Wednesday, November 16, 2011

Bro Workshop 2011 is Sadly Over

Last week we held our first workshop since the full team came together for the NSF grant and I felt like the workshop went very well. It was by far the largest workshop in terms of attendance, I think we had over 55 people in the room most of the time!

Personally, it was great to get a chance to put so many faces to names. I've communicated with many people but had the chance to meet far too few. In particular I was excited to see the growing interest in Bro from the incident response community. We've really pushed Bro with the 2.0 release to be well tuned and relevant for security operations straight "out of the box". Now I'm looking forward to learning and helping with new deployments in 2012 and more questions about networks that we could help answer with Bro.

Speaking of answering questions about networks, there was a particularly interesting occurrence on the second day. The entire day seemed to revolve around the idea of asking questions about networks and getting real answers. Everything revolved around this; the exercises, the presentations, even the invited talks given by incident responders. I've been pushing for this as part of the approach to Bro for a long time since Bro is a great tool for answering questions so I'm really happy to see others using Bro in a similar way. Now that the 2.0-beta is released and 2.0-final is approaching, I will begin posting snippets and full scripts soon that help you answer questions about your own networks. There are so many questions, and so little time.

I would really like to thank everyone who listened to my pleading to attend the workshop and those whom I didn't even need to plead with. You all added to my experience of the workshop and opened my eyes to new ways of thinking about how Bro can and should be used. I hope you got as much from the workshop as I did.

Finally, I wanted to mention that all of the material from the workshop (video, exercises, slides) will be released very soon and we will be sure to do another quick blog post when it's available.

That's enough writing, now back to coding and documentation...

1 comment:

  1. Seth, I agree it was nice to finally meet the people behind the tool and to learn more about Bro.

    The presentations given by the various members of the Bro team explaining how Bro can help me with securing my network and network connected resources along with how Bro can help with incident response was informative.
    Having Bro end users present the ways that they have made Bro an essential part of their cycber-security infrastructure was very informative. Along with the presentations given the exercises were very helpful in assisting me to become familiar with Bro and preparing me for deploying and using the package in a production network.

    It was a great benefit that the developers were just a raised hand away from helping workshop participants with difficulties encountered during the exercises. Over all a great experience and highly recommended.

    Although I work in the building now and have worked on Campus for many years I have never attended a workshop hosted by NCSA. The classroom facilities were excellent. Power outlet availability and wireless connectivity were well more than adequate. Classroom work areas were spacious, chairs comfortable, sound system loud enough. Catered breakfast, lunch and snacks were delicious.