Deploying Security Onion for Monitoring HIDS (Sean Goodwin)

Title:

Deploying Security Onion for Monitoring Host-based Intrusion Detection Systems (HIDS)

Abstract:

Many organizations lack proper visibility on their network hosts and activity, which leads to long-lasting intrusions and poor detection rates. Security Onion is a Linux distribution focused on intrusion detection and security event monitoring. This distribution includes common tools such as Elasticsearch, Logstash, Zeek (Bro), and Wazuh (OSSEC).

This meetup includes an overview of many features of the Security Onion distribution, as well as a demonstration of some of the host-based monitoring capabilities. The attacks demonstrated emulate real world attacks, similar to those discussed in the 2019 Verizon Data Breach Investigations Report (DBIR).

Bio:

Sean Goodwin is a Senior Consultant at Wolf & Company, P.C. in the Information Technology (IT) Assurance Services group where he is responsible for coordinating and executing cybersecurity and IT audit services at client locations for financial, healthcare, educational and investment planning clients. Sean leads Wolf’s security assessment and PCI DSS teams.

Venue and Food:

We are meeting at 6:30 pm at Paragus IT at 112 Russell St, Hadley, MA. Pizza and soda/water to be provided - please RSVP for pizza count.