1 Laconic Security, LLC 11001 West 120th Avenue, Suite 400 Broomfield, CO 80021 So, you wanna build a.

Slides:



Advertisements
Similar presentations
Keith McMillan Principal, Adept Technologies Copyright (C) 2008, Adept Technologies llc.
Advertisements

… with apologies to those who already know all this. Tips for Teaching On-Line How to Succeed With FRED Barriers to Student Learning in an On-Line Environment.
 A color queue management system. Customer Segments Large Health Institutions. Hospital chains, health organizations, management groups. Medical Clinics.
Business-Led IT & Central IT Scaffolding UCCSC August 4, 2014.
Which server is right for you? Get in Contact with us
Information Resources Management January 23, 2001.
Creating a Practical and Consumable SharePoint Governance Plan SPTechCon Boston August 12, 2013 Sue 1.
Project Planning and Management in E-Discovery DAVID A. ELLIS – MAYER BROWN BROWNING E. MAREAN – DLA PIPER.
Agile development By Sam Chamberlain. First a bit of history..
Using SharePoint Server 2007 for Site and Enterprise Search at Monsanto Company Vincent L. Arter, Jr. Project Lead Portals and Collaboration Monsanto.
Managing A Secure Infrastructure – Tales From the Trenches November 6, 2003.
Network System Architects, Inc. (NSAi) Capabilities Briefing
1 SYS366 Week 1 - Lecture 2 How Businesses Work. 2 Today How Businesses Work What is a System Types of Systems The Role of the Systems Analyst The Programmer/Analyst.
Health Informatics Series
Readiness Index – Is your application ready for Production? Jeff Tatelman SQuAD October 2008.
Load testing… Everything you want to know BEFORE you execute. Brent Bonnington Indiana Health Information Exchange I.H.I.E.
Corporate Efficiency Meeting Improving Your Business Processes Using SharePoint and Beyond.
PowerPoint Presentation by Charlie Cook Copyright © 2005 Prentice Hall, Inc. All rights reserved. Chapter 13 Information Technology for Business.
The Evergreen, Background, Methodology and IT Service Management Model
The University of Texas System Board of Regents NAPAHE Annual Meeting March 2012 O NLINE B OARD P ORTALS Tina Holloway.
Event Management
BTS730 Communications Management Chapter 10, Information Technology Management, 5ed.
1 Systems Analysis and Design in a Changing World, Fourth Edition.
(ISC)2 SecureLondon 2009, London, United Kingdom This information is not intended, and should not be construed, as an offer to sell, or as a solicitation.
Best of Breed / Best of Suite Jonathan Bartholomew Principal Consultant, Converged Communications Dimension Data Americas
Alcatel-Lucent CDC Workshop, Coaching & Knowledge Transfer Project Management.
Lori Smith Vice President Business Intelligence Universal Technical Institute Chosen by Industry. Ready to Work.™
Best Practices: Aligning Process, Culture and Tools Michael Jordan Senior Project Manager - Microsoft Consulting Services
When your world feels like a disconnected information relic… Someone has a bright idea that changes everything… When your world feels like a disconnected.
Project Workflow. How do you do it? -Discussion-
Database Systems – CRM DEFINITIONS CRM - Customer Relationship Management CRM usually refers to a strategic solution that helps businesses identify the.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Industry SDLCs and Business Climate. Justin Kalicharan Credentials Director and Senior Technology Officer Over 14 years of coding experience in various.
Cliquez et modifiez le titre Philippe GAUTREAU Souheil KARAM October 26th 2012 MONTREAL 1 Key Success Factors and Strategic Planning.
Event Management & ITIL V3
What is a Business Analyst? A Business Analyst is someone who works as a liaison among stakeholders in order to elicit, analyze, communicate and validate.
Sensitive Metric Collection and Reporting System Michael Aiello Hanning Gao Martin Goldberg Michael Sosonkin Jason Woloz.
1 Outsourcing and OffShoring January 2004 Sandy Senti.
Strong9 Consulting Services, LLC 1 PMI - SVC I-80 Breakfast Roundtable Monthly Meeting Thursday, October 12, :00 am – 9:00 am.
IT Job Roles & Responsibilities Shannon Ciriaco Unit 2:
1 ISA&D29-Oct ISA&D29-Oct-13 Systems Analyst: problem solver IT and Strategic Planning.
© 2011 Lantana Consulting Group, 1 Open Health Tools Membership Presentation July Lantana Consulting Group Transforming healthcare.
Microsoft Office Project 2003: Selling EPM in your Organization Matt Wilson Business Solutions Specialist LMR Solutions.
Build the Right Team 1 Organize for Success 2 Build Coalition with Business Partners 3 Maintain Flexibility 4 Key Success Factors KSF 1.1: Relentlessly.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
The Real Deal With SIM/SEM The Promise of Security Information / Event Management Scott Sidel Sr. Security Manager Computer Sciences Corp.
SOA IT Top 5 Critical Factors for Successful Test Automation.
Getting Started with Chatter Nina Jameson Senior Business Analyst, ISU-ITS (office)
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Why (or When) Agile Fails Creating high performance software delivery teams.
Overview of RUP Lunch and Learn. Overview of RUP © 2008 Cardinal Solutions Group 2 Welcome  Introductions  What is your experience with RUP  What is.
Unit 2 ICT Job Role. ICT manager An ICT Manager has to plan, organise, control and coordinate with everyone, and they would help to design ICT- related.
CS223: Software Engineering Lecture 18: The XP. Recap Introduction to Agile Methodology Customer centric approach Issues of Agile methodology Where to.
Cisco Consulting Services for Application-Centric Cloud Your Company Needs Fast IT Cisco Application-Centric Cloud Can Help.
6/13/2015 Visit the Sponsor tables to enter their end of day raffles. Turn in your completed Event Evaluation form at the end of the day in the Registration.
Managing with Imperfect Information 1 6/14/2016. Perfect Information 2 1 – Source is WikipediaWikipedia Perfect information refers to the situation in.
GroupRocket.net. Years back checking s in the morning was the first ever thing most of the professionals would start their day with. And with the.
GDT Automated Scheduling and Operations with C2O.
Security Management: Successes and Failures
CCNET Managed Services
BusinessObjects IN Cloud ……InfoSol’s story
Contents 1 Who are we 2 Requirements & Objectives 3 Obstacles 4
Overview UA has formed is forming a Security Operations Center (SOC) with Students supporting Tier 1 Activities. The SOC provides benefits to the University.
Think about your view of QA
Enterprise Resource Planning Systems
UDTSecure TM.
MSSP Security Orchestration Shopping List
OU BATTLECARD: Oracle Systems Learning Subscription
OU BATTLECARD: Oracle WebCenter Training
Presentation transcript:

