Software Engineering Institute

Classic tool suites that are used to process network flow records deal with very limited detail on the network connections they summarize. These tools limit detail for several reasons: (1) to maintain long-baseline data, (2) to focus on security-indicative data fields, and (3) to support data collection across large or complex infrastructures. However, a consequence of this limited detail is that analysis results based on this data provide information about indications of behavior rather than information that accurately identifies behavior with high confidence. In this webcast, Tim Shimeall and Katherine Prevost discuss how to use IPFIX-formatted data with detail derived from deep packet inspection (DPI) to provide increased confidence in identifying behavior.

What attendees will learn:

• trade-offs involved in collecting various levels of detailed network data
• an example of analysis showing the application of DPI in identifying network behaviors
• the value of working in data analysis environments, leveraging the power of such processing environments, and the availability of language features and libraries that facilitate analysis