Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Presentation

Making the Most of a Lot [of Data]: Netflow in US-CERT Operations

  • Abstract

    Netflow has long proven to be a key asset to both the network operator and defender. This presentation reviews some of the more common, yet invaluable, uses of netflow in US-CERT's daily monitoring, analysis, and incident response operations. Further, it highlights some of US-CERT's efforts to operationalize netflow-based analytics, rooted in netflow community research but adapted to account for (and where possible take advantage of) the large size and diversity of our constituent population.

  • Download

Part of a Collection

FloCon 2016 Presentations