SlideShare ist ein Scribd-Unternehmen logo

Securing the ‘Wild Wild West’: USM for Universities

AlienVault
AlienVault

Securing the IT environment in today’s college or university is no task for the faint of heart. Find out how AlienVault helped Marquette University

TechnologieNews & Politik
1 von 15
Securing the “Wild Wild West”: Unified Security Management for Colleges and Universities Justin P. Webb Information Security Officer GCIH, GPEN, GWEB, GCFA Marquette University Sandy Hawke, CISSP VP of Product Marketing AlienVault@alienvault #AlienIntel
Agenda Introductions Common IT Security Challenges for Higher Education Overview of Marquette University’s approach Security strategy –> Unified Security Management Key Use Cases for USM Benefits & Results Architecture / Deployment Discussion Summary 2
Introductions 3 Sandy Hawke, CISSP VP, Product Marketing AlienVault @sandybeachSF Justin’s Photo Justin Webb Information Security Officer Marquette University
Common IT Security Challenges for Universities Decentralized networks without centralized control or visibility Lean IT teams whose members wear lots of hats, security is just one piece of the puzzle Herds of digital natives as end-users (“the click generation”) Compliance pressures (PCI, HIPAA, FERPA, etc.) 4
POLLING QUESTION #1 What’s your biggest IT Security challenge? 5
Marquette University Founded in 1881 Wisconsin’s largest private university 11,800 students, 11 schools & colleges Hundreds of servers, thousands of student & lab computers = terabytes of log data across 10G network IT organization operates as the campus ISP IT staff = 60 IT security staff = ~3 (1 FTE, 2 PTE) At-a-glance 6
IT Security Challenges at Marquette Lack of security visibility Hard to detect and remediate threats Hard to analyze data from disparate sources, log rotation causes gaps in coverage Manual and time-intensive review of terabytes of log data Not scalable, not responsive enough 7
Marquette’s IT Security Monitoring Program Security Monitoring Solution Looked to open source/OSSIM at first Key Use Cases Log Management: Cisco ACS, Cisco PIX, Cisco ASA, Tripwire Detecting DMCA Policy Violations: NAT’ed IP address translation issues Incident Response: Customized built-in snort rules; Tripwire plug-in Compliance Reporting: PCI, HIPAA, FERPA 8
Unified Security Management: Benefits & Results Benefits: Centralized visibility Easily customizable Easier incident response / investigations Results: Rapid deployment - less than 2 weeks 80% YoY reduction in DMCA violations 15-25% cost reduction (through time-saving) 9
AV-USM: Dramatic Reduction in DMCA Violations 10 AV-USM implementation
Solution Architecture / Deployment 11 • Three-tier architecture (recently added the Logger) • 2-week deployment • Built-in security tools (OSSEC, OpenVAS, Nagios) • Consistent high quality tech support • Future plans • Suricata, more correlation
POLLING QUESTION #2 What’s your experience with open source security tools? 12
Key Take-aways Open source security tools may be right for teams who are trying to show need for more investment Consolidation and automation can help small security teams do more with less Configurability allows for novel uses without significant development time Scalability allows any educational institution to tailor system to the size of enterprise 13
Resources OSSIM Download and Community http://communities.alienvault.com/ AlienVault Repository of Knowledge (ARK) https://alienvault.bloomfire.com/ Marquette University case study http://alienvault.com/c-suite/case-studies/index.html “Five security tips IT personnel wish students knew”: http://www.msnbc.msn.com/id/48782952/ns/technology_and_sci ence-back_to_school/t/security-tips-it-personnel-wish-students- knew/ 14
Next Steps / Q&A Request an AlienVault USM demo at: www.alienvault.com/schedule-demo.html Request a free trial of AlienVault USM: http://www.alienvault.com/free-trial Not quite ready for all that? Test drive our open source project - OSSIM here: communities.alienvault.com/ Need more info to get started? Try our knowledge base here: alienvault.bloomfire.com These resources are also in the Attachments section Join the conversation! @alienvault #AlienIntel 15

Empfohlen

Integrated Network Security Strategies
Integrated Network Security StrategiesIntegrated Network Security Strategies
Integrated Network Security Strategies
Cisco Security
 
