50 Shades of Graylog

Presented at BSides Austin 2018, March 8, 2018, 1:30 p.m. (60 minutes)

Abstract: Everywhere you turn, there's a vendor trying to sell you the latest in "AI-powered triple-next-gen threat detection." While some of these solutions may hold up to the claims, it's becoming more and more difficult to tell apart truly effective solutions from overhyped marketing. Worst of all, the average cost for good or bad enterprise defense technologies is somewhere between ‘unaffordable' and ‘is that even a real number?' This is the talk SIEM vendors don't want you to attend. We'll explore some incredible open source solutions that you can implement to not only add significant value to your detection efforts, but even provide active defense capabilities. I encourage you to reach out to your vendor of choice and get a quote for "magic box that can detect and then automatically defend from attacks." Take the amount they quote you and use it to hire 4 new FTEs, get a new RedBull machine for the SOC, send your entire team to ShmooCon 2019, buy yourself something nice, and then donate the rest to the open source projects I'll share with you in this deep dive.

Presenters:

• Eric Capuano
  Eric Capuano is an Information Security professional serving state and federal government as well as SMBs, start-ups and non-profits. Also, a member of the Packet Hacking Village team at DEFCON.

Links:

• https://bsidesaustin2018.sched.com/event/DuGP/50-shades-of-graylog

Similar Presentations:

• BruCON 0x09 (2017) / Jedi's trick to convince your boss and colleagues Workshop
• DEF CON 24 (2016) / So You Think You Want To Be a Penetration Tester
• BruCON 0x09 (2017) / Open Source Security Orchestration