Tweet
Title: Peeling Back the Layers and Peering Through the Clouds with Security Onion
Description:
Peeling Back the Layers and Peering Through the Clouds with Security Onion
As the number of production assets and workloads transition to cloud, it is more important than ever to be able to understand the "goings-on" of these type of environments. Unfortunately, many organizations still have little visibility into cloud infrastructure. Vendor-specific solutions can be cost-prohibitive, and don't always offer a complete solution for security monitoring. In this session, we'll discuss how we can better defend cloud environments by leveraging Security Onion, a completely free and open source platform for intrusion detection, enterprise security monitoring, and log management. By using Security Onion, we can pierce the veil of the cloud, and gain better visibility to facilitate threat detection, identify application misconfigurations, and assist with compliance-related efforts. Attendees should walk away with a firm grasp of the platform, understanding how they can utilize Security Onion to improve their organization's security posture, and make their adversaries cry.
Outline:
(1) Cloud
(a) Assets/Data
(b) Threats
(c) Monitoring Challenges
(2) Introduction to Security Onion
(a) Components
(b) Data types
(3) Security Onion in the Cloud
(a) Facilitating cloud-based intrustion detection and monitoring with traffic mirroring
(b) Ingesting telemetry from external/vendor-specific sources
(4) Automating the Onion
(a) Automating Security Onion Deployment
This talk assumes you have secured your individual AWS accounts at the basic level by locking down your root accounts with 2FA, and etc.
For more details on the workshop pre-requisites, please refer the following link:
https://docs.google.com/document/d/1...it?usp=sharing
Speaker(s): Wes Lambert
Location: Cloud Vlg
Discord: https://discord.com/channels/7082082...33373172285520
Event starts: 2020-08-07 14:10 (02:10 PM) PDT (UTC -07:00)
Event ends: 2020-08-07 16:30 (04:30 PM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-08-07T00:37 (UTC).
Description:
Peeling Back the Layers and Peering Through the Clouds with Security Onion
As the number of production assets and workloads transition to cloud, it is more important than ever to be able to understand the "goings-on" of these type of environments. Unfortunately, many organizations still have little visibility into cloud infrastructure. Vendor-specific solutions can be cost-prohibitive, and don't always offer a complete solution for security monitoring. In this session, we'll discuss how we can better defend cloud environments by leveraging Security Onion, a completely free and open source platform for intrusion detection, enterprise security monitoring, and log management. By using Security Onion, we can pierce the veil of the cloud, and gain better visibility to facilitate threat detection, identify application misconfigurations, and assist with compliance-related efforts. Attendees should walk away with a firm grasp of the platform, understanding how they can utilize Security Onion to improve their organization's security posture, and make their adversaries cry.
Outline:
(1) Cloud
(a) Assets/Data
(b) Threats
(c) Monitoring Challenges
(2) Introduction to Security Onion
(a) Components
(b) Data types
(3) Security Onion in the Cloud
(a) Facilitating cloud-based intrustion detection and monitoring with traffic mirroring
(b) Ingesting telemetry from external/vendor-specific sources
(4) Automating the Onion
(a) Automating Security Onion Deployment
This talk assumes you have secured your individual AWS accounts at the basic level by locking down your root accounts with 2FA, and etc.
For more details on the workshop pre-requisites, please refer the following link:
https://docs.google.com/document/d/1...it?usp=sharing
Speaker(s): Wes Lambert
Location: Cloud Vlg
Discord: https://discord.com/channels/7082082...33373172285520
Event starts: 2020-08-07 14:10 (02:10 PM) PDT (UTC -07:00)
Event ends: 2020-08-07 16:30 (04:30 PM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-08-07T00:37 (UTC).