Foreword
In the early years of my career I was heavily involved in the (german) Nagios™
community. As I entered that community, around 20 years ago, I loved the open thoughts. There was an OpenSource Software, People who used it with different maturity levels and they helped each others. There were no limits to share knowledge and experiences and this was a wonderful time which shaped me until today.
In that meaning I would like to start a couple of different blog posts to my recent topics – IT Security and within that topic the Defense part. I would like to share my experience with various cyber defense tools and am curious to see how far you can get without $vendors.
I know some of the potential biases like “OSS doesn’t costs License fees, but Human-Power.” and further I actually won’t dive deep into the different licenses from the following OSS / $Free Products/Solutions. So if you are on business please consult the licenses by yourself if you are allowed to use that tools with commercial interests.
The “Unpennied CDC”
The unpennied CDC starts today as an experiment with a more or less simple question in my mind: “How far can you get with the tasks of a Cyber Defense Center, with capabilities which may be using free of charge?”
So in this experiment we empty our budget-buckets, credit cards and so on. We are not completely broke but have nothing to give away. Additionally we are aware as soon as we are earning money to pay out our employees to support their families we are also in the situation to “pay-back” to the people out there who helped us to grown. This could be $-Donations to OSS, giving Support to other beginners in the field, Support Conferences, etc. (Take a moment to think about this as one of those brave $vendors – feels good? I guess you understand what I mean.). Ok, back to the topic.
We also assume some kind of green field situation – beside our different challenges we have nothing but computing resources. So what is our Mission?
The Mission
Overall we could say that we are there to bring some defense solutions and strategies to our company. There are (Cyber-) Risks out there that threaten us, our intellectual properties and at the end our responsibility against our customers and employees. So it’s our Job to:
- Secure our Networks and Systems,
- Detect threats (sooner then later),
- Answer questions to evolving threats and incidents,
- Gather more and more wisdom to reach the next maturity level.
Requirements
- Threat Intelligence
- To know what to search for.
- Threat Hunting
- To detect what may affect us.
- Digital Forensic
- To gather evidence that something malicious hits us.
- Incident Response
- To get back to a clean state.
- SIEM
- To get early alerts on suspicious events.
- Vulnerability Management
- To know our weakest link.
During the next articles I will dive deeper into this defense categories, will mention some solutions and methods and may also show up some Pros and Cons.