Security Basics mailing list archives
RE: Security Trend Analysis
From: "Nathan Sherlock" <nathans () cyberklix com>
Date: Thu, 17 Apr 2008 14:30:10 -0400
It is fine for them to task you with this, but what tools have you been provided with to properly accomplish this task? Have the requirements been defined and documented? There are various metrics from various tools that feed security trend analysis, as follows: - Firewall metrics (e.g. from Checkpoint, Sidewinder), - Vulnerability Mgmt metrics (e.g. Foundstone, Nessus, Qualys), - Log/Alert Consolidation/Correlation metrics (e.g. from ArcSight, RSA enVision), - Wireless Activity metrics (AirTight, AirDefense), - IPS metrics (Intrushield, Tipping Point), - File Integrity metrics (e.g. from Tripwire), You need to choose what metrics will feed your trend analysis then choose the method and frequency of communicating that trend - could be an HTML-based dashboard with links to Excel charts. Just my 2 cents. Regards, Nathan Sherlock -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of phion wong Sent: Thursday, April 17, 2008 3:24 AM To: security-basics () securityfocus com Subject: Security Trend Analysis Hi All, I am tasked with coming up with a security trend analysis reports. The objective of the report is to identify threats and have a "situational awareness". I have access to logs from internet facing devices like firewalls, web proxy, IDS and email servers. Our network traffic is very heavy and the logs are simply overwhelming. It is a very big challenge to correlate all the and come up with some kind of trends related to security. I am trying to find resources related to IT security threat analysis (framework, threat analysis models etc) I have also studied some very good reports like Symantec biannual ISTR. For starters, a baseline must be established followed by studying temporal trends and associational trends studies.
From Google, the only relevant material I have found is the document
"Models of information security trend analysis" from www.cert.org. Any inputs, software, references or maybe just advices on how to start this challenging task? Thanks all in advance, Notice of Confidentiality: The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review re-transmission dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error please contact the sender immediately by return electronic transmission and then immediately delete this transmission including all attachments without copying distributing or disclosing same. Avis de confidentialit'e: L'information transmise est strictement r'eserv'ee `a la personne ou `a l'organisme auquel elle est adress'ee et peut ^etre de nature confidentielle. Toute lecture retransmission divulgation ou autre utilisation de cette information ou toute action prise sur la foi de cette information par des personnes ou organismes autres que son destinataire est interdite. Si vous avez recu cette information par erreur veuillez contacter son exp'editeur imm'ediatement par retour du courrier 'electronique puis supprimer cette information y compris toutes pi`eces jointes sans en avoir copi'e divulgu'e ou diffus'e le contenu.
Current thread:
- Security Trend Analysis phion wong (Apr 17)
- RE: Security Trend Analysis Nathan Sherlock (Apr 17)