Midsize Business Solutions: Cybersecurity
Midsize Business Solutions: CybersecurityMidsize Business Solutions: Cybersecurity
Midsize Business Solutions: Cybersecurity
Cisco Security
 
Enterprise Strategy Group: Security Survey
Enterprise Strategy Group: Security SurveyEnterprise Strategy Group: Security Survey
Enterprise Strategy Group: Security Survey
Cisco Security
 
Pervasive Security Across Your Extended Network
Pervasive Security Across Your Extended NetworkPervasive Security Across Your Extended Network
Pervasive Security Across Your Extended Network
Cisco Security
 
Google peter logli & jake shea
Google peter logli & jake sheaGoogle peter logli & jake shea
Google peter logli & jake shea
ColloqueRISQ
 
Nist
NistNist
Nist
penetration Tester
 
MEDS
MEDSMEDS
MEDS
mielmarketing
 
The NIST Cybersecurity Framework
The NIST Cybersecurity FrameworkThe NIST Cybersecurity Framework
The NIST Cybersecurity Framework
EMMAIntl
 

Empfohlen

Integrated Network Security Strategies
Integrated Network Security StrategiesIntegrated Network Security Strategies
Integrated Network Security Strategies
Cisco Security
 
Midsize Business Solutions: Cybersecurity
Midsize Business Solutions: CybersecurityMidsize Business Solutions: Cybersecurity
Midsize Business Solutions: Cybersecurity
Cisco Security
 
Enterprise Strategy Group: Security Survey
Enterprise Strategy Group: Security SurveyEnterprise Strategy Group: Security Survey
Enterprise Strategy Group: Security Survey
Cisco Security
 
Pervasive Security Across Your Extended Network
Pervasive Security Across Your Extended NetworkPervasive Security Across Your Extended Network
Pervasive Security Across Your Extended Network
Cisco Security
 
Google peter logli & jake shea
Google peter logli & jake sheaGoogle peter logli & jake shea
Google peter logli & jake shea
ColloqueRISQ
 
Nist
NistNist
Nist
penetration Tester
 
MEDS
MEDSMEDS
MEDS
mielmarketing
 
The NIST Cybersecurity Framework
The NIST Cybersecurity FrameworkThe NIST Cybersecurity Framework
The NIST Cybersecurity Framework
EMMAIntl
 
Proposal for IT Security Team
Proposal for IT Security TeamProposal for IT Security Team
Proposal for IT Security Team
Rishabh Gupta
 
Intel Security Endpoint Protection
Intel Security Endpoint ProtectionIntel Security Endpoint Protection
Intel Security Endpoint Protection
Trustmarque
 
Webinar Ivanti Neurons For Patch Intelligence
Webinar Ivanti Neurons For Patch IntelligenceWebinar Ivanti Neurons For Patch Intelligence
Webinar Ivanti Neurons For Patch Intelligence
Ivanti
 
Limitless xdr meetup
Limitless xdr meetupLimitless xdr meetup
Limitless xdr meetup
Daliya Spasova
 
Conferencia principal: Evolución y visión de Elastic Security
Conferencia principal: Evolución y visión de Elastic SecurityConferencia principal: Evolución y visión de Elastic Security
Conferencia principal: Evolución y visión de Elastic Security
Elasticsearch
 
NTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougal
NTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougalNTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougal
NTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougal
North Texas Chapter of the ISSA
 
Cloud Security using NIST guidelines
Cloud Security using NIST guidelinesCloud Security using NIST guidelines
Cloud Security using NIST guidelines
Srishti Ahuja
 
Embracing Cybersecurity on Cloud Computing
Embracing Cybersecurity on Cloud ComputingEmbracing Cybersecurity on Cloud Computing
Embracing Cybersecurity on Cloud Computing
PECB
 
General Data Protection Regulation and Compliance - GDPR: Sharique M Rizvi
General Data Protection Regulation and Compliance - GDPR: Sharique M RizviGeneral Data Protection Regulation and Compliance - GDPR: Sharique M Rizvi
General Data Protection Regulation and Compliance - GDPR: Sharique M Rizvi
Sharique Rizvi
 
Security Risks: The Threat is Real
Security Risks: The Threat is RealSecurity Risks: The Threat is Real
Security Risks: The Threat is Real
ePlus
 
