PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security Threat Dashboard

From: Robert Cazares <robertcazares () gmail com>
Date: Mon, 15 Oct 2012 20:59:57 -0700
On Mon, Oct 15, 2012 at 6:49 PM, Chris Sanders <chris () chrissanders org> wrote:

I've seen situations where some of these dashboards get people in sticky
situations when an educated member of management asks "How do you use this
dashboard to enhance your operations?"

Yes. In my opinion questions should be expected.
Regardless of the tech level of management one should be prepared to
explain the tools that you are using. If you can explain the reasoning
to yourself, then creating a standard, "this is what this does, this
is what that does" should be fairly elementary.


If you have a little time to invest, you can setup some simple graphs using
something like PRTG (http://www.paessler.com/prtg) to show traffic load of

PRTG is awesome as is MRTG. I don't have any active installations
right now, but I have with past network incarnations.

SPLUNK is cool. Easy to implement. And for me, they're, SPLUNK devs
are easy to talk to being that they have an office here in downtown
Seattle. It is my understanding that they occasionally pick up the
phone too. SPLUNK, in my opinion has a great free SIEM type product.
Takes a little work to get out what you want, but for a free product I
think it's great.

If you're in the Greater Seattle area, there is a SPLUNK event
tomorrow, October 16, 2012, SLUNK Live at the Westin Bellevue 600
Bellevue Way NE Bellevue, WA 98004.
Conveniently located nearby to the to the NCA 5th annual Security &
Technology Conference at the Hyatt Regency in Bellevue.

NCA can be interesting. The latest vendor offering can be found here
as are some developers. It's interesting too see the same people
manning the booths year after year. Seems to be very little attrition
with these folks.

Disclaimer: I work for none of the aforementioned companies.

If you're attending NCA and want to meetup, find me at 206.650.0478.
I'm open to making new local acquaintances in the security arena.
Best is to text me as to where to meetup in the hotel.
If you do want to meet, please make it early as I will be departing by
2:30PM as I have to be back at my workstation in Seattle for a 3:30PM
meeting.

Well, dang, I hope I didn't hijack this thread. It's just so exciting
to be here today. ^)

Robert Cazares
CEH / CSFA / ACE / ASMP
(206) 650-0478 (mobile)
Digital Forensic / InfoSec Analyst
http://e-cybersecurity.blogspot.com
http://robertcazares.carbonmade.com
http://www.linkedin.com/in/robertcazares
http://digitalforensicanalysis.blogspot.com/
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: