can we leverage network monitoring to build comprehensive
play

Can we leverage network monitoring to build comprehensive - PowerPoint PPT Presentation

Jun 05, 2023 •135 likes •215 views

Can we leverage network monitoring to build comprehensive situational awareness of our operating environments in a way that scales well? How could such an awareness allow us to find anomalous and malicious behavior? God I hope so. If

  1. “Can we leverage network monitoring to build comprehensive situational awareness of our operating environments in a way that scales well? How could such an awareness allow us to find anomalous and malicious behavior?”

  2. God I hope so. If not, is anyone hiring? (Hi, I’m Matt Olney, Senior Research Engineer, Sourcefire VRT)

  3. Step 0: Management Primer ● Spending all the money on the planet on hardware will not help you ► Don’t tell sales and marketing I just said that ● Investment in your people will return a much greater dividend ► Investment is time and money ● Time to think ● Money to learn ● Hire someone who knows how to evaluate technical talent ► Because firing people is a pain in the ass ► Don’t tell the people at this conference I just said you should fire people who aren’t really, really good at what they do 3

  4. Step 1: Get a grip on your network ● Network Visibility ► Netflow ► SNMP Polling ► Network Discovery ● PADS ● RNA/RUA ● Intrusion Detection ► IDS/IPS ► HIDS ► AV ► Whatever a Razorback is 4

  5. Step 2: Make the set of tools a system ● Guns don’t kill people, people kill people That being said, having a good gun helps ► I’m not sure if this analogy really went the way I wanted it to ► ● Matt’s Tool Wish-list Maximize your investment in your people by giving them tools that will support the skills ► and intelligence they bring to the table Transparency ► ● Minimal magic Customizability ► ● Rules language ● Parsing definitions ● Verbose, granular configuration Extensibility ► ● API/SDK ● Allow me to rework your vision to come inline with my reality Scalability ► ● The ability to get output into a scalable SIM/SIEM/Data-Thingy delivers scalability for custom developed detection capability ● Razorback, released at DEFCON 5

  6. Step 3: Make it work, people ● An object at rest tends to be useless ► Blinky lights have never stopped an attacker ● Actively developing your detection stance: ► Makes your detection stance more unique ► Doesn’t waste resources on capabilities that don’t support your defensive stance ► Defines what your tools do, not some monkey developer in a cube ● Pay attention when Cloppert gives his talk ● Matt wins for referencing Bravo 6

  7. Step 4: Matt Wants a T-Shirt (XXL) ● APT APT APT APT APT APT APT APT APT APT APT APT APT APT APT APT APT APT APT APT APT APT APT APT APT APT APT APT APT APT APT APT APT APT APT APT APT APT APT APT APT APT APT APT ● Sourcefire will sell you a Unicorn with a Delphic Oracle plugin that will foresee the coming of the APT ● Zeus plugin will allow for orbital laser strike (OLS) to remove APT threat at the source ► Support contract for OLS for 5/10/25/Unlimited strikes per month ● Demoware Unicorn/Delphic Oracle platform available, limited to detecting APT from Burkina Faso ● http://volatility.tumblr.com/post/766031242/a-volatile- challenge-finding-the-apt-advanced 7

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Fuel Monitoring Presentation Fuel Monitoring We specialize in fuel monitoring also can customize

Fuel Monitoring Presentation Fuel Monitoring We specialize in fuel monitoring also can customize

Fuel Monitoring Presentation Fuel Monitoring We specialize in fuel monitoring also can customize any tracking product: We provides fuel monitoring comprehensive solutions for Vehicles and Generators with very comprehensive reports: Offering

256 views • 8 slides
Lab-S313674 : Build a GlassFish JavaFX Monitoring Application using REST monitoring API David

Lab-S313674 : Build a GlassFish JavaFX Monitoring Application using REST monitoring API David

Lab-S313674 : Build a GlassFish JavaFX Monitoring Application using REST monitoring API David Delabasse Senior Solution Architect, Oracle Belgium Sbastien Stormacq Senior Solution Architect, Oracle Luxembourg JavaOne|Oracle Develop Build

676 views • 49 slides
Comprehensive Radiation Monitoring Plan and Spatiotemporal Distribution of Information

Comprehensive Radiation Monitoring Plan and Spatiotemporal Distribution of Information

Comprehensive Radiation Monitoring Plan and Spatiotemporal Distribution of Information Disclosure Ambient Dose Rates Radiation Dose Map Readings of nationwide radiation monitoring are shown in maps. With location search function and

