Software Engineering Institute

Making the Most of a Lot [of Data]: Netflow in US-CERT Operations

January 11, 2016 • Presentation

By

Chad Hein (Phia, LLC)

In this FloCon 2016 presentation, the author reviews uses of netflow in US-CERT's daily monitoring, analysis, and incident response operations.

Publisher

Software Engineering Institute

Subjects

Flocon Situational Awareness

Abstract

Netflow has long proven to be a key asset to both the network operator and defender. This presentation reviews some of the more common, yet invaluable, uses of netflow in US-CERT's daily monitoring, analysis, and incident response operations. Further, it highlights some of US-CERT's efforts to operationalize netflow-based analytics, rooted in netflow community research but adapted to account for (and where possible take advantage of) the large size and diversity of our constituent population.

Download PDF

Part of a Collection

FloCon 2016 Presentations

Ask a question about this Presentation

This content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.

Software Engineering Institute

Making the Most of a Lot [of Data]: Netflow in US-CERT Operations

January 11, 2016 • Presentation

By Chad Hein (Phia, LLC)

Publisher

Subjects

Abstract

SHARE

Part of a Collection

By

Chad Hein (Phia, LLC)