Need to be pointed at what to research​

[Jtalk4456]

I'll do the research and legwork, I'm not asking for anyone to do this assignment for me, I just need a point in the right direction. I'm in an emerging technology class and the final project takes a case study and lets me formulate a plan to implement an emerging tech solution. I've gone thru the class material, get the concepts, understand how I'm making/formatting a proposal like this. Where I need some direction is actually the Emerging Tech. The prompt talks about a company making medical projects for space and security is their primary concern because working with NASA and proprietary tech, all that stuff. Then it goes into a detailed description of their firewall setup and logs and traffic, and the 

prompt is very clearly saying if you don't pick a tech that has to do with logs and security, you're stupid. And I get that, great, but I haven't done a single class yet for cybersecurity, so I don't know the first place to start with this prompt. If someone can point me in a direction of what kind of tech would solve the issue, I can do research on that tech, find vendors, I can do all the research and learning, I just need a direction to look in. 

So I attached the actual prompt file, but I'm also putting my summary and notes I've done so far. Again I don't want anyone thinking I'm asking for someone doing the HW for me. Just the prompt is on a topic I haven't had a class on yet, so I don't intuitively know where to look for a solution on this. 

Case Study Notes

TechFite - medical devices for space program

houston texas near space center

Security is top priority due to working with nasa and also proprietary tech

4 IT employees: 2 entry specialists, senior sec specialist, IT sec manager

2 firewall system, external firewall for techfite and partners, inner firewall to protect intranet
2 firewall system creates a 3 ring network with innermost ring being most secure and outermost connects directly to internet. Each firewall creates log of passing traffic

CIO raised concerns about current infrastructure security implication, but wants staff to propose INEXPENSIVE solutions to meet future demands

Firewalls handling lots of traffic due to lots of collaborative efforts with NASA and other companies, but all proposed solutions to the secure collaboration have been outside of budget

hard to manually scan logs, looking for open source solutions to automate log correlation for host based and network appliances

however the amount of storage space needed is more than onsite

current: 10000 log files manually each week

30% success rate in identifying intrusion signature patterns and only 4tb storage locally for log storage

one system admin suggested using tech to review and store the logs

 

Being pressured to comply with FISMA using NIST framework for gov contracts

other restrictions due to international data handling, particularly EU

Shrinking budget due to fewer space missions

Looking to work with other space agencies internationally, may result in opening subsidiaries in other locations, resulting in more log data in more locations

Main needs are scanning log data for potential attackers and alerts of potential attacks, real time log scanning and behavior analysis

install honeypots to attract hackers and store those logs

 

So overall I'm getting honeypots and log tracking/scanning/alerting. But this is just stuff I know nothing of, and I feel lost about how to address that. I don't know what is considered inexpensive. I haven't finished learning about networking to have context on the whole other locations thing. I don't know about international data handling and what the differences would be. I just feel like I'm supposed to have done this class AFTER a bunch of other classes and I'm just lost in a sea of complexity I just haven't learned the context for. If someone can give me a point in the right direction I'll start doing some research, and I have an appointment to talk with the teacher in a few days as well.

 

Any help is greatly appreciated!

TechFite Case Study.docx

[NinJake]

It's easy to get overwhelmed with a lot of complex buzzwords in college courses like that. Sometimes the best solution is to break it down into a few words and then start searching based off what you know.

 

-Low budget

-New/"emerging" technologies

-Log files

 

I did a quick search on "new and upcoming open source software for scanning log files" and came up with this list as a result. (https://sematext.com/blog/log-analysis-tools/) I'd start here, or you could try a few more searches yourself to narrow the "technology" down that you want to focus on.

 

If you can focus on free/open source solutions I think that would be beneficial.

 

Maybe there's some sort of AI software/machine learning that can help in this area as well. Good luck!

[Jtalk4456]

I read over it again and I want to make sure people don't think I'm just blind. there are some things I do recognize, but there's just a lot of aspects to this that I don't really know which direction to head in. 
What I do understand is log tracking in real time. I've never done anything like that or learned about it, but conceptually I get they need a solution that is real time watching logs for them, smart enough to recognize and alert of traffic from attackers. I have just enough context I can research this part and do some good googling.

Where I'm lacking:

I don't have a concept of cost, IDK what is cheap and what is expensive. I've never looked at pricing any of these things so I just am not familiar there. 

I don't know how the scaling up of locations needs to be integrated into this solution. I'm guessing this might be a cloud computing thing so the individual sites don't need local storage, but that's a guess and doesn't address the log issues. 

I don't know about international data handling standards and what would be different there

I don't know about government data handling either, but the prompt at least gave me a standard to aim for with that

There's just a lot of aspects here that are above my paygrade at the moment

[Jtalk4456]

Question that just hit me, is log tracking an emerging tech? Hasn't that been around for ages and is pretty mature? Or does cloud based SAAS log analysis make it emerging because cloud tech is emerging?

[Jtalk4456]

well I found this 

https://www.varonis.com/blog/fisma-compliance

And I have a good place to start there I guess, it looks like the FISMA program has some insight on the tech itself and just going through this compliance might lead me in a few places. I still have no clue how to determine what is cheap though, but hopefully the teacher can give me some insight there

[NinJake]

For pricing, find at least 3 comparable solutions and get quotes for them. This way you have a relative idea as to if something is good value or if everything is "competitively priced"

[Jtalk4456]

25 minutes ago, NinJake said:

For pricing, find at least 3 comparable solutions and get quotes for them. This way you have a relative idea as to if something is good value or if everything is "competitively priced"

ooh good idea, thanks!

[LAwLz]

I didn't quite get what you were after, but it sounds like you want an open source SIEM. 

[Jtalk4456]

On 9/10/2022 at 7:24 PM, LAwLz said:

I didn't quite get what you were after, but it sounds like you want an open source SIEM. 

You got more than me apparently, cuz IDK what that is, but you can bet I'll be looking it up!

Also as a general update I finally got with the teacher and turns out I only have to address part of the issues. I can basically pick a piece of the prompt and run with it. The teacher is not expecting nearly as much as the prompt made it seem. Still a pain in the butt essay, but far closer to manageable.