Actions HIDS NIDS Hybrid Audit Logs Net Traffic System Stats Real Time Data Mining Anomaly Detection Signature Detection Centralized Distributed Active Passive Agent Based Next-Generation Fusion of IDS Sensor Functions
Intrusion Detection and Data Fusion (2000) Next-Generation Intrusion Detection Systems Source: Bass, T., CACM, 2000
PredictiveBusiness TM
Event-Decision Reference Architecture Next-Generation Functional Architecture for Intrusion Detection 24 EVENT PRE-PROCESSING EVENT SOURCES EXTERNAL . . . LEVEL ONE EVENT TRACKING Visualization, BAM, User Interaction Event-Decision Architecture DB MANAGEMENT Historical Data Profiles & Patterns DISTRIBUTED LOCAL EVENT SERVICES . . EVENT PROFILES . . DATA BASES . . OTHER DATA LEVEL TWO SITUATION DETECTION LEVEL THREE PREDICTIVE ANALYSIS LEVEL FOUR ADAPTIVE BPM
Event-Decision High Level Architecture 22 Adapted from: Engelmore, R. S., Morgan, A.J., & and Nii, H. P., Blackboard Systems, 1988 & Luckham, D., The Power of Events, 2002 EVENT CLOUD (DISTRIBUTED DATA SET) KS KS KS KS KS KS KS KS KS KS KS KS KS KS
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],HLA - Knowledge Sources KS KS KS
Structured Processing for Event-Decision ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Level of Inference Low Med High
Event-Driven Intrusion Detection Flexible SOA and Event-Driven Architecture
Next-Gen Intrusion Detection System (NGIDS) High Level Event-Driven Architecture (EDA) – Early Phase JAVA MESSAGING SERVICE (JMS) DISTRIBUTED QUEUES (TIBCO EMS) HIGH PERFORMANCE RULES-ENGINE (TIBCO BE) HIGH PERFORMANCE RULES-ENGINE (TIBCO BE) HIGH PERFORMANCE RULES-ENGINE (TIBCO BE) HIGH PERFORMANCE RULES-ENGINE (TIBCO BE ) SENSOR NETWORK RULES NETWORK NIDS BW JMS LOGFILE JMS BW LOGFILE JMS BW LOGFILE JMS BW IDS JMS BW HIDS JMS BW SQL DB BW JMS ADB SQL DB BW JMS ADB MESSAGING NETWORK TIBCO PRODUCTS System System System System System System System System
Characteristics of Solutions Architecture ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Potential Extensions to Solutions Architecture ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
TIBCO’s Vision The Full Range of Business Integration Products and Services
Key Takeaways of Webinar ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Questions and Answers Tim Bass, CISSP Principal Global Architect [email_address] Event Processing at TIBCO

Recommended

Cisco Connect 2018 Malaysia - Risk less, achieve more with proactive security
Cisco Connect 2018 Malaysia - Risk less, achieve more with proactive securityCisco Connect 2018 Malaysia - Risk less, achieve more with proactive security
Cisco Connect 2018 Malaysia - Risk less, achieve more with proactive security
NetworkCollaborators
 
IBM Qradar-Advisor
IBM Qradar-AdvisorIBM Qradar-Advisor
IBM Qradar-Advisor
Luigi Perrone
 
Siem Overview 2009
Siem Overview 2009Siem Overview 2009
Siem Overview 2009
johndyson1
 
Qradar Business Case
Qradar Business CaseQradar Business Case
Qradar Business Case
Enterprise Technology Management (ETM)
 
Identity intelligence: Threat-aware Identity and Access Management
Identity intelligence: Threat-aware Identity and Access ManagementIdentity intelligence: Threat-aware Identity and Access Management
Identity intelligence: Threat-aware Identity and Access Management
Prolifics
 
Combating Fraud and Intrusion Threats with Event Processing
Combating Fraud and Intrusion Threats with Event ProcessingCombating Fraud and Intrusion Threats with Event Processing
Combating Fraud and Intrusion Threats with Event Processing
Tim Bass
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
AlienVault
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)
MHumaamAl
 

