Presentation is loading. Please wait.

Presentation is loading. Please wait.

Next-Generation IDS: A CEP Use Case in 10 Minutes 3rd Draft – November 8, 2006 2nd Event Processing Symposium Redwood Shores, California Tim Bass, CISSP.

Published byMiranda Greer Modified over 8 years ago

Similar presentations

Presentation on theme: "Next-Generation IDS: A CEP Use Case in 10 Minutes 3rd Draft – November 8, 2006 2nd Event Processing Symposium Redwood Shores, California Tim Bass, CISSP."— Presentation transcript:

1 Next-Generation IDS: A CEP Use Case in 10 Minutes 3rd Draft – November 8, 2006 2nd Event Processing Symposium Redwood Shores, California Tim Bass, CISSP Principal Global Architect, Director TIBCO Software Inc.

2 © 2006 TIBCO Software Inc. All Rights Reserved. Confidential and Proprietary. 2 Our Agenda  The Problem  The Approach  Conclusions  Appendix: The Format of the Case Study

3 © 2006 TIBCO Software Inc. All Rights Reserved. Confidential and Proprietary. 3 The Problem What business problem motivated the development of an event processing solution? Intrusion Detection Systems Agent Based Detection Approach Systems Protected Architecture Data Sources Analysis Timing Detection Actions HIDSNIDSHybrid Audit Logs Net Traffic System Stats Real Time Data Mining Anomaly Detection Signature Detection CentralizedDistributedActivePassive

4 © 2006 TIBCO Software Inc. All Rights Reserved. Confidential and Proprietary. 4 Rapidly detect intrusions with a low false alarm rate and a high intrusion detection rate… The Problem What were the overall design goals the approach? (Illustrative Purposes Only)

5 © 2006 TIBCO Software Inc. All Rights Reserved. Confidential and Proprietary. 5 The Approach Summarize the overall design of the solution. Source: Bass, T., CACM, 2000

6 © 2006 TIBCO Software Inc. All Rights Reserved. Confidential and Proprietary. 6 The Approach Summarize the overall design of the solution. Intrusion Detection Systems Detection Approach Systems Protected Architecture Data Sources Analysis Timing Detection Actions HIDSNIDSHybrid Audit Logs Net Traffic System Stats Real Time Data Mining Anomaly Detection Signature Detection CentralizedDistributedActivePassive Agent Based Next-Generation Fusion of IDS Sensor Functions

7 © 2006 TIBCO Software Inc. All Rights Reserved. Confidential and Proprietary. 7 The Approach Summarize the overall design of the solution. 24 EVENT PRE- PROCESSING EVENT SOURCES EXTERNAL... LEVEL ONE EVENT TRACKING Visualization, BAM, User Interaction Event-Decision Architecture DB MANAGEMENT Historical Data Profiles & Patterns DISTRIBUTED LOCAL EVENT SERVICES. EVENT PROFILES. DATA BASES. OTHER DATA LEVEL TWO SITUATION DETECTION LEVEL THREE PREDICTIVE ANALYSIS LEVEL FOUR ADAPTIVE BPM

8 © 2006 TIBCO Software Inc. All Rights Reserved. Confidential and Proprietary. 8 The Approach Summarize the overall design of the solution. Flexible SOA and Event-Driven Architecture

9 © 2006 TIBCO Software Inc. All Rights Reserved. Confidential and Proprietary. 9 The Approach - Phase I Event Sources and Commercial Products JAVA MESSAGING SERVICE (JMS) DISTRIBUTED QUEUES (TIBCO EMS) HIGH PERFORMANCE RULES-ENGINE (TIBCO BE) HIGH PERFORMANCE RULES-ENGINE (TIBCO BE) HIGH PERFORMANCE RULES-ENGINE (TIBCO BE) HIGH PERFORMANCE RULES-ENGINE (TIBCO BE) SENSOR NETWORK RULES NETWORK NIDSBWJMS LOGFILEJMSBW LOGFILEJMSBW LOGFILEJMSBW IDSJMSBW HIDSJMSBW SQL DBBWJMSADB SQL DBBWJMSADB MESSAGING NETWORK TIBCO PRODUCTS SOURCE

