RE: Security Trend Analysis

["Nathan Sherlock" <nathans () cyberklix com>]

It is fine for them to task you with this, but what tools have you been
provided with to properly accomplish this task?  Have the requirements
been defined and documented?

There are various metrics from various tools that feed security trend
analysis, as follows:
- Firewall metrics (e.g. from Checkpoint, Sidewinder),
- Vulnerability Mgmt metrics (e.g. Foundstone, Nessus, Qualys),
- Log/Alert Consolidation/Correlation metrics (e.g. from ArcSight, RSA
enVision),
- Wireless Activity metrics (AirTight, AirDefense),
- IPS metrics (Intrushield, Tipping Point),
- File Integrity metrics (e.g. from Tripwire),

You need to choose what metrics will feed your trend analysis then
choose the method and frequency of communicating that trend - could be
an HTML-based dashboard with links to Excel charts.

Just my 2 cents.

Regards,
Nathan Sherlock


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of phion wong
Sent: Thursday, April 17, 2008 3:24 AM
To: security-basics () securityfocus com
Subject: Security Trend Analysis

 Hi All,

I am tasked with coming up with a security trend analysis reports. The
objective of the report is to identify threats and have a "situational
awareness". I have access to logs from internet facing devices like
firewalls, web proxy, IDS and email servers. Our network traffic is
very heavy and the logs are simply overwhelming.

It is a very big challenge to correlate all the and come up with some
kind of trends related to security. I am trying to find resources
related to IT security threat analysis (framework, threat analysis
models etc) I have also studied some very good reports like Symantec
biannual ISTR. For starters, a baseline must be established followed
by studying temporal trends and associational trends studies.

> From Google, the only relevant material I have found is the document
"Models of information security trend analysis" from www.cert.org. Any
inputs, software, references or maybe just advices on how to start
this challenging task?

Thanks all in advance,

Notice of Confidentiality:
The information transmitted is intended only for the person or
entity to which it is addressed and may contain confidential
and/or privileged material. Any review re-transmission
dissemination or other use of or taking of any action in reliance
upon this information by persons or entities other than the
intended recipient is prohibited. If you received this in error
please contact the sender immediately by return electronic
transmission and then immediately delete this transmission
including all attachments without copying distributing or
disclosing same.

Avis de confidentialit'e:
L'information transmise est strictement r'eserv'ee `a la personne
ou `a l'organisme auquel elle est adress'ee et peut ^etre de nature
confidentielle. Toute lecture retransmission divulgation ou autre
utilisation de cette information ou toute action prise sur la foi de
cette information par des personnes ou organismes autres que
son destinataire est interdite. Si vous avez recu cette information
par erreur veuillez contacter son exp'editeur imm'ediatement par
retour du courrier 'electronique puis supprimer cette information y
compris toutes pi`eces jointes sans en avoir copi'e divulgu'e ou
diffus'e le contenu.