Arming Small Security Programs: Network Baseline Generation and Alerts with Bropy

Presented at TROOPERS17 (2017), March 22, 2017, 5 p.m. (Unknown duration).

Anomaly based IDS tools are expensive. Signature based IDS tools only work if a signature exists. Using a simple Bro script, organizations without large security budgets can generate alerts for anomalous packets IF they have a complete baseline of the ports and protocols their devices use. I wrote Bropy to simplify the process of generating a network baseline to be used with my baselinereport bro script.With this tool, small security teams can generate network baselines for systems in a matter of minutes, rather than hours or days. Armed with the data generated by Bropy, organizations have the option to either continue to receive alerts on anomalous communication, or use the data to generate firewall configurations to enhance network security. This talk will cover the installation and usage of Bropy for these small or low budget security teams with a live demo using PCAP data and SecurityOnion . Written in Python, Powered by Bro.


Presenters:

  • Matt Domko as Matthew Domko
    "I'm just a man playing with digital Legos. I crudely assemble the knowledge I have to build a solution for my problems." Matt Domko is currently an Information Security instructor for Chiron Technology Services in Augusta, Georgia. His experiences as an enterprise administrator and cyber network defender for the United States Army are what drive his passion for network defense and "Blue Teaming". Matt likes to put at least 10,000 miles a year on his motorcycle, and wanted to ride it to Heidelberg, but the Atlantic Ocean prevented that.

Links:

Similar Presentations: