keep in mind - AKA: Things that will keep us all up at night) • Server compromise which could expose the org to ridicule/ embarrassment • Server compromise that may expose private customer data • Angry employee who leaves malicious code/logic bomb behind • Easily convinced employees who are socially engineered (conned) into giving away trade secrets, or system access • Attacker who finds evidence to provide ammunition for blackmail
based traffic and other data. • Traffic collected by default includes mongo, redis, postgres, memcache etc… • Can use pcap, af_packet, and pf_ring • We stuck with pcap (for now)
• Instantly begin to see trends in data • Easily track authentication attempts • Easily visualize and report on web based scans or attacks • Easily understand trends in traffic at the packet level • Integrate with traditional HIDS/NIDS