NREN SIEM Deployment Project Speakers: Alex Dow, Barb Carra, Jill - - PowerPoint PPT Presentation

Conference 2018

Conference 2018

NREN SIEM Deployment Project

Speakers: Alex Dow, Barb Carra, Jill Kowalchuk, Todd Williams and Ivor MacKay

Conference 2018

Speakers

Alex Dow, Consultant Mirai Security Barb Carra, Chief Operating Officer Cybera Jill Kowalchuk, NREN Coordination Manager CANARIE Inc. Todd Williams, Executive Director ACORN Ivor MacKay, Manager, Information Technology BCNET

2

Conference 2018

Agenda

6

• 1. Background and terminology
• a. What is SIEM (Security Information and Event

Management). Why is it important to cybersecurity?

• b. What is the NREN?
• 2. NREN SIEM Deployment Project
• a. Background on how the project came about;
• i. why the NREN is interested in security;
• ii. why the SIEM project was chosen.
• b. Description of the first phase of the project;
• c. Description of second phase;
• d. Future considerations;

Conference 2018

Agenda cont’d

3

• 3. How is Cybera approaching the SIEM Project?
• 4. How is ACORN-NS approaching the SIEM project?
• 5. How is BCNET approaching the SIEM project?
• 6. Q&A
• 7. Workshop On SIEM

Thursday 9:00 am

Conference 2018

Background and Terminology

What is SIEM (Security Information and Event Management) why is it important to cybersecurity?

5

Data Sources Analytics Consumption Indexing Collection

Security Analyst

Normalization & Enrichment Transport

ODBC File

WMI/SMB

Syslog API Caching, encryption, compression, bandwidth management Asset/Network Models, DNS, GeoIP, Vuln Database, etc

canarie.ca | @canarie_inc

NREN SIEM Deployment Project

Jill Kowalchuk, NREN Coordination Manager | BCNET Conference | April 24, 2018

canarie.ca | @canarie_inc

7

The NREN connects Canada’s research, education, and innovation communities via ultra high-speed (up to 100G) networks.

canarie.ca | @canarie_inc

8

The NREN makes access to global research instruments and vast data stores seamless so that distance is irrelevant.

• 30 Meter Telescope
• Large Hadron Collider
• Canadian Light Source
• Genomics Databases
• Neptune 2.0
• Worldwide sensor

networks

canarie.ca | @canarie_inc

9

How does the NREN operate?

Governed and managed by: NREN Governance Committee

(presidents of the provincial and territorial networks and of the federal partner, CANARIE)

Initiatives guided by: NREN Strategic Plan

(priority projects that evolve the NREN and maximize its value for stakeholders)

canarie.ca | @canarie_inc

10

NREN Security

canarie.ca | @canarie_inc

11

Security Information and Event Management (SIEM) Deployment Project

People Process Technology

canarie.ca | @canarie_inc

12

SIEM Deployment Project

NREN Internet

RAN(s) Infrastructure End-User Institutions RAN Member(s) RAN(s) Network

SIEM Log Collectors SIEM Console

SIEM

Operational SIEM

SIEM Admin

IT Security Skills & Training

Monitored

Logs

Alarms IT Security Event Response

canarie.ca | @canarie_inc

13

SIEM Deployment Project & Institutions

NREN Internet

RAN(s) Infrastructure End-User Institutions RAN Member(s) RAN(s) Network

SIEM Log Collectors SIEM Console

SIEM

Operational SIEM

SIEM Admin

IT Security Skills & Training

Monitored Logs Alarms IT Security Event Response Monitored Logs

canarie.ca | @canarie_inc

14

Future Considerations

Imag Image e source: e: https://gbhac acker ers.com

canarie.ca | @canarie_inc

Conference 2018

The Other Regional Network Approaches

3

§

How is Cybera approaching the SIEM Project? § How is ACORN-NS approaching the SIEM project? § How is BCNET approaching the SIEM project?

Conference 2018

Q & A

Conference 2018

Workshop On SIEM Thursday 9:00 am