Talk With an Expert

Onion-Zeek-RITA: Improving Network Visibility and Detecting C2 Activity

Onion-Zeek-RITA: Improving Network Visibility and Detecting C2 Activity (PDF, 6.46MB)Published: 04 Jan, 2019
Created by
Dallas Haselhorst

The information security industry is predicted to exceed 100 billion dollars in the next few years. Despite the dollars invested, breaches continue to dominate the headlines. Despite best efforts, all attempts to keep the enemies at the gates have ultimately failed. Meanwhile, attacker dwell times on compromised systems and networks remain absurdly high. Traditional defenses fall short in detecting post-compromise activity even when properly configured and monitored. Prevention must remain a top priority, but every security plan must also include hunting for threats after the initial compromise. High price tags often accompany quality solutions, yet tools such as Security Onion, Zeek (Bro), and RITA require little more than time and skill. With these freely available tools, organizations can effectively detect advanced threats including real-world command and control frameworks.

Onion-Zeek-RITA: Improving Network Visibility and Detecting C2 Activity