Et kjapt overblikk over Adobe Lightroom basert på egne erfaringer de siste årene. Mostly in Norwegian, but the main points are hopefully understandable. If interest, I may translate the presentation into English.
This document provides an agenda and background information for a presentation on PostgreSQL. The agenda includes topics such as practical use of PostgreSQL, features, replication, and how to get started. The background section discusses the history and development of PostgreSQL, including its origins from INGRES and POSTGRES projects. It also introduces the PostgreSQL Global Development Team.
Et kjapt overblikk over Adobe Lightroom basert på egne erfaringer de siste årene. Mostly in Norwegian, but the main points are hopefully understandable. If interest, I may translate the presentation into English.
This document provides an agenda and background information for a presentation on PostgreSQL. The agenda includes topics such as practical use of PostgreSQL, features, replication, and how to get started. The background section discusses the history and development of PostgreSQL, including its origins from INGRES and POSTGRES projects. It also introduces the PostgreSQL Global Development Team.
2024 State of Marketing Report – by HubspotMarius Sescu
https://www.hubspot.com/state-of-marketing
· Scaling relationships and proving ROI
· Social media is the place for search, sales, and service
· Authentic influencer partnerships fuel brand growth
· The strongest connections happen via call, click, chat, and camera.
· Time saved with AI leads to more creative work
· Seeking: A single source of truth
· TLDR; Get on social, try AI, and align your systems.
· More human marketing, powered by robots
ChatGPT is a revolutionary addition to the world since its introduction in 2022. A big shift in the sector of information gathering and processing happened because of this chatbot. What is the story of ChatGPT? How is the bot responding to prompts and generating contents? Swipe through these slides prepared by Expeed Software, a web development company regarding the development and technical intricacies of ChatGPT!
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
The realm of product design is a constantly changing environment where technology and style intersect. Every year introduces fresh challenges and exciting trends that mold the future of this captivating art form. In this piece, we delve into the significant trends set to influence the look and functionality of product design in the year 2024.
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
Mental health has been in the news quite a bit lately. Dozens of U.S. states are currently suing Meta for contributing to the youth mental health crisis by inserting addictive features into their products, while the U.S. Surgeon General is touring the nation to bring awareness to the growing epidemic of loneliness and isolation. The country has endured periods of low national morale, such as in the 1970s when high inflation and the energy crisis worsened public sentiment following the Vietnam War. The current mood, however, feels different. Gallup recently reported that national mental health is at an all-time low, with few bright spots to lift spirits.
To better understand how Americans are feeling and their attitudes towards mental health in general, ThinkNow conducted a nationally representative quantitative survey of 1,500 respondents and found some interesting differences among ethnic, age and gender groups.
Technology
For example, 52% agree that technology and social media have a negative impact on mental health, but when broken out by race, 61% of Whites felt technology had a negative effect, and only 48% of Hispanics thought it did.
While technology has helped us keep in touch with friends and family in faraway places, it appears to have degraded our ability to connect in person. Staying connected online is a double-edged sword since the same news feed that brings us pictures of the grandkids and fluffy kittens also feeds us news about the wars in Israel and Ukraine, the dysfunction in Washington, the latest mass shooting and the climate crisis.
Hispanics may have a built-in defense against the isolation technology breeds, owing to their large, multigenerational households, strong social support systems, and tendency to use social media to stay connected with relatives abroad.
Age and Gender
When asked how individuals rate their mental health, men rate it higher than women by 11 percentage points, and Baby Boomers rank it highest at 83%, saying it’s good or excellent vs. 57% of Gen Z saying the same.
Gen Z spends the most amount of time on social media, so the notion that social media negatively affects mental health appears to be correlated. Unfortunately, Gen Z is also the generation that’s least comfortable discussing mental health concerns with healthcare professionals. Only 40% of them state they’re comfortable discussing their issues with a professional compared to 60% of Millennials and 65% of Boomers.
Race Affects Attitudes
As seen in previous research conducted by ThinkNow, Asian Americans lag other groups when it comes to awareness of mental health issues. Twenty-four percent of Asian Americans believe that having a mental health issue is a sign of weakness compared to the 16% average for all groups. Asians are also considerably less likely to be aware of mental health services in their communities (42% vs. 55%) and most likely to seek out information on social media (51% vs. 35%).
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
Creative operations teams expect increased AI use in 2024. Currently, over half of tasks are not AI-enabled, but this is expected to decrease in the coming year. ChatGPT is the most popular AI tool currently. Business leaders are more actively exploring AI benefits than individual contributors. Most respondents do not believe AI will impact workforce size in 2024. However, some inhibitions still exist around AI accuracy and lack of understanding. Creatives primarily want to use AI to save time on mundane tasks and boost productivity.
Organizational culture includes values, norms, systems, symbols, language, assumptions, beliefs, and habits that influence employee behaviors and how people interpret those behaviors. It is important because culture can help or hinder a company's success. Some key aspects of Netflix's culture that help it achieve results include hiring smartly so every position has stars, focusing on attitude over just aptitude, and having a strict policy against peacocks, whiners, and jerks.
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
PepsiCo provided a safe harbor statement noting that any forward-looking statements are based on currently available information and are subject to risks and uncertainties. It also provided information on non-GAAP measures and directing readers to its website for disclosure and reconciliation. The document then discussed PepsiCo's business overview, including that it is a global beverage and convenient food company with iconic brands, $91 billion in net revenue in 2023, and nearly $14 billion in core operating profit. It operates through a divisional structure with a focus on local consumers.
Content Methodology: A Best Practices Report (Webinar)contently
This document provides an overview of content methodology best practices. It defines content methodology as establishing objectives, KPIs, and a culture of continuous learning and iteration. An effective methodology focuses on connecting with audiences, creating optimal content, and optimizing processes. It also discusses why a methodology is needed due to the competitive landscape, proliferation of channels, and opportunities for improvement. Components of an effective methodology include defining objectives and KPIs, audience analysis, identifying opportunities, and evaluating resources. The document concludes with recommendations around creating a content plan, testing and optimizing content over 90 days.
How to Prepare For a Successful Job Search for 2024Albert Qian
The document provides guidance on preparing a job search for 2024. It discusses the state of the job market, focusing on growth in AI and healthcare but also continued layoffs. It recommends figuring out what you want to do by researching interests and skills, then conducting informational interviews. The job search should involve building a personal brand on LinkedIn, actively applying to jobs, tailoring resumes and interviews, maintaining job hunting as a habit, and continuing self-improvement. Once hired, the document advises setting new goals and keeping skills and networking active in case of future opportunities.
