What I find fascinating about the DNS level blocks on my home network is not the amount of advertising, malvertising and general tracking rubbish, which I expected, and the Apple stuff which I also expected as I have a lot of Apple products and services, but that Amazon Alexa and Netflix are 5th and 6th - and I don’t have a single Alexa device or service enabled by me, and I don’t have a Netflix account.

#NetworkSecurity #NetworkSecurityMonitoring #Privacy #NetworkPrivacy

Over three years ago, Andy Greenberg interviewed me for his story on the godfather of computer #incidentresponse, #CliffStoll. It features quotes from the godfather of #networksecuritymonitoring as well, @toddheberlein. https://www.wired.com/story/meet-the-mad-scientist-who-wrote-the-book-on-how-to-hunt-hackers/

This is what I think of when I hear cries for "better detection." This photo dates from 23 Aug 2002. I think it was a vendor showing an IDS attached to a stoplight. Yes, we all want better detection, but if we could reliably detect it, we would prevent it. #networksecuritymonitoring endures because there will always be events that evade detection.

This is what I think of when I hear cries for "better detection." This photo dates from 23 Aug 2002. I think it was a vendor showing an IDS attached to a stoplight. Yes, we all want better detection, but if we could reliably detect it, we would prevent it. #networksecuritymonitoring exists because there will always be events that evade detection.

This is what I think of when I hear cries for "better detection." This photo dates from 23 Aug 2002. I think it was a vendor showing an IDS attached to a stoplight. Yes, we all want better detection, but if we could reliably detect it, we would prevent it. #networksecuritymonitoring

@crowdstrike has selected the sensor built by my company @corelight for their #IncidentResponse, #CompromiseAssessment, and #NetworkSecurityMonitoring services. I'm pleased that Crowdstrike customers will benefit from our offering and that #Crowdstrike promotes NSM as a core #cybersecurity service. https://corelight.com/company/corelight-expands-partnership-with-crowdstrike-to-provide-network-detection-and-response-technology-for-crowdstrike-services

@crowdstrike has selected the sensor built by my company @corelight for their #IncidentResponse, #CompromiseAssessment, and #NetworkSecurityMonitoring services. I'm pleased that Crowdstrike customers will benefit from our offering and that Crowdstrike promotes NSM as a core service. https://corelight.com/company/corelight-expands-partnership-with-crowdstrike-to-provide-network-detection-and-response-technology-for-crowdstrike-services

I'd like to commend 3CORESec for their excellent TestMyNIDS scripts. They're my go-to when deploying a new #networksecuritymonitoring sensor. https://github.com/3CORESec/testmynids.org

I'd like to commend 3CORESec for their excellent TestMyNIDS scripts. They're my go-to when deploying a new #networksecuritymonitoring sensor. https://github.com/3CORESec/testmynids.org

Unfortunately, #suricata 7 does not compile on #debian 11 bullseye due to an older #rust version.

But since debian 12 bookworm is on its way, I hope to be able to compile it by the summer this year.

#OpenSource #NetworkSecurityMonitoring #IDS

@zeek matters because it is literally the codification of the security principle "prevention eventually fails."

Defenders often do not know how adversary activity will specifically manifest on the network.

By summarizing traffic, extracting key data, and deriving insights, Zeek provides the network evidence defenders need to interdict intruders before they accomplish their mission.

Note: Zeek offers 2 of 4 elements of #NetworkSecurityMonitoring data (transaction logs and extracted files). #NSM also requires alerts and pcap. Furthermore, NSM data works with third party sources, infrastructure/application logs, and endpoint data.

