Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, January 12 • 11:30am - 12:00pm
Developing Insider Threat Indicators from Netflow

Sign up or log in to save this to your schedule and see who's attending!

Insider threat analysts look for anomalous behavior and activity across a wide array of data sources – host-based audit logs, human resource management systems, anonymous reporting mechanisms, and even SIEM tools. In this presentation, we will provide examples of how Netflow data can be and has been used to detect anomalous insider behavior and activity, and show how correlating information from other data sources can be used to increase the effectiveness of the Netflow-based indicators.


Speakers
avatar for Dan Costa

Dan Costa

Technical Solutions Team Lead, CERT Division, Software Engineering Institute
Dan Costa is the Technical Solutions Team Lead for the Enterprise Threat & Vulnerability Management team in the CERT Division of the Carnegie Mellon Software Engineering Institute. Dan designs, develop, and transitions tools, algorithms, and exercises that enhance organizations’ abilities to detect, prevent, and respond to insider threats. Dan has extensive experience evaluating insider threat programs, assessing organizations&rsquo... Read More →



Thursday January 12, 2017 11:30am - 12:00pm
Great Room V-VIII 7450 Hazard Center Dr.

Attendees (23)