Showing posts with label snorby. Show all posts
Showing posts with label snorby. Show all posts

Monday, January 07, 2013

Welcome to Network Security Monitoring in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Cloud

I just watched an incredible technical video. If you have about 10 minutes to spare, and want to be amazed, take a look at Snorby Cloud.

I think cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 video and Web site does an excellent job explaining this new offering, but let me provide a little background.

Many of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 readers of this blog are security pros. You're out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re trying to defend your organization, not necessarily design, build, and run infrastructure. You still need tools and workflows that accelerate your incident detection and response process though. So, you work as a security admin, system admin, storage admin, database admin... you get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 picture. You manage to keep up, but you probably wish you could focus on finding bad guys, as quickly as possible, without taking care of all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 *stuff* that you need to do your job.

While many of you are security experts, some are just beginning your journeys. The responsibilities of being an admin of four or more different shades is overwhelming. Furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rmore, you don't have cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 experience, or budget, or support to get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 security data and escalation paths needed to defend your network. How can you improve your skills when you're constantly overwhelmed?

Both kinds of users -- senior and junior alike -- are going to find something intriguing about Snorby Cloud. Maybe you've heard of Snorby before, as a Web-based interface to Network Security Monitoring data. Doug Burks packages it with Security Onion (SO), and you can try it via live CD or .iso in a VM. It looks great on my iPad! There's even a mobile version on iTunes.

Snorby Cloud would be cool if it just put cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Snorby Web application in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 cloud, and managed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 administrative side of security infrastructure for you. For example, you'd log into cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 cloud interface and be greeted by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 graphs you remember from traditional Snorby.

However, you have to think of this as a new, better version of Snorby, collecting far more useful data, and making it rapidly available to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 analyst. For example, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following shows SMTP logs available in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 interface:

You can just as easily access host-based logs for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same victim computer:

As you investigate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 incident, you can see who else on your team is working and what cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y did. You can also chat with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m in real time.

I could say a lot more about this new tool, but I think watching cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 video will convey some of what it can do. My next step is to get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 agents running on a test network so I can drive cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 console myself and become more familiar with it.

Snorby Cloud is a product from Packet Stash. Follow cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m at @packetstash for updates.

Disclaimer: I'm friends with this team; I hired two of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 co-founders into GE-CIRT, and later worked with all three co-founders at Mandiant.