Harnessing the Power of Threat Intelligence in Grids and Clouds: WLCG SOC Working Group

The modern security landscape affecting Grid and Cloud sites is evolving to include possible threats from a range of avenues, including social engineering as well as more direct approaches. An effective strategy to defend against these risks must include cooperation between security teams in differe...

Descripción completa

Detalles Bibliográficos
Autores principales: Crooks, David, Vlsan, Liviu, Mohammad, Kashif, Carabas, Mihai, McKee, Shawn, Trinder, Jon
Lenguaje:eng
Publicado: 2018
Materias:
Computing and Computers
Acceso en línea:https://dx.doi.org/10.22323/1.327.0012
http://cds.cern.ch/record/2682883
_version_ 1780963226950828032
author Crooks, David
Vlsan, Liviu
Mohammad, Kashif
Carabas, Mihai
McKee, Shawn
Trinder, Jon
author_facet Crooks, David
Vlsan, Liviu
Mohammad, Kashif
Carabas, Mihai
McKee, Shawn
Trinder, Jon
author_sort Crooks, David
collection CERN
description The modern security landscape affecting Grid and Cloud sites is evolving to include possible threats from a range of avenues, including social engineering as well as more direct approaches. An effective strategy to defend against these risks must include cooperation between security teams in different contexts. It is essential that sites have the ability to share threat intelligence data with confidence, as well as being able to act on this data in a timely and effective manner.As reported at ISGC 2017, the Worldwide LHC Computing Grid (WLCG) Security Operations Centres Working Group (WG) has been working with sites across the WLCG to develop a model for a Security Operations Centre reference design. This work includes not only the technical aspect of developing a security stack appropriate for sites of different sizes and topologies, but also the more social aspect of sharing data between groups of different kinds. In particular, since many Grid and Cloud sites operate as part of larger University or other Facility networks, collaboration between Grid and Campus / Facility security teams is an important aspect of maintaining overall security.We discuss recent work on sharing threat intelligence, particularly involving the WLCG MISP instance hosted at CERN. In addition, we examine strategies for the use of this intelligence, as well as considering recent progress in the deployment and integration of the Bro Intrusion Detection System (IDS) at contributing sites.An important part of this work is a report on the first WLCG SOC WG Workshop / Hackathon, a Workshop planned at time of writing for December 2017. This Workshop provides an opportunity to assist participating sites in the deployment of these security tools as well as giving attendees the opportunity to share experiences and consider site policies as a result. This Workshop is hoped to play a substantial role in shaping the future goals of the working group, as well as shaping future workshops.
id oai-inspirehep.net-1738411
institution Organización Europea para la Investigación Nuclear
language eng
publishDate 2018
record_format invenio
spelling oai-inspirehep.net-17384112019-10-15T15:20:10Zdoi:10.22323/1.327.0012http://cds.cern.ch/record/2682883engCrooks, DavidVlsan, LiviuMohammad, KashifCarabas, MihaiMcKee, ShawnTrinder, JonHarnessing the Power of Threat Intelligence in Grids and Clouds: WLCG SOC Working GroupComputing and ComputersThe modern security landscape affecting Grid and Cloud sites is evolving to include possible threats from a range of avenues, including social engineering as well as more direct approaches. An effective strategy to defend against these risks must include cooperation between security teams in different contexts. It is essential that sites have the ability to share threat intelligence data with confidence, as well as being able to act on this data in a timely and effective manner.As reported at ISGC 2017, the Worldwide LHC Computing Grid (WLCG) Security Operations Centres Working Group (WG) has been working with sites across the WLCG to develop a model for a Security Operations Centre reference design. This work includes not only the technical aspect of developing a security stack appropriate for sites of different sizes and topologies, but also the more social aspect of sharing data between groups of different kinds. In particular, since many Grid and Cloud sites operate as part of larger University or other Facility networks, collaboration between Grid and Campus / Facility security teams is an important aspect of maintaining overall security.We discuss recent work on sharing threat intelligence, particularly involving the WLCG MISP instance hosted at CERN. In addition, we examine strategies for the use of this intelligence, as well as considering recent progress in the deployment and integration of the Bro Intrusion Detection System (IDS) at contributing sites.An important part of this work is a report on the first WLCG SOC WG Workshop / Hackathon, a Workshop planned at time of writing for December 2017. This Workshop provides an opportunity to assist participating sites in the deployment of these security tools as well as giving attendees the opportunity to share experiences and consider site policies as a result. This Workshop is hoped to play a substantial role in shaping the future goals of the working group, as well as shaping future workshops.oai:inspirehep.net:17384112018
spellingShingle Computing and Computers
Crooks, David
Vlsan, Liviu
Mohammad, Kashif
Carabas, Mihai
McKee, Shawn
Trinder, Jon
Harnessing the Power of Threat Intelligence in Grids and Clouds: WLCG SOC Working Group
title Harnessing the Power of Threat Intelligence in Grids and Clouds: WLCG SOC Working Group
title_full Harnessing the Power of Threat Intelligence in Grids and Clouds: WLCG SOC Working Group
title_fullStr Harnessing the Power of Threat Intelligence in Grids and Clouds: WLCG SOC Working Group
title_full_unstemmed Harnessing the Power of Threat Intelligence in Grids and Clouds: WLCG SOC Working Group
title_short Harnessing the Power of Threat Intelligence in Grids and Clouds: WLCG SOC Working Group
title_sort harnessing the power of threat intelligence in grids and clouds: wlcg soc working group
topic Computing and Computers
url https://dx.doi.org/10.22323/1.327.0012
http://cds.cern.ch/record/2682883
work_keys_str_mv AT crooksdavid harnessingthepowerofthreatintelligenceingridsandcloudswlcgsocworkinggroup
AT vlsanliviu harnessingthepowerofthreatintelligenceingridsandcloudswlcgsocworkinggroup
AT mohammadkashif harnessingthepowerofthreatintelligenceingridsandcloudswlcgsocworkinggroup
AT carabasmihai harnessingthepowerofthreatintelligenceingridsandcloudswlcgsocworkinggroup
AT mckeeshawn harnessingthepowerofthreatintelligenceingridsandcloudswlcgsocworkinggroup
AT trinderjon harnessingthepowerofthreatintelligenceingridsandcloudswlcgsocworkinggroup

Ejemplares similares