FloCon 2017 has ended
Back To Schedule
Tuesday, January 10 • 4:30pm - 5:00pm
Running Reliable Network Security Monitoring Infra @ Facebook

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Packet monitoring for threat detection is a seemingly simple concept, but effective implementation is not. Reliable and scalable solutions must also carefully consider each hardware and software component individually as well as how they work together on the network. Facebook runs network monitoring system (NSM) infrastructure across multiple sites around the world. How do we ensure all our traffic is monitored for incidents -- packets
loss/drop, network blind spots, missing network coverage, etc. -- and quickly provide accurate results to our security analysts? In this talk, we will explain how we run NSM infrastructure at Facebook scale to monitor our global infrastructure. We will define matrices for reliability and how we collect statistical data from different hardware appliances and NSM applications including Bro, an open source network security platform, and Suricata an open source intrusion detection/prevention system. We'll walk through how we verify the integrity of the data and then use it to build statistical models for creating actionable alerts when an abnormality is detected. We will share real-world scenarios that we have seen on our
networks, how we resolved those issues, and what we learned from these events.


Sereyvathana Ty

Sereyvathana Ty is a member of Detection Infrastructure at Facebook working on network security monitoring instrumentations. Before joining Facebook, he was a malware researcher for Palo Alto Networks where he was researching new techniques for detecting malware and developing mitigation... Read More →

Tuesday January 10, 2017 4:30pm - 5:00pm PST
Great Room V-VIII 7450 Hazard Center Dr.