Detecting APT with NAC, Sandboxing & SIEM-Part I + Zeek/Bro Log Collection

October 11, 2019 by John Nash

Monday November 4th, 2019 / 6 PM – 9 PM

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:00 PM – 9:00 PM

WHERE: UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

 

Our thanks to Fortinet for sponsoring this months meeting!

Fortinet

Debbie Lite Trauter Channel Account Manager – Mountain Desert E: dlite@fortinet.com M: 714.336.9695 Skype: Debbie Lite Trauter NSE Certified : Level 3 899 Kifer Road | Sunnyvale, CA 94086

[7:15-8 PM]

Detecting APT with NAC, Sandboxing and SIEM – Part 1

Image Pending

by Cory  Sober, Systems Engineering Manager, Fortinet

Join Cory for the first in a two part series on Advanced Persistent Threats and how to detect them is something every large organization struggles with.  Yes, you have a wide variety of tools but how do you get them to all work together to get rapid answers to the time critical question of “Do I have a compromise and what is my exposure?”   Join Cory in this first of a two part series where he does a deep dive in how to use modern commercial tools including Network Access Control, Sandbox technology and full fledged Security Information and Event Management (SIEM) to detect Advanced Persistent Threats so you can quickly isolate and remediate compromises.

Cory is a Systems Engineering Manager at Fortinet with decades of hands on experience and holds several technical certifications relating to security, networking and systems.

In addition to being a security and networking expert, Cory is a graduate of the Reserve Officers Law Enforcement Academy and a member of Infragard

[8-8:45 PM]

Security Monitoring with Zeek and Bro IDS

Tim Garcia Profile Pic

by Tim Garcia, SANS instructor (Tool Time with Tim) VP-CISSP,GSEC,GCDA,GCCC,GMON,GCED

Can a 20 year old technology help give you strategic visibility into a modern enterprise netowork?  The answer is yes!.  Welcome to a powerful network monitoring/logging tool most people have never heard of.

Tim Garcia will review the capabilities and use of the the Zeek and Bro IDS (two seperte tools that are often used together) for security threat hunting.

(Originally the presentation was to be on the use of the Yara scripting tool to identify maleware signatures but the Zeek/Bro topic won out due to popular demand).

Tim is SANS Instructor primarily focused on blue team activities, ethical hacking, incident handling, security management and general information security principles.   Instructor in Information Systems Security, Systems Analysis and Project Management for several local universities in the Phoenix area.

Back to top