Transcript Symantec Managed Security Services Global Intelligence

Практические аспекты аутсорсинга ИБ
Алексей Чередниченко
Ведущий консультант, Symantec Services Group
28 апреля 2009
Agenda
1
•Symantec и аутсорсинг
2
•Практические подходы в аутсорсинге
3
Примеры успешной реализации на практике
Symantec Managed Security Services
Symantec Global Intelligence Services
2
Symantec™ Managed
Security Services
Symantec Managed Security Services
Минимизация рисков и затрат клиента, используя
удалённые: мониторинг, анализ и управление...
Vulnerability
Mgmt.
Future Technologies
Progressive
Threat Model
Expert Query
Engine
IDS
Data
mine
Relational
Database
Security
Analyst
Firewalls
Security
Monitoring
Services
Management Vulnerability
Add-On
Assessment
Services
Services
Symantec Managed Security Services
Global
Intelligence
Services
Managed
Threat
Analysis
Log
Management
Service
Symantec Global Intelligence Services
4
Symantec Managed Security Services
• Symantec™ DeepSight
Early Warning Services
– integrated with Symantec
Managed Security Services
subscription
Symantec Managed Security Services
Symantec Global Intelligence Services
5
Стандартная схема
Ports Open
Firewall
Management
Messages
Vulnerability
Findings (maybe)
Webtrends style
reports
Significant
Messages Only
Operating System
Security Incident
Vendor Assigned
Severity
Host Alerts
Tribal Knowledge
for Incident
Handling
Symantec Managed Security Services
IDS Alerts
Alert Name
Symantec Global Intelligence Services
6
Схема работы Symantec MSS
Signs of
Secondary
Activity
Previous
Incidents
Type of
Normal
Activity
Handling
Guidelines
History of IP
(Company)
Days of
Activity
Coordinated
activity
Targeted
Attack?
Watchlist of
Known
Attackers
Analyst Notes
Global
Intelligence
Ports Open
Confirmation
of
Compromise
Security Incident
Vulnerability
Findings
Operating
System
Does Attack
target
Vulnerability?
Host Alerts
Bytes
transferred
Sequencing of
Source &
Destination
Ports
Username
History of
Alert Type
Block vs
Accept vs
Detect
Previous
assessments
Description of
netblocks
History of
Attackers
Process
Name
Criteria for
Critical vs
Emergency
Firewall Logs
& Alerts
IDS/IPS Alerts
Session Data
Symantec Managed Security Services
# of
Connections
Accept/Deny
Symantec Global Intelligence Services
7
Symantec™ Global Intelligence Network
4 Symantec SOCs
74 Symantec Monitored
Countries
40,000+ Registered Sensors
in 180+ Countries
8 Symantec Security
Response Centers
> 6,200 Managed Security Devices + 120 Million Systems Worldwide + 30% of World’s email Traffic + Advanced Honeypot Network
Dublin, Ireland
Tokyo, Japan
Calgary, Canada
San Francisco, CA
Redwood City, CA
Twyford, England
Santa Monica, CA
Munich, Germany
Alexandria, VA
Pune, India
Taipei, Taiwan
Sydney, Australia
Symantec Managed Security Services
Symantec Global Intelligence Services
8
Secure Internet Interface
Single, Secure Access to Security Information
Symantec Managed Security Services
Symantec Global Intelligence Services
9
Спасибо!
Алексей Чередниченко
[email protected]
+7 (985) 765-3292
Copyright © 2007 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and
other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to
the maximum extent allowed by law. The information in this document is subject to change without notice.