A report by thenetworkone and Kurio.
The contributing experts and agencies are (in an alphabetical order): Sylwia Rytel, Social Media Supervisor, 180heartbeats + JUNG v MATT (PL), Sharlene Jenner, Vice President - Director of Engagement Strategy, Abelson Taylor (USA), Alex Casanovas, Digital Director, Atrevia (ES), Dora Beilin, Senior Social Strategist, Barrett Hoffher (USA), Min Seo, Campaign Director, Brand New Agency (KR), Deshé M. Gully, Associate Strategist, Day One Agency (USA), Francesca Trevisan, Strategist, Different (IT), Trevor Crossman, CX and Digital Transformation Director; Olivia Hussey, Strategic Planner; Simi Srinarula, Social Media Manager, The Hallway (AUS), James Hebbert, Managing Director, Hylink (CN / UK), Mundy Álvarez, Planning Director; Pedro Rojas, Social Media Manager; Pancho González, CCO, Inbrax (CH), Oana Oprea, Head of Digital Planning, Jam Session Agency (RO), Amy Bottrill, Social Account Director, Launch (UK), Gaby Arriaga, Founder, Leonardo1452 (MX), Shantesh S Row, Creative Director, Liwa (UAE), Rajesh Mehta, Chief Strategy Officer; Dhruv Gaur, Digital Planning Lead; Leonie Mergulhao, Account Supervisor - Social Media & PR, Medulla (IN), Aurelija Plioplytė, Head of Digital & Social, Not Perfect (LI), Daiana Khaidargaliyeva, Account Manager, Osaka Labs (UK / USA), Stefanie Söhnchen, Vice President Digital, PIABO Communications (DE), Elisabeth Winiartati, Managing Consultant, Head of Global Integrated Communications; Lydia Aprina, Account Manager, Integrated Marketing and Communications; Nita Prabowo, Account Manager, Integrated Marketing and Communications; Okhi, Web Developer, PNTR Group (ID), Kei Obusan, Insights Director; Daffi Ranandi, Insights Manager, Radarr (SG), Gautam Reghunath, Co-founder & CEO, Talented (IN), Donagh Humphreys, Head of Social and Digital Innovation, THINKHOUSE (IRE), Sarah Yim, Strategy Director, Zulu Alpha Kilo (CA).
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
The search marketing landscape is evolving rapidly with new technologies, and professionals, like you, rely on innovative paid search strategies to meet changing demands.
It’s important that you’re ready to implement new strategies in 2024.
Check this out and learn the top trends in paid search advertising that are expected to gain traction, so you can drive higher ROI more efficiently in 2024.
You’ll learn:
- The latest trends in AI and automation, and what this means for an evolving paid search ecosystem.
- New developments in privacy and data regulation.
- Emerging ad formats that are expected to make an impact next year.
Watch Sreekant Lanka from iQuanti and Irina Klein from OneMain Financial as they dive into the future of paid search and explore the trends, strategies, and technologies that will shape the search marketing landscape.
If you’re looking to assess your paid search strategy and design an industry-aligned plan for 2024, then this webinar is for you.
5 Public speaking tips from TED - Visualized summarySpeakerHub
From their humble beginnings in 1984, TED has grown into the world’s most powerful amplifier for speakers and thought-leaders to share their ideas. They have over 2,400 filmed talks (not including the 30,000+ TEDx videos) freely available online, and have hosted over 17,500 events around the world.
With over one billion views in a year, it’s no wonder that so many speakers are looking to TED for ideas on how to share their message more effectively.
The article “5 Public-Speaking Tips TED Gives Its Speakers”, by Carmine Gallo for Forbes, gives speakers five practical ways to connect with their audience, and effectively share their ideas on stage.
Whether you are gearing up to get on a TED stage yourself, or just want to master the skills that so many of their speakers possess, these tips and quotes from Chris Anderson, the TED Talks Curator, will encourage you to make the most impactful impression on your audience.
See the full article and more summaries like this on SpeakerHub here: https://speakerhub.com/blog/5-presentation-tips-ted-gives-its-speakers
See the original article on Forbes here:
http://www.forbes.com/forbes/welcome/?toURL=http://www.forbes.com/sites/carminegallo/2016/05/06/5-public-speaking-tips-ted-gives-its-speakers/&refURL=&referrer=#5c07a8221d9b
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
Everyone is in agreement that ChatGPT (and other generative AI tools) will shape the future of work. Yet there is little consensus on exactly how, when, and to what extent this technology will change our world.
Businesses that extract maximum value from ChatGPT will use it as a collaborative tool for everything from brainstorming to technical maintenance.
For individuals, now is the time to pinpoint the skills the future professional will need to thrive in the AI age.
Check out this presentation to understand what ChatGPT is, how it will shape the future of work, and how you can prepare to take advantage.
The document provides career advice for getting into the tech field, including:
- Doing projects and internships in college to build a portfolio.
- Learning about different roles and technologies through industry research.
- Contributing to open source projects to build experience and network.
- Developing a personal brand through a website and social media presence.
- Networking through events, communities, and finding a mentor.
- Practicing interviews through mock interviews and whiteboarding coding questions.
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
1. Core updates from Google periodically change how its algorithms assess and rank websites and pages. This can impact rankings through shifts in user intent, site quality issues being caught up to, world events influencing queries, and overhauls to search like the E-A-T framework.
2. There are many possible user intents beyond just transactional, navigational and informational. Identifying intent shifts is important during core updates. Sites may need to optimize for new intents through different content types and sections.
3. Responding effectively to core updates requires analyzing "before and after" data to understand changes, identifying new intents or page types, and ensuring content matches appropriate intents across video, images, knowledge graphs and more.
A brief introduction to DataScience with explaining of the concepts, algorithms, machine learning, supervised and unsupervised learning, clustering, statistics, data preprocessing, real-world applications etc.
It's part of a Data Science Corner Campaign where I will be discussing the fundamentals of DataScience, AIML, Statistics etc.
Time Management & Productivity - Best PracticesVit Horky
Here's my presentation on by proven best practices how to manage your work time effectively and how to improve your productivity. It includes practical tips and how to use tools such as Slack, Google Apps, Hubspot, Google Calendar, Gmail and others.
The six step guide to practical project managementMindGenius
The six step guide to practical project management
If you think managing projects is too difficult, think again.
We’ve stripped back project management processes to the
basics – to make it quicker and easier, without sacrificing
the vital ingredients for success.
“If you’re looking for some real-world guidance, then The Six Step Guide to Practical Project Management will help.”
