Does this sound painfully familiar: After hardening your systems and implementing a firewall, application and vulnerability scanners, network intrusion detection, and comprehensive patch management - Your internal web server was still compromised.

To make matters worse it was then used as a pivot point to compromise your whole network. And you didn't even know it had happened until you got a call from an external security organization.

Like the Little Dutch Boy in that famous story, you discover the tiny hole in your network defenses that the bad guys were able to sneak through undetected. And you realize that the clues were there all along.

If you had seen those simple clues, you could have plugged the vulnerability before it was exploited and prevented the whole mess.

This was the genesis of a new continuous monitoring tool called OMENS. OMENS is a free Windows web server monitoring tool designed to monitor, detect, and block the attackers that traditional Network Monitoring tools can sometimes miss.

In this presentation the creator of OMENS will discuss the blind spots that Network Monitoring systems suffer from, and how these holes can be plugged by a distributed, host based monitoring system. He will also discuss how OMENS is being used to monitor for hostile actors, understand their activity, and to remediate the possible flaws they are probing for - Before they can be exploited.

BIO: D0n Quix0te is the author and creator of OMENS. He has more than 25 years of experience in architecting, installing, maintaining, and defending high value targets. And has been involved in the response and analysis of a number of significant security incidents.

Back to BSides Las Vegas 2013 video list