Security policies
Security policiesSecurity policies
Security policies
Nishant Pahad
 
Cyber Security Challenges: how are we facing them?
Cyber Security Challenges: how are we facing them?Cyber Security Challenges: how are we facing them?
Cyber Security Challenges: how are we facing them?
Community Protection Forum
 
2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security Tutorial
Neil Matatall
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentation
Rasool Irfan
 
Sikkerhed & Compliance i en cloud-verden
Sikkerhed & Compliance i en cloud-verdenSikkerhed & Compliance i en cloud-verden
Sikkerhed & Compliance i en cloud-verden
Microsoft
 
Application Security
Application SecurityApplication Security
Application Security
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Cyber Security and the CEO
Cyber Security and the CEOCyber Security and the CEO
Cyber Security and the CEO
Micheal Axelsen
 
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB
 
Cybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionCybersecurity Framework - Introduction
Cybersecurity Framework - Introduction
Muhammad Akbar Yasin
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Elasticsearch
 
Customer Training: Detect and Respond to Threats More Quickly with USM v4.5
Customer Training: Detect and Respond to Threats More Quickly with USM v4.5Customer Training: Detect and Respond to Threats More Quickly with USM v4.5
Customer Training: Detect and Respond to Threats More Quickly with USM v4.5
AlienVault
 
How to Detect SQL Injections & XSS Attacks with AlienVault USM
How to Detect SQL Injections & XSS Attacks with AlienVault USM How to Detect SQL Injections & XSS Attacks with AlienVault USM
How to Detect SQL Injections & XSS Attacks with AlienVault USM
AlienVault
 

Weitere ähnliche Inhalte

Was ist angesagt?

Embracing Cybersecurity on Cloud Computing
Embracing Cybersecurity on Cloud ComputingEmbracing Cybersecurity on Cloud Computing
Embracing Cybersecurity on Cloud Computing
PECB
 

Was ist angesagt? (20)

Proposal for IT Security Team
Proposal for IT Security TeamProposal for IT Security Team
Proposal for IT Security Team
 
Intel Security Endpoint Protection
Intel Security Endpoint ProtectionIntel Security Endpoint Protection
Intel Security Endpoint Protection
 
Webinar Ivanti Neurons For Patch Intelligence
Webinar Ivanti Neurons For Patch IntelligenceWebinar Ivanti Neurons For Patch Intelligence
Webinar Ivanti Neurons For Patch Intelligence
 
Limitless xdr meetup
Limitless xdr meetupLimitless xdr meetup
Limitless xdr meetup
 
Conferencia principal: Evolución y visión de Elastic Security
Conferencia principal: Evolución y visión de Elastic SecurityConferencia principal: Evolución y visión de Elastic Security
Conferencia principal: Evolución y visión de Elastic Security
 
NTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougal
NTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougalNTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougal
NTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougal
 
Cloud Security using NIST guidelines
Cloud Security using NIST guidelinesCloud Security using NIST guidelines
Cloud Security using NIST guidelines
 
Embracing Cybersecurity on Cloud Computing
Embracing Cybersecurity on Cloud ComputingEmbracing Cybersecurity on Cloud Computing
Embracing Cybersecurity on Cloud Computing
 
General Data Protection Regulation and Compliance - GDPR: Sharique M Rizvi
General Data Protection Regulation and Compliance - GDPR: Sharique M RizviGeneral Data Protection Regulation and Compliance - GDPR: Sharique M Rizvi
General Data Protection Regulation and Compliance - GDPR: Sharique M Rizvi
 
Security Risks: The Threat is Real
Security Risks: The Threat is RealSecurity Risks: The Threat is Real
Security Risks: The Threat is Real
 
Security policies
Security policiesSecurity policies
Security policies
 
Cyber Security Challenges: how are we facing them?
Cyber Security Challenges: how are we facing them?Cyber Security Challenges: how are we facing them?
Cyber Security Challenges: how are we facing them?
 
