Lessons Learned in the Implementation of a Multi-Location Network Based Real-Time Intrusion System
Michael Puldy - IBM Emergency Response Service
Nov 20, 1998
AbstractThis presentation will highlight IBM's Emergency Response Service's implementation of a multi-location real time intrusion detection system. After evaluating multiple technologies, IBM ERS settled on a network based intrusion detection system to monitor internet traffic. Although the technology of a network based intrusion system is relatively straightforward, the operational and response aspects of a multi-site implementation created a number of opportunities. Issues on scalability, categorization of attacks, signature updates, and general remote management of network based RTID sensors, and how IBM ERS overcame these obstacles will be discussed. Moreover, through various installations of this hardware, across multiple industries, IBM ERS has created a unique database containing the types and the quantities of attacks on internet hosts and firewalls within the United States. Finally, the presentation will discuss operational and financial issues surrounding the establishment of a 24x7 network security operations center.
About the SpeakerMichael L. Puldy currently manages the global deployment and delivery of IBM's Emergency Response Service. This includes IBM's commercial Internet ERS, IBM's Anti-Virus services, and IBM's remote security scan for e-business, IBM's internal internet security and response team. Michael is also manager of IBM CERT.
Prior to Emergency Response Service, Michael was involved in the development and operational implementation for IBM's large business recovery center in Boulder, Colorado, USA. In addition to Michael's tenure at IBM, Michael has over 15 years experience working in various industries including banking, aerospace and government. He has a BS in Computer Science, from Clemson University, and a Masters of Business Administration from the University of North Florida.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.