Bro NSM in WAN Context
Time 10/16/18 09:00AM-09:50AM
Building out a network security monitor at the speed and scale of a large scientific carrier network is an intricate task. It is also a task that can be accomplished given the right data to guide the endeavor. ESnet has been piloting and expanding the "Bro on the WAN” (BoW) service in an effort to provide better visibility into scan detection, DoS mitigation, and traffic visibility, and to better highlight actionable data. In this talk we will discuss the process involved with prototyping this as an internal service, discuss the data analytics we leveraged to better refine our scope and scale, and explain what lessons were learned along the way.
Speaker Nick Buraglio ESnet (DOE Office of Science - Energy Sciences Network)
Speaker Scott Campbell Lawrence Berkeley National Laboratory (LBNL)
Primary track Information Security
Secondary tracks Advanced Networking