nren siem deployment project - bcnet · 2018. 5. 2. · cybera jill kowalchuk, nren coordination...
TRANSCRIPT
![Page 1: NREN SIEM Deployment Project - BCNET · 2018. 5. 2. · Cybera Jill Kowalchuk, NREN Coordination Manager CANARIE Inc. Todd Williams, Executive Director ACORN Ivor MacKay, Manager,](https://reader034.vdocuments.site/reader034/viewer/2022052022/60377ab2ea444440235df212/html5/thumbnails/1.jpg)
Conference 2018Conference 2018
NREN SIEM Deployment Project
Speakers: Alex Dow, Barb Carra, Jill Kowalchuk, Todd Williams and Ivor MacKay
![Page 2: NREN SIEM Deployment Project - BCNET · 2018. 5. 2. · Cybera Jill Kowalchuk, NREN Coordination Manager CANARIE Inc. Todd Williams, Executive Director ACORN Ivor MacKay, Manager,](https://reader034.vdocuments.site/reader034/viewer/2022052022/60377ab2ea444440235df212/html5/thumbnails/2.jpg)
Conference 2018
Speakers
Alex Dow, ConsultantMirai Security
Barb Carra, Chief Operating OfficerCybera
Jill Kowalchuk, NREN Coordination ManagerCANARIE Inc.
Todd Williams, Executive Director ACORN
Ivor MacKay, Manager, Information TechnologyBCNET
2
![Page 3: NREN SIEM Deployment Project - BCNET · 2018. 5. 2. · Cybera Jill Kowalchuk, NREN Coordination Manager CANARIE Inc. Todd Williams, Executive Director ACORN Ivor MacKay, Manager,](https://reader034.vdocuments.site/reader034/viewer/2022052022/60377ab2ea444440235df212/html5/thumbnails/3.jpg)
Conference 2018
Agenda
6
1. Background and terminology a. What is SIEM (Security Information and Event
Management). Why is it important to cybersecurity? b. What is the NREN?
2. NREN SIEM Deployment Projecta. Background on how the project came about;
i. why the NREN is interested in security; ii. why the SIEM project was chosen.
b. Description of the first phase of the project;c. Description of second phase;d. Future considerations;
![Page 4: NREN SIEM Deployment Project - BCNET · 2018. 5. 2. · Cybera Jill Kowalchuk, NREN Coordination Manager CANARIE Inc. Todd Williams, Executive Director ACORN Ivor MacKay, Manager,](https://reader034.vdocuments.site/reader034/viewer/2022052022/60377ab2ea444440235df212/html5/thumbnails/4.jpg)
Conference 2018
Agenda cont’d
3
3. How is Cybera approaching the SIEM Project?
4. How is ACORN-NS approaching the SIEM project?
5. How is BCNET approaching the SIEM project?
6. Q&A
7. Workshop On SIEMThursday 9:00 am
![Page 5: NREN SIEM Deployment Project - BCNET · 2018. 5. 2. · Cybera Jill Kowalchuk, NREN Coordination Manager CANARIE Inc. Todd Williams, Executive Director ACORN Ivor MacKay, Manager,](https://reader034.vdocuments.site/reader034/viewer/2022052022/60377ab2ea444440235df212/html5/thumbnails/5.jpg)
Conference 2018
Background and TerminologyWhat is SIEM (Security Information and Event Management) why is it important to cybersecurity?
5
DataSources Analytics Consumption
Indexing
Collection
Security Analyst
Normalization&Enrichment
TransportODBC
File
WMI/SMB
Syslog
API Caching,encryption,compression,bandwidthmanagement
Asset/NetworkModels,DNS,GeoIP,VulnDatabase,etc
![Page 6: NREN SIEM Deployment Project - BCNET · 2018. 5. 2. · Cybera Jill Kowalchuk, NREN Coordination Manager CANARIE Inc. Todd Williams, Executive Director ACORN Ivor MacKay, Manager,](https://reader034.vdocuments.site/reader034/viewer/2022052022/60377ab2ea444440235df212/html5/thumbnails/6.jpg)
canarie.ca | @canarie_inc
NREN SIEM Deployment ProjectJillKowalchuk,NRENCoordinationManager| BCNETConference| April24,2018
![Page 7: NREN SIEM Deployment Project - BCNET · 2018. 5. 2. · Cybera Jill Kowalchuk, NREN Coordination Manager CANARIE Inc. Todd Williams, Executive Director ACORN Ivor MacKay, Manager,](https://reader034.vdocuments.site/reader034/viewer/2022052022/60377ab2ea444440235df212/html5/thumbnails/7.jpg)
canarie.ca | @canarie_inc 7
TheNRENconnectsCanada’sresearch,education,andinnovation
communitiesviaultrahigh-speed(upto100G)networks.
![Page 8: NREN SIEM Deployment Project - BCNET · 2018. 5. 2. · Cybera Jill Kowalchuk, NREN Coordination Manager CANARIE Inc. Todd Williams, Executive Director ACORN Ivor MacKay, Manager,](https://reader034.vdocuments.site/reader034/viewer/2022052022/60377ab2ea444440235df212/html5/thumbnails/8.jpg)
canarie.ca | @canarie_inc 8
The NREN makes access to global research instruments and vast data stores seamless so that distance is irrelevant.
