Last Thursday, I was very glad that the Open Information Security Foundation (OISF) released the first public beta version of Suricata. It has been three years in the making. Several new releases are expected this month culminating in a production quality release shortly thereafter. OISF describes Suricata an “an Open Source Next [...]
Category Archive for 'IDS'
Standardization and Interoperability in Security
Posted in Aneesh Chopra, CCE, CPE, CVE, CVSS, Cloud Computing, IDS, Management, Metrics, NCP, NIST, OVAL, Policies, Risk, SCAP, Vulnerability, XCCDF on Aug 9th, 2009
“While the NSA has a great red-team (think pen-test) capability, they had a major change of heart and realized, like the rest of the security world (*cough* Ranum *cough*), that while attacking is fun, it isn’t very productive at defending your systems – there is much more work to be done for the defenders, and [...]
TOTEM: Threat Observation, Tracking, and Evaluation Model
Posted in ANL Federated Model, Bro, CAMNEP, CPP, Defense in Depth, IDS, Reputation, Risk, SlideCasting, SlideShare, Snort, TVA, Trust Management, Visualization, Vulnerability on Jun 6th, 2009
This week I had the pleasure of presenting two talks at the National Laboratories Information Technology (NLIT) 2009 Summit held in Oak Ridge, TN. Everyone involved was great and I had a fun time. Since the presentations have been posted to the NLIT site, I am free to post now.
The original [...]
-
Recent Posts
- OMB Says Bring on the Clouds: Frightening or Funny?
- Suricata: A Next Generation IDS/IPS Engine
- Movement on the US Cyber Command
- Soon-To-Be Classic: A Geek Christmas Story
- Santa’s Secrets Leaked
- Learning from the Drone Hacking Case
- Security Visualization: FODAVA
- Remembering 9/11: The Personal Side
- Learning By Doing: Challenges, Data Sets, and Practice Sites
- What’s in Your Folder: Security Cheat Sheets
Archive
Categories
-
Magazines
Recent Podcasts
- 2009-06-16: The Upside and Downside of Security in the Cloud
- 2009-06-23: Rich Mogull on Patch Management
- 2009-06-25: Rob England: Owning ITIL
- 2009-06-26: A Blueprint for Stepping into The Innovation Zone
- 2009-06-29: The Cybersecurity Challenge
- 2009-07-07: Rethinking Risk Management
- 2009-07-14: Cybsersecurity, Cyberdefense and Cyberwarfare
- 2009-07-14: ITIL, CMDB, and ITSM with The IT Skeptic, Rob England
- 2009-07-22: The O'Reilly Radar
- 2009-07-28: Analyzing Internet Traffic
- 2009-07-30: Amichai Shulman
- 2009-07-30: PCI Wireless
- 2009-08-04: Anton Chuvakin, Ph.D
- 2009-08-05: Aneesh Chopra, CTO of the United States
- 2009-08-07: Black Hat, Defcon, Hackers for Charity and More
- 2009-08-10: Microsoft's Embrace of Interoperability
- 2009-08-13: FIRST Podcast: Davidoff and Ham
- 2009-08-18: Mitigating Insider Threat: New and Improved Practices
- 2009-08-19: Expanding the Use of Web 2.0 Technologies to Drive Business Value
- 2009-08-28: Who put that private cloud in my public cloud?
- 2009-08-31: FLOSS Weekly
- 2009-08-31: Ron Gula on PCI DSS compliance
- 2009-08024: Web App Security in the Cloud with Customer
- 2009-09-01: Into the Breach
- 2009-09-01: The Cloud, is it ready and secure
- 2009-09-08: Marcus Ranum on Zero Day Exploits: Defending Your Network
- 2009-09-16: Jericho Forum and Security in the Cloud
- 2009-10-01: Disruptive Innovation and Cloud Security
- 2009-10-23: 'Dangers' of cloud computing
- 2009-10-23: Dangers of Cloud Computing
- 2009-12-22: Howard Schmidt on the Cybersecurity Czar
- 2010-01-06: Open Source SOA
Recent Presentations
- 2009-03-17: A Virtualization & Cloud Computing Fable
- 2009-06-11:Forensic/IR Summit 2008 Archive Presentations
- 2009-06-15: HotCloud 09
- 2009-06-24: Axiis Core Functionality Video Tutorial
- 2009-07-30: Black Hat USA 2009 Conference
- 2009-08-01: Mo' Money Mo' Problems
- 2009-08-02: CSRF: Yeah, It Still Works
- 2009-08-04: Death of Anonymous Travel
- 2009-08-07: Security Content Automation Protocol and Web Application Security
- 2009-08-10: The COBIT Body of Knowledge – a Layman's View
- 2009-08-14: Back of the Napkin
- 2009-09-01: Weaponizing the Web
- 2009-09-04: The Future of the Security Industry
- 2009-09-05: Johnny Long's talk at DefCon 17
- 2009-09-08: What Would Google Do?
- 2009-09-10: Gov 2.0 Summit
- 2009-09-10: Gov 2.0 Summit Events
- 2010-01-07: Vulnerability Management Scoring Systems
Selected Papers
Standard Sites
Meta
-