10 © 2006 TIBCO Software Inc. All Rights Reserved. Confidential and Proprietary. 10 The Approach Event Sources and Commercial Products  Fusion of IDS information from across client event sources including:  Log files  Existing client IDS (host and network based) devices  Network traffic monitors (as required)  Host statistics (as required)  Secure, standards-based JAVA Messaging Service (JMS) for messaging:  Events parsed into JMS Application Properties  SSL transport for JMS messages  TIBCO technology for next-generation detection, prediction, rule-based intrusion response, and adaptive control  TIBCO Business Works™ as required, to transform, map or cleanse data  TIBCO BusinessEvents™ for rule-based IDS analytics  TIBCO Active Database Adapter as required

11 © 2006 TIBCO Software Inc. All Rights Reserved. Confidential and Proprietary. 11 Conclusions & Lesson Learned What Other Features Would Have Helped.  Future Extension of IDS to rules-based access control  Integration of IDS with access control  TIBCO BusinessEvents™ for rule-based access control  Future Extension of IDS and access control to incident response  Event-triggered work flow  TIBCO iProcess™ BPM for incident response  TIBCO iProcess™ BPM security entitlement work flow  TIBCO BusinessEvents™ for rule-based access control  Future Extensions for other risk and compliance requirements  Basel II, SOX, and JSOX - for example  Future Extensions for IT management requirements  Monitoring and fault management, service management, ITIL

12 Thank You! Tim Bass, CISSP Principal Global Architect, Director tbass@tibco.com Event Processing at TIBCO

13 © 2006 TIBCO Software Inc. All Rights Reserved. Confidential and Proprietary. 13 The Case Study Format 1.The Problem  What business problem motivated the development of an event processing solution? (What is the purpose of the application)? 2.The Approach  Summarize the overall design of the solution.  Event sources: What types of events are used (e.g., time-ordered event streams? other?)? How many event types are involved?  What are the sources of the events?  Event processing: What types of filtering, correlation and aggregation are performed? What event processing style, event processing language and types of rules are used?  Responses: How are the results of event processing applied? Is an action or business process triggered? Are people notified? Is a dashboard or other business activity monitoring (BAM) alert distribution channel used?  What commercial software tools were applied to each stage? 3.Results, Costs and Benefits  (this section is optional and may be skipped if there is not enough time) 4.Conclusions  Would different software tools have helped? What other features would have helped?  What were the lessons learned? (What advice would you give to someone undertaking a similar project?)

Download ppt "Next-Generation IDS: A CEP Use Case in 10 Minutes 3rd Draft – November 8, 2006 2nd Event Processing Symposium Redwood Shores, California Tim Bass, CISSP."

Similar presentations

BalaBit Shell Control Box

BalaBit Shell Control Box
Defining a Pragmatic and Practical SOA Focused Enterprise Architecture

Defining a Pragmatic and Practical SOA Focused Enterprise Architecture
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Copyright © 2012, SAS Institute Inc. All rights reserved. Cyber Security threats to Open Government Data Vishal Marria April 2014.

Copyright © 2012, SAS Institute Inc. All rights reserved. Cyber Security threats to Open Government Data Vishal Marria April 2014.
XProtect® Expert 2013 Product presentation

XProtect® Expert 2013 Product presentation
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
Data Mining and Intrusion Detection

Data Mining and Intrusion Detection
Oracle Advanced Queuing Features Overview

Oracle Advanced Queuing Features Overview
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
DATA WAREHOUSING.

DATA WAREHOUSING.
Dunja Mladenić Marko Grobelnik Jožef Stefan Institute, Slovenia.

Dunja Mladenić Marko Grobelnik Jožef Stefan Institute, Slovenia.
A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.

A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.
HOL9396: Oracle Event Processing 12c

HOL9396: Oracle Event Processing 12c
OEP BOF9272 SOA Event Delivery Network

OEP BOF9272 SOA Event Delivery Network
seminar on Intrusion detection system

seminar on Intrusion detection system
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
Intrusion Detection System Marmagna Desai [ 520 Presentation]

Intrusion Detection System Marmagna Desai [ 520 Presentation]
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
® IBM Software Group © IBM Corporation IBM Information Server Service Oriented Architecture WebSphere Information Services Director (WISD)

® IBM Software Group © IBM Corporation IBM Information Server Service Oriented Architecture WebSphere Information Services Director (WISD)

Similar presentations

Ads by Google