Intrusion Detection Through Relationship Analysis, A SANS Technology Institute Masters Degree Presentation

  • Webcast Aired Wednesday, 14 Jun 2017 3:30PM EDT (14 Jun 2017 19:30 UTC)
  • Speaker: Patrick Neise

Combining the power of existing'tools and techniques with emerging technologies can provide defenders with new insights into the volumes of data required for analysis.'tools such as Bro, a network analysis framework, and neo4j, a native graph database that is built to examine data and its relationships can provide the ability to rapidly detect anomalous behavior within the network while the Docker containerization platform can provide the ability to quickly produce a repeatable data pipeline for data analysis.'this talk will discuss the tools and techniques that can assist defenders in extracting relevant network information, creating the data model within a graph database, and querying the resulting data to identify potential malicious activity.