Abstract:

This presentation will introduce the tenets of network security monitoring (NSM) as defined and applied by Richard Bejtlich. Attendees will see how Bejtlich approaches incident detection and response by using statistical, session, full content, and alert data. The open source NSM suite Sguil (www.sguil.net) will be demonstrated via a free VMware image that attendees can try. Network-centric incident response and forensics issues will also be covered. Expect a lively discussion!

Bio:

Richard Bejtlich is founder of TaoSecurity (www.taosecurity.com), a company that helps clients detect, contain, and remediate intrusions using network security monitoring (NSM) principles. Richard was previously a principal consultant at Foundstone, performing incident response, emergency NSM, and security research and training. He created NSM operations for ManTech International Corporation and Ball Aerospace & Technologies Corporation. From 1998 to 2001 then-Captain Bejtlich defended global American information assets in the Air Force Computer Emergency Response Team (AFCERT), performing and supervising the real-time intrusion detection mission.

Formally trained as an intelligence officer, Richard is a graduate of Harvard University and the United States Air Force Academy. He authored the critically acclaimed Tao of Network Security Monitoring: Beyond Intrusion Detection in 2004 and Extrusion Detection: Security Monitoring for Internal Intrusions in 2005. Richard co-authored Real Digital Forensics, and contributed to Hacking Exposed, 4th Ed., Incident Response, 2nd Ed., and several Sys Admin magazine articles. He writes for his Web log (taosecurity.blogspot.com) and teaches at USENIX.