Next-Generation IDS: A CEP Use Case in 10 Minutes
•
7 gefällt mir•1,701 views
Next-Generation IDS: A CEP Use Case in 10 Minutes, 3rd Draft – November 8, 2006, 2nd Event Processing Symposium, Redwood Shores, California, Tim Bass, CISSP, Principal Global Architect, Director, TIBCO Software Inc
![Our Agenda ,[object Object],[object Object],[object Object],[object Object]](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Ähnlich wie Next-Generation IDS: A CEP Use Case in 10 Minutes
Ähnlich wie Next-Generation IDS: A CEP Use Case in 10 Minutes (20)
Mehr von Tim Bass
Mehr von Tim Bass (13)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Next-Generation IDS: A CEP Use Case in 10 Minutes
- 1. Next-Generation IDS: A CEP Use Case in 10 Minutes 3rd Draft – November 8, 2006 2nd Event Processing Symposium Redwood Shores, California Tim Bass, CISSP Principal Global Architect, Director TIBCO Software Inc.
- 3. The Problem What business problem motivated the development of an event processing solution? Intrusion Detection Systems Agent Based Detection Approach Systems Protected Architecture Data Sources Analysis Timing Detection Actions HIDS NIDS Hybrid Audit Logs Net Traffic System Stats Real Time Data Mining Anomaly Detection Signature Detection Centralized Distributed Active Passive
- 5. The Approach Summarize the overall design of the solution. Source: Bass, T., CACM, 2000
- 6. The Approach Summarize the overall design of the solution . Intrusion Detection Systems Detection Approach Systems Protected Architecture Data Sources Analysis Timing Detection Actions HIDS NIDS Hybrid Audit Logs Net Traffic System Stats Real Time Data Mining Anomaly Detection Signature Detection Centralized Distributed Active Passive Agent Based Next-Generation Fusion of IDS Sensor Functions
- 7. The Approach Summarize the overall design of the solution . 24 EVENT PRE-PROCESSING EVENT SOURCES EXTERNAL . . . LEVEL ONE EVENT TRACKING Visualization, BAM, User Interaction Event-Decision Architecture DB MANAGEMENT Historical Data Profiles & Patterns DISTRIBUTED LOCAL EVENT SERVICES . . EVENT PROFILES . . DATA BASES . . OTHER DATA LEVEL TWO SITUATION DETECTION LEVEL THREE PREDICTIVE ANALYSIS LEVEL FOUR ADAPTIVE BPM
- 8. The Approach Summarize the overall design of the solution . Flexible SOA and Event-Driven Architecture
- 9. The Approach - Phase I Event Sources and Commercial Products JAVA MESSAGING SERVICE (JMS) DISTRIBUTED QUEUES (TIBCO EMS) HIGH PERFORMANCE RULES-ENGINE (TIBCO BE) HIGH PERFORMANCE RULES-ENGINE (TIBCO BE) HIGH PERFORMANCE RULES-ENGINE (TIBCO BE) HIGH PERFORMANCE RULES-ENGINE (TIBCO BE ) SENSOR NETWORK RULES NETWORK NIDS BW JMS LOGFILE JMS BW LOGFILE JMS BW LOGFILE JMS BW IDS JMS BW HIDS JMS BW SQL DB BW JMS ADB SQL DB BW JMS ADB MESSAGING NETWORK TIBCO PRODUCTS SOURCE SOURCE SOURCE SOURCE SOURCE SOURCE SOURCE SOURCE
- 12. Thank You! Tim Bass, CISSP Principal Global Architect, Director [email_address] Event Processing at TIBCO