Chris Sanders will be speaking at this months meeting on Thursday, November 20th. The meeting will be held at College of Charleston's Harbor Walk West Building, in room 217. The address is 360 Concord St. Charleston, SC 29401 - right next to the aquarium!. There is limited parking available at the building itself, so your best bet is the parking garage in front of the aquarium. As always, this meeting is free to attend. We will also be serving free pizza and refreshments!
We look forward to seeing… Show more you there! Please be sure to RSVP!
Agenda
November 20th, 2014-
6:00 PM – Networking/Social Time – with Free Pizza and refreshments!
6:30 PM – Chapter Business
6:45 PM – Presentation
7:30 PM – Questions and Wrap Up
Presentation Abstract
“Deceive to Detect: Using Canary Honeypots for Network Security Monitoring”
More often than not, deception is thought of as an offensive tactic. Those who would try to steal from us, do us harm, and otherwise ruin our day will not hesitate to use deceptive tactics to achieve their malevolent ambitions. But, what if the tables were turned?
Tactics of deception can be used as a blue team tactic too. This can be accomplished with the use of Canary Honeypots to detect adversarial activities within a network. In this presentation, I will discuss how canary honeypots can be deployed to strengthen the detection posture of an organization. This will include a survey of modern honeypot software, as well as a discussion of the practical implementation and placement of honeypot systems on a production network. Ultimately, this will lead to a discussion of how alerts can be generated from honeypot interaction so that analysts can analyze and respond appropriately.
“Smooth runs the water where the brook is deep.” – William Shakespeare
Deception isn’t just for the bad guys anymore…
Speaker Bio
Chris Sanders is an information security consultant, author, and researcher originally from Mayfield, Kentucky, now living in Charleston, SC. Chris is the leader of the Threat Analytics Platform Intelligence Engineering team at Mandiant, a division of FireEye, where he leads a small group tasked with effectively using network threat intelligence to catch adversaries. He has as extensive experience supporting multiple government and military agencies, as well as several Fortune 500 companies. In multiple roles with the Us Department of Defense, Chris significantly helped to further to role of the Computer Network Defense Service Provider (CNDSP) model, and helped to create several NSM and intelligence tools currently being used to defend the interests of the nation.
Chris has authored several books and articles, including the international best seller “Practical Packet Analysis” form No Starch Press, currently in its second edition in 7 languages, and “Applied Network Security Monitoring” from Syngress. Chris currently holds several industry certifications, including the Sans Gse and Cissp distinctions.
In 2008, Chris founded the Rural Technology Fund. The RTF is a 501(c)(3) non-profit organization designed to provide scholarship opportunities to students form rural areas pursuing careers in computer technology. The organization also promotes technology advocacy in rural areas through various support programs. The RTF has provided thousands of dollars in scholarships and support to rural students.
Show less