Although not a morning person by nature, the early 7 am kick-off session was quite painless as I am still jet lagged on Amsterdam time (+9 hours, making this an easy 4pm session!).
While I was aware of a range of Linux-based open source tools for cyber security at a high level, here at the FloCon 2017 conference in San Diego I am conducting a rewarding deep dive guided by experts in the field.
Am impressed with the power and depth of the open source Linux tool cyber security ecosystem. See many benefits to leveraging the tools to produce data for advanced analytics / data science: pattern analysis, anomaly detection, data mining, machine learning, predictive models, optimization…
Cyber security data science often suffers a lack of data to analyze for a variety of reasons, access being a big one. Understandably many companies are quite careful in providing access to the inner workings of the inner sanctum.
Yet, it is often shocking how little insight many organizations have into what is on and what is occurring on their own network. This is not the status quo – the problem is expanding with the proliferation of network complexity, BYOD, diverse access mechanisms, IoT, and VMs and containers.
As such, data science for cyber security is not only a growing trend, it is an essential need. The future of network security requires close collaboration between security/networking experts and data scientists. Where traditional methods and tools are falling short, there is great hope in uniting advanced data analytics and network security data streams to produce deep insights.
This week I am in heaven conducting a deep dive on the variety of Linux-based cyber security tools available to extract valuable data on network dynamics. Some examples from today:
- Bro: network analysis framework https://www.bro.org/
- NFDump: processing NetFlow data at command line http://nfdump.sourceforge.net/
- Silk: traffic analysis tools for large networks http://tools.netsa.cert.org/silk/index.htmlhttp://tools.netsa.cert.org/silk/index.html
- Suricata: network threat detection https://suricata-ids.org/
- WireShark: network protocol analyzer https://www.wireshark.org/
For those interested in focused background to join in, I can recommend the following O’Reilly book for starters: “Network Security Through Data Analysis” https://lnkd.in/gu3X3H4