Checklist for Network Security Monitoring (NSM) for On-premise, Data Centers and Cloud set-ups This checklist was developed from the Birds of Feather (BOF) session on Tooling for NSM held on 15 June 2021 under the Anomalous Network Detection Patterns p… more
Observability, anomaly detection and deep defense is the cycle for early detection of attacks and network breaches.
Speakers from FreeBSD community, CRED, AWS, Datadog, Farsight Securities and other organizations will share their experiences with processes and tools for tightening the loops of network security and anomaly detection, and how to build robust observability workflows.
The conference will cover topics ranging from:
- Network Security Monitoring (NSM)
- Unified approach to observability
- VPN connectivity and unusual traffic patterns
- Response Policy Zones (RPZ)
- Network behaviour analysis and early indicators of attack
The conference is open for participation to the following practitioners.
- SRE teams.
- Observability geeks.
- Engineers who work with Cloud infrastructure.
- Network security engineers.
- DevSecOps teams and practitioners.
See schedule at at https://hasgeek.com/rootconf/detecting-anomalous-network-patterns/schedule
Achieving a High Level of Network Inspection with VPC Traffic Mirroring and Suricata
COVID has hit everyone and affected people in their own way. As far as organizations are concerned, employees have been asked to work from home (WFH), and because many industries are now working remotely, the pattern of user connections to the enterprise network has turned upside down. Instead of most users connecting locally, now most are connecting remotely. And for allowing employees to access critical business functions, there is mandatory VPN connectivity.
Since the VPN instance is kept in a demilitarized zone (DMZ) to allow employees around the globe to connect to it and access internal applications, there is an unexpected flood of WFH connections, which makes VPN networks more vulnerable to all kinds of Layer7/Layer3 attacks.
We will walk through how we have strengthened security and monitoring over our public VPN instance, which was kept in the public VPC, keeping an ever-watchful eye out for unusual traffic patterns or content that could signify a network intrusion using AWS VPC Traffic Mirroring and a network intrusion detection system Suricata.