Extrusion Detection is Ripe for CEP Post: 302126209

Sponsored Content

Special Forums News, Links, Events and Announcements Complex Event Processing RSS News Extrusion Detection is Ripe for CEP Post 302126209 by Linux Bot on Tuesday 10th of July 2007 03:50:04 PM

07-10-2007

Registered User

Extrusion Detection is Ripe for CEP

timbass
Tue, 10 Jul 2007 19:24:40 +0000
The afternoon sessions of InformationSecurityAsia2007 were exceptional.** Dr. Keith White, APAC Security Services Director of Alcatel-Lucent, Australia described how they partnered with Cloudshield to process security events in a distributed SEM environment.** Topics covered included edge processing, content/context based routing and event processing.** After Keith's excellent presentation I had a chance to speak with him about white-box event processing engines and strategic partnerships.
The next sessions was really interesting, highlighting*a similar*situation - the criminals are far ahead of black-box SEM processing engines; and this is readily demonstrated in the emerging*domain of extrusion detection.*** For those not familiar with this term, extrusion detection is the*network traffic inverse*of intrusion detection.** In intrusion detection systems the focus is on the detection of threats from the outside of the network, to the inside of the network.*
However, what happens when criminals implant malware, covert tunnels (for example HTTP tunnels or ICMP tunnels), and malicious bot networks inside of organizations, and the detection*challenge*shifts to detecting outbound traffic from malicious users, malware, and botnets?*** This form of criminal activity is evolving so fast that the models to detect extrusions are being formulated and tested in near*real-time.** This is where CEP can help.
Imagine a high performance, declarative programming framework that can be used to implement extrusion detection models created by experts, like the cybersecurity experts gathered together at InformationSecurityAsia2007.** On top of that,*visualize a design time studio environment that allows these same experts to graphically express their extrusion models in design time, avoiding most of the overhead of code development.** CEP and ESP engines are ripe for assisting security engineers detect the exploding commercialization of criminal extrusions, where, for example, *bot hearders can rent their botnets from $350 to $1000 USD per day.
I spoke to a number experts at InformationSecurityAsia2007 about CEP and I was*pleased to learn that they have been considering CEP and ESP engines, including open source software (i.e. Esper)*as well as*commercial offerings.*** We are considering collaborating on a new Center-of-Excellence that combines CEP/ESP engines with extrusion detection models.* Please contact me directly if you would like to participate.
We live in complex times.** Complex times require complex event processing.
More*coming from*InformationSecurityAsia2007 ....

Source...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

4 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

virus detection

IS there virus software for unix? I worked in a Solaris environment and dont remember having anything. I also ask because the current enviroment i am working on is Microsoft and they argue that they do not use unix because of virus detection. Any input would be greatly appreciated.

2. IP Networking

modem detection

How to get information that where is my modem configured in /dev. I have two modems configured in my device .. one is USB and other is PCI modem.. USB is detected as /dev/USB0. but how to see about PCI modem?

3. Shell Programming and Scripting

NAT detection

hellou, can anybody help me with nat detection in real time ? i prefer some detection script because i try some nat detection program's for example p0f or i'm using tcpdump, but i would get contain of specific packet. Some ideas?

4. Programming

Parallel Processing Detection and Program Return Value Detection

Hey, for the purpose of a research project I need to know if a specific type of parallel processing is being utilized by any user-run programs. Is there a way to detect whether a program either returns a value to another program at the end of execution, or just utilizes any form of parallel...

LEARN ABOUT REDHAT

httppower

httppower(8)							     powerman							      httppower(8)

NAME

       httppower - communicate with HTTP based power distribution units

SYNOPSIS

       httppower [--url URL]

DESCRIPTION

       httppower  is  a  helper program for powerman which enables it to communicate with HTTP based power distribution units.	It is run interac-
       tively by the powerman daemon.

OPTIONS

       -u, --url URL
	      Set the base URL.

INTERACTIVE COMMANDS

       The following commands are accepted at the httppower> prompt:

       auth user:pass
	      Authenticate to the base URL with specified user and password, using ``basic'' HTTP authentication which sends the user and password
	      over the network in plain text.

       seturl URL
	      Set the base URL.  Overrides the command line option.

       get [URL-suffix]
	      Send an HTTP GET to the base URL with the optional URL-suffix appended.

       post [URL-suffix] key=val[&key=val]...
	      Send an HTTP POST to the base URL with the optional URL-suffix appended, and key-value pairs as argument.

FILES

       /usr/sbin/httppower
       /etc/powerman/powerman.conf

ORIGIN

       PowerMan was originally developed by Andrew Uselton on LLNL's Linux clusters.  This software is open source and distributed under the terms
       of the GNU GPL.

SEE ALSO

       powerman(1), powermand(8), httppower(8), plmpower(8), vpcd(8), powerman.conf(5), powerman.dev(5), powerman-devices(7).

       http://sourceforge.net/projects/powerman

powerman-2.3.5							    2009-02-09							      httppower(8)