On Wednesday, April 6th we spoke at the Alabama Rural Electric Association of Cooperatives (AREA) conference to the IT leadership in attendance. Our topic was how to leverage Zeek to prevent a catastrophic event. In the talk we started with a bit of history and how malware, ransomware, and threat actors have evolved over the years; and how their tactics have transformed and become all but invisible to the naked eye. We also spoke about how the problems of our audience were vastly different from most other companies in that they were both supporting the Nation’s Critical Infrastructure as well as they are also supporting technologies in their SCADA systems, of which many were developed with a 20-year lifecycle.
Today threats and threat actors are changing their mode of operations by the minute and many of today’s tools cannot or should not be used on the IC networks. By combining the use of Zeek and Suricata and using passive techniques of listening unobtrusively on the networks we can watch the wire and gather the intelligence needed to help our clients defend their networks. We covered the tools used in situ, and visibility gained by using the Léargas platform that gives our clients a critical advantage in today’s environment.