Summer 2009 ESCC/Internet2 Joint Techs

close
Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

REN-ISAC SES Project

Time 07/21/09 02:00PM-02:20PM

We do not host flash-based video files on our servers anymore. Please contact Web Support for further details about netcast videos.

Session Abstract

The SES (Security Event Standardization) system is being developed to enable real-time sharing of security event data, in standardized representation, within a trusted federation, and among federations.

SES Phase I will facilitate the parsing of various event types, including IDS, firewall, sshd, DNS, and phishing, to yield mid-level events (i.e. events of interest), normalize a description of the events in IETF IDMEF and IODEF formats, and provide a transport, storage, and retrieval substrate, in the context of a trusted federation. In addition to the underlying event information sharing capabilities, SES is designed as a tool framework, providing the capability to incorporate correlation and analysis components, interface with systems that provide automated notification of security incidents, and interface with systems that treat higher-level incident information in a federated context. The SES respository will provide a base for longitudinal security trend and incident analysis.

SES is being developed within the REN-ISAC community (Research and Education Networking Information Sharing and Analysis Center), and in collaboration with the Internet2 CSI2 effort, under grant from the Department of Justice to Internet2.

This presentation will provide an overview of the project fundamentals and a description of pilot implementation scheduled for this summer in the REN-ISAC community.

REN-ISAC Handout (pdf)

Speakers

Speaker Doug Pearson REN-ISAC

Presentation Media

media item thumbnail Security Event System (SES) (pdf)

Speaker Doug Pearson REN-ISAC

Speaker Joshua Walgenbach Indiana University

Secondary tracks Security