Recommended

Cisco Connect 2018 Malaysia - Risk less, achieve more with proactive security
Cisco Connect 2018 Malaysia - Risk less, achieve more with proactive securityCisco Connect 2018 Malaysia - Risk less, achieve more with proactive security
Cisco Connect 2018 Malaysia - Risk less, achieve more with proactive security
NetworkCollaborators
 
IBM Qradar-Advisor
IBM Qradar-AdvisorIBM Qradar-Advisor
IBM Qradar-Advisor
Luigi Perrone
 
Siem Overview 2009
Siem Overview 2009Siem Overview 2009
Siem Overview 2009
johndyson1
 
Qradar Business Case
Qradar Business CaseQradar Business Case
Qradar Business Case
Enterprise Technology Management (ETM)
 
Identity intelligence: Threat-aware Identity and Access Management
Identity intelligence: Threat-aware Identity and Access ManagementIdentity intelligence: Threat-aware Identity and Access Management
Identity intelligence: Threat-aware Identity and Access Management
Prolifics
 
Combating Fraud and Intrusion Threats with Event Processing
Combating Fraud and Intrusion Threats with Event ProcessingCombating Fraud and Intrusion Threats with Event Processing
Combating Fraud and Intrusion Threats with Event Processing
Tim Bass
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
AlienVault
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)
MHumaamAl
 
Privileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safePrivileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safe
Jens Albrecht
 
How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...
IBM Security
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmap
DATA SECURITY SOLUTIONS
 
Qradar ibm partner_enablement_220212_final
Qradar ibm partner_enablement_220212_finalQradar ibm partner_enablement_220212_final
Qradar ibm partner_enablement_220212_final
Arrow ECS UK
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
IBM Security
 
Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against Them
SBWebinars
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Andris Soroka
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
CMR WORLD TECH
 
Vendor Landscape: Security Information and Event Management
Vendor Landscape: Security Information and Event ManagementVendor Landscape: Security Information and Event Management
Vendor Landscape: Security Information and Event Management
Info-Tech Research Group
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture
Priyanka Aash
 
Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021
Wendy Knox Everette
 
Identifying Code Risks in Software M&A
Identifying Code Risks in Software M&AIdentifying Code Risks in Software M&A
Identifying Code Risks in Software M&A
Matt Tortora
 
Redefining siem to real time security intelligence
Redefining siem to real time security intelligenceRedefining siem to real time security intelligence
Redefining siem to real time security intelligence
Brendaly Marcano
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
Camilo Fandiño Gómez
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
Splunk
 
System of security controls
System of security controlsSystem of security controls
System of security controls
S.E. CTS CERT-GOV-MD
 
Ca world 2007 SOC integration
Ca world 2007 SOC integrationCa world 2007 SOC integration
Ca world 2007 SOC integration
Michael Nickle
 
IBM Security Intelligence
IBM Security IntelligenceIBM Security Intelligence
IBM Security Intelligence
Anna Landolfi
 
Whitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceWhitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security Intelligence
Camilo Fandiño Gómez
 
Processing Patterns for Predictive Business
Processing Patterns for Predictive BusinessProcessing Patterns for Predictive Business
Processing Patterns for Predictive Business
Tim Bass
 
Proposed Event Processing Definitions ,September 20, 2006
Proposed Event Processing Definitions ,September 20, 2006Proposed Event Processing Definitions ,September 20, 2006
Proposed Event Processing Definitions ,September 20, 2006
Tim Bass
 
Event Processing Reference Architecture, March 2006
Event Processing Reference Architecture, March 2006Event Processing Reference Architecture, March 2006
Event Processing Reference Architecture, March 2006
Tim Bass
 

More Related Content

What's hot

Qradar ibm partner_enablement_220212_final
Qradar ibm partner_enablement_220212_finalQradar ibm partner_enablement_220212_final
Qradar ibm partner_enablement_220212_final
Arrow ECS UK
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
IBM Security
 
Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against Them
SBWebinars
 
Vendor Landscape: Security Information and Event Management
Vendor Landscape: Security Information and Event ManagementVendor Landscape: Security Information and Event Management
Vendor Landscape: Security Information and Event Management
Info-Tech Research Group
 
Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021
Wendy Knox Everette
 
Redefining siem to real time security intelligence
Redefining siem to real time security intelligenceRedefining siem to real time security intelligence
Redefining siem to real time security intelligence
Brendaly Marcano
 

