nren siem deployment project - bcnet · 2018. 5. 2. · cybera jill kowalchuk, nren coordination...
Post on 08-Oct-2020
0 Views
Preview:
TRANSCRIPT
Conference 2018Conference 2018
NREN SIEM Deployment Project
Speakers: Alex Dow, Barb Carra, Jill Kowalchuk, Todd Williams and Ivor MacKay
Conference 2018
Speakers
Alex Dow, ConsultantMirai Security
Barb Carra, Chief Operating OfficerCybera
Jill Kowalchuk, NREN Coordination ManagerCANARIE Inc.
Todd Williams, Executive Director ACORN
Ivor MacKay, Manager, Information TechnologyBCNET
2
Conference 2018
Agenda
6
1. Background and terminology a. What is SIEM (Security Information and Event
Management). Why is it important to cybersecurity? b. What is the NREN?
2. NREN SIEM Deployment Projecta. Background on how the project came about;
i. why the NREN is interested in security; ii. why the SIEM project was chosen.
b. Description of the first phase of the project;c. Description of second phase;d. Future considerations;
Conference 2018
Agenda cont’d
3
3. How is Cybera approaching the SIEM Project?
4. How is ACORN-NS approaching the SIEM project?
5. How is BCNET approaching the SIEM project?
6. Q&A
7. Workshop On SIEMThursday 9:00 am
Conference 2018
Background and TerminologyWhat is SIEM (Security Information and Event Management) why is it important to cybersecurity?
5
DataSources Analytics Consumption
Indexing
Collection
Security Analyst
Normalization&Enrichment
TransportODBC
File
WMI/SMB
Syslog
API Caching,encryption,compression,bandwidthmanagement
Asset/NetworkModels,DNS,GeoIP,VulnDatabase,etc
canarie.ca | @canarie_inc
NREN SIEM Deployment ProjectJillKowalchuk,NRENCoordinationManager| BCNETConference| April24,2018
canarie.ca | @canarie_inc 7
TheNRENconnectsCanada’sresearch,education,andinnovation
communitiesviaultrahigh-speed(upto100G)networks.
canarie.ca | @canarie_inc 8
The NREN makes access to global research instruments and vast data stores seamless so that distance is irrelevant.
• 30MeterTelescope• LargeHadronCollider• CanadianLightSource
• GenomicsDatabases• Neptune2.0• Worldwidesensor
networks
canarie.ca | @canarie_inc 9
How does the NREN operate?Governedandmanagedby:NRENGovernanceCommittee
(presidentsoftheprovincialandterritorialnetworksandofthefederalpartner,CANARIE)
Initiativesguidedby:NRENStrategicPlan(priorityprojectsthatevolvetheNRENandmaximizeitsvalueforstakeholders)
canarie.ca | @canarie_inc 10
NREN Security
canarie.ca | @canarie_inc 11
Security Information and Event Management (SIEM) Deployment Project
People Process
Technology
canarie.ca | @canarie_inc 12
SIEM Deployment Project
NREN Internet
RAN(s)Infrastructure
End-UserInstitutions
RANMember(s)
RAN(s)Network
SIEMLogCollectors
SIEMConsole
SIEMOperationalSIEM
SIEMAdmin
ITSecuritySkills&Training
MonitoredLogs
Alarms
ITSecurityEventResponse
canarie.ca | @canarie_inc 13
SIEM Deployment Project & Institutions
NREN Internet
RAN(s)Infrastructure
End-UserInstitutions
RANMember(s)
RAN(s)Network
SIEMLogCollectors
SIEMConsole
SIEMOperationalSIEM
SIEMAdmin
ITSecuritySkills&Training
MonitoredLogs
Alarms
ITSecurityEventResponse
MonitoredLogs
canarie.ca | @canarie_inc 14
Future Considerations
Imagesource:https://gbhackers.com
canarie.ca | @canarie_inc
Conference 2018
The Other Regional Network Approaches
3
§ How is Cybera approaching the SIEM Project?
§ How is ACORN-NS approaching the SIEM project?
§ How is BCNET approaching the SIEM project?
Conference 2018
Q & A
Conference 2018
Workshop On SIEMThursday 9:00 am
top related