Zeek Webinar - Zeek@Meta: Scale, Log Enrichment and Detections. Speaker: Hamza Motiwalla, Meta скачать в хорошем качестве

Zeek Webinar - Zeek@Meta: Scale, Log Enrichment and Detections. Speaker: Hamza Motiwalla, Meta

The ever-evolving threat landscape has made network security monitoring (NSM) imperative for Meta to safeguard assets and provide crucial network forensics. To address this need, we deploy Zeek and Suricata using commodity hardware across our network infrastructure. This presentation will dive into tap deployments at scale for our enterprise network (logging 15 billion connections daily), establish the need for downstream conn.log enrichment (IP to Hostname attribution) and give an overview of the active network detections across our network boundaries. Bio: Hamza is a Network Threat Detection Engineer at Meta. He spent the last year optimizing and maintaining the Network Security Monitoring (Zeek/Suricata) infrastructure stack at Meta. He studied MS in Computer Science at the University Of Colorado Boulder with a focus in Systems and Networking. He is also certified as a GIAC Network Forensics Analyst. Hamza enjoys trail running and unwinding at San Francisco Bay Area parks.