Leveraging internal network traffic to detect malicious activity: Lessons learned
Marc Brooks - MITRE
Sep 26, 2012Size: 446.2MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractThe detection of malicious activity can occur at many places within an enterprise. One area that is a natural extension of perimeter based approaches is that of internal network monitoring.
This talk will discuss work done to better detect malicious activity
on an enterprise by monitoring internal network traffic. The state of
the art will be discussed, as well as the limitations inherent in this
monitoring approach. Promising results will be discussed as well as
methods that were not as effective.
About the SpeakerMr. Marc Brooks is a cyber security researcher at the MITRE
corporation, a non-profit organization chartered to work in the public
interest. He is the focal point for the Insider Threat capability
within the Cyber Security Division of the MITRE Corporation. He is
responsible for helping coordinate division support to various Insider
Threat activities, as well as being actively involved in research
activities on the topic.
Mr. Brooks has worked in the defense, intelligence, and law
enforcement communities for more than ten years. Mr. Brooks began his
career at MITRE developing internet based technologies for the Air
Force out of the MITRE Bedford, MA location. Since then, Mr. Brooks
has supported technology research and development within MITRE via its
internal research program, DISA, a DOJ sponsor, and other government
sponsors. Mr. Brooks also served as the chief engineer for the MITRE
Information Analysis and Engineering department, while supporting an
operational Insider Threat program. Mr. Brooks currently works on
research in detecting the advanced cyber threat and malicious
Mr. Brooks has a bachelor's degree in computer science from Amherst
College, a master's in business administration from the University of
Maryland, and is currently earning a PhD in computer science at
George Mason University.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.