Click here to load reader
Upload
thaidn
View
30.108
Download
4
Embed Size (px)
DESCRIPTION
1. A brieft introduction to network security monitoring concept 2. Some experience in deploying NSM 3. A case study: how to use NSM to mitigate a DDoS attack in 20'
Citation preview
Network Security Monitoring
Thai N. Duong – Dương Ngọc Thá[email protected]
http://vnhacker.blogspot.com
Agenda – Nội dung
NSM Theory – Giám sát an ninh mạng
NSM Practice
Q & A – Hỏi đáp
About me – Tự giới thiệu
What is going on?Chuyện gì đang diễn ra?
Firewall, Anti-Virus, IDS, IPS, ISO 27001, etc.
Why still be attacked after deploying all these expensive controls?
We need skilled security analysts!Chúng ta cần các chuyên gia lành nghề!
Smart + Unpredictable + Highly motivatedThông minh + Khó lường + Động lực cao
We need to collect data as much as possible!Chúng ta cần thu thập dữ liệu càng nhiều càng tốt!
(Products) Collection -> (People) Analysis -> (Processes) Escalation
Thu thập -> Phân tích -> Leo thang
Some experiences
Technology: syslog-ng + Splunk
Most important: analyzing huge data fast!
Alternatives: Hadoop + Scribe + Hive
ROI
Zero unsolved incident so far!
Help detect and prevent 50% of incidents
What's next?
Security metrics: turn security into something that can be measured
Summary
Collect data as much as possible
Products and Processes are not enough, we need Skilled Analysts to perform 24/7 monitoring
Thank You ;-)Question?