Network Flow Analysis in Information Security Strategy
January 2015 • Presentation
In this presentation from FloCon 2015, Tim Shimeall describes a series of analytics keyed to the strategies they support.
Information security strategies may be classified by a functional series of impacts on attempts to violate assurance policies: deception, frustration, resistance, recognition-and-recovery. A recent book-length treatment of these strategies identified network flow analysis with recognition-and-recovery, but use of network flow data supports the other strategies as well.
This presentation lays out a series of analytics keyed to the strategies they support: traffic baselining to support deception, attack surface estimation to support frustration, anomaly analysis to support resistance, attack profiling to support recognition-and-recovery. The presentation concludes with discussions of combinations of these analytics in an integrated security approach.