In October I had the honor of speaking at the Lancope Vision
conference about my experience in network segmentation. I have spent the last few months establishing
a program to segment a very large network.
It is based heavily on netflow and algorithmic identification of where
enclaves should be. I have finally
cleaned up the slides for publishing.
Please read the notes along with each slide as they will be hard to
understand otherwise.
Since giving the talk, I have done additional work. I am currently working on other methods for
cluster creation as well as identifying the interactions between clusters to help
identify groupings of hosts. This all
also eventually leads to algorithmic profiling of a network, predominantly the
legitimate usage. The profiling
algorithms could then easily be run against packet captures of malicious
network traffic and new traffic compare to both the legitimate and malicious
profiles to identify malice on a network.
This work is still ongoing.
Nice article ! rpa training
ReplyDelete