Cut the sh**: How to reign in your IDS.

BSidesLV 2014

Presented by: Tony Robinson (da_667)
Date: Tuesday August 05, 2014
Time: 14:35 - 15:05
Location: Proving Ground

Intrusion detection systems, Network Security Monitoring. All too often, these countermeasures are portrayed as the ‘boy who cried wolf’, the magical box with blinking lights that does nothing but get the checkbox from $COMPLIANCE_AUDITOR, or that data that gets logged to your magical SIEM somewhere, and is never heard from again. I’m here to show you how to actually cut the shit on your IDS, get actionable intelligence, and make yourself the hunter, instead of the hunted.

This talk will primarily be focused around Snort and Suricata, since for the sake of this talk, they operate about the same, and they are where I got most of my battle scars. I’ll also be introducing resources for standing up your own sensors quickly, and cutting the shit rapidly.

Tony Robinson

Tony Robinson (@da_667) was a born and raised Detroiter. His background in IDS came from the school of hard knocks at Sourcefire (now a part of Cisco) as both a Technical Support Engineer, and Professional Services Consultant. He now works for a large, un-named power company, actively defending your SCADAs.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats