Integrated Network Security and Reliability Center INSRC and Cyber Enterprise Management - PowerPoint PPT Presentation

1 / 11
About This Presentation
Title:

Integrated Network Security and Reliability Center INSRC and Cyber Enterprise Management

Description:

Integrated Network Security and Reliability Center (INSRC) and. Cyber Enterprise Management ... Cyber Security and relate salient details. Cyber Security ... – PowerPoint PPT presentation

Number of Views:64
Avg rating:3.0/5.0
Slides: 12
Provided by: ama69
Category:

less

Transcript and Presenter's Notes

Title: Integrated Network Security and Reliability Center INSRC and Cyber Enterprise Management


1
Integrated Network Security and Reliability
Center (INSRC)andCyber Enterprise Management
  • Todd Bruner
  • 4318 CEM Development Project Lead
  • Cyber Infrastructure Development and Deployment
  • March 21, 2007

Sandia is a multiprogram laboratory operated by
Sandia Corporation, a Lockheed Martin
Company,for the United States Department of
Energy under contract DE-AC04-94AL85000.
2
In the Beginning
  • Silos of monitoring
  • Independent Trouble resolution
  • Then Black Thursday
  • Lessons were Learned!

Photo Credit Ian Blair via Flickr
3
Integrated Network Security and Reliability
Center (INSRC)
  • Completed 2003
  • Nerve Center
  • Purpose Built
  • 112 Personnel
  • Central Location

4
The facility provides the place for integration.
5
Cyber Enterprise Management
  • Infrastructure to detect and respond to security
    and service affecting events.
  • Designed and implemented with mixture of COTS and
    custom software.
  • Data analyzed and actionable information
    generated.

6
CEM System Architecture
7
CEMs Security Focus
  • Analyze IDS logs and generate daily IARC report
    for NNSA/DOE.
  • Monitor and Detect Security Events reported from
    servers, applications, and network equipment.
  • CID
  • Wireless IDS
  • Reliability and Availability of Security
    Infrastructure

8
Scenario
  • Analysts detect suspicious traffic in IDS logs.
  • Servers start reporting multiple failed logins
    from various locations.
  • Network traffic spiking on normally unsaturated
    links.

9
Scenario continued
  • Analysts place call to Cyber Security and relate
    salient details.
  • Cyber Security initiates Rapid Response Team.
  • RRT assembles in Situation Room and coordinates
    response to threat.

10
Fun Stats
  • Approx 1500 monitored entities (SRN)
  • 460 Network devices
  • 440 Unix and NT servers
  • 15 Applications
  • 4 tests per monitored entity
  • Average of 100 actionable events per 9.5 hour SOC
    shift across 3 networks
  • Response Time Average 2.9 minutes (90 of
    events handled under 1 minute)
  • CEM System processes averages approximately 30k
    events per day.
  • Correlation, de-duplication, and filtering
    reduces the event stream by 90.

11
Questions?
  • Todd Bruner
  • tbruner_at_sandia.gov
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Integrated Network Security and Reliability Center INSRC and Cyber Enterprise Management" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!