What's hot (19)

Privileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safePrivileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safe
 
How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmap
 
Qradar ibm partner_enablement_220212_final
Qradar ibm partner_enablement_220212_finalQradar ibm partner_enablement_220212_final
Qradar ibm partner_enablement_220212_final
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
 
Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against Them
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 
Vendor Landscape: Security Information and Event Management
Vendor Landscape: Security Information and Event ManagementVendor Landscape: Security Information and Event Management
Vendor Landscape: Security Information and Event Management
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture
 
Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021
 
Identifying Code Risks in Software M&A
Identifying Code Risks in Software M&AIdentifying Code Risks in Software M&A
Identifying Code Risks in Software M&A
 
Redefining siem to real time security intelligence
Redefining siem to real time security intelligenceRedefining siem to real time security intelligence
Redefining siem to real time security intelligence
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
System of security controls
System of security controlsSystem of security controls
System of security controls
 
Ca world 2007 SOC integration
Ca world 2007 SOC integrationCa world 2007 SOC integration
Ca world 2007 SOC integration
 
IBM Security Intelligence
IBM Security IntelligenceIBM Security Intelligence
IBM Security Intelligence
 
Whitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceWhitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security Intelligence
 

Viewers also liked

Canine care operations overview
Canine care operations overviewCanine care operations overview
Canine care operations overview
guidedog
 
Kennel volunteer program intro 2012
Kennel volunteer program intro 2012Kennel volunteer program intro 2012
Kennel volunteer program intro 2012
guidedog
 
Manifest Destiny
Manifest DestinyManifest Destiny
Manifest Destiny
Nick Hansen
 
Business Intelligence Productionization
Business Intelligence ProductionizationBusiness Intelligence Productionization
Business Intelligence Productionization
David Moore
 

Viewers also liked (11)

Processing Patterns for Predictive Business
Processing Patterns for Predictive BusinessProcessing Patterns for Predictive Business
Processing Patterns for Predictive Business
 
Proposed Event Processing Definitions ,September 20, 2006
Proposed Event Processing Definitions ,September 20, 2006Proposed Event Processing Definitions ,September 20, 2006
Proposed Event Processing Definitions ,September 20, 2006
 
Event Processing Reference Architecture, March 2006
Event Processing Reference Architecture, March 2006Event Processing Reference Architecture, March 2006
Event Processing Reference Architecture, March 2006
 
Canine care operations overview
Canine care operations overviewCanine care operations overview
Canine care operations overview
 
SCARF- Navigate Social Aspects Of The Workplace
SCARF- Navigate Social Aspects Of The WorkplaceSCARF- Navigate Social Aspects Of The Workplace
SCARF- Navigate Social Aspects Of The Workplace
 
Kennel volunteer program intro 2012
Kennel volunteer program intro 2012Kennel volunteer program intro 2012
Kennel volunteer program intro 2012
 
Intelligent Marketing
Intelligent MarketingIntelligent Marketing
Intelligent Marketing
 
Manifest Destiny
Manifest DestinyManifest Destiny
Manifest Destiny
 
Encore Tibco AMX BPM Architecture
Encore Tibco AMX BPM ArchitectureEncore Tibco AMX BPM Architecture
Encore Tibco AMX BPM Architecture
 
Business Intelligence Productionization
Business Intelligence ProductionizationBusiness Intelligence Productionization
Business Intelligence Productionization
 
Tibco Amx Bpm
Tibco Amx BpmTibco Amx Bpm
Tibco Amx Bpm
 

Similar to Using Event Processing to Enable Enterprise Security

Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docx
karlhennesey
 
The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...
The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...
The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...
Nathaniel Palmer
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP
 

Similar to Using Event Processing to Enable Enterprise Security (20)

CEP and SOA: An Open Event-Driven Architecture for Risk Management
CEP and SOA: An Open Event-Driven Architecture for Risk ManagementCEP and SOA: An Open Event-Driven Architecture for Risk Management
CEP and SOA: An Open Event-Driven Architecture for Risk Management
 
