CEP and SOA: An Open Event-Driven Architecture for Risk Management, March 14, 2007, IIT Financial Services 2007, Lisbon, Portugal, Tim Bass, CISSP, Principal Global Architect, Director Emerging Technologies Group
Scanning the Internet for External Cloud Exposures via SSL Certs
CEP and SOA: An Open Event-Driven Architecture for Risk Management
1. CEP and SOA: An Open Event-Driven Architecture for Risk Management March 14, 2007 IT Financial Services 2007 Lisbon, Portugal Tim Bass, CISSP Principal Global Architect, Director Emerging Technologies Group
2.
3.
4.
5. Background – the Current state of IDS Intrusion Detection Systems Simply Don’t Work! “ Today over 70% of attacks against a company’s website or web application come at the ‘Application Layer’ not the Network or System layer.” - Gartner Group Most of Firewalls, IDS (Intrusion Detection System), IPS (Intrusion Prevention System) are act at the Network/System Layer, not at the “ Application Layer ”.
6.
7.
8. Event-Driven Operational Risk Management An Active Predictive Business™ System of Risk and Asset Management Control evaluation (SOX) Operational Risk (Basel II) Security Outsourcing Privacy Business Continuity Planning Event-Driven Operational Risk Assessment & Management
9. How TIBCO Delivers for Customers Accelerate projects, initiatives, and go-to-market cycles Increase operational efficiency and effectiveness. Improve operational visibility, security, collaboration and responsiveness
10. Complex Event Processing " Events in several forms, from simple events to complex events, will become very widely used in business applications during 2004 through 2008 " --- Gartner July 2003
13. Event-Driven SOA, CEP and BPM Enterprise Integration, Correlation and Management of Security Events Two Minute Explainer
14. TIBCO’s Real-Time Agent-Based SEM Approach A Multisensor Data Fusion Approach to Security Event Management Intrusion and Fraud Detection Systems Detection Approach Systems Protected Architecture Data Sources Analysis Timing Detection Actions IDS FDS Hybrid Audit Logs Net Traffic System Stats Real Time Data Mining Anomaly Detection Signature Detection Centralized Distributed Active Passive Agent Based Next-Generation Fusion of Security “Stovepipes”
15. CEP Reference Architecture Next-Generation Functional Architecture for SOA / BPM / EDA 24 EVENT PRE-PROCESSING EVENT SOURCES EXTERNAL . . . LEVEL ONE EVENT TRACKING Visualization, BAM, User Interaction CEP Reference Architecture DB MANAGEMENT Historical Data Profiles & Patterns DISTRIBUTED LOCAL EVENT SERVICES . . EVENT PROFILES . . DATA BASES . . OTHER DATA LEVEL TWO SITUATION DETECTION LEVEL THREE PREDICTIVE ANALYSIS LEVEL FOUR ADAPTIVE BPM
18. Security Event Management High Level Event-Driven Architecture (EDA) for SEM JAVA MESSAGING SERVICE (JMS) DISTRIBUTED EVENTS (TIBCO EMS) HIGH PERFORMANCE RULES-ENGINE (TIBCO BE) HIGH PERFORMANCE RULES-ENGINE (TIBCO BE) HIGH PERFORMANCE RULES-ENGINE (TIBCO BE) HIGH PERFORMANCE RULES-ENGINE (TIBCO BE ) SENSOR NETWORK RULES NETWORK FDS BW JMS LOGFILE JMS BW LOGFILE JMS BW LOGFILE JMS BW IDS JMS BW FDS JMS BW SQL DB BW JMS ADB SQL DB BW JMS ADB MESSAGING NETWORK SYSTEM SYSTEM SYSTEM SYSTEM SYSTEM SYSTEM SYSTEM SYSTEM
27. Type of RFID Tags - Wal-Mart HKIA Octopus User Small Small Moderate Size ~1.5m ~ 5 m < 0.7m Read Range Fast Fast Moderate Read Speed 13.56MHz HF 860 – 960MHz UHF 2.45GHz Frequency UHF(2) Type
32. BHS Capacity Check-in Transfer primary sorters Early bag store Early bag Baggage Handling System secondary sorters Bag to Lateral 60% Early Bag 15% No-Read Bag 25% Laterals No-read
33.
34. Automatic Baggage Reconciliation System (ABRS) Transfer (at Belt A) Primary Sorter No Read MCS Secondary Sorter Lateral Barcode Reader RF Reader Stick RFID Gen 2 Label Check-in Barcode Reader RF Reader CTF MCS Track baggage loading into ULD Read License Plate Number (LPN) Encode in Gen2 Label RF Printer to print LPN in baggage tag with Gen2 inlay X-ray Read Barcode or RF tag For sorting bag
35. Lateral Operation RFID readers Containers RFID Readers at Lateral RFID Reader at Lateral