163 views • 3 slides
Ecologist US Geological Survey Outline Why build a national phenology network? Strategic

Ecologist US Geological Survey Outline Why build a national phenology network? Strategic

The USA National Phenology Network: A national science and monitoring framework for phenology Jake F. Weltzin Ecologist US Geological Survey Outline Why build a national phenology network? Strategic Plan Themes Advance Science

1.07k views • 59 slides
Network La Unin Hace La Fuerza Comite Civico del Valle Coachella Valley Air Monitoring Network

Network La Unin Hace La Fuerza Comite Civico del Valle Coachella Valley Air Monitoring Network

Coachella Valley Air Monitoring Network La Unin Hace La Fuerza Comite Civico del Valle Coachella Valley Air Monitoring Network Proposed Sites of Monitors in the Coachella Valley Air Monitoring Network Desert Mirage High School

398 views • 16 slides
You build it, you run it Matthias Rampke, SoundCloud You build it, you run it Operating

You build it, you run it Matthias Rampke, SoundCloud You build it, you run it Operating

You build it, you run it Matthias Rampke, SoundCloud You build it, you run it Operating SoundCloud's microservice architecture GOTO Berlin 2016 Intro: me Who I am and where I work Engineer in Production Engineering (platform, monitoring,

583 views • 32 slides
GRNET NOC network monitoring & visualization tools TF-NOC Zurich Alex Kosiaris

GRNET NOC network monitoring & visualization tools TF-NOC Zurich Alex Kosiaris

http://www.grnet.gr GRNET NOC network monitoring & visualization tools TF-NOC Zurich Alex Kosiaris (alex@noc.grnet.gr) Leonidas Poulopoulos (leopoul@noc.grnet.gr) Network monitoring Constant monitoring of network for components

299 views • 14 slides
Acid Deposition Monitoring Network in East Asia (EANET) Network Center for EANET Ken YAMASHITA

Acid Deposition Monitoring Network in East Asia (EANET) Network Center for EANET Ken YAMASHITA

Asia-Pacific Mercury Monitoring Network Workshop Minamata, Japan, June 22-23, 2015 Acid Deposition Monitoring Network in East Asia (EANET) Network Center for EANET Ken YAMASHITA Asia Center for Air Pollution Research (ACAP) Secretariat (UNEP

1.09k views • 49 slides
Wireless monitoring device Goal Wireless monitoring device monitors existing wireless network

Wireless monitoring device Goal Wireless monitoring device monitors existing wireless network

Wireless monitoring device Goal Wireless monitoring device monitors existing wireless network using independent network to report status. Logical parts Communication Monitoring unit unit Storage Central Unique unit processing unit unit

154 views • 4 slides
What is a Research Coordination Network (RCN)? NSF sponsored program to build a network of

What is a Research Coordination Network (RCN)? NSF sponsored program to build a network of

What is a Research Coordination Network (RCN)? NSF sponsored program to build a network of researchers to tackle emergent challenges. Transformative discoveries will require interdisciplinary & multinational teams The RCN program is

291 views • 4 slides
Topology monitoring implementation of network management system in TWAREN hybrid network

Topology monitoring implementation of network management system in TWAREN hybrid network

Topology monitoring implementation of network management system in TWAREN hybrid network National Center for High-Performance Computing 1 ABSTRACT TWAREN (TaiWan Advanced Research and Education Network) is a hybrid network composed of

532 views • 16 slides
Leveraging Ambari to Build Comprehensive Management UIs For Your Hadoop Applications by

Leveraging Ambari to Build Comprehensive Management UIs For Your Hadoop Applications by

Leveraging Ambari to Build Comprehensive Management UIs For Your Hadoop Applications by Christian Tzolov @christzolov Whoami Christian Tzolov Technical Architect at Pivotal, BigData, Hadoop, SpringXD, Apache Committer, Crunch PMC member

708 views • 35 slides
Automatic 3D monitoring and the use of network adjustment on the railway TSA Survey Conference 1

Automatic 3D monitoring and the use of network adjustment on the railway TSA Survey Conference 1

Automatic 3D monitoring and the use of network adjustment on the railway TSA Survey Conference 1 Contents Monitoring Automatic 3D Monitoring 3D Monitoring on the Railway Data Interpretation/Calculation 3D Monitoring