• 30MeterTelescope• LargeHadronCollider• CanadianLightSource
• GenomicsDatabases• Neptune2.0• Worldwidesensor
networks
![Page 9: NREN SIEM Deployment Project - BCNET · 2018. 5. 2. · Cybera Jill Kowalchuk, NREN Coordination Manager CANARIE Inc. Todd Williams, Executive Director ACORN Ivor MacKay, Manager,](https://reader034.vdocuments.site/reader034/viewer/2022052022/60377ab2ea444440235df212/html5/thumbnails/9.jpg)
canarie.ca | @canarie_inc 9
How does the NREN operate?Governedandmanagedby:NRENGovernanceCommittee
(presidentsoftheprovincialandterritorialnetworksandofthefederalpartner,CANARIE)
Initiativesguidedby:NRENStrategicPlan(priorityprojectsthatevolvetheNRENandmaximizeitsvalueforstakeholders)
![Page 10: NREN SIEM Deployment Project - BCNET · 2018. 5. 2. · Cybera Jill Kowalchuk, NREN Coordination Manager CANARIE Inc. Todd Williams, Executive Director ACORN Ivor MacKay, Manager,](https://reader034.vdocuments.site/reader034/viewer/2022052022/60377ab2ea444440235df212/html5/thumbnails/10.jpg)
canarie.ca | @canarie_inc 10
NREN Security
![Page 11: NREN SIEM Deployment Project - BCNET · 2018. 5. 2. · Cybera Jill Kowalchuk, NREN Coordination Manager CANARIE Inc. Todd Williams, Executive Director ACORN Ivor MacKay, Manager,](https://reader034.vdocuments.site/reader034/viewer/2022052022/60377ab2ea444440235df212/html5/thumbnails/11.jpg)
canarie.ca | @canarie_inc 11
Security Information and Event Management (SIEM) Deployment Project
People Process
Technology
![Page 12: NREN SIEM Deployment Project - BCNET · 2018. 5. 2. · Cybera Jill Kowalchuk, NREN Coordination Manager CANARIE Inc. Todd Williams, Executive Director ACORN Ivor MacKay, Manager,](https://reader034.vdocuments.site/reader034/viewer/2022052022/60377ab2ea444440235df212/html5/thumbnails/12.jpg)
canarie.ca | @canarie_inc 12
SIEM Deployment Project
NREN Internet
RAN(s)Infrastructure
End-UserInstitutions
RANMember(s)
RAN(s)Network
SIEMLogCollectors
SIEMConsole
SIEMOperationalSIEM
SIEMAdmin
ITSecuritySkills&Training
MonitoredLogs
Alarms
ITSecurityEventResponse
![Page 13: NREN SIEM Deployment Project - BCNET · 2018. 5. 2. · Cybera Jill Kowalchuk, NREN Coordination Manager CANARIE Inc. Todd Williams, Executive Director ACORN Ivor MacKay, Manager,](https://reader034.vdocuments.site/reader034/viewer/2022052022/60377ab2ea444440235df212/html5/thumbnails/13.jpg)
canarie.ca | @canarie_inc 13
SIEM Deployment Project & Institutions
NREN Internet
RAN(s)Infrastructure
End-UserInstitutions
RANMember(s)
RAN(s)Network
SIEMLogCollectors
SIEMConsole
SIEMOperationalSIEM
SIEMAdmin
ITSecuritySkills&Training
MonitoredLogs
Alarms
ITSecurityEventResponse
MonitoredLogs
![Page 14: NREN SIEM Deployment Project - BCNET · 2018. 5. 2. · Cybera Jill Kowalchuk, NREN Coordination Manager CANARIE Inc. Todd Williams, Executive Director ACORN Ivor MacKay, Manager,](https://reader034.vdocuments.site/reader034/viewer/2022052022/60377ab2ea444440235df212/html5/thumbnails/14.jpg)
canarie.ca | @canarie_inc 14
Future Considerations
Imagesource:https://gbhackers.com
![Page 15: NREN SIEM Deployment Project - BCNET · 2018. 5. 2. · Cybera Jill Kowalchuk, NREN Coordination Manager CANARIE Inc. Todd Williams, Executive Director ACORN Ivor MacKay, Manager,](https://reader034.vdocuments.site/reader034/viewer/2022052022/60377ab2ea444440235df212/html5/thumbnails/15.jpg)
canarie.ca | @canarie_inc
![Page 16: NREN SIEM Deployment Project - BCNET · 2018. 5. 2. · Cybera Jill Kowalchuk, NREN Coordination Manager CANARIE Inc. Todd Williams, Executive Director ACORN Ivor MacKay, Manager,](https://reader034.vdocuments.site/reader034/viewer/2022052022/60377ab2ea444440235df212/html5/thumbnails/16.jpg)
Conference 2018
The Other Regional Network Approaches
3
§ How is Cybera approaching the SIEM Project?
§ How is ACORN-NS approaching the SIEM project?
§ How is BCNET approaching the SIEM project?
![Page 17: NREN SIEM Deployment Project - BCNET · 2018. 5. 2. · Cybera Jill Kowalchuk, NREN Coordination Manager CANARIE Inc. Todd Williams, Executive Director ACORN Ivor MacKay, Manager,](https://reader034.vdocuments.site/reader034/viewer/2022052022/60377ab2ea444440235df212/html5/thumbnails/17.jpg)
Conference 2018
Q & A
![Page 18: NREN SIEM Deployment Project - BCNET · 2018. 5. 2. · Cybera Jill Kowalchuk, NREN Coordination Manager CANARIE Inc. Todd Williams, Executive Director ACORN Ivor MacKay, Manager,](https://reader034.vdocuments.site/reader034/viewer/2022052022/60377ab2ea444440235df212/html5/thumbnails/18.jpg)
Conference 2018
Workshop On SIEMThursday 9:00 am