Blog Posts

Situational Awareness for Cybersecurity Architecture: Network Visibility

Network compromises cannot be detected without visibility into the activities within assets. Network security analysts can view these activities in one of two places....

Read More

March 23, 2020 • By Timur Snoke

In Situational Awareness

Engineering for Cyber Situational Awareness: Endpoint Visibility

In this post, we aim to help network security analysts understand the components of a cybersecurity architecture, starting with how we can use endpoint information....

Read More

February 10, 2020 • By Phil Groce, Timur Snoke

In Situational Awareness

Best Practices in Network Traffic Analysis: Three Perspectives

In July of this year, a major overseas shipping company had its U.S. operations disrupted by a ransomware attack, one of the latest attacks to disrupt the daily operation of …

Read More

October 7, 2018 • By Angela Horneman, Tim Shimeall, Timur Snoke

In Situational Awareness

Best Practices for NTP Services

The network time protocol (NTP) synchronizes the time of a computer client or server to another server or within a few milliseconds of Coordinated Universal Time (UTC)....

Read More

April 2, 2017 • By Timur Snoke

In Situational Awareness

Making YAF App Labels from Text-Based Snort Rules

Ever want to use a Snort-like rule with SiLK or Analysis Pipeline to find text within packets? Timur Snoke and I were recently discussing how we could do this and …

Read More

June 11, 2015 • By Angela Horneman, Timur Snoke

In CERT/CC Vulnerabilities

Analyzing Routing Tables

Hi, Timur Snoke here with a description of maps I've developed that use Border Gateway Protocol routing tables to show the evolution of public-facing autonomous system numbers....

Read More

October 23, 2013 • By Timur Snoke

In CERT/CC Vulnerabilities

Working with the Internet Census 2012

It's not every day that 9.6 terabytes of data is released into the public domain for further research. The Internet Census 2012 project scanned the entire IPv4 address space using …

Read More

October 21, 2013 • By Timur Snoke, Deana Shick, Angela Horneman

In CERT/CC Vulnerabilities

Watching Domains That Change DNS Servers Frequently

Hello, this is Leigh Metcalf of the CERT Network Situational Awareness (NetSA) Team. Timur Snoke and I have discovered some interesting results in our continuing examination....

Read More

March 10, 2013 • By Leigh Metcalf, Timur Snoke

In CERT/CC Vulnerabilities