This past weekend I had an opportunity to present at the InfoSec Southwest (ISSW) conference on the basics of SOC monitoring and analysis. The presentation covered a range of topics, including understanding the different monitoring environments and tools as well as how to employ them to perform basic analysis. I believe the most important content, though, is the educational foundation laid out for those looking to get into this fun field. Thank you to ISSW for having me and just running an all-around awesome con!
Monitoring & Analysis 101 – N00b to Ninja in 60 Minutes
Knowing how to perform basic monitoring and analysis can go a long way in helping infosec analysts do some foundation analysis to either crush the mundane or recognize when it’s time to pass the more serious attacks on to the the big boys. This presentation covers environment options for making your network monitor-able, three quick steps to triage and analyze alerts, and integrated distros that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well… maybe not a “ninja” per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of network monitoring and analysis.
Today’s post pic is from InfosecConnect.com. See ya!