Dr Andrew Makar, Tactical Project Management
2024 State of Marketing Report – by HubspotMarius Sescu
https://www.hubspot.com/state-of-marketing
· Scaling relationships and proving ROI
· Social media is the place for search, sales, and service
· Authentic influencer partnerships fuel brand growth
· The strongest connections happen via call, click, chat, and camera.
· Time saved with AI leads to more creative work
· Seeking: A single source of truth
· TLDR; Get on social, try AI, and align your systems.
· More human marketing, powered by robots
ChatGPT is a revolutionary addition to the world since its introduction in 2022. A big shift in the sector of information gathering and processing happened because of this chatbot. What is the story of ChatGPT? How is the bot responding to prompts and generating contents? Swipe through these slides prepared by Expeed Software, a web development company regarding the development and technical intricacies of ChatGPT!
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
The realm of product design is a constantly changing environment where technology and style intersect. Every year introduces fresh challenges and exciting trends that mold the future of this captivating art form. In this piece, we delve into the significant trends set to influence the look and functionality of product design in the year 2024.
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
Mental health has been in the news quite a bit lately. Dozens of U.S. states are currently suing Meta for contributing to the youth mental health crisis by inserting addictive features into their products, while the U.S. Surgeon General is touring the nation to bring awareness to the growing epidemic of loneliness and isolation. The country has endured periods of low national morale, such as in the 1970s when high inflation and the energy crisis worsened public sentiment following the Vietnam War. The current mood, however, feels different. Gallup recently reported that national mental health is at an all-time low, with few bright spots to lift spirits.
To better understand how Americans are feeling and their attitudes towards mental health in general, ThinkNow conducted a nationally representative quantitative survey of 1,500 respondents and found some interesting differences among ethnic, age and gender groups.
Technology
For example, 52% agree that technology and social media have a negative impact on mental health, but when broken out by race, 61% of Whites felt technology had a negative effect, and only 48% of Hispanics thought it did.
While technology has helped us keep in touch with friends and family in faraway places, it appears to have degraded our ability to connect in person. Staying connected online is a double-edged sword since the same news feed that brings us pictures of the grandkids and fluffy kittens also feeds us news about the wars in Israel and Ukraine, the dysfunction in Washington, the latest mass shooting and the climate crisis.
Hispanics may have a built-in defense against the isolation technology breeds, owing to their large, multigenerational households, strong social support systems, and tendency to use social media to stay connected with relatives abroad.
Age and Gender
When asked how individuals rate their mental health, men rate it higher than women by 11 percentage points, and Baby Boomers rank it highest at 83%, saying it’s good or excellent vs. 57% of Gen Z saying the same.
Gen Z spends the most amount of time on social media, so the notion that social media negatively affects mental health appears to be correlated. Unfortunately, Gen Z is also the generation that’s least comfortable discussing mental health concerns with healthcare professionals. Only 40% of them state they’re comfortable discussing their issues with a professional compared to 60% of Millennials and 65% of Boomers.
Race Affects Attitudes
As seen in previous research conducted by ThinkNow, Asian Americans lag other groups when it comes to awareness of mental health issues. Twenty-four percent of Asian Americans believe that having a mental health issue is a sign of weakness compared to the 16% average for all groups. Asians are also considerably less likely to be aware of mental health services in their communities (42% vs. 55%) and most likely to seek out information on social media (51% vs. 35%).
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
Creative operations teams expect increased AI use in 2024. Currently, over half of tasks are not AI-enabled, but this is expected to decrease in the coming year. ChatGPT is the most popular AI tool currently. Business leaders are more actively exploring AI benefits than individual contributors. Most respondents do not believe AI will impact workforce size in 2024. However, some inhibitions still exist around AI accuracy and lack of understanding. Creatives primarily want to use AI to save time on mundane tasks and boost productivity.
Organizational culture includes values, norms, systems, symbols, language, assumptions, beliefs, and habits that influence employee behaviors and how people interpret those behaviors. It is important because culture can help or hinder a company's success. Some key aspects of Netflix's culture that help it achieve results include hiring smartly so every position has stars, focusing on attitude over just aptitude, and having a strict policy against peacocks, whiners, and jerks.
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
PepsiCo provided a safe harbor statement noting that any forward-looking statements are based on currently available information and are subject to risks and uncertainties. It also provided information on non-GAAP measures and directing readers to its website for disclosure and reconciliation. The document then discussed PepsiCo's business overview, including that it is a global beverage and convenient food company with iconic brands, $91 billion in net revenue in 2023, and nearly $14 billion in core operating profit. It operates through a divisional structure with a focus on local consumers.
Content Methodology: A Best Practices Report (Webinar)contently
This document provides an overview of content methodology best practices. It defines content methodology as establishing objectives, KPIs, and a culture of continuous learning and iteration. An effective methodology focuses on connecting with audiences, creating optimal content, and optimizing processes. It also discusses why a methodology is needed due to the competitive landscape, proliferation of channels, and opportunities for improvement. Components of an effective methodology include defining objectives and KPIs, audience analysis, identifying opportunities, and evaluating resources. The document concludes with recommendations around creating a content plan, testing and optimizing content over 90 days.
How to Prepare For a Successful Job Search for 2024Albert Qian
The document provides guidance on preparing a job search for 2024. It discusses the state of the job market, focusing on growth in AI and healthcare but also continued layoffs. It recommends figuring out what you want to do by researching interests and skills, then conducting informational interviews. The job search should involve building a personal brand on LinkedIn, actively applying to jobs, tailoring resumes and interviews, maintaining job hunting as a habit, and continuing self-improvement. Once hired, the document advises setting new goals and keeping skills and networking active in case of future opportunities.
A report by thenetworkone and Kurio.
