The Power of Poseidon: Uncovering Your Network & Becoming a Better Defender

Presented at Kawaiicon (2019), Oct. 18, 2019, 3:45 p.m. (30 minutes).

There’s a dirty little secret in IT networks – nobody fully knows what they have on their network. Recognizing what’s on your network is important, in part because it’s hard to defend what you don’t know about. Asset lists and diagrams are constantly outdated – the second they get published. Cloud and ephemeral infrastructure is even worse because virtual machines and containers compound the problem. Signatures and stock fingerprinting techniques are also getting harder, as more and more network traffic is becoming encrypted. This talk will address these problems through a live demonstration of the tool we have built called Poseidon. Poseidon is an open source application that adds the power of machine learning to software-defined networks, such as those built by the open source Faucet controller project from New Zealand which builds software-defined enterprise networks. The combination of SDN and ML is a key ingredient to giving network defenders better situational awareness on enterprise networks while providing the ability to automate security improvements of those networks.

In 15 minutes we’ll build an SDN network using Faucet, attach devices to it, and show how Poseidon automatically reacts to those new devices, updates the network posture, and presents insight into what is on the network and what those devices are doing.


Presenters:

  • Charlie Lewis
    Charlie Lewis is currently a project leader at Cyber Reboot, an In-Q-Tel Lab that is focused on cybersecurity. Charlie is responsible for architecting, building, and prototyping open source solutions leveraging microservices, software-defined networking (SDN), and network security tools. Charlie is the lead maintainer for the Poseidon and Vent projects, and has contributed to multiple open source projects including Docker, Faucet, and Grafana. Previous to Cyber Reboot Charlie was on the founding team of Lab41, a sister lab to Cyber Reboot with a machine learning focus. Charlie has over 15 years of experience in systems administration, software engineering, and cloud & infrastructure engineering. He holds a BS in Computer Science and in his free time is an open source advocate, an avid cyclist, a gnarly snowboarder, and a hobby photographer.

Links:

Similar Presentations: