This presentation will look at the viability of virtualizing and containerizing network security monitoring devices such as IDS/IPS systems, full packet capture, netflow, etc. There are a number of challenges in a virtual environment with managing system load. We have been looking at how to best virtualize open-source network monitoring solutions in both large and small environments and will detail some of the information we have learned during this adventure. We will detail a project on a single inexpensive host providing network monitoring and event collection built entirely on Open Source software. Finally, we will discuss and demo high-speed (10G+) virtualized monitoring solutions with newer technologies such as SR-IOV and DPDK-enabled OpenVSwitch.
Ed Sealing and Daniel Lohin both work at Sealing Technologies. Their focus is primarily security engineering and figuring out how to securely build enterprise scale systems in a manner that is functional and secure. Ed is the CEO of Sealing Technologies and has over 15 years in IT and Security within the Federal Govt. Daniel Lohin holds a Masters from George Mason University and also teaches part time at a local community college.
Ed Sealing and Daniel Lohin both work at Sealing Technologies. Their focus is primarily security engineering and figuring out how to securely build enterprise scale systems in a manner that is functional and secure. Ed is the CEO of Sealing Technologies and has over 15 years in IT and Security within the Federal Govt. Daniel Lohin holds a Masters from George Mason University and also teaches part time at a local community college.