CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
CERIAS Logo
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Leveraging internal network traffic to detect malicious activity: Lessons learned

Marc Brooks

Marc Brooks - MITRE

Sep 26, 2012

Size: 446.2MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube

Abstract

The detection of malicious activity can occur at many places within an enterprise. One area that is a natural extension of perimeter based approaches is that of internal network monitoring.

This talk will discuss work done to better detect malicious activity
on an enterprise by monitoring internal network traffic. The state of
the art will be discussed, as well as the limitations inherent in this
monitoring approach. Promising results will be discussed as well as
methods that were not as effective.

About the Speaker

Mr. Marc Brooks is a cyber security researcher at the MITRE
corporation, a non-profit organization chartered to work in the public
interest. He is the focal point for the Insider Threat capability
within the Cyber Security Division of the MITRE Corporation. He is
responsible for helping coordinate division support to various Insider
Threat activities, as well as being actively involved in research
activities on the topic.

Mr. Brooks has worked in the defense, intelligence, and law
enforcement communities for more than ten years. Mr. Brooks began his
career at MITRE developing internet based technologies for the Air
Force out of the MITRE Bedford, MA location. Since then, Mr. Brooks
has supported technology research and development within MITRE via its
internal research program, DISA, a DOJ sponsor, and other government
sponsors. Mr. Brooks also served as the chief engineer for the MITRE
Information Analysis and Engineering department, while supporting an
operational Insider Threat program. Mr. Brooks currently works on
research in detecting the advanced cyber threat and malicious
insiders.

Mr. Brooks has a bachelor's degree in computer science from Amherst
College, a master's in business administration from the University of
Maryland, and is currently earning a PhD in computer science at
George Mason University.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52, West Lafayette Campus. More information...

Disclaimer

The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.