Software Engineering Institute

This presentation was given at FloCon 2012, which took place in Austin, Texas, on January 9-12, 2012. At FloCon 2012, participants focused on the progression of analytics from ideas, to prototypes, to tools. Since each phase has its own set of successes and raises its own set of challenges, organizers encouraged submissions and discussions across the spectrum, and participants addressed topics such as identifying which incident case studies spark the seed of a new idea, discussing how flow data can help refine a static signature, identifying the costs and benefits of implementing a technique at the large-scale network level versus host level, and discussing how well new flow-based analytical tools integrate into an analysts workflow.