Effective Monitoring for Operational Security

Presented at NolaCon 2018, May 19, 2018, 11 a.m. (Unknown duration)

As Infosec practitioners, how well do you really know and monitor your IT and business operations? Would you identify a data exfiltration event by a bandwidth increase without attendant malware alerts? Would you identify an employee staying late and attempting to gain physical access to a restricted area? Would you identify a successful VPN login from another country?

We will present effective monitoring methods we utilize and the resulting outputs that teach us what normal operations look like in order to identify suspicious activity. By reviewing these types of reports or tickets on a daily basis you will know your IT and business operations well enough to identify anomalies that may evade detection by your security tools. We will show example reports and tickets from our organization covering a variety of these topics and discuss how we analyze them, as well as how we use the information to better tune our monitoring tools.

Presenters:

• Russell Mosley
  Russell is an IT Infrastructure & Security Director for a Silver Spring software and financial services company and an organizer with BSides Charm. Russell has seventeen years' experience in IT operations and enterprise defense and is responsible for the organization's compliance with SOC and FISMA requirements. He holds degrees from UMBC, UMUC, and Towson University as well as CISSP and several vendor certifications. Twitter: @sm0kem
• Ryan St. Germain
  Ryan is a Senior Information Security Engineer with ten years' experience, a Master's Degree, and CISSP certification. Twitter: @r_stgermain

Links:

• https://nolacon.com/talk/effective-monitoring-for-operational-security

Similar Presentations:

• DEF CON 18 (2010) / Build Your Own Security Operations Center for Little or No Money