The contributing experts and agencies are (in an alphabetical order): Sylwia Rytel, Social Media Supervisor, 180heartbeats + JUNG v MATT (PL), Sharlene Jenner, Vice President - Director of Engagement Strategy, Abelson Taylor (USA), Alex Casanovas, Digital Director, Atrevia (ES), Dora Beilin, Senior Social Strategist, Barrett Hoffher (USA), Min Seo, Campaign Director, Brand New Agency (KR), Deshé M. Gully, Associate Strategist, Day One Agency (USA), Francesca Trevisan, Strategist, Different (IT), Trevor Crossman, CX and Digital Transformation Director; Olivia Hussey, Strategic Planner; Simi Srinarula, Social Media Manager, The Hallway (AUS), James Hebbert, Managing Director, Hylink (CN / UK), Mundy Álvarez, Planning Director; Pedro Rojas, Social Media Manager; Pancho González, CCO, Inbrax (CH), Oana Oprea, Head of Digital Planning, Jam Session Agency (RO), Amy Bottrill, Social Account Director, Launch (UK), Gaby Arriaga, Founder, Leonardo1452 (MX), Shantesh S Row, Creative Director, Liwa (UAE), Rajesh Mehta, Chief Strategy Officer; Dhruv Gaur, Digital Planning Lead; Leonie Mergulhao, Account Supervisor - Social Media & PR, Medulla (IN), Aurelija Plioplytė, Head of Digital & Social, Not Perfect (LI), Daiana Khaidargaliyeva, Account Manager, Osaka Labs (UK / USA), Stefanie Söhnchen, Vice President Digital, PIABO Communications (DE), Elisabeth Winiartati, Managing Consultant, Head of Global Integrated Communications; Lydia Aprina, Account Manager, Integrated Marketing and Communications; Nita Prabowo, Account Manager, Integrated Marketing and Communications; Okhi, Web Developer, PNTR Group (ID), Kei Obusan, Insights Director; Daffi Ranandi, Insights Manager, Radarr (SG), Gautam Reghunath, Co-founder & CEO, Talented (IN), Donagh Humphreys, Head of Social and Digital Innovation, THINKHOUSE (IRE), Sarah Yim, Strategy Director, Zulu Alpha Kilo (CA).
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
The search marketing landscape is evolving rapidly with new technologies, and professionals, like you, rely on innovative paid search strategies to meet changing demands.
It’s important that you’re ready to implement new strategies in 2024.
Check this out and learn the top trends in paid search advertising that are expected to gain traction, so you can drive higher ROI more efficiently in 2024.
You’ll learn:
- The latest trends in AI and automation, and what this means for an evolving paid search ecosystem.
- New developments in privacy and data regulation.
- Emerging ad formats that are expected to make an impact next year.
Watch Sreekant Lanka from iQuanti and Irina Klein from OneMain Financial as they dive into the future of paid search and explore the trends, strategies, and technologies that will shape the search marketing landscape.
If you’re looking to assess your paid search strategy and design an industry-aligned plan for 2024, then this webinar is for you.
5 Public speaking tips from TED - Visualized summarySpeakerHub
From their humble beginnings in 1984, TED has grown into the world’s most powerful amplifier for speakers and thought-leaders to share their ideas. They have over 2,400 filmed talks (not including the 30,000+ TEDx videos) freely available online, and have hosted over 17,500 events around the world.
With over one billion views in a year, it’s no wonder that so many speakers are looking to TED for ideas on how to share their message more effectively.
The article “5 Public-Speaking Tips TED Gives Its Speakers”, by Carmine Gallo for Forbes, gives speakers five practical ways to connect with their audience, and effectively share their ideas on stage.
Whether you are gearing up to get on a TED stage yourself, or just want to master the skills that so many of their speakers possess, these tips and quotes from Chris Anderson, the TED Talks Curator, will encourage you to make the most impactful impression on your audience.
See the full article and more summaries like this on SpeakerHub here: https://speakerhub.com/blog/5-presentation-tips-ted-gives-its-speakers
See the original article on Forbes here:
http://www.forbes.com/forbes/welcome/?toURL=http://www.forbes.com/sites/carminegallo/2016/05/06/5-public-speaking-tips-ted-gives-its-speakers/&refURL=&referrer=#5c07a8221d9b
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
Everyone is in agreement that ChatGPT (and other generative AI tools) will shape the future of work. Yet there is little consensus on exactly how, when, and to what extent this technology will change our world.
Businesses that extract maximum value from ChatGPT will use it as a collaborative tool for everything from brainstorming to technical maintenance.
For individuals, now is the time to pinpoint the skills the future professional will need to thrive in the AI age.
Check out this presentation to understand what ChatGPT is, how it will shape the future of work, and how you can prepare to take advantage.
The document provides career advice for getting into the tech field, including:
- Doing projects and internships in college to build a portfolio.
- Learning about different roles and technologies through industry research.
- Contributing to open source projects to build experience and network.
- Developing a personal brand through a website and social media presence.
- Networking through events, communities, and finding a mentor.
- Practicing interviews through mock interviews and whiteboarding coding questions.
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
1. Core updates from Google periodically change how its algorithms assess and rank websites and pages. This can impact rankings through shifts in user intent, site quality issues being caught up to, world events influencing queries, and overhauls to search like the E-A-T framework.
2. There are many possible user intents beyond just transactional, navigational and informational. Identifying intent shifts is important during core updates. Sites may need to optimize for new intents through different content types and sections.
3. Responding effectively to core updates requires analyzing "before and after" data to understand changes, identifying new intents or page types, and ensuring content matches appropriate intents across video, images, knowledge graphs and more.
A brief introduction to DataScience with explaining of the concepts, algorithms, machine learning, supervised and unsupervised learning, clustering, statistics, data preprocessing, real-world applications etc.
It's part of a Data Science Corner Campaign where I will be discussing the fundamentals of DataScience, AIML, Statistics etc.
Time Management & Productivity - Best PracticesVit Horky
Here's my presentation on by proven best practices how to manage your work time effectively and how to improve your productivity. It includes practical tips and how to use tools such as Slack, Google Apps, Hubspot, Google Calendar, Gmail and others.
The six step guide to practical project managementMindGenius
The six step guide to practical project management
If you think managing projects is too difficult, think again.
We’ve stripped back project management processes to the
basics – to make it quicker and easier, without sacrificing
the vital ingredients for success.
“If you’re looking for some real-world guidance, then The Six Step Guide to Practical Project Management will help.”
Dr Andrew Makar, Tactical Project Management
2. Historisk perspektiv
Unix: find /var/log -mtime +7d -type f –exec rm {} ;
Windows:
“Logfiles: The Data Center’s Equivalent of Compost. Let’em Rot.” – Marcus J. Ranum
EDB Anvendt Logghåndtering
2
3. Motivasjon
• Oppdage uautoriserte • Datagrunnlag ifb.
handlinger og policybrudd hendelseshåndtering
• Trendanalyse & baselining • Fastslå årsakssammenhenger
• Gi oss ”situational • Bevissikring / forensics
awareness”
Deteksjon Reaksjon
Revisjon og
Refleksjon
compliance
• Hva skjer i systemene våre?
• Logger vi det vi burde logge?
• Hva er normalt og abnormalt? • Etterlevelse av interne og
• Loggene som telemetri mot eksterne krav (for eksempel
infrastrukturen vår 27001, PCI DSS, SOx mfl.)
• Fungerer sikringsmekanismene
som forventet?
