Network flow records provide a useful overview of traffic on a network that uses the Internet protocol (IP) to pass information. Huge numbers of bytes and thousands of packets can be summarized by a relatively small number of records, with few privacy concerns and a small record size (which aids both speed of retrieval and duration of storage). However, examining these records to build an awareness of the security situation on a network requires automation, and it can be daunting to develop a process for building the automated analytics. This webinar presents such a development process, outlining how to determine what to analyze, how to analyze it in an automated manner, and issues involved in validating and interpreting the results.
What Will Attendees Learn?
Dr. Timothy Shimeall is a senior member of the technical staff with the CERT Network Situational Awareness Group of the Software Engineering Institute, where he is responsible for overseeing and participating in the development of analysis methods in the area of network systems security and survivability. This work includes development of methods to identify trends in security incidents and in the development of software used by computer and network intruders. Of particular interest are incidents affecting defended systems and malicious software that are effective despite common defenses. Tim is also an Adjunct Professor at Carnegie Mellon University, with teaching and research interests focused on information survivability. Before joining Carnegie Mellon University, Tim was an Associate Professor at the Naval Postgraduate School in Monterey, California. He taught a variety of topics in software engineering, systems and security and supervised numerous masters and Ph.D. theses. He has taught courses for a variety of educational institutions and private corporations, in both local and distance learning formats.