FloCon 2017 has ended
Back To Schedule
Thursday, January 12 • 11:30am - 12:00pm
Developing Insider Threat Indicators from Netflow

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Insider threat analysts look for anomalous behavior and activity across a wide array of data sources – host-based audit logs, human resource management systems, anonymous reporting mechanisms, and even SIEM tools. In this presentation, we will provide examples of how Netflow data can be and has been used to detect anomalous insider behavior and activity, and show how correlating information from other data sources can be used to increase the effectiveness of the Netflow-based indicators.

avatar for Dan Costa

Dan Costa

Technical Solutions Team Lead, CERT Division, Software Engineering Institute
Dan Costa is the Technical Solutions Team Lead for the Enterprise Threat & Vulnerability Management team in the CERT Division of the Carnegie Mellon Software Engineering Institute. Dan designs, develop, and transitions tools, algorithms, and exercises that enhance organizations... Read More →

Thursday January 12, 2017 11:30am - 12:00pm PST
Great Room V-VIII 7450 Hazard Center Dr.