Next-Generation IDS: A CEP Use Case in 10 Minutes
Next-Generation IDS: A CEP Use Case in 10 MinutesNext-Generation IDS: A CEP Use Case in 10 Minutes
Next-Generation IDS: A CEP Use Case in 10 Minutes
 
Detecting Opportunities and Threats with Complex Event Processing: Case St...
Detecting Opportunities and Threats with Complex Event Processing: Case St...Detecting Opportunities and Threats with Complex Event Processing: Case St...
Detecting Opportunities and Threats with Complex Event Processing: Case St...
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docx
 
Complex Event Processing (CEP) for Next-Generation Security Event Management,...
Complex Event Processing (CEP) for Next-Generation Security Event Management,...Complex Event Processing (CEP) for Next-Generation Security Event Management,...
Complex Event Processing (CEP) for Next-Generation Security Event Management,...
 
The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...
The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...
The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...
 
Integrating Physical And Logical Security
Integrating Physical And Logical SecurityIntegrating Physical And Logical Security
Integrating Physical And Logical Security
 
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
 
Presentation data security solutions certified ibm business partner for ibm...
Presentation data security solutions certified ibm business partner for ibm...Presentation data security solutions certified ibm business partner for ibm...
Presentation data security solutions certified ibm business partner for ibm...
 
Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence
 
Database development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwgDatabase development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwg
 
Processing Patterns for PredictiveBusiness
Processing Patterns for PredictiveBusinessProcessing Patterns for PredictiveBusiness
Processing Patterns for PredictiveBusiness
 
Microsoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsMicrosoft Avanced Threat Analytics
Microsoft Avanced Threat Analytics
 
Haystax: Actionable Intelligence Platform
Haystax: Actionable Intelligence PlatformHaystax: Actionable Intelligence Platform
Haystax: Actionable Intelligence Platform
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
 
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
 
Intellinx.z watch
Intellinx.z watchIntellinx.z watch
Intellinx.z watch
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur Vats
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 

More from Tim Bass

More from Tim Bass (11)

A High Level Blackboard Architecture for Cyber SA
A High Level Blackboard Architecture for Cyber SAA High Level Blackboard Architecture for Cyber SA
A High Level Blackboard Architecture for Cyber SA
 
A Journey Into Cyberspace
A Journey Into CyberspaceA Journey Into Cyberspace
A Journey Into Cyberspace
 
Event Driven Architecture (EDA), November 2, 2006
Event Driven Architecture (EDA), November 2, 2006Event Driven Architecture (EDA), November 2, 2006
Event Driven Architecture (EDA), November 2, 2006
 
Mythbusters: Event Stream Processing v. Complex Event Processing
Mythbusters: Event Stream Processing v. Complex Event ProcessingMythbusters: Event Stream Processing v. Complex Event Processing
Mythbusters: Event Stream Processing v. Complex Event Processing
 
Event Processing Technical Society Event Processing Reference Architecture W...
Event Processing Technical Society Event Processing Reference Architecture W...Event Processing Technical Society Event Processing Reference Architecture W...
Event Processing Technical Society Event Processing Reference Architecture W...
 
Leveraging Business Rules in TIBCO BusinessEvents
Leveraging Business Rules in TIBCO BusinessEventsLeveraging Business Rules in TIBCO BusinessEvents
Leveraging Business Rules in TIBCO BusinessEvents
 
Optimizing Your SOA with Event Processing
Optimizing Your SOA with Event ProcessingOptimizing Your SOA with Event Processing
Optimizing Your SOA with Event Processing
 
A Survey of Event Processing Languages (EPLs), October 7, 2006
A Survey of Event Processing Languages (EPLs), October 7, 2006A Survey of Event Processing Languages (EPLs), October 7, 2006
A Survey of Event Processing Languages (EPLs), October 7, 2006
 
CEP: Event-Decision Architecture for PredictiveBusiness, July 2006
CEP: Event-Decision Architecture for PredictiveBusiness, July 2006CEP: Event-Decision Architecture for PredictiveBusiness, July 2006
CEP: Event-Decision Architecture for PredictiveBusiness, July 2006
 
Using Event Processing to Enable Enterprise Security
Using Event Processing to Enable Enterprise SecurityUsing Event Processing to Enable Enterprise Security
Using Event Processing to Enable Enterprise Security
 
