Bro is a stateful, protocol aware open source high speed network monitor with applications as a next generation intrusion detection system, real time network discovery tool, historical network analysis tool, real time network intelligence, and dynamic active response. Originally developed by Vern Paxson, he now leads the core team of developers/researchers at both the International Computer Science Institute in Berkeley, CA and the National Center for Supercomputing Applications in Urbana-Champaign, IL.
Bro provides a security team with logs of highly structured data about their network, a turing complete scripting language through which they can interact with real time stateful network events, and flexible open interfaces through which Bro can be programmed. Pragmatically able to interface with the entire network stack Bro includes support for IPv6, tunneled traffic, SSL and more. In this presentation we present multiple case studies and are releasing their corresponding Bro scripts with source.
Liam was working in Information Technology long before it was hip to be in tech. After earning his CS degree he has worked as network administrator on some very large networks in both the public and private sectors. He has spent the last few years auditing, training and setting up internal security teams dealing with myriad of compliance, regulatory and technical issues primarily in the banking, telecommunications, and education sectors. In his free time Liam volunteers on a number of open source projects, running CTFs, and produces of large variety of spirits.