Network Security Monitoring

Thai N. Duong – Dương Ngọc Tháithaidn@vnsecurity.net

http://vnhacker.blogspot.com

Agenda – Nội dung

NSM Theory – Giám sát an ninh mạng

NSM Practice

Q & A – Hỏi đáp

About me – Tự giới thiệu

What is going on?Chuyện gì đang diễn ra?

Firewall, Anti-Virus, IDS, IPS, ISO 27001, etc.

Why still be attacked after deploying all these expensive controls?

We need skilled security analysts!Chúng ta cần các chuyên gia lành nghề!

Smart + Unpredictable + Highly motivatedThông minh + Khó lường + Động lực cao

We need to collect data as much as possible!Chúng ta cần thu thập dữ liệu càng nhiều càng tốt!

(Products) Collection -> (People) Analysis -> (Processes) Escalation

Thu thập -> Phân tích -> Leo thang

Some experiences

Technology: syslog-ng + Splunk

Most important: analyzing huge data fast!

Alternatives: Hadoop + Scribe + Hive

ROI

Zero unsolved incident so far!

Help detect and prevent 50% of incidents

What's next?

Security metrics: turn security into something that can be measured

Summary

Collect data as much as possible

Products and Processes are not enough, we need Skilled Analysts to perform 24/7 monitoring

Thank You ;-)Question?