Conference 2018Conference 2018

NREN SIEM Deployment Project

Speakers: Alex Dow, Barb Carra, Jill Kowalchuk, Todd Williams and Ivor MacKay

Conference 2018

Speakers

Alex Dow, ConsultantMirai Security

Barb Carra, Chief Operating OfficerCybera

Jill Kowalchuk, NREN Coordination ManagerCANARIE Inc.

Todd Williams, Executive Director ACORN

Ivor MacKay, Manager, Information TechnologyBCNET

2

Conference 2018

Agenda

6

1. Background and terminology a. What is SIEM (Security Information and Event

Management). Why is it important to cybersecurity? b. What is the NREN?

2. NREN SIEM Deployment Projecta. Background on how the project came about;

i. why the NREN is interested in security; ii. why the SIEM project was chosen.

b. Description of the first phase of the project;c. Description of second phase;d. Future considerations;

Conference 2018

Agenda cont’d

3

3. How is Cybera approaching the SIEM Project?

4. How is ACORN-NS approaching the SIEM project?

5. How is BCNET approaching the SIEM project?

6. Q&A

7. Workshop On SIEMThursday 9:00 am

Conference 2018

Background and TerminologyWhat is SIEM (Security Information and Event Management) why is it important to cybersecurity?

5

DataSources Analytics Consumption

Indexing

Collection

Security Analyst

Normalization&Enrichment

TransportODBC

File

WMI/SMB

Syslog

API Caching,encryption,compression,bandwidthmanagement

Asset/NetworkModels,DNS,GeoIP,VulnDatabase,etc

canarie.ca | @canarie_inc

NREN SIEM Deployment ProjectJillKowalchuk,NRENCoordinationManager| BCNETConference| April24,2018

canarie.ca | @canarie_inc 7

TheNRENconnectsCanada’sresearch,education,andinnovation

communitiesviaultrahigh-speed(upto100G)networks.

canarie.ca | @canarie_inc 8

The NREN makes access to global research instruments and vast data stores seamless so that distance is irrelevant.

• 30MeterTelescope• LargeHadronCollider• CanadianLightSource

• GenomicsDatabases• Neptune2.0• Worldwidesensor

networks

canarie.ca | @canarie_inc 9

How does the NREN operate?Governedandmanagedby:NRENGovernanceCommittee

(presidentsoftheprovincialandterritorialnetworksandofthefederalpartner,CANARIE)

Initiativesguidedby:NRENStrategicPlan(priorityprojectsthatevolvetheNRENandmaximizeitsvalueforstakeholders)

canarie.ca | @canarie_inc 10

NREN Security

canarie.ca | @canarie_inc 11

Security Information and Event Management (SIEM) Deployment Project

People Process

Technology

canarie.ca | @canarie_inc 12

SIEM Deployment Project

NREN Internet

RAN(s)Infrastructure

End-UserInstitutions

RANMember(s)

RAN(s)Network

SIEMLogCollectors

SIEMConsole

SIEMOperationalSIEM

SIEMAdmin

ITSecuritySkills&Training

MonitoredLogs

Alarms

ITSecurityEventResponse

canarie.ca | @canarie_inc 13

SIEM Deployment Project & Institutions

NREN Internet

RAN(s)Infrastructure

End-UserInstitutions

RANMember(s)

RAN(s)Network

SIEMLogCollectors

SIEMConsole

SIEMOperationalSIEM

SIEMAdmin

ITSecuritySkills&Training

MonitoredLogs

Alarms

ITSecurityEventResponse

MonitoredLogs

canarie.ca | @canarie_inc 14

Future Considerations

Imagesource:https://gbhackers.com

canarie.ca | @canarie_inc

Conference 2018

The Other Regional Network Approaches

3

§ How is Cybera approaching the SIEM Project?

§ How is ACORN-NS approaching the SIEM project?

§ How is BCNET approaching the SIEM project?

Conference 2018

Q & A

Conference 2018

Workshop On SIEMThursday 9:00 am