Network Traffic Analysis and the ATT&CK Framework

Presented by

Stephen H Campbell, Risk and Controls Analyst, eosedge Legal

About this talk

The internet has enabled the perpetration of crimes at huge distances with impunity. But defenders can inspect network traffic for signs of malicious activity and where it originates. This session examines how we can use the MITRE ATT&CK framework to codify and share intelligence on attacker behaviors derived from network traffic analysis. We will look at how traffic is collected, stored and analyzed. We provide an overview of tools for analysis of network packets and flows, and explain how these tools can help us identify the malicious use of non-standard protocols, protocol abuse, tunneling, port scanning, lateral movement, command and control, and data ex-filtration. We will also discuss automated detection of suspicious traffic using signature-based, behavior-based, rule-based, and anomaly-based algorithms. Finally, we will introduce Security Onion, a Linux distro similar to Kali Linux, but for defenders.

Related topics:

More from this channel

Upcoming talks (19)
On-demand talks (3501)
Subscribers (180273)
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.