Applied Watch Technologies

14
Applied Watch Technologies Applied Watch Technologies The Enterprise Open Source Security Infrastructure open.freedom Go ahead. Be free.

description

Applied Watch Technologies. open.freedom. Go ahead. Be free. The Enterprise Open Source Security Infrastructure. about.me. Go ahead. Be free. Sold first company at 17 Information warfare consultant with Dept. of Defense GCIA, CISSP - PowerPoint PPT Presentation

Transcript of Applied Watch Technologies

Page 1: Applied Watch Technologies

Applied Watch Technologies

Applied Watch Technologies

The Enterprise Open Source Security Infrastructure

open.freedom

Go ahead.

Be free.

Page 2: Applied Watch Technologies

Applied Watch Technologies

about.me

Go ahead.

Be free.

1. Sold first company at 172. Information warfare consultant with Dept. of Defense3. GCIA, CISSP4. Published first advisory on hacking VPN appliances

(Securityfocus.com). Spoke at Caesar’s Palace in Las Vegas5. Nominated by MIT as Most Influential Technologist of 20026. CEO, President, Applied Watch Technologies (Enterprise

Open Source Management Company)

Page 3: Applied Watch Technologies

Applied Watch Technologies

categories

Open Source NIDS Open Source HIDS Open Source VA Open Source NMS Open Source OS

Open Source

Go ahead.

Be free.

Page 4: Applied Watch Technologies

Applied Watch Technologies

what.is.open.source

Go ahead.

Be free.

Open Source is a free alternative to commercial software developed and maintained by the community (thousands of developers)

1. Linux v/s Microsoft Windows2. Apache v/s Microsoft IIS3. Snort v/s ISS, Cisco, 3Com4. Nagios v/s HP Openview

Page 5: Applied Watch Technologies

Applied Watch Technologies

what.is.open.source

There is now an open source tool alternative for every commercial product

1. Network management tools2. Intrusion Detection Systems3. Antivirus4. Firewalls5. Operating Systems6. Web Servers

Page 6: Applied Watch Technologies

Applied Watch Technologies

open.source.trends

Go ahead.

Be free.

• Gartner holds an annual open source summit discussing widespread use of open source in the enterprise

• (Forrester Research) At least 75% of organizations have deployed open source software

• (Forbes NOV 2005) Open source invades the enterprise.• May 2005 IBM Acquires Gluecode (Open Source competitor)• (Forbes) Chicago Mercantile Exchange cuts $2.5M in hardware

costs by switching to Linux

Go ahead.

Be free.

Page 7: Applied Watch Technologies

Applied Watch Technologies

open.source.trends

Go ahead.

Be free.

• (IDC) open source is used in nearly 75 percent of all organizations worldwide and includes hundreds of thousands of projects. Open source is in production in over half of the organizations.

• (2005 Netcraft Survey) Apache dominates Web Server market over Microsoft with 70% Market Share

• Navy protects battleships using open source Snort

Page 8: Applied Watch Technologies

Applied Watch Technologies

Defense in-Depth

Com

mercial

NID

S

Open S

ource NID

S

Open S

ource HID

S

Page 9: Applied Watch Technologies

Applied Watch Technologies

why.open.source

• COTS (Commercial-off-the-shelf) NIDS/NIPS don’t do everything perfectly

• Open Source signatures are community developed and in most cases are easier to write

• There will soon be an equal or superior open source solution to every COTS security product

• Commercial solutions can be very expensive. OSS lowers the TCO of Security.

Page 10: Applied Watch Technologies

Applied Watch Technologies

oss.strategy: nids

• Snort IDS: Network Intrusion Detection System

• Pattern Matching

• Protocol anomaly detection (data in SYN packet)

• Target-aware (stream5 in Snort 3)

• Passive or Inline Intrusion Prevention

• Over 3M downloads to date

Page 11: Applied Watch Technologies

Applied Watch Technologies

oss.strategy: nids

Go ahead.

Be free.

• Bro IDS: Network Intrusion Detection System

• Developed by Lawrence Berkeley National Labs

• Focused more on use in research environments

• Detects anomalies in traffic behavior as well as patterns

• Can alert, execute an OS command, or block traffic

• More of a research platform for IDS

Page 12: Applied Watch Technologies

Applied Watch Technologies

oss.strategy: hids

Go ahead.

Be free.

OSSEC HIDS: Host Intrusion Detection and Prevention System• Ported to all major OS (Windows, Unix, BSD, Linux, HP-UX, MacOS, Solaris)• Uses local system to block attacks• Email-based alerting on attacks• Performs log analysis, file integrity checking, rootkit detection, time-based alerting, and active response

Page 13: Applied Watch Technologies

Applied Watch Technologies

oss.strategy: hids

Go ahead.

Be free.

OSSEC HIDS: Host Intrusion Detection and Prevention System• Agent/Server architecture• Signatures can be easily written • Detects changes to user dirs, md5 checksum changes, changes to file/directory sizes, ownership changes, and directory permissions.• Windows registry monitoring

Page 14: Applied Watch Technologies

Applied Watch Technologies

summary

Go ahead.

Be free.

• In some organizations, OSS has replaced commercial security and network products• In others, OSS augments COTS products as an additional layer• Soon, OSS will be an option for every COTS network and security product available• OSS is being relied upon for lowering TCO in Security