A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Effective Monitoring for Operational Security - Russell Mosley Ryan St. Germain (BSidesCharm 2018) (Hacking Illustrated Series InfoSec Tutorial Videos)

Effective Monitoring for Operational Security

Russell Mosley Ryan St. Germain
@sm0kem @r_stgermain

BSidesCharm 2018
http://www.bsidescharm.com

As Infosec practitioners, how well do you really know and monitor your IT and business operations? Would you identify a data exfiltration event by a bandwidth increase without attendant malware alerts? Would you identify an employee staying late and attempting to gain physical access to a restricted area? Would you identify a successful VPN login from another country? We will present effective monitoring methods we utilize and the resulting outputs that teach us what normal operations look like in order to identify suspicious activity. By reviewing these types of reports or tickets on a daily basis you will know your IT and business operations well enough to identify anomalies that may evade detection by your security tools. We will show example reports and tickets from our organization covering a variety of these topics and discuss how we analyze them, as well as how we use the information to better tune our monitoring tools.

Russell is an IT Infrastructure & Security Director for a Silver Spring software and outsourced accounting services company. Russell has seventeen years' experience in IT operations and enterprise defense and is responsible for the organization's compliance with SOC and FISMA requirements. He holds degrees from UMBC, UMUC, and Towson University as well as CISSP and several vendor certifications. Ryan is a Senior Information Security Engineer with ten years' experience, a Master's Degree, and CISSP certification.

Back to BSidesCharm 2018 list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast