OpenSec: Visual Threat Hunting with Graphviz

Ryan Nolette is a security technologist and threat Hunter at Sqrrl Data, which markets software for big data analytics and cyber security. In this lightning talk, Ryan gives an overview of the threat hunting process, and recommends visualization methods that expedite the process.

Ryan begins the discussion by showing what the process is currently like without visualization; it is monotonous, tedious and inefficient. By recognizing that humans are visual beings and naturally attuned to finding patterns, Ryan demonstrates how utilizing a visualization tool can save both money and time for security professionals.

It is clear that humans are visual learners, and Ryan puts together a very cohesive lightning talk that puts this into persecutive in a security context. By eliminating the tedious and repetitive actions, security professionals can find threats in a fraction of the time compared to conventional log crawling methods.

3 Things You Will Learn at OpenSec 2017

Make sure you get your ticket for OpenSec 2017!

Attendees at OpenSec 2017 will have the opportunity to hear from top cyber security experts in the Boston area. In addition to keynotes addressing the current state of open source cyber security, how companies choose between open source, proprietary, or existing cyber security solutions, and more, there will also be a series of lightning talks. This fast-paced series will focus on specific open source projects and how they are being leveraged for cyber security uses.

We will first hear from Jason Meller, CEO at Kolide, about osquery. Among the most popular open source projects on GitHub, osquery allows users to ask questions to their Linux, Windows, and MacOS infrastructure and get accurate answers quickly. Osquery is often used for security purposes such as intrusion detection and pulling data from endpoints, but it can also be used to collect basic information about configuration and more. This talk will give you a solid foundation in what osquery is, how to install it, how to use it, what to avoid, and how to use open source solutions to protect endpoints on a broader level.

We will then hear from Brian Carrier, VP of Digital Forensics at Basis Technology, about Sleuth Kit. Sleuth Kit is an open source collection of command line tools and C library, largely developed by Brian, built to enhance digital investigations and incident response. At the conference, Brian will go over the basic functions of Sleuth Kit, and how it can be leveraged to create a strong incident response program through data analysis, giving companies the resources they need to respond to threats at thoroughly as possible.

Finally, we will hear from Ryan Nolette, Primary Security Technologist at Sqrrl. Ryan will speak about the benefits of visual threat hunting using open source solutions, specifically visualizing bro data with grapvizz. Visualizing your threat hunting exercises helps lower the bar of entry for threat hunting and provides answers to the common questions of - How do I get started? How can I explain what I found to my management? How do I justify my time?

To learn more about how these specific open source solutions are affecting cyber security, join us at OpenSec 2017 on May 15th!

OpenSec 2017

Hear from some of the best from the open source security community in May! Whether you're an open-source contributor, cyber practitioner or someone interested in the security space, our single track conference will offer engaging panels, great networking and a keynote speaker to get you away from the office on monday!

Details

  • Date: 5/15/17

  • Location: Hatch Fenway

  • Time: 9a - 4p

Open Source Spotlight: Craig Chamberlain of Cogito

With OpenSec 2017 ten days away, we are catching up with a few of this year’s panelists to hear the breadth of opinions surrounding the current state of open source cybersecurity, and where it is heading.

This week we spoke with Craig Chamberlain, Director of Security at Cogito. Craig is well known in the security space, working as a security consultant for various financial, defense, and government entities, as well as publishing security research.

To hear more from Craig and other leaders in the open source community, sign up for OpenSec 2017 on May 15th.

Craig Chamberlain of @randomuserid

Craig Chamberlain of @randomuserid

What aspects of cyber security got you interested in the space? How did you get your start?

I remember being on a tour of MIT once and hearing them describe how they had to disconnect the student grade tracking system because it was impossible to keep the students out of it. I remember thinking, they have one of the world's best collections of computer science knowledge and talent and they can't keep the students from hacking the grade system? I was sort of fascinated. Later I had more under-fire experience running Internet facing servers through the 2000 - 2005 period when the world experienced a series of historic security fire drills. The changing and adversarial nature of the problem set pulled me in. I went on to help build some security products and had amazing experiences along the way.

What advice would you have for people moving into or up in the Cybersecurity space?

Look for employers willing to invest in training and continuous education that is important to building skills and being successful. Share research; give talks at conferences and participate in the community. To quote Yoda, "Mind what you have learned. Save you it can. Pass on what you have learned.."

Once you get established, and feel comfortable mentoring, start looking for team members who show interest in, or aptitude for, security. Nurture this. Take them to conferences and meetups with you and hep them get started in security. The cost / benefit curve of building talent, rather then buying, is astronomical. Growing talent will become more and more strategic as talent inflation worsens.

What are some products or solution spaces you're watching and excited to see grow?

At the moment everything revolves around data science and machine learning. One practical application for these technologies I'd like to see is the application of graph analysis and entity-relationship based anomaly detection for threat hunting and intrusion detection; I'm working on a blog post to elaborate on how I would use this.

Where do you see cybersecurity going in the next 5-10 years?

Probably a shift towards automation and algorithmic security management and incident response tooling. The problem of talent inflation has become acute as threats evolve and proliferate. Throwing people at the problems isn't working due to scarcity and what I call "inflation fatigue" among business leaders.

Why do you think open source can make a huge impact on security?

Many security product companies are too focused on simple sales cycles in order to quickly build valuations. Product road maps are too often dominated by marketing managers who are either unwilling or unable to build really compelling and useful features and capabilities. Open source products allow well-resourced security teams to groom and customize tooling to meet sophisticated workflows and increase velocity in the process.

Interested in hearing Craig expand on his thoughts? Hear him and other Opensource security experts talk at OpenSec 2017!

Open Source Spotlight: Jen Andre of Komand

For today’s OpenSec 2017 preview, we heard from Jen Andre, founder and CEO of Komand.

Jen Andre of Komand

Jen Andre of Komand

At Komand, Jen empowers security teams to focus on efficient incident response and decision making by offering the automation of manual tasks, and a space to share this automation and knowhow with the wider security community. Prior to founding Komand, Jen co-founded Threat Stack, and worked at Mandiant and Symantec. She is very involved in the cybersecurity space, authoring multiple articles and speaking at conferences around the country.

To hear more about the current state of open source cyber security from Jen and other leaders in the open source community, sign up for OpenSec 2017 on May 15th.

Jen Andre @fun_cuddles

What got you interested in the cybersecurity space?

Hanging out with computer hackers in the 90s - early 2000.

What advice do you have for people moving up or into the cybersecurity space?

Find some great, friendly mentors, stay curious, and question the status quo.

What are some product or solutions spaces you are watching or excited to see grow?

Machine learning effectively applied to cybersecurity (promised, but yet to be delivered), productivity improvements for SecOps teams (in workflows, deployment of security stack), and better policy and technical deterrents to cyber-related crime.

Want to hear more from Jen? Hear her and other Opensource security experts talk at OpenSec2017!