Shoe Bombers on the Network Part One : Detection Mechanisms Charles Herring

Comparing how physical security caught the shoe bomber to how we go about catching network threats.

Evaluating NetFlow Tools for InfoSec Charles Herring

Using NetFlow for Information Security has some unique challenges that NETOPS tools don't have to deal with. I put Splunk head to head against StealthWatch and lay out methodolgies for testing other tools.

Application-Layer DDoS Detection Charles Herring

How NetFlow can quickly reveal application-layer denial of service.

When Enforcement Doesn’t… Charles Herring

Don't trust your firewalls and NAC without validation. NetFlow is a great way to determine if they are doing what they are supposed to be doing (and alerting you when they are not.)

BSides Chicago Deck Charles Herring

Presentation deck for BSides Chicago 2013 and thanks to all.

Why I don't say APT Charles Herring

APT is a word that means different things to different audiences. It's important to be concise in defining terms and using the correct words to avoid unnecessary conflict and misunderstanding.

Pseudo(code) Proof of Network Security Evolution Charles Herring

Pseudo-code proof that network behavioral anomaly detection (NBAD) of threats is the superior evolution of signature based detection.

Step Away from the PCAP! Charles Herring

Great investigators know the importance of details but often we go too deep, too quickly. An organized approach to incident response will allow more actionable intelligence to be created in less time.

When DDoS Happens to Good Networks Charles Herring

What distributed denial of service (DDoS) is and how NetFlow can give situational awareness when it happens to your network.

You Say Solution, I Say Problem Charles Herring

Vendors and Analysts want to have conversations around products. Organizations want to talk about their business problems. Vendors rename their products "solutions" and Organizations start evaluating the products and forget about their business problems. Here is an open letter to both sides.

Time to Hire a Security Team Charles Herring

An average organization will lose more than $10M to cyber crime this year in detectable losses and much more in un-quantifiable damages as trade secrets, customer data and financial records are stolen without detection. It's time to re-evaluate the need for advanced security teams in organizations that want to stay afloat in an age of rampant, sophisticated corporate espionage from attackers ranging from organized crime to nation-states. 

Has APT1 Been Eating My Porridge? Charles Herring

NetFlow when effectively stored makes a great basis for analyzing indicators of compromise (IOC) like those provided in Mandiant's APT1 report.

Network Security School of Ft. Knox Charles Herring

Summary of the "Network Security School of Ft. Knox" series I penned and the webinar accompanying it.

Subscribe to