Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Network Security Monitoring <ul><ul><li>Thai N. Duong – Dương Ngọc Thái </li></ul></ul><ul><ul><li>[email_address] </li></...
Agenda – Nội dung <ul><li>NSM Theory – Giám sát an ninh mạng </li></ul><ul><li>NSM Practice </li></ul><ul><li>Q & A – Hỏi ...
About me – Tự giới thiệu
 
What is going on? Chuyện gì đang diễn ra?
Firewall, Anti-Virus, IDS, IPS, ISO 27001, etc.
Why still be attacked after deploying all these expensive controls?
We need skilled security analysts! Chúng ta cần các chuyên gia lành nghề!
Smart +  Unpredictable   +  Highly motivated Thông minh +  Khó lường   +  Động lực cao
We need to collect data as much as possible! Chúng ta cần thu thập dữ liệu càng nhiều càng tốt!
(Products) Collection ->  (People)   Analysis   ->  (Processes)   Escalation Thu thập ->  Phân tích ->   Leo thang
Some experiences <ul><li>Technology: syslog-ng + Splunk </li></ul><ul><li>Most important: analyzing huge data fast! </li><...
ROI <ul><li>Zero unsolved incident so far! </li></ul><ul><li>Help detect and prevent 50% of incidents </li></ul>
What's next? <ul><li>Security metrics: turn security into something that can be measured  </li></ul>
Summary <ul><li>Collect data as much as possible </li></ul><ul><li>Products and Processes are not enough, we need Skilled ...
Thank You ;-) Question?
Upcoming SlideShare
Loading in …5
×

Network Security Monitoring or How to mitigate a DDoS attack in 20'

31,835 views

Published on

1. A brieft introduction to network security monitoring concept

2. Some experience in deploying NSM

3. A case study: how to use NSM to mitigate a DDoS attack in 20'

Published in: Technology

Network Security Monitoring or How to mitigate a DDoS attack in 20'

  1. 1. Network Security Monitoring <ul><ul><li>Thai N. Duong – Dương Ngọc Thái </li></ul></ul><ul><ul><li>[email_address] </li></ul></ul><ul><ul><li>http://vnhacker.blogspot.co m </li></ul></ul>
  2. 2. Agenda – Nội dung <ul><li>NSM Theory – Giám sát an ninh mạng </li></ul><ul><li>NSM Practice </li></ul><ul><li>Q & A – Hỏi đáp </li></ul>
  3. 3. About me – Tự giới thiệu
  4. 5. What is going on? Chuyện gì đang diễn ra?
  5. 6. Firewall, Anti-Virus, IDS, IPS, ISO 27001, etc.
  6. 7. Why still be attacked after deploying all these expensive controls?
  7. 8. We need skilled security analysts! Chúng ta cần các chuyên gia lành nghề!
  8. 9. Smart + Unpredictable + Highly motivated Thông minh + Khó lường + Động lực cao
  9. 10. We need to collect data as much as possible! Chúng ta cần thu thập dữ liệu càng nhiều càng tốt!
  10. 11. (Products) Collection -> (People) Analysis -> (Processes) Escalation Thu thập -> Phân tích -> Leo thang
  11. 12. Some experiences <ul><li>Technology: syslog-ng + Splunk </li></ul><ul><li>Most important: analyzing huge data fast! </li></ul><ul><li>Alternatives: Hadoop + Scribe + Hive </li></ul>
  12. 13. ROI <ul><li>Zero unsolved incident so far! </li></ul><ul><li>Help detect and prevent 50% of incidents </li></ul>
  13. 14. What's next? <ul><li>Security metrics: turn security into something that can be measured </li></ul>
  14. 15. Summary <ul><li>Collect data as much as possible </li></ul><ul><li>Products and Processes are not enough, we need Skilled Analysts to perform 24/7 monitoring </li></ul>
  15. 16. Thank You ;-) Question?

×