EDB Anvendt Logghåndtering
3
4. Fra logg til forståelse
Mar 21 00:42:40 epia sshd[20318]: Invalid user a from 83.19.222.221
Mar
Mar
Mar
21
21
21
00:44:00
00:45:00
00:42:13
Who
epia /usr/sbin/cron[20342]: (operator) CMD (/usr/libexec/save-entropy)
epia /usr/sbin/cron[20362]: (root) CMD (/usr/libexec/atrun)
node2.lan ntp: Clock synchronized to network time server time.apple.com
Hvem gjorde
Mar 21 00:42:53 Airport-Express.lan Airport-Express 80211: Rotated CCMP group key.
Mar
Mar
Mar
Mar
21
21
21
21
00:50:00
00:53:33
01:00:00
01:00:00
What,
epia /usr/sbin/cron[24691]: (root) CMD (/usr/libexec/atrun)
did
MBP.lan mbp /usr/sbin/ocspd[28388]: starting
epia /usr/sbin/cron[36977]: (root) CMD (newsyslog)
epia /usr/sbin/cron[36978]: (operator) CMD (/usr/libexec/save-entropy)
Hva,
Mar 21 01:00:00 epia /usr/sbin/cron[36979]: (root) CMD (/usr/libexec/atrun)
Mar
Mar
Mar
21
21
21
01:01:52
01:01:56
09:56:54
When,
epia sudo: userA : TTY=ttyp0 ; PWD=/usr/local/www/data/wordpress
epia sudo: userA : TTY=ttyp0 ; PWD=/usr/local/www/data/wordpress
epia sshd[45971]: Did not receive identification string from 93.103.12.217
Hvor,
Mar 21 11:55:21 epia sshd[46447]: Did not receive identification string from 12.155.124.130
Mar 21 11:55:36 epia sshd[46450]: Invalid user fluffy from 202.155.124.130
Mar
Mar
Mar
21
21
21
11:55:40
11:55:44
11:55:46
Where
epia sshd[46452]: Invalid user admin from 202.155.124.130
epia sshd[46454]: Invalid user test from 202.155.124.130
epia sshd[46456]: Invalid user guest from 202.155.124.130
Hvortid,
Mar 21 11:55:49 epia sshd[46458]: Invalid user webmaster from 202.155.124.130
Mar
Mar
Mar
Mar
21
21
21
21
11:55:56
11:55:59
11:56:01
11:56:04
How
epia sshd[46463]: Invalid user oracle from 202.155.124.130
and
epia sshd[46465]: Invalid user library from 202.155.124.130
epia sshd[46467]: Invalid user info from 202.155.124.130
epia sshd[46469]: Invalid user shell from 202.155.124.130
Hvordan
Mar 21 11:56:08 epia sshd[46471]: Invalid user linux from 202.155.124.130
og ikke minst
Mar
Mar
Mar
21
21
21
11:56:11
11:56:14
11:56:23
and Why?
epia sshd[46473]: Invalid user unix from 202.155.124.130
epia sshd[46475]: Invalid user webadmin from 202.155.124.130
epia sshd[46478]: Invalid user ftp from 202.155.124.130
Hvorfor?
EDB Anvendt Logghåndtering
4
5. Fra data til handling …
Mar 21 11:55:44 minserver sshd[46454]: Invalid user test from 202.155.124.130
Tegn
Data
Informasjon
Kunnskap
Handling
“Information is data endowed with relevance and purpose.” – Peter Drucker
EDB Anvendt Logghåndtering
5
6. … som i praksis blir:
1. Tegn Mar 21 11:55:44 minserver sshd[46454]: Invalid user test from 202.155.124.130
2. Data token token token token token token token token token token
3. Informasjon måned dag tid node opphav ssh-hendelse med hva/hvem/hvorfra
Den 21. mars 11:55:44 forsøkte noen fra IP-adressen 202.155.124.130
4. Kunnskap
å logge på minserver med brukernavn test
1. Hvem er 202.155.124.130?
2. Har noen bak den adressen legitimt behov for å logge på minserver?
5. Handling 3. Er test en lovlig bruker på minserver?
4. Prøver noen å bryte seg inn på minserver?
5. Hvorfor får 202.155.124.130 i det hele tatt snakke med minserver?
EDB Anvendt Logghåndtering
6
7. Hva trenger vi?
Tema i NISTs Guide to Computer
Security Log Management (800-92):
EDB Anvendt Logghåndtering
7
8. Hovedingredienser
• Hva er forretningsmessig drivkraft?
• Hvem er ansvarlig for regimet?
• Hvilke faginstanser må involveres?
• Hvem er interessentene?
• Hvem er konsumentene?
• Deployment
• Forvaltning og operasjon
• Analyse (løpende/ad hoc)
• Hendelseshåndtering
• Loggkilder • Eskaleringsveier
• Logghåndteringsløsning • Bevissikring
• Lagring- og arkivering
• Systemintegrasjon
EDB Anvendt Logghåndtering
8
10. Loggkategorier
• Brannvegger, proxyer, routere og switcher
Nettverk •
•
•
IDS og Netflows
DNS og DHCP
VPN-løsninger
• Systemnære logger
Plattform • Unix syslog, Windows Eventlog, z/OS SMF
• Auditlogger
• Sikkerhetssystemer (AAA)
• Appliksjonsspesifikke logger
Applikasjon • Mellomvare
• Databaser
Forretning • Transaksjonslogger
Relativt enkle isolert sett, men hva om noen spør:
1. Hva har bruker XYZ gjort? (top-down)
2. Hva har skjedd i forbindelse med verdikjede ABC? (top-down)
3. Hva har angriper fra IP-adresse a.b.c.d gjort? (bottom-up)
EDB Anvendt Logghåndtering
10
11. Identifisering av loggkilder
• Windows Eventlog
Windows
Brukers PC domenekontroller
• Unix syslog
• Webserverlogg • Audit-trail
• Applikasjonslogg
• Auditlogg
Unix-
• Brannvegg (trafikk + audit) Oracle
server
• Windows Eventlog • Web- og e-mailgatewayer
• Browserhistorikk • DHCP- og DNS-logg
• VPN-logg • Netflows
• VPN-autentiseringslogg
• Logg fra ACF/2 eller RACF
15+ distinkte kilder for • Hendelser fra SMF
selv et forenklet scenario • Transaksjonslogg (forretning)