I’m pleased to see two of my books available for borrowing on the @internetarchive.
I’m especially glad my first book, The Tao of #networksecuritymonitoring, is there. https://archive.org/details/taoofnetworksecu0000bejt/
When I signed the contract in 2003 I was like every other newbie author who didn’t understand or appreciate the value of keeping my own copyright.
Ten years later when I worked with @nostarch, they assigned me copyright automatically. That book, the Practice of Network Security Monitoring, is also available to borrow. https://archive.org/details/practiceofnetwor0000bejt/

I’m pleased to see two of my books available for borrowing on the @internetarchive.
I’m especially glad my first book, The Tao of #networksecuritymonitoring, is there. https://archive.org/details/taoofnetworksecu0000bejt/
When I signed the contract in 2003 I was like every other newbie author who didn’t understand or appreciate the value of keeping my own copyright.
Ten years later when I worked with @nostarch, they assigned me copyright automatically. That book, the Practice of Network Security Monitoring, is also available to borrow. https://archive.org/details/practiceofnetwor0000bejt/

I’m pleased to see two of my books available for borrowing on the @internetarchive.
I’m especially glad my first book, The Tao of #networksecuritymonitoring, is there. https://archive.org/details/taoofnetworksecu0000bejt/
When I signed the contract in 2003 I was like every other newbie author who didn’t understand or appreciate the value of keeping my own copyright.
Ten years later when I worked with @nostarch, they assigned copyright automatically. That book, the Practice of Network Security Monitoring, is also available to borrow. https://archive.org/details/practiceofnetwor0000bejt/

This is...odd. On Christmas Day, 19 years ago (2003!), I was troubleshooting trying to compile what was then called Bro on my #FreeBSD 4.9 system. I was probably working on The Tao of #NetworkSecurityMonitoring, which I published the next summer. These days you can use the FreeBSD ports tree or packages to install @zeek. http://mailman.icsi.berkeley.edu/pipermail/zeek/2003-December/000596.html

If you're a fan of #NetworkSecurityMonitoring you'll be happy to hear that the premieres of our last #ZeekWeek videos will occur next week, meaning all recording sessions will be public. Check out the playlist here: https://www.youtube.com/playlist?list=PL2EYTX8UVCMhWO6m_uanhXLrSPrCMxO74

My #NoStarch #NetworkSecurityMonitoring book is part of a #HumbleBundle that started yesterday. If I'm reading it right, you can pay as little as $1 to get the digital copy. https://www.humblebundle.com/books/hacking-no-starch-press-books-2022

📰 Hot off the press 📰
---------------------------------------
I wrote this article for PowerGrid International magazine and it is to help folks with tuning their ICS /OT / SCADA network security monitoring alerts. 🛠️📉 You don't have to reinvent the wheel!

***If ICS NSM is in your responsibility, please read this article (link below) I would love to get your feedback.***

Documentation about tuning ICS NSM systems are rare. ICS NSM solution documentation tends to focus on how to turn on and off the baseline feature, and not go into specifics about how to fine tune the system.

If you buy an ICS NSM solution and forget it, it will be useless. If a vendor says their sensor/IDS requires no tuning, they are lying to you. An unmanaged and untuned ICS NSM or IDS will create floods of alerts, nuisance alerts, and contributes to alert fatigue for your engineers and SOC analysts.

Thank you!

📰: When fine-tuning your cybersecurity alerts, it’s best to focus on the basics
https://www.power-grid.com/td/when-fine-tuning-your-cybersecurity-alerts-its-best-to-focus-on-the-basics/

#ICS #OT #SCADA #icssecurity #otsecurity #networksecuritymonitoring #NSM #IDS #SOC #SOCAnalysts #BlueTeam #tuning

📰 Hot off the press 📰
This article is to help folks with tuning their ICS network security monitoring alerts. 🛠️📉 You don't have to reinvent the wheel, because you can leverage your control system alarm tuning methodology.

When fine-tuning your cybersecurity alerts, it’s best to focus on the basics https://www.power-grid.com/td/when-fine-tuning-your-cybersecurity-alerts-its-best-to-focus-on-the-basics/ from PowerGrid International.

#icssecurity #otsecurity #networksecuritymonitoring #tuning #intrusiondetection #siem