Shows
Software Engineering Institute (SEI) Podcast SeriesVisibility Through the Clouds with Network Flow LogsOrganizations, including the U.S. military, are increasingly adopting cloud deployments for their flexibility and cost savings. The shared security model utilized by cloud service providers removes some of the adopting organization's responsibility for system administration and security. But it leaves them on the hook for monitoring hosted applications and resources. Cloud flow logs are a valuable source of data for supporting these security responsibilities and attaining situational awareness. The SEI has a long history of supporting flow log collection and analysis, including tools for collection in Azure and AWS. In this podcast from the Carnegie Mellon University Software...
2026-01-1535 min
Software Engineering Institute (SEI) Webcast SeriesImproving Analytics Using Enriched Network Flow DataClassic tool suites that are used to process network flow records deal with very limited detail on the network connections they summarize. These tools limit detail for several reasons: (1) to maintain long-baseline data, (2) to focus on security-indicative data fields, and (3) to support data collection across large or complex infrastructures. However, a consequence of this limited detail is that analysis results based on this data provide information about indications of behavior rather than information that accurately identifies behavior with high confidence. In this webcast, Tim Shimeall and Katherine Prevost discuss how to use IPFIX-formatted data with detail derived from deep...
2023-04-261h 02Software Engineering Institute (SEI) Podcast SeriesRansomware: Evolution, Rise, and ResponseIn this SEI Podcast, Marisa Midler and Tim Shimeall, network defense analysts within the SEI's CERT Division, discuss the growing problem of ransomware including the rise of ransomware as a service threats. Ransom payments from Quarter 3 of 2019 were on average $42,000, and in Quarter 1 of 2020, that average increased $70,000 to $112,000. The volume of attacks also increased by 25 percent in Quarter 4 of 2019 and by another 25 percent in Quarter 1 of 2020. The sophistication of the attacks has increased alongside their severity. Midler and Shimeall discuss steps and strategies that organizations can adopt to minimize their exposure to the risks and threats associated with ransomware.
2021-02-1632 minSoftware Engineering Institute (SEI) Podcast SeriesApplying Best Practices in Network Traffic AnalysisIn today's operational climate, threats and attacks against network infrastructures have become far too common. Researchers in the SEI's CERT Division work with organizations and large enterprises, many of whom analyze their network traffic data for ongoing status, attacks, or potential attacks. Through this work we have observed both challenges and best practices as these network traffic analysts analyze incoming contacts to the network, including packets traces or flows. In this SEI Podcast, Tim Shimeall and Timur Snoke, both researchers in the SEI's CERT Division, highlight some best practices (and application of these practices) that they have observed in...
2019-02-2722 min
Software Engineering Institute (SEI) Podcast SeriesHow to Be a Network Traffic AnalystTim Shimeall and Timur Snoke, researchers in the SEI's CERT Division, examine the role of the network traffic analyst in capturing and evaluating ever-increasing volumes of network data. "Part of it is the ability to use a wide variety of tools to answer questions about what is happening on the network and to figure out ways to go past inference and supposition and to get facts that can actually provide support for the hypothesis that you're coming up with.
2018-09-1421 min