BDIR Podcast Episode-004

Join our #Slack Channel! Email us at bds.podcast@gmail.com or or DM us on Twitter @brakesec

Libsyn Feedhttp://www.brakeingdownir.libsyn.com/

Our guests are Pieter Heyn and Kresten Krab with Humio will discuss with us Cloud based Log Management and/or On-Prem Log Management

JOIN US FOR EPISODE-004, OUR GUEST WILL BE:

  • Pieter Heyn - Sales Manager EMEA of HUMIO
  • Kresten Krab - CTO of HUMIO

SPONSORS OF OUR PODCAST


 

NEWS-WORTHY - FBI asks everyone to reboot their routers

Last week, security researchers at Cisco's cyberintelligence unit Talos warned of the attack: malicious software, dubbed VPNFilter, had infected an estimated 500,000 consumer routers in 54 countries and was targeting routers from Linksys, MikroTik, Netgear and TP-Link, and possibly others. 

The FBI on Friday sent out a notice recommending that anyone with a small office or home office router reboot (turn on and off) their devices to stop the malware

MALWARE OF THE MONTH

Sadly, none of interest this month ;-(

SITE-WORTHY

1.  BDIR - The whole list of Windows Logging Cheat Sheets

2.  BDIR - Windows 10 and Windows Server 2016 Security Auditing and Monitoring Reference.docx

Guests - HUMIO

  1. Humio of course - https://www.Humio.com

TOOL-WORTHY

  1. BDIR - Audit your logs to see where your audit logging compares to industry standards - LOG-MD

     2.  BDIR - Add additional details to your logs - The Sysmon Service

Guests - Humio

  1.  Humio of course - https://www.Humio.com

TOPIC OF THE DAY

Cloud based Log Management and/or On-Prem Log Management

Articles:

BACKGROUND - MG and BB

  • So why do I think this topic is important to IT, InfoSec, IR, Network, and Forensic people?
    • Why security and log management are important aka SIEM
    • Story about SMB needing help on an malware infection, multiple locations
  • MG Top 10 list of tools - Log Management is crucial to Detection and Response
  • Intro by Michael and Brian on how they found Humio 
    • Humio was responsive to our suggestions
    • Other vendors were not, just said yeah, we just wanted your business
  • Cloud log management vs. on-prem
  • MG - I have looked at 10 or more logging solutions and the lack of ease of use is a big one
  • A good log management solution has to have some basic features a lot of solutions lacked or were very buggy
    • Easy to use console
    • Built-in alerting, not as an option
    • Exclusion ability, not this or this or this
    • Save reports and queries
    • Dashboards for those that want them

INTERVIEW:

  • Background of Humio
    • Live data vs query
    • No indexes used
  • Free vs Pro vs. trial vs. On-Prem solutions
    • How much data can I send in the 30 day trail for the SMB type use case?
  • Do you see yourself as a SIEM vendor or wanting to move there?
  • How does GDPR or any compliance regulation affect Cloud shared hosting ?
    • And really is this just solved by going with an On-Prem solution?
    • What basic changes did you have to make being a Euro company in this space?
  • There are a lot of Logging solutions, what gap were you intending to fill; what problem were you trying to solve?
  • New features in the last release you want to mention
  • What are the major differences or advantages that your customers like about Humio?

Something NEW - INTRODUCING:


Our goal for the listeners

  • Try it on your home systems
  • Learn how to do basic logging
  • How to audit a Windows system
  • How to set the audit logging
  • Install the WinLogBeat agent
  • Start with the Winlogbeat config from Malware Archaeology
  • Use Humio
  • Populate it with the queries from the "Windows Humio Logging Cheat Sheet"

-----------------------------------------------------------------------------------------------