Explore a distributed computing approach to network detection using Bro and the cloud in this 35-minute conference talk from BSides Augusta 2015. Delve into the challenges of network detection, including encryption and WAN optimization, and learn how to overcome them by implementing a master-minion architecture with dumb Bro sensors. Discover the benefits of a pub-sub model and see a sample architecture in action through a live demo. Gain insights into improving network detection capabilities and have the opportunity to ask questions about this innovative approach.
Overview
Syllabus
Intro
Who are you and why are you talking to me?
Story Time
Pyramid of Pain
In Your Base
Network Detection is Awesome
Big Trouble in Little China
Encryption
WAN Optimization
How do we fix this?
How do we do this? By making our Bro sensors dumb!
Master Minion Architecture
Demo Time
Pub-sub to the rescue
Sample Architecture
What did we improve?
Questions?
