2. Get in touch with us
Mailing List - Sign in and check “Add to Mailing List”
Website - csg.utdallas.edu
Slack - #csg on ecsutd.slack.com
Email - utdcsg@gmail.com
4. Overview
1. Getting Started
a. Security Onion
b. Docker
2. SIEM
a. Overview
b. Tools
c. Demonstration
3. Beyond SIEM
a. UEBA
b. SOAR
4. Threat Intelligence
a. Attribution
b. Distribution
c. Simulation
5. Hunting
a. Performance
b. State
8. Security Information and Event
Management
Aggregates incoming information from network sensors
Single pane of glass for current network state
Alerts analysts of current incidents and needs
9. SIEM - Events vs. Incidents
Events - Real things that happened
Incidents - Security “problems”
10. SIEM - Goal
Alert analysts of incidents and give them the ability to correlate them
to events
14. SIEM Shortcomings
Only as a good as the rules you provide
Analysts find themselves doing repetitive tasks
15. User and Entity Behavior Analytics
Behavioral whitelisting
Applying BIG DATA and MACHINE LEARNING to security
No open source solutions :(
16. Security Orchestration Automation and
Response
Many times, incidents can be handled automatically
Patch management
Evaluating security posture
“Centralized source for all things security”
MozDef? - https://github.com/mozilla/MozDef
18. Threat Intel - Attribution
Turn attacks into indicators of compromise
Turn indicators of compromise into threat profiles
Associate that profile with an attacker
19. Threat Intel - Distribution
Structured Threat Information Expression
Trusted Automated Exchange of Intelligence Information
AlienVault Open Threat Exchange