Overview
Explore enterprise-level Network Security Monitoring (NSM) implementation using Security Onion in this conference talk from BSides Augusta 2014. Learn about NSM fundamentals, its advantages over traditional IDS, and strategies for overcoming challenges in large-scale deployments. Discover how to address compliance issues, gain management buy-in, and collaborate with network teams for optimal sensor placement. Delve into performance optimization techniques, including flow-based load balancing and hardware sizing recommendations for various network speeds. Gain insights on data management, Security Onion customization, and advanced features like user management, rule configuration, and the Bro Intel Framework. Conclude with valuable tips, tricks, and future developments for Security Onion, empowering you to scale your NSM capabilities effectively across enterprise environments.
Syllabus
Intro
About Me
What is NSM?
IDS vs NSM Scenario
Challenges of NSM in the Enterprise
Compliance.
Convincing Management
Dear Network Team, It's a TAP!
Sensor Placement
I feel the need.. the need for speed
Flow Based Load Balancing
Large Scale Enterprise Deployment
Hardware sizing?!?
Hardware Recommendations - 100Mbps
Hardware Recommendations - 2Gbps
Knobs you can turn
Dealing with the Data
Security Onion Challenges
Security Onion Tips
User Management
Rules Magic
Bro Intel Framework
Tips and Tricks with Onion Salt
Onion Salt Roadmap