timbass
Tue, 10 Jul 2007 19:24:40 +0000
The afternoon sessions of
InformationSecurityAsia2007 were exceptional.**
Dr. Keith White, APAC Security Services Director of
Alcatel-Lucent, Australia described how they partnered with
Cloudshield to process security events in a distributed
SEM environment.** Topics covered included edge processing, content/context based routing and event processing.** After Keith's excellent presentation I had a chance to speak with him about white-box event processing engines and strategic partnerships.
The next sessions was really interesting, highlighting*a similar*situation - the criminals are far ahead of black-box
SEM processing engines; and this is readily demonstrated in the emerging*domain of
extrusion detection.*** For those not familiar with this term, extrusion detection is the*network traffic inverse*of intrusion detection.** In intrusion detection systems the focus is on the detection of threats from the outside of the network, to the inside of the network.*
However, what happens when criminals implant
malware, covert tunnels (for example
HTTP tunnels or
ICMP tunnels), and malicious
bot networks inside of organizations, and the detection*challenge*shifts to detecting outbound traffic from malicious users, malware, and botnets?*** This form of criminal activity is evolving so fast that the models to detect extrusions are being formulated and tested in near*real-time.** This is where CEP can help.
Imagine a high performance, declarative programming framework that can be used to implement extrusion detection models created by experts, like the cybersecurity experts gathered together at InformationSecurityAsia2007.** On top of that,*visualize a design time studio environment that allows these same experts to graphically express their extrusion models in design time, avoiding most of the overhead of code development.** CEP and ESP engines are ripe for assisting security engineers detect the exploding commercialization of criminal extrusions, where, for example, *bot hearders can rent their botnets from $350 to $1000 USD per day.
I spoke to a number experts at InformationSecurityAsia2007 about CEP and I was*pleased to learn that they have been considering CEP and ESP engines, including open source software (i.e.
Esper)*as well as*commercial offerings.*** We are considering collaborating on a new Center-of-Excellence that combines CEP/ESP engines with extrusion detection models.* Please contact me directly if you would like to participate.
We live in complex times.** Complex times require complex event processing.
More*coming from*InformationSecurityAsia2007 ....
Source...