Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Scaling Network Incident Response

74 views

Published on

Scaling Network Incident Response

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Scaling Network Incident Response

  1. 1. Scaling Network Incident Response Md Nahidul kibria Co-Founder, Beetles
  2. 2. The cyber threats are evolving
  3. 3. Mirai: An IoT DDoS Botnet Researcher analysis indicated as few as 100,000 Mirai IoT botnet nodes were enlisted in the incident and reported attack rates up to 1.2 Tbps.
  4. 4. Ransomware and spears
  5. 5. Incident Response
  6. 6. Incident Response
  7. 7. Proactive security
  8. 8. Host based and Network based detection Complement Each Other
  9. 9. Artifacts PCAPs: traffic capture, packet capture NetFlow : Information (metadata) about packets Logs: Events about host or network
  10. 10. Typical packet capture and analysis. tshark -r nssal-capture-1.pcap -T fields -e ip.src -e dns.qry.name -R "dns.flags.response eq 0 and dns.qry.name contains google.com" 137.30.123.78 google.com 137.30.123.78 www.google.com
  11. 11. More challenges ● Rules: assets or liability ● Need to process data with threat intelligence ● Real time alert machine learning
  12. 12. Tons of data from different source
  13. 13. Distributed File System
  14. 14. Service bus/distributed streaming platform.
  15. 15. Stream processing
  16. 16. Managing dataflow
  17. 17. Reliable distributed coordination
  18. 18. Modern Security operation center
  19. 19. Happy Hunting! @nahidupa

×