Software Engineering Institute

Information security strategies may be classified by a functional series of impacts on attempts to violate assurance policies: deception, frustration, resistance, recognition-and-recovery. A recent book-length treatment of these strategies identified network flow analysis with recognition-and-recovery, but use of network flow data supports the other strategies as well.

This presentation lays out a series of analytics keyed to the strategies they support: traffic baselining to support deception, attack surface estimation to support frustration, anomaly analysis to support resistance, attack profiling to support recognition-and-recovery. The presentation concludes with discussions of combinations of these analytics in an integrated security approach.