Year: 2008

Virtualized Network Security Management (vNSM)

This is a term that I’ve been throwing around for a while now so I thought I’d take the time to define it for everyone.

Virtualized Network Security Management (vNSM)
The extension of existing Network Security Management (NSM) policies and procedures to include “virtualized” deployments. This includes, but is not limited to, the collection, correlation, and normalization of:

  • logs (e.g authentication, authorization, status, etc.) generated by “virtualized” hosts (e.g. servers, workstations, etc.)
  • logs generated by non-security related applications (e.g. mail server, web server, etc.) installed on “virtualized” hosts
  • logs generated by security related applications (e.g. firewall messages, anti-virus alerts, rootkit installation prevented, etc.) installed on “virtualized” hosts
  • logs (e.g authentication, authorization, status, etc.) generated by “virtualized” network components (e.g. virtual switches, virtual hubs, etc.)
  • network flows (e.g. NetFlow) generated by “virtualized” network components
  • expected, anomalous, or malicious network communications to/from/between “virtualized” hosts (e.g. web server communicating with “virtualized” database, “virtualized” workstation retrieving file from “virtualized” FTP server, etc.)
  • logs generated from the operation of the host virtualization platform

I may expand on, or refine, this definition in the future but I wanted to make sure I had my ideas down on “paper” before I lost them.

SANS Security Laboratory “Thought Leaders” Article

SANSStephen Northcutt, of SANS Institute fame, recently recognized me as a Thought Leader in the area of log management. I’m quite humbled to be included with the likes of Dr. Anton Chuvakin, Jeremiah Grossman, and Ron Gula (among others).

The interview has been posted on the SANS Technology Institute site here. This has certainly made my week 🙂

SANS Toronto 2008 Keynote Roundup

talkAs most of you already know, yesterday I was involved in the SANS Toronto 2008 keynote along with Rob Lee, Bryce Galbraith, Peter Giannoulis, Dave Shackleford, Dr. Johannes Ullrich, Stephen Sims, and Guy Bruneau. This was the first keynote that I had the pleasure to be involved with but I hope it won’t be the last.

We had a full room with a mix of local and out of town students, all of whom were having a blast. “How do you know they were having a blast” you might ask? Even though we were talking about serious topics pertaining to security, my fellow panelists and I had the entire room laughing like crazy. In fact, I think I saw a few people whipping away tears from laughing too hard.

I think everyone had a good time, myself included, and the thing that set this keynote apart from previous keynotes that I’ve seen is how laid back and fun the talk was. There were questions about social media and the validation of identities, acceptance and rate of deployment for mainstream wireless infrastructure, the shaping of traffic to prevent P2P transmissions, and several others. All of the panelists were able to add their insight into the posed questions and I think the crowd appreciated how frank we were in our responses.

I think they also enjoyed the running joke about including www.theacademy.ca, in one way or another, in almost all of our responses. It was one of those “you had to be there” jokes but, trust me, it was hilarious. I didn’t get a chance to see the reviews filled out by the students but I hope they enjoyed the session as much as we all enjoyed presenting it.

Maybe SANS will let us do it again some time.

Scroll to top