Making the Most of a Lot [of Data]: Netflow in US-CERT Operations
January 2016 • Presentation
In this FloCon 2016 presentation, the author reviews uses of netflow in US-CERT's daily monitoring, analysis, and incident response operations.
Abstract
Netflow has long proven to be a key asset to both the network operator
and defender. This presentation reviews some of the more common, yet
invaluable, uses of netflow in US-CERT's daily monitoring, analysis, and
incident response operations. Further, it highlights some of US-CERT's
efforts to operationalize netflow-based analytics, rooted in netflow
community research but adapted to account for (and where possible take
advantage of) the large size and diversity of our constituent
population.