How Bro IDS can Help Security Capture Institutional Knowledge for Cyber Alert Enrichment and Better Network Traffic Analysis [#BroCon Session]

By: Bricata
save
Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

by Bricata

The network security analyst has a vexing challenge: a prerequisite for identifying abnormal or suspicious behavior is an understanding of what normal looks like. This means identifying each device on sprawling networks – and knowing its purpose.

That knowledge provides analysts with a better sense for which machines should talk to each other, over what protocols, and what characteristics or attributes are typically associated with such connections. With that level of understanding the anomalies tend to stand out. As a result, the organization benefits from faster, and more accurate, triage of alerts.

While this sounds simple, the reality is much harder. In a mid-to-large market enterprise, the technology environment can easily consist of thousands of hosts, machines, routers and other parts that comprise the IT infrastructure.

A complicating factor is that most IT environments are dynamic. IT operations routinely adds, patches, updates, and decommission servers and other parts of the infrastructure.

Even more challenging is that more and more businesses are using a hybrid approach, where part of the infrastructure is on-premise, while the rest is cloud-based.

Retaining and Transferring Institutional Knowledge

Analysts often learn their environments as a byproduct of fulfilling their duties. Unfortunately, for many organizations, it’s also the sort of institutional knowledge that walks out the door when an analyst takes a different job. This gets expensive because research shows it costs businesses anywhere from 1.5x to 3x the salary to replace an employee.

Exactly how to retain and transfer that institutional knowledge from person-to-person, is a key challenge for security leaders too. It’s especially important today because there is a cybersecurity talent shortage. Bricata has developed a technical solution – a module in its threat detection solution– to address this problem.

The module was built using Bro IDS, which is an open source software framework for analyzing network traffic, and one of three key detection technologies embedded in the Bricata appliance. Since the module is open source, it will be presented and made available at BroCon 2018 – an annual gathering of the Bro IDS community.

The idea is to put a labeling capability at the fingertips of an analyst and within the network analysis tool, they are already using. This provides a concise way for analysts to share their knowledge about an environment. In other words, it’s using asset inventory as a means to capture knowledge about that IT environment and more importantly, the purpose of each device, box or host.

To read the entire post, please click here.

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
Follow
29 Followers
About Bricata
Bricata is a cybersecurity solutions provider that combines a powerful network threat hunting platform into a comprehensive threat detection and prevention solution to help determine the true scope and severity threats. Bricata simplifies network threat hunting by identifying hidden threats using specifically designed hunting workflows that use detailed metadata provided clearly and eases your transition from the known to unknown malicious activities in conjunction with an advanced threat detection and prevention platform which detects zero-day malware conviction.
Promoted Content
Whitepaper: Natural Network Threat Hunting Emerging as One Key to Modern Cybersecurity
Discover how a powerful network threat hunting platform built into a comprehensive IDPS solution can deliver improved protection by identifying the true scope & severity of threats in your environment.
View
112
The Mixed Forecast for Cybersecurity during Black Friday and Cyber Monday
by BricataThe first nine months of 2018 have not been easy in cybersecurity circles. Reporting indicates that while breaches and records exposed are down slightly, the statistics are still staggering: 3,676 breaches and 3.6 billion compromised records, according to 
Save
Share
Facebook
Twitter
LinkedIn
Email
Like
11/21/2018
204
The Growing Surface of Attack and What Cybercrime has in Common with Street Crime [Q&A with Steve Morgan of Cybersecurity Ventures]
by BricataTrillion with a “T.” Cybercrime damages will cost $6 trillion annually across the globe by 2021. That’s double the figure from 2015, which came in at about $3 trillion. It’s a number that’s calculated by an organization called Cybersecurity Ventures, a cybersecurity media property, founded by Steve Morgan.As astonishing as those numbers are, Mr. Morgan believes the estimates are misunderstood. This
Save
Share
Facebook
Twitter
LinkedIn
Email
Like
1/29/2019

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

Cybrary|0P3N


Tom_Cruiso
Restoring or exporting?
Views: 154 / February 20, 2019

Vikrant Saran
How to prepare for your Azure Certification
Views: 130 / February 20, 2019

sm0k3
Regular Expressions: Why do you need it in pentest and how to learn
Views: 906 / February 19, 2019

widesidek
Benefits of virtualization
Views: 1134 / February 18, 2019
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel