Black Hat is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

The importance of logs: You won't see what you don't log^Waudit

View Recording

Thursday, May 16, 2019
11:00AM-12:00PM PDT

Brought to you by:

The importance of logs: You won't see what you don't log^Waudit, by Tim (Wadhwa-)Brown
2019 Data Breach Investigations Report, by Alex Pinto

As a Team, Cisco's CX EMEAR Security Architecture team sees an awful lot of customer sites and systems where logging is either unconfigured or where it is configured in an inappropriate fashion.

In our experience, we find issues relating to this in over 50% of assessment engagements which climbs still further for engagements where we're asked to actively deliver our incident response capabilities. It's not often talked about but effective logging is a key control both to give the blue team visibility of the network they're defending and to enable accurate analysis in the event of an incident. This talk will cover:

  • Why logging goes wrong
  • How to start to plan your logging requirements
  • Case studies
  • Where to go next

Guest Presenter:

Tim (Wadhwa-) Brown

Tim (Wadhwa-) Brown joined Cisco as part of their acquisition of Portcullis for whom he worked for almost 12 years. He is equally happy performing white box assessments with access to source code or where necessary diving into proprietary binaries and protocols using reverse engineering methodologies. Tim has contributed to a number of Cisco's bespoke methodologies covering subjects as diverse as secure development, host hardening, risk and compliance, ERP and SCADA. In 2016-2017, Tim looked at targets as varied as Active Directory, z/OS mainframes, power stations, cars, banking middleware and enterprise SAP Landscapes. Outside of the customer driven realm of information assurance, Tim is also a prolific researcher with papers on UNIX, KDE, Vista and web application security to his name.

Sponsor Presenter:

Alex Pinto

Alex Pinto is a Distinguished Engineer of the Security Solutions Group at Verizon Enterprise Services, currently managing the Verizon Security Research team, which is responsible for the Verizon Data Breach Investigations Report (DBIR).

Alex has over 20 years of experience in building security solutions and products and the last 6 years have been dedicated to the application of machine learning in cybersecurity detection and threat hunting activities.





Sign up to receive information about upcoming Black Hat events including Briefings, Trainings, speakers, and important event updates.


Sustaining Partners