Mainframe
EDB Anvendt Logghåndtering
11
13. Hva bør logges?
2700x
Standard of Good Practice
BSI Guidelines for logging procedures
PCI DSS
•userIDs •start/stop times for key • System generation and •User identification
•dates, times and details of systems and processes modification of system •Type of event
key events, eg. logon and •successful sign-on by parameters •Date and time
logoff authorized users and failed •Configuration of users •Success or failure indication
•terminal identity or location if sign-on attempts •Preparing rights profiles •Origination of event
possible •error and exception •Implementation of data •Identify or name of affected
•records of successful and conditions backup measures data, system component or
rejected system access •access or changes to files or •Use of administration tools resource
attempts programs •Attempts at unauthorized
•records of successful and •access to privileged login and transgressions of
rejected data and other capabilities rights
resource access attempts •Input of data
•changes to system •Data transfer
configuration
•Use of automatic retrieval
•use of privileges procedures
•use of system utilities and •Deletion of data
applications
•Invocation of programs
•files accessed and the kind of
access
•network addresses and
protocols
•alarms raised by the access
contriol system
•activation and deactivation of
protection systems, such as
antivirus systems and
intrusion detection systems
Standard sikkerhetslogger fra de vanligste
plattformene gir oss bare dette i begrenset grad, og vi
EDB Anvendt Logghåndtering
må enten tilpasse loggingen, supplere eller resignere.
13
14. Konfigurering
1. Kartlegg hva de ulike loggkildene er i stand til å levere (default og
med aktiv konfigurering)
2. Definer en policy for den enkelte type loggkilde/-plattform
3. Gjør en vurdering av belastning og volum policyen vil medføre
EDB Anvendt Logghåndtering
14
15. Vasking av loggdata
Microsoft Security Monitoring and Attack Detection Planning Guide
Logger kan inneholde mye ”støy”
– Spesielt utunet
Kan redusere loggvolum med 95%+
“Artificial Ignorance.”
– Marcus J. Ranum
Kan filtreres på flere steder:
– Avleverende node (tweaking eller filter)
– Ved sentralt mottak
– Før last til database eller lignende
– Vasking internt i database
Kan være nødvendig å oppbevare
komplette logger ift. bevisføring
EDB Anvendt Logghåndtering
15
16. Resthendelser
Apr 15 02:39:15 statd[2468]:
attempt to create
"/var/statmon/sm/; echo "ingreslock
Kjent
stream tcp nowait root /bin/sh sh -
Kjente ”støy” i" >>/tmp/bob; /usr/sbin/inetd -s
hendelser /tmp/bob &"
Kjente • Hendelse for ca. ti år siden
hendelser
• Sårbarhet i Sun Solaris rpc.statd
• Lyttende root-shell på port 1524/tcp
• Fullstendig kompromittert maskin
• Logginnslaget ville sannsynligvis ikke
blitt fanget opp av loggrapportering
Resthendelser • (ikke driftet av EDB på dette tidspunktet)
EDB Anvendt Logghåndtering
16
17. Unknown Unknowns
As we know, there are known knowns.
There are things we know we know.
We also know there are known unknowns.
That is to say we know there are
some things we do not know.
But there are also unknown unknowns,
The ones we don't know we don't know.
— Donald Rumsfeld (2002)
EDB Anvendt Logghåndtering
17
18. Sikre sporbarhet
Hvert ledd i verdikjeden skal minst
kunne spore sine hendelser ett ledd
fram og ett ledd tilbake Database Admin
For å kunne sammenstille logger trenger
vi en eller flere av følgende:
– Korrekt tidsstempling SysB
SysA
– Identifikatorer:
– IP-adresse
Internett
– brukernavn
– kundenummer
– transaksjonsidentifikator
– eller lignende SysC
Telenett
Selv om «korrekt tid» er implementert,
bør det kunne dokumenteres at dette Forsøk på svindel
faktisk virker i tilfelle rettssak • Rettet angrep mot verdikjede via flere vektorer
Definér use case-scenarioer og verifiser
at disse er dekket av logghåndterings- • Ingen gode identifikatorer på tvers av verdikjedene
regimet. • Systemer mer eller mindre ute av tidssync
• Varierende grad av logging på plass
Sett krav til avleverende systemer • Mye manuell jobbing for å få fatt i relevante logger
EDB Anvendt Logghåndtering
18
19. Sikring av loggdata
Rask evakuering av logg Sikring av loggplattformen
– Batch versus nær sanntid
– Klassifiser logghåndterings-løsningen
– Kan ikke stole på logg fra
kompromitterte maskiner på nivå med høyest klassifiserte
avleverende system
Sikker transport – Om kunnskap er makt, hva er flere
– Signering terabyte med loggdata?
– Kryptering
– Sikkerhetspatching
– UDP versus TCP
– Buffering – Herding
– Tilgangskontroll
Generering av hasher av
loggmateriale med sikker
lagring
Hva kan så tvil om loggenes integritet?
Retensjon av logger
– Avhengig av behov (helst 3mnd+) Tenk som om du var motpartens
ekspertvitne i en eventuell rettssak!
EDB Anvendt Logghåndtering
19
20. Analyse av logger
Not everything that can be counted counts,
and not everything that counts can be counted.
– Albert Einstein
Everything counts (in large amounts).
– Depeche Mode
EDB Anvendt Logghåndtering
20
21. Data overflow
Ok, dette er en oppsummering…
Hvilken
boks var
nå dette
igjen?
EDB Anvendt Logghåndtering Whoa!
21
22. Paralysis by analysis
Deteksjon Reaksjon
Refleksjon Revisjon
EDB Anvendt Logghåndtering
22 Med unnskyldning til eventuelle CISAer i salen..
24. Manglende kontekst
• Hva betyr EventIDene?
• Er dette vellykkede eller mislykkede forsøk?
• Er volumene normale?
• Hvordan er trendutviklingen?
EDB Anvendt Logghåndtering
24
25. Rapporteringsformer
• Hvem har logget på minserver i dag?
Enkle • Hvor har brukerA logget på i dag?
• Hvilke mislykkede forsøk på sudo-bruk har vi i dag?
• Hvor mange malwarehendelser hadde vi siste måned?
Aggregerte • Hvor mange pålogginger forekommer om natten?
• Hvilke noder initierer kontakt med mer enn 10 noder?
Trender • Har det vært en økning i mislykkede pålogginger siste døgn?
• Har vi flere eller færre malwarehendelser nå ift. tidligere?
Anomalier • Har vi forekomster av samtidig bruk av en brukerident fra
flere maskiner?
EDB Anvendt Logghåndtering
25
26. Hvordan finne nålen?
Hvordan oppdager vi det ekstraordinære blant det ordinære?
