Build Your Own Security Operations Center for Little or No Money

Presented at DEF CON 18 (2010), Aug. 1, 2010, 1 p.m. (50 minutes)

In this talk, I'll use my knowledge of working in a Security Operations Center to provide you with a framework to guide you in building your own SOC or network monitoring system capable of monitoring small to medium sized networks. The goal of this kind of monitoring is to watch for things such as break-in attempts on your network, malware downloads and malware beaconing out after installation and to be a central location for IT security threats. Additionally, the presentation will include some methods of packet analysis of specific events such as cross-site scripting, SQL injection and beaconing malware. No information on specific technologies or methodologies used by the Security Operations Center Josh works with can be discussed. All information will be based on publicly available tools and information.

Presenters:

  • Chris McKenney
    Chris McKenney is a Principal Consultant for Mandiant Corporation. He has over 20 years in IT, mainly security-focused. His experience includes penetration testing, network defense, and being a security zealot.
  • Josh Pyorre
    Josh Pyorre currently works as an analyst at a Security Operations Center. He has 10 years of experience working as a System Administrator for various non-profit agencies in the San Francisco Bay Area. His primary professional passion has always been for network security.

Links:

Similar Presentations: