DEF CON Forum Site Header Art

Announcement

Collapse
No announcement yet.

Peeling Back the Layers and Peering Through the Clouds with Security Onion

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Peeling Back the Layers and Peering Through the Clouds with Security Onion

    Title: Peeling Back the Layers and Peering Through the Clouds with Security Onion

    Description:
    Peeling Back the Layers and Peering Through the Clouds with Security Onion
    As the number of production assets and workloads transition to cloud, it is more important than ever to be able to understand the "goings-on" of these type of environments. Unfortunately, many organizations still have little visibility into cloud infrastructure. Vendor-specific solutions can be cost-prohibitive, and don't always offer a complete solution for security monitoring. In this session, we'll discuss how we can better defend cloud environments by leveraging Security Onion, a completely free and open source platform for intrusion detection, enterprise security monitoring, and log management. By using Security Onion, we can pierce the veil of the cloud, and gain better visibility to facilitate threat detection, identify application misconfigurations, and assist with compliance-related efforts. Attendees should walk away with a firm grasp of the platform, understanding how they can utilize Security Onion to improve their organization's security posture, and make their adversaries cry.

    Outline:

    (1) Cloud
    (a) Assets/Data
    (b) Threats
    (c) Monitoring Challenges
    (2) Introduction to Security Onion
    (a) Components
    (b) Data types
    (3) Security Onion in the Cloud
    (a) Facilitating cloud-based intrustion detection and monitoring with traffic mirroring
    (b) Ingesting telemetry from external/vendor-specific sources
    (4) Automating the Onion
    (a) Automating Security Onion Deployment

    This talk assumes you have secured your individual AWS accounts at the basic level by locking down your root accounts with 2FA, and etc.

    For more details on the workshop pre-requisites, please refer the following link:
    https://docs.google.com/document/d/1...it?usp=sharing

    Speaker(s): Wes Lambert

    Location: Cloud Vlg

    Discord: https://discord.com/channels/7082082...33373172285520

    Event starts: 2020-08-07 14:10 (02:10 PM) PDT (UTC -07:00)

    Event ends: 2020-08-07 16:30 (04:30 PM) PDT (UTC -07:00)

    For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-08-07T00:37 (UTC).
    Starts
    August 7, 2020 14:10
    Ends
    August 7, 2020 16:30
    Location
    Cloud Vlg
Working...
X