|Teaching New Dogs Old Tricks
|Enjoyed the opportunity to speak at ISSA-LA about one of my favorite topics (Network Segmentation and Interlocking Controls).
|IANS: Securing your network with overlapping controls
|Marcus Ranum and I sat down to discuss how to greatly enhance network and system security using overlapping controls.
|Difftree earned 5 stars
|Linux Pro Magazine reviewed Difftree(dt) v0.5.8 and gave it 5 stars with a nice quote "Difftree is convincing due to its speed, flexibility, and simple operation. Numerous examples on the project site and man page help out with the first steps".
|It is time to revisit the current meaning of defense-in-depth, reconsider its utility and practicality and move toward
|Selling Packet Vacuums Door-to-Door
|I was honored to be asked to deliver a keynote at IANS LA and opted to speak about my second most favorite incident response tool (Packet Vacuums).
|Detection Algorithms in Log Analysis
|The webcast can be found here. As the volume of log data generated in networks continues to grow, security practitioners
have the challenge of detecting problems and anomalies quickly enough to take action and
mitigate damage. To do this, they must constantly tune and refine detection algorithms.
Tenable's Chief Security Officer, Marcus Ranum, and fellow security practitioner, Ron Dilley,
have dedicated much of their careers to finding better ways to detect anomalies and threats
within log data. As part of an ongoing Tenable webinar series on log analysis topics, the pair
shared their insights and experiences.
|Security Data Aggregation: Modeling the Security 'Big Data' Challenge
|The webcast can be found here. IT security teams collect more data every year, from sources across the network, with the goal
of obtaining better telemetry and visibility. This creates a 'big data' challenge when it comes to
security - how do you collect, aggregate and work with that data in a way that helps you solve
complex security problems?
As part of a new webinar series on security topics, Geeking Out with Marcus Ranum, Tenable
hosted a webcast with guest speaker, Ron Dilley, on the topic of Security Data Aggregation. The
topics covered include what data to aggregate, how to aggregate it, and how to derive insights
from the data.
To Watch Over Me
|Marcus Ranum and I wrote a paper on a log analysis tool
we built call overwatch. It was accepted at SLAML '10 but
Marcus and I were not able to attend so we pulled it to make room for
another paper who's author(s) could.
|Making Sense of Logs (pdf)
|I wrote a piece for USENIX ;login describing my triles,
tribulations, tools and discoveries relating to logs and log analysis.
|I wrote a piece for Computer Weekly discussing my
persepective on the current state of Information Security
and how to construct a successful Information Security
program. Over the course of my
career, it has become clear to me that Japan's national
sport offers a perfect analogy for the current state of
|At this years Information Security Summit, I talked
about how to get past the inadequacies of modern A/V solutions.
|Unconventional Malware Detection
|I had the opportunity in late 2006 to talk about one of
my favorite topics at a company sponsored information security summit.
|Track 4 Practical
|Back when I thought that SANS
certifications meant something more than a bullet on a resume I started
down the path of getting certified. I went so far as to write
practical and right after I submitted it (and it was accepted), SANS
decided to drop the practical as a requirement (for the last time).
I was bitter and did not even bother to take the test.