515 views • 24 slides
Security Monitoring and Enforcement for the Cloud Model Aryan TaheriMonfared

Security Monitoring and Enforcement for the Cloud Model Aryan TaheriMonfared

Infrastructure Architecture for a Cloud IaaS Provider Software Defined Networking and Network Virtualization Network Monitoring Security Enforcement Inter-Domain Routing for Virtualized Networks Security Monitoring and Enforcement for the

795 views • 42 slides
Comprehensive Nuclear-Test-Ban Treaty Seismic Monitoring: Paul G. Richards LamontDoherty

Comprehensive Nuclear-Test-Ban Treaty Seismic Monitoring: Paul G. Richards LamontDoherty

Comprehensive Nuclear-Test-Ban Treaty Seismic Monitoring: Paul G. Richards LamontDoherty Earth Observatory of Columbia University, Palisades, New York, USA Short Course on Nuclear Weapons Issues in the 21st Century APS, Forum on Physics and

468 views • 30 slides
Overview of NetFlow NetFlow and ITSG -33 Existing Monitoring Tools Network

Overview of NetFlow NetFlow and ITSG -33 Existing Monitoring Tools Network

Overview of NetFlow NetFlow and ITSG -33 Existing Monitoring Tools Network Monitoring and Visibility Challenges Technology of the future Q&A What t is NetFlow? Network protocol originally developed by Cisco

560 views • 21 slides
PLOM PAPERLESS OPEN MARKING EAMS 2020 30TH JUNE 2020 Andrew Rechnitzer Colin Macdonald

PLOM PAPERLESS OPEN MARKING EAMS 2020 30TH JUNE 2020 Andrew Rechnitzer Colin Macdonald

PLOM PAPERLESS OPEN MARKING EAMS 2020 30TH JUNE 2020 Andrew Rechnitzer Colin Macdonald www.plomgrading.org gitlab.com/plom/plom ELEVATOR PITCH IMAGINE THE SCENE 1 midterm test Need tools that 1250 students in 8 timeslots simplify

721 views • 27 slides
Version control is an essential tool for scientists Richard E. Turner ( rt60@nyu.edu ) August

Version control is an essential tool for scientists Richard E. Turner ( rt60@nyu.edu ) August

Version control is an essential tool for scientists Richard E. Turner ( rt60@nyu.edu ) August 16th, 2011 Synchronisation Laptop Server simulations travel backup working from home Collaboration - sharing materials 13 local authors, 13

606 views • 14 slides
Software Test Specification 1. Introduction This section provides an overview of the entire

Software Test Specification 1. Introduction This section provides an overview of the entire

Software Test Specification 1. Introduction This section provides an overview of the entire test document. This document describes both the test plan and the test procedure. 1.1 Goals and objectives Overall goals and objectives

686 views • 43 slides
Session 12 Spring Framework Introduction 1 Reading & Reference Reading

Session 12 Spring Framework Introduction 1 Reading & Reference Reading

Session 11 Spring Framework Overview Session 12 Spring Framework Introduction 1 Reading & Reference Reading http://engineering.pivotal.io/post/must-know-spring-boot-annotations- controllers/

630 views • 19 slides
Dr. Tanya Stanko, Vice-Provost for Educa:on for Workshop

Dr. Tanya Stanko, Vice-Provost for Educa:on for Workshop

Dr. Tanya Stanko, Vice-Provost for Educa:on for Workshop for Deans, Department Chairs and Research Directors 13 October 2014 Wroclaw, Poland, The

659 views • 28 slides
Denial-of-Service (DoS) CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs:

Denial-of-Service (DoS) CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs:

Denial-of-Service (DoS) CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/ Feb 22, 2010 Announcements

644 views • 29 slides
Chapter 7 Denial of Service Attacks DoS attack: An action that prevents or impairs the

Chapter 7 Denial of Service Attacks DoS attack: An action that prevents or impairs the

Chapter 7 Denial of Service Attacks DoS attack: An action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as central processing units (CPU), memory, bandwidth, and disk space.

1.55k views • 28 slides
Outline Distributed Denial of Service Introduction Attacks Characteristics of DDoS

Outline Distributed Denial of Service Introduction Attacks Characteristics of DDoS

Outline Distributed Denial of Service Introduction Attacks Characteristics of DDoS attacks CS 239 Some examples Security for Networks and Proposed prevention methods System Software May 15, 2002 Lecture 12 Lecture 12

421 views • 9 slides

More recommend