Построение Security Operations Center
of 47
Transcript of Построение Security Operations Center
-
7/30/2019 Security Operations Center
1/47
2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSOC 1/82
Security OperationsCenter (SOC)\
-
7/30/2019 Security Operations Center
2/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2/82SOC
?
SOC
SOC
SOC
SOC
-
7/30/2019 Security Operations Center
3/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3/82SOC
SOC
-
7/30/2019 Security Operations Center
4/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4/82SOC
2) , , ,
1)
3)
,
4) , ,
5)
,
,
/
!
SOC?
-
7/30/2019 Security Operations Center
5/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5/82SOC
:1.
2.
3.
Network Operations Security Operations
Firewall
IDS/IPS
VPN Vulnerability
Scanners
Authentication
Servers
Router/Switch
Anti-virus
10K Win,
100s UNIX
.
-
....
-
7/30/2019 Security Operations Center
6/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6/82SOC
Infected Host
Log/Alert
-
7/30/2019 Security Operations Center
7/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7/82SOC
-
-
7/30/2019 Security Operations Center
8/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8/82SOC
Netflow
Firewall Log
SNMP
Switch Log
Server Log
AV Alert
App Log
VA Scanner
RMON
Packet
Capture
IDS Event
..
.
SOC
!
-
7/30/2019 Security Operations Center
9/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9/82SOC
?!
-
7/30/2019 Security Operations Center
10/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10/82SOC
SOC
-
7/30/2019 Security Operations Center
11/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11/82SOC
( ../)
-
7/30/2019 Security Operations Center
12/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12/82SOC
, ...1
-
7/30/2019 Security Operations Center
13/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13/82SOC
24x7x365
SOC
-
7/30/2019 Security Operations Center
14/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14/82SOC
(, ..)
Security Dashboard
c Service Desk ( ticket)
SOC
-
7/30/2019 Security Operations Center
15/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15/82SOC
...
.
... ...
... ...
... ...
... ...
... ...
SOC ..
...
, ..
-!
-
7/30/2019 Security Operations Center
16/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16/82SOC
SOC
-
7/30/2019 Security Operations Center
17/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17/82SOC
SOC
:
, ,
-
SLA
SOC
+ +
Service Desk
(ITIL)
,, SLA
SLA-
-
7/30/2019 Security Operations Center
18/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18/82SOC
SOC
-
7/30/2019 Security Operations Center
19/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19/82SOC
Configuration AssuramceConfiguration Assuramce
SDM
Cisco Security MARSCisco Security MARS Cisco Security ManagerCisco Security ManagerCompliance ManagerCompliance Manager
M
SecurityManagement
-
7/30/2019 Security Operations Center
20/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20/82SOC
Cisco Security Management Suite Cisco Security Management Suite
FABRIC
CISCO
SECURITY
MARS
CISCO
SECURITY
MANAGER
Cisco Secure Access Control Server
-
7/30/2019 Security Operations Center
21/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21/82SOC
Cisco Security Manager
,VPN IPS
ASA, PIX, FW SM IOS Firewall
VPN
VPN Wizard Site-to-Site, hub-spoke
full mesh VPN
VPN , DMVPN Easy VPN
Jumpstart:
:
- Policy-based- Device-based- Map-based- VPN based
IPS
IPS
Outbreak
Prevention Services
-
7/30/2019 Security Operations Center
22/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22/82SOC
CSM:
Device View
Topology View
Policy View
VPN
,
Firewall, VPN, IPS
ASA, PIX, IPSSensors, ISR, C6k CatalystService modules
Topology View
Policy View
Device View
-
7/30/2019 Security Operations Center
23/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23/82SOC
Cisco Monitoring, Analysis and Response System(MARS)
,
NIDS, , ,CSA
Syslog, SNMP, RDEP, SDEE, NetFlow,
2 3
SDEE NetFlow
-
7/30/2019 Security Operations Center
24/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24/82SOC
Cisco MARS
CS-MARS
CS-MARS GC ,
, URL
AAA
Commerce
VPN
.VLAN
AAA
Switch
Router
Switch / NIDS
FW / NAT
CS-MARS GCWeb
.
CS-MARS
CS-MARS
-
7/30/2019 Security Operations Center
25/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25/82SOC
MARS: 1.
2.
3.
4. / NAT
5.
6.
7.
