Building an Effective Intrusion Detection Program

Presented at BSidesSF 2017, Feb. 12, 2017, 12:25 p.m. (30 minutes).

Modern breaches are often undetected for hundreds of days.  Effective intrusion detection doesn't need to be so hard.  This talk will outline how one can build an effective intrusion detection program on the cheap using free and/or inexpensive tools, and some brains.  We'll compare and contrast some of the techniques employed in newsworthy breaches over the recent past and how we can catch them in a timely manner.  We'll cover cloud apps, endpoints, network security monitoring, and how to crowd source incident response.

Presenters:

• Jason Craig
  Jason bats for the purple team and has worked for a few organizations you've heard of. He likes beer, situational awareness and late apexes. You can find his ramblings over at https://twitter.com/3141592f .

Links:

• https://bsidessf2017.sched.com/event/9IKg/building-an-effective-intrusion-detection-program

Similar Presentations:

• Black Hat USA 1998 / Defeating Network Intrusion Detection.
• Black Hat USA 1999 / Putting Intrusion Detection into Intrusion Detection Systems
• Diana Initiative 2023 / How I Learned to Stop Worrying and Build a Modern Detection & Response Program