Operates the Arc-sight 4.0 Console in conjunction with Symantec enterprise-wide client security software system (including anti-virus, spyware, and firewall components) under prescribed service levels.
·Monitor Threats according to High Risk Level Entities via MacAfee’s threat Intelligence with Email Gateway products. Observe New Infections, such Malware and MalJava. Symantec Security Information Manager (126.96.36.199) Symantec, performs advanced support, generates and distributes reports, and performs trend analysis.
• Tailoring the Arc Sight console, Resource Trees, • Active Channels for Monitoring, investigating Events. • Event Annotations, dashboards, payloads and examining Payloads.
Uses MacAfee tools (including root kit), for malicious detection for the intruders responsible of APT attacks targeted to the Defense Industrial Base (DIB). Arc Sight architecture is build with Arc Sight Manager, database and a web server along with SIM System, console operations.
·Arc Sight (version 188.8.131.5284.0) security tool: creating channels to monitor traffic from the United States Senate to US-based and foreign hosts. Channels were setup by TCP/UCP port activity or IP addresses.
·For example: NetBIOS, FTP, SMTP, DNS, and DHCP channels were monitored. Submitted reports in predefined portal, based on suspicious activity.
·This activity included malicious hosts, virus/Trojan Horse, Conficker worms, Blood Hound virus, Game pass, Maljava infections and high levels of constant traffic to suspicious foreign hosts.
·Utilized Symantec Security Information Manager (184.108.40.206) to assist in monitoring and reporting activity such as Host name, logging device IP, Mac address, Virus definitions &Operating System version.
·Packet capture analysis: analyzed packet captures, aggregated from Snort to Arc Sight, in conjunction with pattern analysis to determine whether malicious activity occurred on the US Senate Network.
·Utilized McAfee Network Security Manager - 220.127.116.11 (MacAfee Intru- Shield) to assist in traffic analysis
Basic understanding of encryption techniques. •Experience with forensic data capture and analysis techniques •Familiarity with the Verdasys products and/or other DLP solutions
.Build deployment packages for server/workstation agents including validation & compatibility testing. Develop initial Deployment/Configuration Guide for implementation of Security server agents and workstation agents. Install Security infrastructure server software & deploy server and workstation agents in the production environment. Design policies/rules for identifying & reporting events.