Using Vantage to Manage Complex Sensor Networks
Network security increasingly requires combining data from heterogeneous sources such as NetFlow, log files, and raw traffic dumps. Effective instrumentation is a complex problem that not only requires collecting and normalizing data, but understanding the interrelationships between different data sources. As an example of the difficulty of this problem, consider relating traffic between a firewall and a flow collection system that are adjacent to each other. Depending on their relative placement, it is possible that they will record the same events, or it is possible that events recorded by the firewall should never be seen by the flow collection system. In this talk, Michael Collins introduces a systematic methodology for analyzing the vantage of sensor systems. Vantage is a formal description of the range and type of data that a sensor collects. By using a three-axis classification system, we can map out the vantage of the sensors of a network and determine their interactions with each other. Vantage analysis provides insight into the coverage and blind spots on the sensor network, and helps predict the impact of sensor failures. In this talk, Collins also introduces vantage, provides examples of vantage analysis on different network architectures, and demonstrates a simple tool for conducting vantage analyses.