Showing posts from September, 2014

We Need More Than Penetration Testing

Last week I read an article titled   People too trusting when it comes to their cybersecurity, experts say  by Roy Wenzl of The Wichita Eagle. The following caught my eye and prompted this post: [Connor] Brewer is a 19-year-old sophomore at Butler Community College, a self-described loner and tech geek... Today he’s what technologists call a white-hat hacker, hacking legally for companies that pay to find their own security holes.  When Bill Young, Butler’s chief information security officer, went looking for a white-hat hacker, he hired Brewer, though Brewer has yet to complete his associate’s degree at Butler... Butler’s security system comes under attack several times a week, Young said... Brewer and others like him are hired by companies to deliberately attack a company’s security network. These companies pay bounties if the white hackers find security holes. “Pen testing,” they call it, for “penetration testing.” Young has repeatedly assigned Brewer to hack into Butl

A Brief History of Network Security Monitoring

Last week I was pleased to deliver the keynote at the first Security Onion Conference in Augusta, GA, organized and hosted by Doug Burks. This was probably my favorite security event of the year, attended by many fans of Security Onion and the network security monitoring (NSM) community. Doug asked me to present the history of NSM. To convey some of the milestones in the development of this operational methodology, I developed these slides  (pdf). They are all images, screen captures, and the like, but I promised to post them. For example, the image at left is the first slide from a Webinar that Bamm Visscher and I delivered on 4 December 2002, where we presented the formal definition of NSM the first time. We defined network security monitoring as the collection, analysis, and escalation of indications and warnings to detect and respond to intrusions. You may recognize similarities with the intelligence cycle and John Boyd's Observe - Orient - Decide Act (OODA) loop. Tha

Bejtlich Teaching at Black Hat Trainings 8-9 Dec 2014

I'm pleased to announce that I will be teaching  one class  at Black Hat Trainings 2014 in Potomac, MD, near DC, on 8-9 December 2014. The class is  Network Security Monitoring 101 . I taught this class in Las Vegas in July 2013 and 2014, and Seattle in December 2013. I posted  Feedback from Network Security Monitoring 101 Classes  last year as a sample of the student commentary I received. This class is the perfect jumpstart for anyone who wants to begin a network security monitoring program at their organization. You may enter with no NSM knowledge, but when you leave you'll be able to understand, deploy, and use NSM to detect and respond to intruders, using open source software and repurposed hardware. The first discounted registration deadline is 11:59 pm EDT October 31st. The second discounted registration deadline (more expensive than the first but cheaper than later) ends 11:59 pm EST December 5th. You can  register here . I recently topped the 1,000 student