MIG: Mozilla’s Distributed Platform for Real-Time Forensics of Endpoints - SANS DFIR Summit 2015 скачать в хорошем качестве

MIG: Mozilla’s Distributed Platform for Real-Time Forensics of Endpoints - SANS DFIR Summit 2015

Julien Vehent, Senior Operations Security Engineer, Mozilla MIG is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel, thus accelerating investigation of incidents and day-to-day operations security, while preserving privacy and security of the infrastructure. It’s an army of Sherlock Holmes, ready to interrogate an infrastructure within seconds. This talk will introduce MIG, the problems it solves, its design goals and server-agent model, and how it is used at Mozilla. The audience will learn how Indicators of Compromise (IOCs) can be searched for across thousands of systems within seconds (MIG can query thousands of systems in about 10 seconds on average). During the talk, the audience will be given elements to install and operate MIG in their own environments. Julien Vehent, Senior Operations Security Engineer, Mozilla Julien designs and builds defense systems in the Operations Security team at Mozilla. His background is in risk management, linux engineering and large web service architecture. At Mozilla, he leads the MIG project, but also perform security reviews and incident response on the infrastructure that serves millions of Firefox users. @jvehent Download Slides Here: http://digital-forensics.sans.org/com... For more incident response training courses at SANS: http://www.sans.org/course/advanced-i...