BSides Atlanta 2020

Have you ever wanted to know how to use blinky light boxes to hacker-proof your enterprise computer network? Throughout this presentation, we'll cover topics like cyber-impenetrability, foolproof attribution, and how to keep attackers from ever coming close to your crown jewels. Our discussion will even include plans for building and configuring a next-generation firewall capable of not only stopping attackers in their tracks, but making them shake in their cyber boots, and work for you! If this all sounds too good to be true (or a very bad vendor sales pitch), that's because it is! We absolutely WILL NOT discuss these items, but something much more valuable -- context. While there's no silver bullet approach to keeping bad guys at bay, with the proper tools and training, we can use contextual information from our network traffic and host-based telemetry to connect the dots, and build otherwise unrealized relationships amongst our data. This allows us to paint a better picture of our adversaries and their actions (or Joe in Accounting and his unsavory habits), assisting us in detection of threats, and allowing us to better protect to our network.

While there are many excellent free and open source pieces of software to help us gather contextual data, we will discuss the tools and data provided by Security Onion, a platform for enterprise-scale security monitoring, intrusion detection, threat hunting, and log management. Aside from just tools and data, we will also cover an introduction into the architecture and use cases for Security Onion. Finally, we'll finish with an overview of additional opportunities for detection development, integration with other popular open source tools, and provide additional insight in to the future of Security Onion development. Overall, attendees should walk away with a better understanding of how they can peel pack the layers of their enterprise, and make their adversaries cry.

https://zoom.us/j/998173381