Network Flow and Beyond
September 2016 • Podcast
In this podcast, Timothy Shimeall discusses approaches for analyzing network security using and going beyond network flow data to gain situational awareness to improve security.
“The interesting question is are there departures from the diurnal curve? Is there a sudden interruption? Is there a particularly high spike? Now, I can turn to other data sources to help me drill down and understand that. Can I look at my firewall records and see whether or not there was some interruption in terms of blocked traffic or network connection problems with respect to that? Can I look at my web server logs and see whether or not there was a big spike of activity for whatever reason?”
Software Engineering Institute
By the close of 2016, annual global IP traffic will pass the zettabyte ([ZB]; 1000 exabytes [EB]) threshold and will reach 2.3 ZBs per year by 2020, according to Cisco's Visual Networking Index. While capturing and evaluating network traffic enables defenders of large-scale organizational networks to generate security alerts and identify intrusions, operators of networks with even comparatively modest size struggle with building a full, comprehensive view of network activity. To make wise security decisions, operators need to understand the mission activity on their network and the threats to that activity (referred to as network situational awareness). In this podcast, Timothy Shimeall discusses approaches for analyzing network security using and going beyond network flow data to gain situational awareness to improve security.
About the Speaker
Dr. Timothy J. Shimeall is a senior member of the technical staff with the SEI’s CERT Division where he oversees and participates in the development of analysis methods in the area of networked systems security and survivability. His work includes development of methods to identify trends in security incidents and in the development of software used by computer and network intruders. Of particular interest are incidents affecting defended systems and malicious software that are effective despite common defenses.
Before joining the SEI, Shimeall was an associate professor at the Naval Postgraduate School in Monterey, Calif. He was an active instructor on a variety of topics in software engineering, information warfare, and security, and supervised in excess of 30 MS theses and three Ph.D. theses. Tim has taught courses for a variety of educational institutions and private corporations, in both local and distance learning formats.