1 Laconic Security, LLC West 120th Avenue, Suite 400 Broomfield, CO So, you wanna build a SIEM?

About Us Boulder based company specializing in SOC, security and data protection services. Founded 4 years ago as a professional services company We have built security operations centers for many industries (healthcare, retail, finance, telecommunications) Rigorous and systematic approach to building SOCs Soon to release our first software product (not a SIEM) 2

Agenda SEIM Defined Why Build a SEIM? $$$ Choosing the Right One It’s ALIVE! … Now What? Tips for Success 3

SIEM 101 Terminology and level-set 4

SIEM Defined Security Information and Event Management (SIEM) – AKA: SEM, SIM, SEIM A system to manage large amounts of security data – Aggregation, centralization, correlation, normalization SIEMs are typically appliances, software or both – SIEM architectures can even be mixed-vendor Help turn raw data into actionable information – Needle in the haystack Help people visualize data 5

What SIEMs Do Aggregate & normalize data to a central location Provide a “meta-language” for which to manage data Provide a graphical console view across all logging data Turn the lights on… 6 IDS Firewall AV Host Logs SIEM

What SIEMs Don’t Do 7

8 Provide what you want out of the box – High customization is best/worst feature Make you compliant (on their own) Run themselves – Much care and feeding required SIEMs don’t understand your business – people do

Why are you building a SIEM? Enterprise Security Driven – We want to “do the right thing” for our business – We need to get a better handle on our security logs Compliance Driven – We’ve been told by legal/PCI/FTC to… MSS Driven – We want to build a SOC to sell Managed Security Services to customers 9 Really Hard!

