DEF CON 29 Blue Team Village – Drimacus – Leveraging NGFWs for Threat Hunting

Sharing research and details around running passive NGFWs to complement threat hunting tools. This talk will walk through sharing why, how, and what I learned about these to share with the community and the value that can be gained by leveraging NGFWs for threat hunting.

With the introduction of NGFWs came new operational risk in the form of application ID. After taking a path down to mitigate this risk by implementing passive NGFWs, it also become an opportunity to leverage them for threat hunting.

This talk will review research over the past 5 years of running such passive NGFWs.
The pros/cons of the environment over exiting threat hunting tools, review of architecture, and a deep dive into the various functionality will be discussed.DEFCONConferenceRead More