Open Source Enterprise Security

My second presentation at BSides Orlando 2014 was on Open Source Enterprise security solutions. The idea was to present a number of tools to help the struggling small business meet enterprise security objectives. 

It’s easy to forget that many (most?) small businesses out there have to make trade-offs between buying tools and “making payroll.” This struggle extends to all areas of the business, to include security operations. In this presentation, I presented live demonstrations of tools to help exactly those businesses.

Each tool I presented was geared towards security operations and either: (a) A 1-click installer, or (b) A virtual machine appliance. You’ll notice I didn’t include the traditional offensive security tools (e.g. Metasploit), because that’s really not where these small businesses are at…

The tools were further organized as Processes:

  • Network Discovery
  • Domain Services (DNS, Group Policy, User Management)
  • Vulnerability Assessment
  • Intrusion Detection System and Monitoring
  • Event Log Management
  • Availability Monitoring
  • Static Code Analysis
  • System Hardening Guides

This was another live demo-based presentation, so it’s a little difficult to present. It’s also hard to present everyone’s favorite tool! But most people walked away learning about a new and capable tool they can try out immediately! I call that “mission accomplished.”

Open Source Security (BSides 2014 Presentation)

Leave A Comment

Your email address will not be published.