Explore open source security orchestration in this 38-minute conference talk from BruCON 0x09. Discover how Adaptive Network Protocol (ANP) can revolutionize network defense by enabling seamless information sharing and automated responses across systems. Learn about ANP's installation, peering process, and various use cases, including generating threat intelligence feeds, sharing fail2ban jails across clouds, and automatically redirecting threats to honeypots. Gain insights into improving network visibility, fostering cooperative behavior, and enhancing incident response capabilities. Watch live demonstrations of ANP in action and understand how this tool can help organizations respond quickly and effectively to security threats, even with limited staff. Take away practical knowledge on implementing ANP to automate network defenses and streamline security operations.
Overview
Syllabus
Intro
Overview
Use Cases
Generate Threat Intelligence Feed
Firewall Rule Propagation
Drop Propagation
Capture Threat Activity
Inject Beacon
Redirect Traffic
Reporting Threats
Host Isolation
Additional Logging
Trigger Password Resets
Security Orchestration
Adaptive Network Protocol (ANP)
Packet
Messages
Peering
Multiple Locations
Cloud Assets
Surrogate
Blacklist
Sharing Also Provides
Expanded Visibility
Cooperative Behavior
Acting to Defend The Network
Acting To Investigate A Threat
Acting To Respond To An Incident
Demonstrations
Needed Improvements
Making The Difference
Final Thoughts
iptables
Links
Taught by
BruCON Security Conference