2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security Tutorial
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentation
 
Sikkerhed & Compliance i en cloud-verden
Sikkerhed & Compliance i en cloud-verdenSikkerhed & Compliance i en cloud-verden
Sikkerhed & Compliance i en cloud-verden
 
Application Security
Application SecurityApplication Security
Application Security
 
Cyber Security and the CEO
Cyber Security and the CEOCyber Security and the CEO
Cyber Security and the CEO
 
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
 
Cybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionCybersecurity Framework - Introduction
Cybersecurity Framework - Introduction
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
 

Andere mochten auch

Customer Training: Detect and Respond to Threats More Quickly with USM v4.5
Customer Training: Detect and Respond to Threats More Quickly with USM v4.5Customer Training: Detect and Respond to Threats More Quickly with USM v4.5
Customer Training: Detect and Respond to Threats More Quickly with USM v4.5
AlienVault
 
How to Detect SQL Injections & XSS Attacks with AlienVault USM
How to Detect SQL Injections & XSS Attacks with AlienVault USM How to Detect SQL Injections & XSS Attacks with AlienVault USM
How to Detect SQL Injections & XSS Attacks with AlienVault USM
AlienVault
 
How to Simplify PCI DSS Compliance with AlienVault USM
How to Simplify PCI DSS Compliance with AlienVault USMHow to Simplify PCI DSS Compliance with AlienVault USM
How to Simplify PCI DSS Compliance with AlienVault USM
AlienVault
 
How to Detect a Cryptolocker Infection with AlienVault USM
How to Detect a Cryptolocker Infection with AlienVault USMHow to Detect a Cryptolocker Infection with AlienVault USM
How to Detect a Cryptolocker Infection with AlienVault USM
AlienVault
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
AlienVault
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMHow to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USM
AlienVault
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
AlienVault
 

Andere mochten auch (15)

Customer Training: Detect and Respond to Threats More Quickly with USM v4.5
Customer Training: Detect and Respond to Threats More Quickly with USM v4.5Customer Training: Detect and Respond to Threats More Quickly with USM v4.5
Customer Training: Detect and Respond to Threats More Quickly with USM v4.5
 
How to Detect SQL Injections & XSS Attacks with AlienVault USM
How to Detect SQL Injections & XSS Attacks with AlienVault USM How to Detect SQL Injections & XSS Attacks with AlienVault USM
How to Detect SQL Injections & XSS Attacks with AlienVault USM
 
How to Simplify PCI DSS Compliance with AlienVault USM
How to Simplify PCI DSS Compliance with AlienVault USMHow to Simplify PCI DSS Compliance with AlienVault USM
How to Simplify PCI DSS Compliance with AlienVault USM
 
OSSIM and OMAR in the DoD/IC
OSSIM and OMAR in the DoD/ICOSSIM and OMAR in the DoD/IC
OSSIM and OMAR in the DoD/IC
 
Practioners Guide to SOC
Practioners Guide to SOCPractioners Guide to SOC
Practioners Guide to SOC
 
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USMInsider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usm
 
Watering Hole Attacks: Detect End-User Compromise Before the Damage is Done
Watering Hole Attacks: Detect End-User Compromise Before the Damage is DoneWatering Hole Attacks: Detect End-User Compromise Before the Damage is Done
Watering Hole Attacks: Detect End-User Compromise Before the Damage is Done
 
AlienVault Threat Alerts in Spiceworks
AlienVault Threat Alerts in SpiceworksAlienVault Threat Alerts in Spiceworks
AlienVault Threat Alerts in Spiceworks
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
 
How to Detect a Cryptolocker Infection with AlienVault USM
How to Detect a Cryptolocker Infection with AlienVault USMHow to Detect a Cryptolocker Infection with AlienVault USM
How to Detect a Cryptolocker Infection with AlienVault USM
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMHow to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USM
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM Installation
 

Ähnlich wie Securing the ‘Wild Wild West’: USM for Universities

Emea Corporate Presentation 0709 Lin
Emea Corporate Presentation 0709 LinEmea Corporate Presentation 0709 Lin
Emea Corporate Presentation 0709 Lin
Joe Sarno
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomware
Cloudera, Inc.
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
Savvius, Inc
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of Things
Frederic Roy-Gobeil, CPA, CGA, M.Tax.
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
VictoriaChavesta
 
