Finding Badness in My 100G Network

Tuesday, May 05 | 12:00PM–1:00PM | Minneapolis Grand Ballroom Salon G, Third Floor
Session Type: Professional Development
The intention of this talk is to equip the audience with knowledge and strategies to operate their own network security monitoring. We will showcase various techniques LBNL is using to monitor its 100Gb link to identify good and malicious activity. We will provide insights into the design decisions of security monitors and how we leverage various frameworks to automate dynamic firewalling capabilities. Network security monitoring is basically finding the proverbial needle in the haystack. This talk will focus on how to look into the right haystack and ways to find that elusive needle.

OUTCOMES: Understand how a large-scale NSM monitoring setup operates * Learn various strategies used to identify good and bad in the network * Learn how to prioritize response-based degrees of "badness" identified * Exchange stories from the battlefield


  • Jay Krous

    Cyber Security, Lawrence Berkeley National Laboratory
  • Vincent Stoffer

    Sr. Director, Product Management, Corelight Inc