Leveraging internal network traffic to detect malicious activity: Lessons learned

Page Content

Marc Brooks

Marc Brooks - MITRE

Sep 26, 2012

Size: 446.2MB

Download: Video Icon MP4 Video   Flash Icon Watch in your Browser (Flash Required)  

Abstract

The detection of malicious activity can occur at many places within an enterprise. One area that is a natural extension of perimeter based approaches is that of internal network monitoring.

This talk will discuss work done to better detect malicious activity
on an enterprise by monitoring internal network traffic. The state of
the art will be discussed, as well as the limitations inherent in this
monitoring approach. Promising results will be discussed as well as
methods that were not as effective.

About the Speaker

Mr. Marc Brooks is a cyber security researcher at the MITRE
corporation, a non-profit organization chartered to work in the public
interest. He is the focal point for the Insider Threat capability
within the Cyber Security Division of the MITRE Corporation. He is
responsible for helping coordinate division support to various Insider
Threat activities, as well as being actively involved in research
activities on the topic.

Mr. Brooks has worked in the defense, intelligence, and law
enforcement communities for more than ten years. Mr. Brooks began his
career at MITRE developing internet based technologies for the Air
Force out of the MITRE Bedford, MA location. Since then, Mr. Brooks
has supported technology research and development within MITRE via its
internal research program, DISA, a DOJ sponsor, and other government
sponsors. Mr. Brooks also served as the chief engineer for the MITRE
Information Analysis and Engineering department, while supporting an
operational Insider Threat program. Mr. Brooks currently works on
research in detecting the advanced cyber threat and malicious
insiders.

Mr. Brooks has a bachelor's degree in computer science from Amherst
College, a master's in business administration from the University of
Maryland, and is currently earning a PhD in computer science at
George Mason University.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52, West Lafayette Campus. More information...

© 1999-2013 Purdue University. All rights reserved.

Use/Reuse Guidelines

CERIAS Seminar materials are intended for educational, non-commercial use only and any or all commercial use is prohibited. Any use must attribute "The CERIAS Seminar at Purdue University." Opinions expressed in the recordings are not necessarily representative of the views of CERIAS or of Purdue University.