Using Open Source to get above the security poverty line

Room 3
Time Slot: 

Today many small and medium businesses do not have the resource to provide a dedicated cyber-security staff. Most are forced to either purchase over the counter corporate solutions or try and cobble together a workable solution using the multitude of open source projects out there today. Without a subject matter expert on staff, open source security solutions can be a daunting challenge to make work for many companies.

Some of the key points I will cover include:

First lets talk about what type of security is needed for your business… Do you really need an APT warning system? or will a good log aggregation tool do the job for you?

Next we will look at the most common use cases for several tools and see how they can be added to your systems without too much fuss or overhead. I will provide some general guidance on best approaches to take to maximize your security while minimizing the time and technical debt occurred.

I will also talk about some of the shortcomings of the open source security movement and provide some insight into how best to work around these issues (things like not the best documentation, as well as some of the better yet abandoned projects).

I will conclude by walking through a couple of different technical scenario’s showing various options that could be utilized to provide better security coverage with minimal additional overhead for your already taxed IT staff. **** This will include the introduction of a couple of open source installation and configuration scripts I have written to automate these processes. ****