Loading…
FloCon 2020 has ended
Back To Schedule
Wednesday, January 8 • 12:30pm - 1:00pm
Lunch Time Table Talk: Get Beyond Alerts - Maximizing Network Defense w/Suricata, Session 1

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Securing a network often begins with the ability to generate alerts when malicious or non-standard network traffic is observed. This is routinely accomplished through intrusion detection and prevention systems (IDPS), such as Suricata. Unfortunately, an alert only provides a narrow view into a possible incident. Data surrounding an alert also needs to be available to help analysts build context before and after an alert. Context enables an organization to understand the threats it faces and gives it the ability to respond to incidents quickly and more effectively. To complicate network defense further, not all malicious traffic will generate an alert when it encounters an IDPS. Analysts need to look for anomalies in network traffic to identify malicious or suspicious patterns through a process commonly referred to as threat hunting.

While many know that Suricata as an IDPS, it can provide much more visibility than just alerts. From protocol-specific logs to full-packet-capture, Suricata can generate the data needed for a comprehensive view into an organization’s network.

In this talk, you will learn how to use Suricata to generate alerts, produce protocol-specific logs, and identify malicious and anomalous activity in your network traffic. Attendees will leave this discussion with a better understanding of what is required for comprehensive network security monitoring and how Suricata can maximize their coverage.

This is the first day of a two-day session.

Intended Audience: This is an ideal talk for security analysts, blue teamers, and malware
researchers to learn how Suricata can provide visibility beyond an alert.

Speakers
avatar for Josh Stroschein

Josh Stroschein

Director of Training, Open Information Security Foundation - OISF
Josh is a subject matter expert in malware analysis, reverse engineering and software exploitation. He is the Director of Training for the Open Information Security Foundation (OISF), where he leads all training activity for the foundation and is also responsible for academic outreach... Read More →


Wednesday January 8, 2020 12:30pm - 1:00pm EST
Verelst/Percival