– Filtrering (vasking) og gruppering hjelper oss til en viss grad
– Prefabrikerte rapporter og signaturer hjelper til en viss grad, men:
Vanskelig å uttømmende spesifiserende hva som er signifikant
Vi kan i tillegg benytte følgende for å gi oss bedre overblikk:
1. Informasjonsfusjon – berikelse av logghendelser med støtteinformasjon
2. Visualisering – øke båndbredden ut mot analytiker
EDB Anvendt Logghåndtering
26
27. Informasjonsfusjon
Logghendelse
Tradisjonell korrellering mappet
innbyrdes mellom logghendelser vha. IP-
1 stk adresser, brukernavn og lignende
Nyttig, men hva skjer om vi mapper mot
>2 teknisk støtteinformasjon fra eksterne
kilder?
– Brannveggregelsett, DHCP, malware-hendelser,
assetinformasjon, geomapping, brukere, MAC-
1 stk prefix, HR-system, routingtabell, sårbarhetsinfo
Støtteinformasjon
Målet er å gi kontekst til hendelsene
“Information fusion is an Information Process dealing with the:
[association, correlation, and combination of data and information] from
[single and multiple sensors or sources] to achieve
[refined estimates of parameters, characteristics, events, and behaviors] for
EDB Anvendt Logghåndtering
observed entities in an observed field of view."
27
28. Et praktisk eksempel
SNMP Trap: 2009-09-01 14:23:16 Virus W32.Virut.CF found on host 10.99.1.14
Kilde Supplerende informasjon
DHCP-logg 10.99.1.14 ble på tidspunktet (sannsynligvis) benyttet av klient63
DHCP scopedefinisjon 10.99.1.14 er del av 10.99.1.0/24 som er filialen i Mandal
Assetregister klient63 er en laptop som disponeres av brukerA (Ole Olsen, Mandal)
HR-system eller AD Ole Olsen disponerer telefon med nummer 5551 2345
Security Eventlog fra Viser pålogginger av brukerA i forkant av hendelsen fra 10.99.1.14
domenekontrollerne
SNMP Trap-log Viser ingen andre W32.Virut.CF-hendelser i nettet
SNMP Trap-log Viser ingen andre malwarehendelser i Mandal
Virusleverandører Direkte link til informasjonsside om W32.Virut.CF for vurdering av
kritikalitet, informasjon om modus operandi mv.
EDB Anvendt Logghåndtering
28
29. OODA-loopen
Hva skjer?
Utføre tiltak
Hva betyr det?
Må vi iverksette tiltak?
EDB Anvendt Logghåndtering
29 Kilde: John Boyd, USAF
30. Bruk av DHCP-logger
30,04/04/08 07:12:27 DNS Update Request 1.1.168.192,abc.xyz.lan,,
10,04/04/08 07:12:27 Assign 192.168.1.1,abc.xyz.lan,000D8894E4B3,
32,04/04/08 07:13:51 DNS Update Successful 192.168.1.1,abc.xyz.lan,,
00-0D-88 (hex) D-Link Corporation
http://standards.ieee.org/regauth/oui/oui.txt 000D88 (base 16) Hsinchu 30077 TAIWAN, REPUBLIC OF CHINA
”Jeg testet denne muligheten 4. april,
og benyttet den for oppgradering i går
8. april. Samme D-LINK AP2000+ ble
benyttet begge ganger, og AP’et var i
begge tilfeller konfigurert med WPA-
PSK. Var nok operativt totalt ca 1 time
ved begge anledninger.”
Obs! Husk at en angriper enkelt kan
overstyre/klone MAC-adressen Enkel identifisering
av VMware-instanser
EDB Anvendt Logghåndtering
30
31. Refleksjon
Argyris & Schön: Organizational learning: A theory of action perspective (1978)
Årsak Hendelse Konsekvens
"Single-loop" læring
"Double-loop" læring
I logghåndtering er det lett å bare fokusere hendelse→konsekvens og ikke årsak
Vi kan få ut mye mer verdi ved å også se på årsaksforholdene
EDB Anvendt Logghåndtering
31 Detect the expected ― Discover the unexpected
32. Brukeradministrasjon
2007-01-02 12:11:49 | Security | 624 | t | Account Management | EDB/E9999| EDBYYYADC001 ”Rå” hendelse
1 | User Account Created | {{"New Account Name",XX1597},{"New Domain",EDB},{"New Account
ID","{S-1-5-21-1617895038-2399380067-405634583-43577}"},{"Caller User Name",E9999},{"Caller fra Windows
Domain",EDB},{"Caller Logon ID","(0x0,0x28EF5D45)"},{"Privileges - Security Eventlog
",""},{Attributes:,""},{"Sam Account Name",XX1597},{"Display Name",“Ole Hansen"},{"User
Principal Name",XX1597@edb.local},{"Home Directory",//EDB-Users-Data-Server/EDB-
Users005$/XX1597},{"Home Drive",H:},{"Script Path",et},{"Profile Path",-},{"User
Workstations",-},{"Password Last Set",<never>},{"Account Expires",<never>},{"Primary Group
ID",513},{AllowedToDelegateTo,-},{"Old UAC Value",0x0},{"New UAC Value",0x15},{"User Account
Control",""},{"Account Disabled",""},{"Password Not Required - Enabled",""},{"Normal Account
- Enabled",""},{"User Parameters",-},{"Sid History",-},{"Logon Hours","<value changed, but
not displayed>"}}
time | account | creator | department Mappet mot avdeling
2 --------------------+---------------------+--------------------+-----------------
2007-01-04 11:21:40 | XX1597 (Ole Hansen) | E9999 (Kjell Olsen)| Operativ sikkerhet til utførende konto
3 Generering av rapport som viser brukeradministrative hendelser per avdeling.
Kan fullautomatiseres ved hjelp av uttrekk fra HR-system.
1. At en bruker blir opprettet er normalt
2. At brukeren som oppretter kommer fra en avdeling som har dette som oppgave er normalt
3. At en bruker utenfor disse avdelingene oppretter en bruker er et potensielt policybrudd
EDB Anvendt Logghåndtering
32
34. A periodic table of
visualization methods
Used by permission
EDB Anvendt Logghåndtering
34
35. Påloggingsforsøk
Hver celle gir drill-down-muligheter
EDB Anvendt Logghåndtering
35
36. Serverbelastning
• Visualisering lar oss dramatisk øke båndbredden ut mot analytiker.
• Heatmapet viser ~365 datapunkter, og sparklines over 8500 datapunkter
• Ved et øyekast kan vi gjøre oss opp en kvalifisert mening om belastningen på
aktuell server, og også fange opp naturlige variasjoner (helger osv).
