Posts

Showing posts from August, 2017

Tools & Techniques - Key Performance Indicators

Image
IntroductionTo date, I've facilitated senior level reporting on the performance of security driven activity in almost every position I've held. For the best part, this has been a green-field requirement which has meant that I've been able to set out and make a case for reporting that drives improvement in the real-world security posture (RWSP) of my charge from the get-go. I believe, no matter what else is going on, that if you can inform the changes and behaviours that lead to your organisation protecting itself, you've had a good day. Secondly to driving improvement, KPIs and metrics provide your leadership team with the insight and visibility into the efforts and valuable work of your security team which might otherwise be hidden from them. 
There is no shortage of materials and musings about the importance of security KPIs however, despite this, many organisations struggle in a number of ways to define and/or employ them. I thought then I'd share some thoughts o…

Tools & Techniques - Suricata 4.0 (High-performance Network IDS, IPS & NSM engine)

Image
On July 27th, 2017 the OIS (Open Information Security Foundation) & the Suricata project team issued a major update release to the Suricata IDS/IPS engine.  The summary of improvements includes: Improved Detection - based on feedback from the rule writing teams at Emerging Threats & Positive Technologies the project added improved inspection for HTTP, SSH & other protocolsImproved TLS detection & logging, & the addition of NFS support. Improved EVE JSON logging functionality including inner/outer ip logging for encapsulated traffic & extended HTTP request/response loggingRUST support Major TCP stream engine update 
Full details of the release can be found here

I've been a big fan & user of Suricata for just over a year now & I've previously written about deploying Suricata on Centos (or RHEL) here. The project still maintains some of the best documentation for an open project I've come across & you can find everything you need to install S…