Adding Rules to Improve Flexibility and Effectively Manage Complex Events
Adding Rules to Improve Flexibility and Effectively Manage Complex EventsAdding Rules to Improve Flexibility and Effectively Manage Complex Events
Adding Rules to Improve Flexibility and Effectively Manage Complex Events
 

Recently uploaded

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Recently uploaded (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 

Using Event Processing to Enable Enterprise Security

  • 1. Using Event Processing to Enable Enterprise Security July 20, 2006 Tim Bass, CISSP Principal Global Architect Alan Lundberg Senior Product Marketing Manager TIBCO Software Inc.
  • 2.
  • 3.
  • 4. Background – the Current state of IDS “ Today over 70% of attacks against a company’s website or web application come at the ‘Application Layer’ not the Network or System layer.” - Gartner Group Most of Firewalls, IDS (Intrusion Detection System), IPS (Intrusion Prevention System) are act at the Network/System Layer, not at the “ Application Layer ”.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9. Classification of Intrusion Detection Systems Traditional View Before Data Fusion Approach to IDS Intrusion Detection Systems Agent Based Detection Approach Systems Protected Architecture Data Sources Analysis Timing Detection Actions HIDS NIDS Hybrid Audit Logs Net Traffic System Stats Real Time Data Mining Anomaly Detection Signature Detection Centralized Distributed Active Passive
  • 10. TIBCO’s Real-Time Agent-Based IDS Approach A Multisensor Data Fusion Approach to IDS Intrusion Detection Systems Detection Approach Systems Protected Architecture Data Sources Analysis Timing Detection Actions HIDS NIDS Hybrid Audit Logs Net Traffic System Stats Real Time Data Mining Anomaly Detection Signature Detection Centralized Distributed Active Passive Agent Based Next-Generation Fusion of IDS Sensor Functions
  • 11. Intrusion Detection and Data Fusion (2000) Next-Generation Intrusion Detection Systems Source: Bass, T., CACM, 2000
  • 13. Event-Decision Reference Architecture Next-Generation Functional Architecture for Intrusion Detection 24 EVENT PRE-PROCESSING EVENT SOURCES EXTERNAL . . . LEVEL ONE EVENT TRACKING Visualization, BAM, User Interaction Event-Decision Architecture DB MANAGEMENT Historical Data Profiles & Patterns DISTRIBUTED LOCAL EVENT SERVICES . . EVENT PROFILES . . DATA BASES . . OTHER DATA LEVEL TWO SITUATION DETECTION LEVEL THREE PREDICTIVE ANALYSIS LEVEL FOUR ADAPTIVE BPM
  • 14. Event-Decision High Level Architecture 22 Adapted from: Engelmore, R. S., Morgan, A.J., & and Nii, H. P., Blackboard Systems, 1988 & Luckham, D., The Power of Events, 2002 EVENT CLOUD (DISTRIBUTED DATA SET) KS KS KS KS KS KS KS KS KS KS KS KS KS KS
  • 15.
  • 16.
  • 17. Event-Driven Intrusion Detection Flexible SOA and Event-Driven Architecture
  • 18. Next-Gen Intrusion Detection System (NGIDS) High Level Event-Driven Architecture (EDA) – Early Phase JAVA MESSAGING SERVICE (JMS) DISTRIBUTED QUEUES (TIBCO EMS) HIGH PERFORMANCE RULES-ENGINE (TIBCO BE) HIGH PERFORMANCE RULES-ENGINE (TIBCO BE) HIGH PERFORMANCE RULES-ENGINE (TIBCO BE) HIGH PERFORMANCE RULES-ENGINE (TIBCO BE ) SENSOR NETWORK RULES NETWORK NIDS BW JMS LOGFILE JMS BW LOGFILE JMS BW LOGFILE JMS BW IDS JMS BW HIDS JMS BW SQL DB BW JMS ADB SQL DB BW JMS ADB MESSAGING NETWORK TIBCO PRODUCTS System System System System System System System System
  • 19.
  • 20.
  • 21. TIBCO’s Vision The Full Range of Business Integration Products and Services
  • 22.
  • 23. Questions and Answers Tim Bass, CISSP Principal Global Architect [email_address] Event Processing at TIBCO