Applying Best Practices in Network Traffic Analysis
November 2018 • Podcast
Tim Shimeall and Timur Snoke, both researchers in the SEI’s CERT Division, highlight some best practices (and application of these practices) that they have observed in network traffic analysis.
“It is important to recognize that although we are talking about network security best practices, really the overarching goal is to defend whatever the mission is of the applications that are running on the network. Although we could secure everything in every dimension, we end up with a bunch of machines that can’t talk to each other. The things that we are supposed to do, we are unable to do. We have to weigh all of that.”
Software Engineering Institute
In today's operational climate, threats and attacks against network infrastructures have become far too common. Researchers in the SEI’s CERT Division work with organizations and large enterprises, many of whom analyze their network traffic data for ongoing status, attacks, or potential attacks. Through this work we have observed both challenges and best practices as these network traffic analysts analyze incoming contacts to the network, including packets traces or flows. In this SEI Podcast, Tim Shimeall and Timur Snoke, both researchers in the SEI’s CERT Division, highlight some best practices (and application of these practices) that they have observed in network traffic analysis.
About the Speaker
Dr. Timothy Shimeall is a senior member of the technical staff with the CERT Network Situational Awareness Group of the Software Engineering Institute, where he is responsible for overseeing and participating in the development of analysis methods in the area of network systems security and survivability. This work includes development of methods to identify trends in security incidents and in the development of software used by computer and network intruders. Of particular interest are incidents affecting defended systems and malicious software that are effective despite common defenses. Tim is also an Adjunct Professor at Carnegie Mellon University, with teaching and research interests focused on information survivability. Before joining Carnegie Mellon University, Tim was an Associate Professor at the Naval Postgraduate School in Monterey, California. He taught a variety of topics in software engineering, systems and security and supervised numerous masters and Ph.D. theses. He has taught courses for a variety of educational institutions and private corporations, in both local and distance learning formats.
Timur D. Snoke