Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Wednesday, January 11 • 9:30am - 10:00am
Low Hanging Fruit Tastes Just as Good

Sign up or log in to save this to your schedule and see who's attending!

We often hear as some network security tasks as being "low hanging fruit." There are network monitoring tasks that seem simple, but the work is tedious or requires significant time to produce results that they never get the time and effort they deserve. Taking the time to accomplish these seemingly simple tasks can provide valuable situational awareness. We used the CERT NetSA security tool suite to monitor traffic and establish baselines of our internal network IP addresses. By deriving simple network statistics of each IP address, we are able to automate alert generation when an anomalous behavior is detected. Similarly, we are able to build lists of all of the domains queried from our network. After enough time, any new domains, and changes to the previously seen domains, are worth investigating. This talk demonstrates the steps we took to perform this analysis with our publicly available tool suite.

Speakers
avatar for Dan Ruef

Dan Ruef

Network Security Test Engineer, CERT Division, Software Engineering Institute
Dan Ruef is a member of the Security Automation Directorate at SEI/CERT. He graduated with a master's degree in Information Security Technology from Carnegie Mellon University (2006) and Bachelor of Science degree in Mathematics and Computer Science from Case Western Reserve University (2004). Dan is the lead developer of the Analysis Pipeline.
avatar for Emily Sarneso

Emily Sarneso

Network Security Software Developer, CERT Division, Software Engineering Institute
Emily Sarneso is a member of the Security Automation Directorate at SEI/CERT. She graduated with a master's degree in Information Science from the University of Pittsburgh (2009) and a bachelor's degree in Mathematics from Saint Vincent College (2007). Emily is the lead developer of YAF and super_mediator.



Wednesday January 11, 2017 9:30am - 10:00am
Great Room V-VIII 7450 Hazard Center Dr.

Attendees (26)