Network drawing with Clients, SecurityOnion and the Internet

Sniffing Decrypted TLS Traffic with Security Onion

Wouldn't it be awesome to have a NIDS like Snort, Suricata or Zeek inspect HTTP requests leaving your network inside TLS encrypted HTTPS traffic? Yeah, we think so too! We have therefore ...

Open Source Security Software: Takeaways from a Case Study on DIY Fatigue

Open source security software can cause teams to spend more time maintaining a tool than securing their network – this case study describes how Bricata solves that challenge ...

ZeekWeek 2019: 5 Things Network Security Pros Should Know about Zeek

As the annual ZeekWeek conference kicks off – here are X things network security professionals should know about Zeek ...
Detection & Response: Building Effective SOC Operations

6 Tips for Building an Effective SOC

| | Blog, ids, Incident Response, IPS, SOC
A presentation from RSA Unplugged 2019 offers several tips to security leaders seeking to build or improve their security operations center (SOC) ...

7 Threat Hunting Benchmarks from a Survey of Security Pros

| | Blog, ids, IPS, SOC, threat detection, Threat Hunting
Threat hunting aims to find threats that didn’t trigger an alert, yet it’s still a new concept for many, so these threat hunting benchmarks are useful waypoints ...

The Benefits, Characteristics and Components of Flyaway Kits for Incident Response

Several different measures of effectiveness tell us incident response (IR) generally takes too long and costs too much. For example, a global study ...

One Environment – Three Objectives Satisfied

Whether a security analyst is aiming for better network visibility, investigating a security alert or threat hunting, the right environment makes all the difference ...
PolarProxy flow chart

PolarProxy Released

I'm very proud to announce the release of PolarProxy today! PolarProxy is a transparent TLS proxy that decrypts and re-encrypts TLS traffic while also generating a PCAP file containing the decrypted traffic ...
location data

Is NTA Just Another Kind of IDS?

Earlier last year, Anton Chuvakin of Gartner posted a question I’ve spent the past few years focused on. Actually, I’ve focused on it since working in the Network Security Wizards office on ...
Security Boulevard
Open Source Security Tools and Threat Hunting: The 10 Most Read Bricata Posts on Cybersecurity in 2018

Open Source Security Tools and Threat Hunting: The 10 Most Read Bricata Posts on Cybersecurity in 2018

Every week we publish a blog post where we dive into a topic or study around network security. In 2018, we even produced ...