Automated Infrastructure Security Monitoring & Defence

Abstract

We can see attacks happening in real time using a dashboard. By collecting logs from various sources we will monitor & analyse. Using data gleaned from the logs, we can apply defensive rules against the attackers.

For most network engineers who monitor the perimeter for malicious content, it is very important to respond to an imminent threat originating from outside the boundaries of their network. Having to crunch through all the logs that the various devices (firewalls, routers, security appliances etc.) spit out, correlating that data and in real time making the right choices can prove to be a nightmare. Even with the solutions already available in the market.

As I have experienced this myself, as part of the Internal DevOps and Incident Response Teams, in several cases, I would want to create a space for interested folks to design, build, customize and deploy their very own FOSS based centralized visual attack monitoring dashboard. This setup would be able to perform real time analysis using the trusted ELK stack and visually denote what popular attack hot-spots exist on a network.

Date
Location
Bangalore, India
Avatar
Madhu Akula
Never Ending Learner!

Madhu Akula is a security ninja, published author and cloud native security researcher with an extensive experience. Also he is an active member of the international security, devops and cloud native communities. Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON (24, 26 & 27), BlackHat USA (2018 & 2019), USENIX LISA 2018, O’Reilly Velocity EU 2019, Appsec EU 2018, All Day DevOps (2016, 2017, 2018 & 2019), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 2018), Nullcon 2019, SACON 2019, Serverless Summit, null and multiple others. His research has identified vulnerabilities in over 200 companies and organisations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP and Adobe, etc. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible.

Next
Previous