Software Engineering Institute

Security Incident Discovery and Correlation on .Gov Networks

January 10, 2011 • Presentation

By

Cory Mazzola (Department of Homeland Security) and Timothy Tragesser (Department of Homeland Security)

In this presentation, the authors discuss their work on correlating security incident discovery to .gov networks.

Publisher

Software Engineering Institute

Subjects

Flocon Situational Awareness

Abstract

Takeaways:

Harness flow data to identify security events and incidents of interest across the enterprise.
Develop automated queries to do work for you and vet results for accuracy.
- Tune appropriately.
Layered view to provide a user-friendly view of information and data pertinent to different levels of organizations.
- Customize different views across organizations:
  - Leadership / Security Operations
  - Technicians / Responders
  - Constituents

Download PDF

Part of a Collection

FloCon 2011 Collection

Ask a question about this Presentation

This content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.

Software Engineering Institute

Security Incident Discovery and Correlation on .Gov Networks

January 10, 2011 • Presentation

By Cory Mazzola (Department of Homeland Security) and Timothy Tragesser (Department of Homeland Security)

Publisher

Subjects

Abstract

SHARE

Part of a Collection

By

Cory Mazzola (Department of Homeland Security) and Timothy Tragesser (Department of Homeland Security)