Shortly before joining Secure Ideas, I spoke on Security Onion and Network Security Monitoring (NSM) at the Utah Open Source Conference 2012. The presentation was aimed at introducing folks to Security Onion and how to get started with it. The demo gods were tempted during the presentation, but I was still able to setup a distributed IDS and monitoring system in 10 minutes.
For those not already familiar with Security Onion and NSM, I’ll give a quick recap. Network Security Monitoring is the practice of capturing network alert data and combining it with full session data and as much complete traffic data that we can store. One of the things that drove me insane with IDS on its own was the lack of context around the alerts. Using NSM, we are able to go from looking at an alert and drill down to what was actually crossing the wire before, during and after the event. Security Onion takes a large number of separate tools and combines them so that we can easily go through the NSM process. It is a Linux distribution that is designed to stand alone or be a distributed monitoring system across your networks. Oh, and it's dead easy to setup and maintain.
So with that, here is the video of my presentation at UTOSC 2012.