FloCon 2020 has ended
Thursday, January 9 • 12:30pm - 1:00pm
Lunch Time Table Talk: Get Beyond Alerts - Maximizing Network Defense w/Suricata, Session 2

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
This is the second day of a two-day session.  It builds upon information discussed on day one.

Securing a network often begins with the ability to generate alerts when malicious or non-standard network traffic is observed. This is routinely accomplished through intrusion detection and prevention systems (IDPS), such as Suricata. Unfortunately, an alert only provides a narrow view into a possible incident. Data surrounding an alert also needs to be available to help analysts build context before and after an alert. Context enables an organization to understand the threats it faces and gives it the ability to respond to incidents quickly and more effectively. To complicate network defense further, not all malicious traffic will generate an alert when it encounters an IDPS. Analysts need to look for anomalies in network traffic to identify malicious or suspicious patterns through a process commonly referred to as threat hunting.

While many know that Suricata as an IDPS, it can provide much more visibility than just alerts. From protocol-specific logs to full-packet-capture, Suricata can generate the data needed for a comprehensive view into an organization’s network.

Intended Audience: This is an ideal talk for security analysts, blue teamers, and malware
researchers to learn how Suricata can provide visibility beyond an alert.

avatar for Josh Stroschein

Josh Stroschein

Director of Training, Open Information Security Foundation - OISF
Josh is a subject matter expert in malware analysis, reverse engineering and software exploitation. He is the Director of Training for the Open Information Security Foundation (OISF), where he leads all training activity for the foundation and is also responsible for academic outreach... Read More →

Thursday January 9, 2020 12:30pm - 1:00pm EST