SOC or SIEM? Do you want a Security Operations Center (SOC) or SEIM? SOCs provide near real-time analysis of events - 8x5 or 24x7 – 4-5 people for an 8x5 – people for 24x7 A SIEM is present in a SOC, but SIEMs may satisfy your goal without SOC monitoring – Your goal may be to centralize logging. No need for a full-blown SOC. 10 Either way you slice it, SIEMs require operators

$$$$ SOCs and SIEMs are expensive! – Software licenses, analysts to monitor console, infrastructure upkeep There will be scope creep and therefore budget creep – People will love what you do for them Professional Services will be a requirement (one exception) – Bite the bullet now; you will be glad down the line – Bet on a 6-12 month engagement; 1-2 consultants (to go from nothing to a fully operational 24x7) Validate PS firm – What your methodology? How many have you built? In what industries? References? 11

Common Mistakes SIEMs will become shelfware if ignored No one dedicated to SIEM health – This is a full-time job Purchased to be a silver bullet No consulting time purchased No in-house expertise Under-estimate amount of work SIEMs actually require Project vs lifecycle mindset – SIEM is a lifecycle, just like security - not a project Waterfall approach to project management – Great SEIM implementations evolve – An agile team responds quickly and effectively to threats 12

13

How to Choose Understand your goals before talking with vendors Line up your requirements with vendor features Understand motives, hidden fees and exactly what you get – Maintenance fees, up-selling storage, total connections… Can you export your data to another system (if needed) Bake offs are valuable, but are time/resource heavy Check analyst reports (with caution) Talk to others using the product – Get references and follow up with them! Vendor POC 14

15 The sales presentation

16

18 What’s in the box…

Building Blocks Think of a SIEM as a box of Lego's or a bunch of electronic components – You can assemble these parts in endless configurations Need someone with a broad range of skills to assemble pieces – Understanding of SIEM capabilities and fundamentals – Training on how SIEM “meta language” functions – General security knowledge – Problem solving skills – Ability to move forward in a “good enough” mindset 19

20

It’s ALIVE! – now what? Who’s monitoring the console / infrastructure? When are hours of monitoring? What are you monitoring? Is it sensitive? Where are your consoles located? Is the room secured? Who’s writing SIEM content? What can you get from the logs you’re monitoring? – Use case development Who gets paged if there’s a problem?` How do you develop new content? Who’s testing new content for relevance? Who’s documenting everything? Where is your documentation? Is it backed up? 21

Viva la Wiki 22 Use a wiki – start a revolution Used properly, this is the single most helpful tool for SIEM users and SOC operators Expect a learning curve and time to adoption Don’t except imitators – MS Sharepoint is NOT a wiki A wiki will not solve every problem – Traditionally, wiki’s are not very good at document management

Use Cases The way we recommend documenting what you want to accomplish with the SIEM Comments first, then code – Just like an outline to a paper or book Provides a clear understanding of what you want and need to do with a SIEM 23

Anatomy of a Use Case occurs when is met resulting in which is remediated by 24 For example: DDOS Likely event occurs when Arbor fires 15 SYN alarms in 10 seconds resulting in a high- prority sent to the network team for remediation

25 Use Case - Visual Example

Training Program Ongoing training is essential for sustainability Analyst certification program in the wiki – All new-hires go through the program Presentation skills are required – Many times overlooked. Analyst must be able to communicate effectively to all levels from technical to executive management. A culture of learning – Brown bag lunch days, presentations Will be met with resistance, so be ready… 26

Tips for Success Show progress early and often Parade your wins – Everyone likes a parade Use a Wiki – start a revolution – Collaboration, process and procedure are key to longevity Have an internal analyst training program Remember: Garbage in-Garbage out – SIEM is only as good as the content you write for it Develop meaningful metrics – Know your audience Develop content around use cases Lead by example – Use the wiki, dig around in the SEIM, don’t be afraid to try new things 27

28 Fred Thiele Co-Founder, Laconic Security, LLC Laconic Security, LLC West 120th Avenue, Suite 400 Broomfield, CO

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.