"High speed NSM - Network Security Monitoring" – Michał Purzyński, Mozilla

High speed NSM – Network Security Monitoring 1. Network security? What is so special about it? 2. The traditional way – IDS, IPS. 3. How is NSM different from everything else to date? The advantages of the full NSM system. 4. How does incident response look with the NSM? 5. What if I can't spend $1 million on the system? Introduction to the open source Security Onion. 6. Where do you find all the data? How about the SSL? 7. Design to scale. Large volume data issues and how to resolve them. 8. Why does the world need another IDS? What is this BRO thing about? 9. Using NSM-collected data in practice.