Rewind, Revisit, Reinforce, Retain with OnDemand - Special Offer Available Now


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Enabling Network Monitoring to Become System Intelligence

  • Thursday, October 09, 2014 at 11:00 AM EDT (2014-10-09 15:00:00 UTC)
  • Graham Speake

You can now attend the webcast using your mobile device!



ICS networks are often compared to an M&M candy - hard on the outside and soft on the inside. A lot of networks also take this analogy further by being like the chocolate center - just one big blob, with no visibility of the structure at all. Monitoring of the network is hardly done at all, and often engineers do not know what is normal (or abnormal) traffic on their network. There have been many instances of malware on control networks, and the recent Dragonfly attacks that target OPC servers is just the latest. The increase in the sophistication of malware targeted at control systems is accelerating and the need to have early detection and warning of this malware is now a necessity. This talk will look at the current state of network monitoring and methods that can be deployed to monitor these networks.

Speaker Bio

Graham Speake

Graham Speake is a control systems cyber security evangelist with over 30 years in the industrial engineering field. Graham is a vice president and chief product architect at NexDefense, he is a SANS trainer and also a subject matter expert to the GIAC Global Industrial Cyber Security Professional (GICSP) certification. Graham has had roles in both end-user companies (BP and Ford Motor Company) as well as industry suppliers (Yokogawa Electric Company and Industrial Control Services Ltd). Prior to NexDefense, Graham was Principal Systems Architect at Yokogawa Electric Corporation, a major supplier of ICS and SCADA equipment. He helped steer the development of security within the Yokogawa products and also to ensure that relevant security certifications such as ISASecure and Achilles were achieved. Before Yokogawa, Graham spent nearly 10 years at BP holding multiple security positions in both the UK and US. The majority of his focus during this time was on securing the critical plants both downstream and upstream (such as refineries, oil platforms, etc.)

Graham has authored and has been a technical editor for a number of books.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.