Building Analytics for Network Flow Records
Network flow records provide a useful overview of traffic on a network that uses the Internet protocol (IP) to pass information. Huge numbers of bytes and thousands of packets can be summarized by a relatively small number of records, with few privacy concerns and a small record size (which aids both speed of retrieval and duration of storage). However, examining these records to build an awareness of the security situation on a network requires automation, and it can be daunting to develop a process for building the automated analytics. This webinar presents such a development process, outlining how to determine what to analyze, how to analyze it in an automated manner, and issues involved in validating and interpreting the results.
What Will Attendees Learn?
- How to identify network flow characteristics and metrics that support understanding traffic
- How to use these characteristics and metrics in an automated manner
- How to evaluate the results of automated analysis to validate and interpret these results
About the Speaker
Dr. Timothy Shimeall is a senior member of the technical staff with the CERT Network Situational Awareness Group of the Software Engineering Institute, where he is responsible for overseeing and participating in the development of analysis methods in the area of network systems security and survivability. This work includes development …Read more
Matt Heckathorn is an integration engineer in the CERT division of the Software Engineering Institute, where he is responsible for assisting organizations in applying the DevOps process to their IT architecture. This work includes operating as a subject matter expert on a variety of automation technologies. Matt’s particular interests are …Read more
Part of a Collection
Network Situational Awareness: Best Practices
This content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.