-
7/30/2019 Security Operations Center
26/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26/82SOC
MARS
Cisco
ISS
Check Point
Nokia
Symantec
NetScreen
Enterasys
Foundstone
Snort
McAfee
eEye
Windows
Solaris Linux
Extreme
Oracle Netscape
Apache
.
-
7/30/2019 Security Operations Center
27/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27/82SOC
- Netflow
/Netflow
/
-
7/30/2019 Security Operations Center
28/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 28/82SOC
110
CSV HTML
,
, ,, , ..
-
7/30/2019 Security Operations Center
29/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29/82SOC
CxO
-
7/30/2019 Security Operations Center
30/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30/82SOC
CS-MARS
1TB
na
na
CS-MARS
GC
1TB750GB750GB240GB120GB+RAID Storage
300,000150,00075,00025,00010,000NetFlow / Sec.
10,0005,0003,0001,000500Events / Sec.
CS-MARS 200CS-MARS 100CS-MARS 100eCS-MARS 50CS-MARS 20Model
+not RAID
MARS
,
C C
-
7/30/2019 Security Operations Center
31/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 31/82SOC
CiscoWorks Network ComplianceManager (NCM)
(SOX, VISA CISP, HIPAA, GLBA, ITIL,
CobiT, COSO)
-
7/30/2019 Security Operations Center
32/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 32/82SOC
CiscoWorks NCM
SOX, VISA CISP, HIPAA,GLBA, ITIL, CobiT, COSO
Integration
Connecto
rs
CiscoWorks Network
Compliance Manager
,
CiscoWorks
-
7/30/2019 Security Operations Center
33/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33/82SOC
CiscoWorks NCM
APIGUI
Reporting (compliance, change, visibility)
Telnet/SSH Proxy
, , , 35
-
7/30/2019 Security Operations Center
34/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 34/82SOC
SOX, VISA CISP, HIPAA,GLBA, ITIL, CobiT, COSO
!
Full ComplianceCenter
-
7/30/2019 Security Operations Center
35/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 35/82SOC
?
?
:
case
e-mail
!
Ci W k NCM
-
7/30/2019 Security Operations Center
36/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 36/82SOC
CiscoWorks NCM
500 Cisco
-
7/30/2019 Security Operations Center
37/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 37/82SOC
Connectors and APIs
Data Events
Data Events
HELP DESK, WORKFLOW & TICKETING TOOLS
FAULT MANAGEMENT SYSTEMS
CiscoWorks NCM
SOC
-
7/30/2019 Security Operations Center
38/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 38/82SOC
Cisco Configuration Assurance Solution (CAS)
-
, ,
- ,
-
- , ,
- , , (PCI DSS, STIG, NIST,ISO 17799, NSA .)
-
7/30/2019 Security Operations Center
39/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 39/82SOC
Cisco SAFE Blueprint
PCI Data Security
NIST 800-53
DISA STIGNSA Router/Switch Security
160
C ACLs, Firewalls, Route Maps,AAA, ..
..
Cisco CAS
:
-
7/30/2019 Security Operations Center
40/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 40/82SOC
:
Cisco CAS
:
Missing access-list 110
-
7/30/2019 Security Operations Center
41/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 41/82SOC
:
Zone: Primary Data Center
Zone: Secondary Data Center
Zone: MPLS Branch Offices Zone: Frame Relay Offices
-
7/30/2019 Security Operations Center
42/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 42/82SOC
:
/
, ,
-
7/30/2019 Security Operations Center
43/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 43/82SOC
Multi-vendorNetworkDevices
Cisco CAS
1 2
1
2
( ,, , ..),
3
PCI DSS
NSA
NIST 800-53
Cisco SAFE
Compliance Reports
Security Vulnerability
Network Resiliency
Configuration Trends
Network Analysis Reports
Routing Analytics
And much more
Network Design
3
,
, :
-
7/30/2019 Security Operations Center
44/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 44/82SOC
SOC
Cisco CAS
CiscoWorksNetwork Compliance Manager (NCM) CiscoWorks LMS
- Netflow
CiscoWorks NCM CiscoWorks LMS
-
-
-
-
7/30/2019 Security Operations Center
45/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 45/82SOC
: Ciscos SOC
-
7/30/2019 Security Operations Center
46/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 46/82SOC
?
-
7/30/2019 Security Operations Center
47/47
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 47/82SOC
