1 / 7

FCC Cyber Security Workshop Panel 2: Detect and Respond

FCC Cyber Security Workshop Panel 2: Detect and Respond. Dale Drew, Global Security Level 3 Communications, LLC. Detection: The Tools. Monitoring for trends and techniques Industry and government forums Grey and Blackhat forums Netflow & SFlow– Core and Edge Real time detection of events

damita
Download Presentation

FCC Cyber Security Workshop Panel 2: Detect and Respond

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. FCC Cyber Security WorkshopPanel 2: Detect and Respond Dale Drew, Global Security Level 3 Communications, LLC

  2. Detection: The Tools • Monitoring for trends and techniques • Industry and government forums • Grey and Blackhat forums • Netflow & SFlow– Core and Edge • Real time detection of events • Netflow & SFlow – better sampling capability needed • DPI - Swarming • Element log files • Registration data • Physical Security integration • Etc

  3. Detection: The Tools • People • Skilled and trained personnel are key! • Regular incident testing • Continuous training • Attacks are becoming much more social in nature • Go after the infrastructure by attacking the people who operate it

  4. Detect and Respond: Commercial • Plenty of formal and informal avenues exist to share information • Who to include/exclude often becomes the problem • ISP Threat sharing forums • Vendor coordination – although becoming more difficult • On the topic of vendors • Edge vendors are becoming more versatile, more capable in detecting/stoping attacks • Core vendors care about speed

  5. Detect and Respond: Government • Plenty of formal and informal avenues exist to share information • Circle of trust is easier here • MANY forums to choose from • Information sharing needs to be more bi-directional

  6. ISP Needs • Vendors to be more accountable for security of their products • Better capable DPI systems • Better Netflow monitoring capabilities • More information sharing between forums and from the Government • More focus on the Layer 8 (end user) problem; social networking attacks • Captcha + passwords?

  7. Thank you!

More Related