Collect All the Data; Protect All the Things

Presented at BSidesSF 2019, March 4, 2019, 3:30 p.m. (30 minutes).

Blue teaming has not, up until this point, received the same applause and attention that red teaming has, but the tide is changing. The realization that the charge to "protect all the things, all the time" requires the collection and analysis of all the data is creating the conditions to "bring the sexy" to the blue team. This talk covers the application of different methods to collect, analyze, and correlate multiple types of data as well as the use of machine learning to generate behavioral anomalies that are incorporated into overall continuous monitoring capabilities. This is not a vendor talk, and with very few exceptions all methods and tools discussed are open source and free; the focus is on the application of concepts.

Presenters:

  • Aaron Rosenmund
    I am a full-time author with Pluralsight focusing on security operations and incident response. With that position, I conduct “In the field” incdent response focused research and produce mostly advanced level video courses and demonstration content for Pluralsight. I am also a part time member of the Florida Air National Guard, coming off of 4 years of active duty service where I built  and operated one of the first mission defense teams for the 601 AOC at Tyndall. Still a member on that team, I heavily focus on the development of capabilities and operations for security monitoring,  detection, and threat hunting. As far as credentials, I hold the GIAC Certified Enterprise Defender,  Certified Incident Analyst certification, CCNA Cyber Operations, Comptia Security Plus, and the new  Comptia Pentest plus certifications. There are a number of other vendor and minor certifications that you can find on my LinkedIn at www.aaronrosenmund.com. I came into cyber security by way of security administration, virtualization and automation, and I have leveraged that experience in the creation of open source tools and capabilities found on my github [www.github.com/arosenmund](http://www.github.com/arosenmund).

Links:

Similar Presentations: