netflow

Thanks to the Grand Rapids chapter of the ISSA for hosting me today. My deck can be downloaded here.

Applying the lessons on surveillance we learned from physical security in stopping the Shoe Bomber to network and informaiton security.

Using NetFlow for Information Security has some unique challenges that NETOPS tools don't have to deal with. I put Splunk head to head against StealthWatch and lay out methodolgies for testing other tools.

Don't trust your firewalls and NAC without validation. NetFlow is a great way to determine if they are doing what they are supposed to be doing (and alerting you when they are not.)

Presentation deck for BSides Chicago 2013 and thanks to all.

Figuring out what data sources are best suited for pervasive network surviellance can be tricky. In this fifth installment, we look at the pros and cons of packet capture and NetFlow.