Tonight, March 5th – Class 7 (last class) your test” on ICS.docx
Tonight, March 5th – Class 7 (last class) your test” on ICS.docxTonight, March 5th – Class 7 (last class) your test” on ICS.docx
Tonight, March 5th – Class 7 (last class) your test” on ICS.docx
turveycharlyn
 
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxCISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
mccormicknadine86
 
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxCISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
sleeperharwell
 
The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management Act
Michelle Singh
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs Provided
Tiffany Graham
 

Ähnlich wie Securing the ‘Wild Wild West’: USM for Universities (20)

Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligence
 
Federal IT Initiatives - BDPA Conference Executive Panel
Federal IT Initiatives - BDPA Conference Executive PanelFederal IT Initiatives - BDPA Conference Executive Panel
Federal IT Initiatives - BDPA Conference Executive Panel
 
Emea Corporate Presentation 0709 Lin
Emea Corporate Presentation 0709 LinEmea Corporate Presentation 0709 Lin
Emea Corporate Presentation 0709 Lin
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomware
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
 
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection SystemIRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of Things
 
Cybersecurity Presentation at WVONGA spring meeting 2018
Cybersecurity Presentation at WVONGA spring meeting 2018Cybersecurity Presentation at WVONGA spring meeting 2018
Cybersecurity Presentation at WVONGA spring meeting 2018
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Tonight, March 5th – Class 7 (last class) your test” on ICS.docx
Tonight, March 5th – Class 7 (last class) your test” on ICS.docxTonight, March 5th – Class 7 (last class) your test” on ICS.docx
Tonight, March 5th – Class 7 (last class) your test” on ICS.docx
 
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxCISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
 
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxCISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
 
The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management Act
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs Provided
 
Customer case study © 2010 cisco systems, inc. all rig
Customer case study © 2010 cisco systems, inc. all rigCustomer case study © 2010 cisco systems, inc. all rig
Customer case study © 2010 cisco systems, inc. all rig
 
Secure Your High Risk Data
Secure Your High Risk Data Secure Your High Risk Data
Secure Your High Risk Data
 
Cost effective cyber security
Cost effective cyber securityCost effective cyber security
Cost effective cyber security
 

Mehr von AlienVault

Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
AlienVault
 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usm
AlienVault
 
The State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICThe State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHIC
AlienVault
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides final
AlienVault
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
AlienVault
 
How Malware Works
How Malware WorksHow Malware Works
How Malware Works
AlienVault
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & Response
AlienVault
 
Improve Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMImprove Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USM
AlienVault
 
IDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSIDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDS
AlienVault
 
Alien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligenceAlien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligence
AlienVault
 

Mehr von AlienVault (20)

Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
 
Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVault
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USM
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection Recommendations
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworks
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's Guide
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usm
 
The State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICThe State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHIC
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides final
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
 
Improve Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesImprove Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation Directives
 
How Malware Works
How Malware WorksHow Malware Works
How Malware Works
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & Response
 
Improve Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMImprove Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USM
 
IDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSIDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDS
 
Alien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligenceAlien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligence
 

Kürzlich hochgeladen

A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
UXDXConf
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
Hiroshi SHIBATA
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
Syngulon
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
Srushith Repakula
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
CzechDreamin
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
UXDXConf
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
Stephen Perrenod
 

Kürzlich hochgeladen (20)

A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
Your enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4jYour enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4j
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 

