Richard Bejtlich πΎ πΊπ¦
@taosecurity
Inactive on Twitter since 1 November 2022. Find me here: https://t.co/9xgPCjr0Rq
ID:17767238
https://taosecurity.blogspot.com 01-12-2008 00:49:30
23,3K Tweets
58,9K Followers
36 Following
I'm pleased to see Suricata IDS/IPS getting some marketing love at my company Corelight's web page. We offer a true #networksecuritymonitoring platform at up to 100 Gbps, with all 4 NSM data types (alerts, transaction logs, extracted files, and pcap). go.corelight.com/why-switch-to-β¦
Speaking of Microsoft embedding The Zeek Network Security Monitor into Windows, here's a post I wrote in 2008 explaining why and how #networksecuritymonitoring on the endpoint would be helpful. It's so cool to see a concrete step in this direction, on a massively-deployed OS: taosecurity.blogspot.com/2008/02/nsm-atβ¦
This is not a late 'April Fool.' This is real. I've been waiting months to say it. Now it's public. Microsoft is embedding The Zeek Network Security Monitor into Windows. This brings #networksecuritymonitoring to a potential billion+ endpoints. Hear Microsoft's take, Thu-Fri: zeek.org/zeekweek2022/
I look forward to trying this. Wireshark is the gold standard for making it totally simple to try one form of network traffic observation. Download, install, run, select interface, see packets. Packet inspection isnβt everything, but itβs a key part of #networksecuritymonitoring .
I highly recommend this BSidesAugusta talk by David J. Bianco on his #PyramidofPain . He explains how we implemented a strategy (10+ years ago) to detect and respond to intrusions before adversary mission completion, via threat intelligence-driven campaigns. youtube.com/watch?v=3Xrl6Iβ¦