EDB Anvendt Logghåndtering
36
37. Dataflyt mellom noder
“The simple fact that Alice telephones a known terrorist every
week is more important than the details of their conversation.”
EDB Anvendt Logghåndtering – Bruce Schneier, Secrets & Lies
37
38. Implementering
Veldig lett å ta utgangspunkt i: Hvorfor skal vi logge?
– Windows Security Eventlog
– Unix syslog Hva bør vi logge?
– Brannvegglogger
Hva kan vi logge?
Når har vi bruk for loggene?
Ta heller et steg tilbake
Hvem skal vi logge?
Hva har vi lov til å logge?
Implementering i tre steg:
1. Forberedende Hvor skal vi logge?
2. Valg og utforming av løsning
Hvordan skal vi logge?
3. Implementering og operasjonalisering
EDB Anvendt Logghåndtering
38
39. Implementering: Steg 1
Løpende
Clipart fra Todd Zazelenchuk & Elizabeth Boling
Hendelser
Etterforskning
EDB Anvendt Logghåndtering
39
42. Føringer
Pragmatisme Effekt
• Identifiser interessenter • Ta høyde for endret målbilde
• Sikre eierskap • Korte iterasjoner
(forretningsmessig, løsning, • Paretos 80/20-regel • Logghåndtering er ikke
avleverende miljø, brukere)
• Hyppige releaser
• Ikke gap over alt på én gang • Ikke mal inn i et hjørne målet
• Involver disse underveis
• Det finnes ikke dårlige produkter, • Få opp rapporter som gir
• Logghåndtering må integreres bare dårlige anskaffelsesprosesser effekt
• Tenk koordinerte/fødererte • Scenariebasert planlegging
løsninger fremfor one-size-fits all
Forankring Smidighet
“A good plan violently executed today is better than a perfect plan next week.” - General George Patton
EDB Anvendt Logghåndtering
42
43. Antipatterns
• Hoppe over initiell behovsanalyse og tydelig forretningsbehov
• Ikke utpeke tjenesteansvarlig
Forankring • Ikke ha oversikt over kostnadsbildet
• Å la compliance være den primære driveren for løsningen
• Vi har et Problem™, la oss kjøpe et Produkt™!
Produkt • Forventninger om en ”maskin som sier ping!” ved hendelser
• Urealistiske forventninger til hva en logghåndteringsløsning alene kan gi
• Ikke gjennomføre reell pilot
Innfasing • Ikke gjennomføre tilstrekkelig testing av nødvendig systemintegrasjon
• Ikke allokere tilstrekkelig ressurser til implementering og løpende drift
• Ikke identifisere tilgjengelige loggkilder
• Ikke definere use cases for logganvendelse
Anvendelse • Bli for fokusert på hendelse → konsekvens, og dropper årsak
• Slavisk rapportering; ingen trening på bruk av logginformasjonen
EDB Anvendt Logghåndtering
43
45. Et praktisk eksempel
Jun 5 12:55:44.359: %SEC-6-IPACCESSLOGP: list logacl permitted tcp 192.168.16.1(38402) -> 192.168.16.2(23), 1 packet
• Ormehendelse for flere år siden
• Hvordan identifisere infiserte noder?
• Etablerte ACLer på routere
• Logging via syslog mot Unix-node
Liste • Script aggregerte hendelsene i
~sanntid
• Vasking av legitime noder
over • Varsling via SMS
• Netflow kunne også blitt benyttet
hostnavn
og Under 50
linjer Perl
IP-adresser
(grønt tall =
node sjekket ut)
EDB Anvendt Logghåndtering
45
46. The Gartner Magic Quadrant for Security
Information and Event Management (SIEM): 2006-2009
Leverandører:
• CA
• Cisco
• IBM
• Novell
• RSA / EMC
• Symantec
• ArcSight
• Consul (kjøpt av IBM 2006-12)
• eIQnetworks (etablert 2001)
• ExaProtect (kjøpt av LogLogic 2009)
• High Tower (nedlagt 2008)
• Intellitactics
• LogLogic (etablert 2002)
• LogRhytm (etablert 2003)
• netForensics (etablert 1999)
• Network Intelligence (kjøpt av EMC 2006)
• NetIQ (etablert ~1995)
• NitroSecurity (etablert 1999)
• OpenService (etablert ~2002)
• Prism Microsystems (etablert 1999)
• Q1 Labs (etablert 2001)
• Quest Software (etablert 1987)
• SenSage (etablert 2000)
• Tenable Network Security (etablert 2002)
• TriGeo (etablert 2001)
EDB Anvendt Logghåndtering
46
Used by kind permission of
47. Oppsummering
• Det er en utfordring å få nyttiggjort sikkerhetsdata,
men har vi råd til å la være?
• Ved å studere våre systemer nærmere i fredstid
står vi bedre rustet til å håndtere hendelser
• Loggene kan få mye større verdi med berikelse
• Visualisering er kult! Og iblant også nyttig…
• Det finnes ingen fasit!
EDB Anvendt Logghåndtering
47
48. Spørsmål?
En del brutale generaliseringer og
grove overforenklinger er begått
Momenter som bevisst er utelatt:
– Juridiske aspekter ved overvåkning
– Log↔LMI↔ SEM↔SIM↔SIEM
– Plattformspesifikke forhold
– Spesifikke kommersielle løsninger
“Some problems are so complex that you have to
be highly intelligent and well informed just to be
undecided about them. – Laurence Peter
oddbjorn.steffensen@edb.com
oddbjorn@tricknology.org
EDB Anvendt Logghåndtering
48
49.
50. Noen relevante ressurser
Bøker og publikasjoner Websteder
– Audit and Trace Log Management, Phillip Maier – http://www.loganalysis.org/
– Security Log Management, Jacob Babbin – http://www.rumint.org/gregconti/
– ISF: Security/Event Working Group Final Report – http://www.raffy.ch/
– NIST 800-92: Guide to Computer Security Log – http://secviz.org/
Management – http://www.securityforum.org/
Konferanser – http://www.securitymetrics.org/
– Usenix Workshop on the Analysis of System Logs – http://www.isif.org/
– SANS WhatWorks Log Management & Analysis – http://manyeyes.alphaworks.ibm.com/
– CERT FloCon – http://www.graphviz.org/
– http://www.visual-literacy.org/
– http://www.edwardtufte.com/
– http://www.cert.org/flocon/
– http://tools.netsa.cert.org/
– http://www.caida.org/
– http://cee.mitre.org/
EDB Anvendt Logghåndtering
50