Behavioral Analysis from DNS and Network Traffic

Presented at DeepSec 2016 „Ten“, Unknown date/time (Unknown duration)

Multiple methods exist for detecting malicious activity in a network, including intrusion detection, anti-virus and log analysis. But the majority of these use signatures, looking for already known events and they typically require some level of human intervention and maintenance. However,using behavioral analysis, it's possible to observe and create a baseline of average behavior on a network, enabling intelligent notification of anomolous activity. This talk will demonstrate methods of performing this activity in any environment. Attendees will learn new methods which they can apply to further monitor and secure their networks.

Presenters:

• Josh Pyorre - OpenDNS/Cisco
  Josh is a security researcher with OpenDNS. Previously, he worked as a threat analyst with NASA, where he was part of the team to initially help build out the Security Operations Center. He has also done some time at Mandiant. His professional interests involve network, computer and data security with a goal of maintaining and improving the security of as many systems and networks as possible. Josh hosts a podcast looking at the most notable topics in security. It's called Root Access. http://rootaccesspodcast.com

Links:

• https://deepsec.net/archive/2016.deepsec.net/speaker.html#PSLOT266
• https://infocon.org/cons/DeepSec/DeepSec 2016/Behavioral Analysis from DNS and Network Traffic.mp4

Similar Presentations:

• ShmooCon XV (2019) / Five-sigma Network Events (and how to find them)
• BSidesLV 2017 / Behavioral Analysis from DNS and Network Traffic