Transcript Applied Watch Technologies

open.freedom
Go ahead.
Be free.
Applied Watch Technologies
The Enterprise Open Source
Security Infrastructure
Applied Watch Technologies
about.me
Go ahead.
Be free.
1.
2.
3.
4.
5.
6.
Sold first company at 17
Information warfare consultant with Dept. of Defense
GCIA, CISSP
Published first advisory on hacking VPN appliances
(Securityfocus.com). Spoke at Caesar’s Palace in Las Vegas
Nominated by MIT as Most Influential Technologist of 2002
CEO, President, Applied Watch Technologies (Enterprise
Open Source Management Company)
Applied Watch Technologies
Go ahead.
Be free.
categories
Open Source
Open Source NIDS
Open Source HIDS
Open Source VA
Open Source NMS
Open Source OS
Applied Watch Technologies
what.is.open.source
Go ahead.
Be free.
Open Source is a free alternative to commercial
software developed and maintained by the
community (thousands of developers)
1. Linux v/s Microsoft Windows
2. Apache v/s Microsoft IIS
3. Snort v/s ISS, Cisco, 3Com
4. Nagios v/s HP Openview
Applied Watch Technologies
what.is.open.source
There is now an open source tool alternative for
every commercial product
1. Network management tools
2. Intrusion Detection Systems
3. Antivirus
4. Firewalls
5. Operating Systems
6. Web Servers
Applied Watch Technologies
Go ahead.
Be free.
Go ahead.
Be free.
open.source.trends
•
•
•
•
•
Gartner holds an annual open source summit discussing
widespread use of open source in the enterprise
(Forrester Research) At least 75% of organizations have deployed
open source software
(Forbes NOV 2005) Open source invades the enterprise.
May 2005 IBM Acquires Gluecode (Open Source competitor)
(Forbes) Chicago Mercantile Exchange cuts $2.5M in hardware
costs by switching to Linux
Applied Watch Technologies
Go ahead.
Be free.
open.source.trends
•
•
•
(IDC) open source is used in nearly 75 percent of all organizations
worldwide and includes hundreds of thousands of projects. Open
source is in production in over half of the organizations.
(2005 Netcraft Survey) Apache dominates Web Server market over
Microsoft with 70% Market Share
Navy protects battleships using open source Snort
Applied Watch Technologies
Defense in-Depth
Open Source HIDS
Open Source NIDS
Commercial NIDS
Applied Watch Technologies
why.open.source
•
•
•
•
COTS (Commercial-off-the-shelf) NIDS/NIPS don’t do
everything perfectly
Open Source signatures are community developed and
in most cases are easier to write
There will soon be an equal or superior open source
solution to every COTS security product
Commercial solutions can be very expensive. OSS
lowers the TCO of Security.
Applied Watch Technologies
oss.strategy: nids
• Snort IDS: Network Intrusion Detection System
• Pattern Matching
• Protocol anomaly detection (data in SYN packet)
• Target-aware (stream5 in Snort 3)
• Passive or Inline Intrusion Prevention
• Over 3M downloads to date
Applied Watch Technologies
Go ahead.
Be free.
oss.strategy: nids
• Bro IDS: Network Intrusion Detection System
• Developed by Lawrence Berkeley National Labs
• Focused more on use in research environments
• Detects anomalies in traffic behavior as well as patterns
• Can alert, execute an OS command, or block traffic
• More of a research platform for IDS
Applied Watch Technologies
Go ahead.
Be free.
oss.strategy: hids
OSSEC HIDS: Host Intrusion Detection and Prevention
System
• Ported to all major OS (Windows, Unix, BSD, Linux,
HP-UX, MacOS, Solaris)
• Uses local system to block attacks
• Email-based alerting on attacks
• Performs log analysis, file integrity checking, rootkit
detection, time-based alerting, and active response
Applied Watch Technologies
Go ahead.
Be free.
oss.strategy: hids
OSSEC HIDS: Host Intrusion Detection and Prevention
System
• Agent/Server architecture
• Signatures can be easily written
• Detects changes to user dirs, md5 checksum changes,
changes to file/directory sizes, ownership changes, and
directory permissions.
• Windows registry monitoring
Applied Watch Technologies
Go ahead.
Be free.
summary
• In some organizations, OSS has replaced
commercial security and network products
• In others, OSS augments COTS products as an
additional layer
• Soon, OSS will be an option for every COTS
network and security product available
• OSS is being relied upon for lowering TCO in Security
Applied Watch Technologies