BDIR Podcast Episode-004

TOPIC: Cloud based Log Management and/or On-Prem Log Management

OUR GUEST WILL BE:

  • Pieter Heyn - Sales Manager EMEA of HUMIO

  • Kresten Krab - CTO of HUMIO

SPONSORS OF OUR PODCAST


 

NEWS-WORTHY - FBI asks everyone to reboot their routers

Last week, security researchers at Cisco's cyberintelligence unit Talos warned of the attack: malicious software, dubbed VPNFilter, had infected an estimated 500,000 consumer routers in 54 countries and was targeting routers from Linksys, MikroTik, Netgear and TP-Link, and possibly others. 

The FBI on Friday sent out a notice recommending that anyone with a small office or home office router reboot (turn on and off) their devices to stop the malware

MALWARE OF THE MONTH

Sadly, none of interest this month ;-(

SITE-WORTHY

1.  BDIR - The whole list of Windows Logging Cheat Sheets

2.  BDIR - Windows 10 and Windows Server 2016 Security Auditing and Monitoring Reference.docx

Guests - HUMIO

  1. Humio of course - https://www.Humio.com

TOOL-WORTHY

  1. BDIR - Audit your logs to see where your audit logging compares to industry standards - LOG-MD

     2.  BDIR - Add additional details to your logs - The Sysmon Service

Guests - Humio

  1. Humio of course - https://www.Humio.com

TOPIC OF THE DAY

Cloud based Log Management and/or On-Prem Log Management

Articles:

BACKGROUND - MG and BB

  • So why do I think this topic is important to IT, InfoSec, IR, Network, and Forensic people?

    • Why security and log management are important aka SIEM

    • Story about SMB needing help on an malware infection, multiple locations

  • MG Top 10 list of tools - Log Management is crucial to Detection and Response

  • Intro by Michael and Brian on how they found Humio

    • Humio was responsive to our suggestions

    • Other vendors were not, just said yeah, we just wanted your business

  • Cloud log management vs. on-prem

  • MG - I have looked at 10 or more logging solutions and the lack of ease of use is a big one

  • A good log management solution has to have some basic features a lot of solutions lacked or were very buggy

    • Easy to use console

    • Built-in alerting, not as an option

    • Exclusion ability, not this or this or this

    • Save reports and queries

    • Dashboards for those that want them

INTERVIEW:

  • Background of Humio

    • Live data vs query

    • No indexes used

  • Free vs Pro vs. trial vs. On-Prem solutions

    • How much data can I send in the 30 day trail for the SMB type use case?

  • Do you see yourself as a SIEM vendor or wanting to move there?

  • How does GDPR or any compliance regulation affect Cloud shared hosting ?

    • And really is this just solved by going with an On-Prem solution?

    • What basic changes did you have to make being a Euro company in this space?

  • There are a lot of Logging solutions, what gap were you intending to fill; what problem were you trying to solve?

  • New features in the last release you want to mention

  • What are the major differences or advantages that your customers like about Humio?

Something NEW - INTRODUCING:


Our goal for the listeners

  • Try it on your home systems

  • Learn how to do basic logging

  • How to audit a Windows system

  • How to set the audit logging

  • Install the WinLogBeat agent

  • Start with the Winlogbeat config from Malware Archaeology

  • Use Humio

  • Populate it with the queries from the "Windows Humio Logging Cheat Sheet"

-----------------------------------------------------------------------------------------------