How to Improve Your Network Security Monitoring Capabilities Using Security Onion Sensors and Network Architecture
We will be kicking off the New Year with the first part of a two part series. (Open Source Security vs Commercial Products).
This month we will be discussing open source security and how our own Nate Sykes and Grant Sims (bios below) are using open source products to secure their network. Next month we will have Cisco come in and give us an overview of what they can offer from a commercial software standpoint.
Nate and Grant have been working to transition their security posture from a purely prevention based model to a prevent, detect and respond model. Nate and Grant put it this way “Prevention WILL fail. As a defender you have to consider/protect EVERYTHING. An attacker only has to find ONE flaw overlooked, unknown, unpatched or misconfigured.” To that end Nate and Grant will give us an overview of how they use open source security sensors to defend their network.
They will discuss:
- The capabilities of Security Onion: https://security-onion-solutions.github.io/security-onion/
- Why they chose to go the open source route
- The pros v. cons of open source and what to watch out for
Here are the slides from the first part of the presentation:
For the second part of the presentation, Grant demoed how to use Security Onion to investigate an AnglerEK incident:
Brief bios:
Nate Sykes (@n8sec) is the IT Manager at R&K Solutions, he has been working in IT for 19yrs. Nate has worked in all areas of system and network administration. He has been involved in different aspects of security for the last 6yrs, mostly involving blue team work. He holds GSEC, GMON and Security+ certifications.
Grant Sims (@ChiefRiverSims) is the Sr Security Analyst at R&K Solutions, he has been working in IT for 9yrs. He has a networking background, developed while working in a major DoD data center. He holds CCNA-Voice, CCDP, CCNP, Security+ and GPEN certifications.
RISE - Roanoke InfoSec Exchange 