Shoe Bombers on the Network Part One : Detection Mechanisms
Comparing how physical security caught the shoe bomber to how we go about catching network threats.
Comparing how physical security caught the shoe bomber to how we go about catching network threats.
Behavioral analysis of NetFlow can alert to policy violations as well as suspicious and anomalous activity concerning protected data such as card holder (PCI), patient records (HIPAA) as well as PII and trade secrets.
Download the deck from SANS DFIR Summit 2013 on "Hunting Attackers with Network Audit Trails." Tom Cross & I delivered this in Austin, TX.
The quest for the (non-existent) Holy Grail of InfoSec: the "single pane of glass." Discussion on why we want it, what it will take to get it and what to do in the interim.
How intelligent NetFlow analysis can ease the pain associated with adding networks gained from mergers and acquistions.
Using NetFlow for Information Security has some unique challenges that NETOPS tools don't have to deal with. I put Splunk head to head against StealthWatch and lay out methodolgies for testing other tools.
How to combine user authentication data with NetFlow audit trails to investigate user behavior.
How NetFlow can quickly reveal application-layer denial of service.
Don't trust your firewalls and NAC without validation. NetFlow is a great way to determine if they are doing what they are supposed to be doing (and alerting you when they are not.)
NetFlow can provide an efficient way of monitoring traffic moving laterally across a network.