Phil Groce

CERT

Phil Groce is a senior network-defense analyst in the Situational Awareness Team in the SEI CERT Division Monitoring and Response Directorate. Groce’s areas of technical expertise are systems and software development in the service of enterprise network activity monitoring and incident response. Before joining the SEI in 2005, Groce helped develop network-intrusion prevention, managed-security, and mail-security capabilities at CipherTrust (later part of McAfee) and SecureWorks (later Dell Secureworks).

Publications by Phil Groce

Chain Games: Powering Autonomous Threat Hunting

November 11, 2022 • Presentation

Phil Groce

This project focuses on developing algorithms from game-theoretic analysis to successfully identify an attacker-controlled infrastructure as well as or better than the traditional state of the practice within the investigatory constraints.
read
Preview of Chain Games: Powering Autonomous Threat Hunting

November 07, 2022 • Video

Phil Groce

This short video provides an introduction to a research topic presented at the SEI Research Review 2022.
watch
Work From Home: Threats, Vulnerabilities, and Strategies for Protecting Your Network

January 07, 2021 • Podcast

Phil Groce

Phil Groce, a senior network defense analyst in the SEI's CERT Division, discusses the security implications of remote work.
learn more
The Rayon Tools: Visualization at the Command Line

January 13, 2014 • Poster

Phil Groce

This poster, presented at FloCon 2014, shows how a Rayon visualization works well with the workflow model of UNIX and the shell.
read
The Rayon Visualization Toolkit

January 10, 2011 • Presentation

Phil Groce

In this presentation, Phil Groce describes Rayon, a Python library and toolset for generating basic two-dimensional statistical visualizations.
read
Rayon: A Unified Framework for Data Visualization

June 24, 2010 • White Paper

Phil Groce

In this paper, Phil Groce describes the Rayon visualization toolkit, developed to augment network analytic information and improve analytic operations.
read
Visualizations of Flow and Analytical Results

January 07, 2008 • Presentation

Phil Groce Jeff Janies

In this presentation, the authors discuss the role of visualization in performing network flow analysis.
read
RAVE: The Retrospective Analysis and Visualization Engine

October 10, 2006 • White Paper

Phil Groce John Prevost

In this paper, the authors present RAVE as an analysis service provider.
read