Securing the ‘Wild Wild West’: USM for Universities

  • 1. Securing the “Wild Wild West”: Unified Security Management for Colleges and Universities Justin P. Webb Information Security Officer GCIH, GPEN, GWEB, GCFA Marquette University Sandy Hawke, CISSP VP of Product Marketing AlienVault@alienvault #AlienIntel
  • 2. Agenda Introductions Common IT Security Challenges for Higher Education Overview of Marquette University’s approach Security strategy –> Unified Security Management Key Use Cases for USM Benefits & Results Architecture / Deployment Discussion Summary 2
  • 3. Introductions 3 Sandy Hawke, CISSP VP, Product Marketing AlienVault @sandybeachSF Justin’s Photo Justin Webb Information Security Officer Marquette University
  • 4. Common IT Security Challenges for Universities Decentralized networks without centralized control or visibility Lean IT teams whose members wear lots of hats, security is just one piece of the puzzle Herds of digital natives as end-users (“the click generation”) Compliance pressures (PCI, HIPAA, FERPA, etc.) 4
  • 5. POLLING QUESTION #1 What’s your biggest IT Security challenge? 5
  • 6. Marquette University Founded in 1881 Wisconsin’s largest private university 11,800 students, 11 schools & colleges Hundreds of servers, thousands of student & lab computers = terabytes of log data across 10G network IT organization operates as the campus ISP IT staff = 60 IT security staff = ~3 (1 FTE, 2 PTE) At-a-glance 6
  • 7. IT Security Challenges at Marquette Lack of security visibility Hard to detect and remediate threats Hard to analyze data from disparate sources, log rotation causes gaps in coverage Manual and time-intensive review of terabytes of log data Not scalable, not responsive enough 7
  • 8. Marquette’s IT Security Monitoring Program Security Monitoring Solution Looked to open source/OSSIM at first Key Use Cases Log Management: Cisco ACS, Cisco PIX, Cisco ASA, Tripwire Detecting DMCA Policy Violations: NAT’ed IP address translation issues Incident Response: Customized built-in snort rules; Tripwire plug-in Compliance Reporting: PCI, HIPAA, FERPA 8
  • 9. Unified Security Management: Benefits & Results Benefits: Centralized visibility Easily customizable Easier incident response / investigations Results: Rapid deployment - less than 2 weeks 80% YoY reduction in DMCA violations 15-25% cost reduction (through time-saving) 9
  • 10. AV-USM: Dramatic Reduction in DMCA Violations 10 AV-USM implementation
  • 11. Solution Architecture / Deployment 11 • Three-tier architecture (recently added the Logger) • 2-week deployment • Built-in security tools (OSSEC, OpenVAS, Nagios) • Consistent high quality tech support • Future plans • Suricata, more correlation
  • 12. POLLING QUESTION #2 What’s your experience with open source security tools? 12
  • 13. Key Take-aways Open source security tools may be right for teams who are trying to show need for more investment Consolidation and automation can help small security teams do more with less Configurability allows for novel uses without significant development time Scalability allows any educational institution to tailor system to the size of enterprise 13
  • 14. Resources OSSIM Download and Community http://communities.alienvault.com/ AlienVault Repository of Knowledge (ARK) https://alienvault.bloomfire.com/ Marquette University case study http://alienvault.com/c-suite/case-studies/index.html “Five security tips IT personnel wish students knew”: http://www.msnbc.msn.com/id/48782952/ns/technology_and_sci ence-back_to_school/t/security-tips-it-personnel-wish-students- knew/ 14
  • 15. Next Steps / Q&A Request an AlienVault USM demo at: www.alienvault.com/schedule-demo.html Request a free trial of AlienVault USM: http://www.alienvault.com/free-trial Not quite ready for all that? Test drive our open source project - OSSIM here: communities.alienvault.com/ Need more info to get started? Try our knowledge base here: alienvault.bloomfire.com These resources are also in the Attachments section Join the conversation! @alienvault #AlienIntel 15

Hinweis der Redaktion

  1. POLLING QUESTION:What’s your biggest IT Security challenge?Concern about audits (either pre- or post-)Lack of security visibilityNot sure how to handle incidents (or suspected ones)Executive management doesn’t “get” securityDoing too many things at once
  2. Log Management – Cisco ACS, Cisco PIX, Cisco ASA, TripwireDetecting DMCA Policy Violations – needed easier way to translate NAT’ed address back to external IPIncident Response – data center protection – Snort, custom written (by Alienvault) Tripwire pluginCompliance Reporting (PCI, HIPAA, FERPA)
  3. Benefits:Centralized visibility – network events/threats, user activity, policy violations, etc.Easily customizable (adding data sources, configuring event correlation rules, etc.)Faster, less painful auditsEasier incident response / investigationsResults:Rapid deployment – X weeks80% YoY reduction in malware infections (drop chart in next slide?)15-25% cost reduction – based on the TechValidate survey
  4. Polling Question #2What’s your experience with open source security tools?I have little to no experience with open sourceI’ve played a little bit with open source, but nothing substantialI use open source security tools (e.g. snort) to show management where the holes areExecutive management won’t let us rely on open source due to lack of support