FloCon 2020 has ended
Back To Schedule
Wednesday, January 8 • 3:00pm - 5:00pm
Demo & Poster Session

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Posters and concepts related to the FloCon 2020 theme, "Using Data to Defend," will be presented during this session. Our sponsors will also be on hand to provide demonstrations and answer questions about their products and services.

Presentations Include:
Network Traffic Analysis with SiLK 
Timothy Shimeall; Senior Member of the Technical Staff, CERT Division - Software Engineering Institute
Nancy Ott; Senior Technical Writer/Editor, Software Engineering Institute
Previous revisions to the SiLK Analysts' Handbook, "Network Traffic Analysis with SiLK", shifted the focus from individual tools in the SiLK tool suite to the perspective of network traffic analysts. As such, the handbook is organized according to a workflow for analysts to follow when investigating network activity and anomalies. The analytical thought processes outlined in the new version of this handbook apply to any type of general security analysis. This handbook offers insight on how to think through the problems, address them, and apply the methodology to analysis of network flow or other data.

The new 2019 revision of the handbook (copies available at this session) offers additional content, including case studies exploring possible data leakage, using the new aggregate bag structures to track incoming and outgoing data volumes as paired data, and tips to speed analyses using the SiLK tool suite. Presenters Timothy Shimeall and Nancy Ott (two of the guide's co-authors) will also be gathering feedback from FloCon attendees about content for the upcoming 2020 revision to the Analysts' Handbook. Your input will inform and help to prioritize work on the next update of this guide!

Large-Scale Indicator Caches using Analysis Pipeline and the Elastic Stack
Dillon Lareau; Software Engineer, CERT Division - Software Engineering Institute
Anusha Sinha; Assistant Software Engineer, CERT Division - Software Engineering Institute
Indicator caches make it quicker and easier to find the presence of specific indicators in flow traffic, such as IP addresses or domain names. Indicator caches also make it possible to later associate those cache records with specific flow data without having to perform expensive searches of the actual repository. We developed and tested a system to generate and search these indicator caches using Analysis Pipeline, Logstash, Elasticsearch, and Kibana that is able to handle over 40 Billion flows per day.

avatar for Timothy Shimeall

Timothy Shimeall

Senior Member of the Technical Staff, CERT Division - SEI/CMU
The only person to make 15 consecutive appearances at FloCon, Tim Shimeall is a Senior Situational Awareness Analyst of the CERT Program at the Software Engineering Institute (SEI). Shimeall is responsible for the development of methods to support decision making in security at and... Read More →
avatar for Nancy Ott

Nancy Ott

Senior Technical Writer/Editor, Carnegie Mellon University - Software Engineering Institute
Nancy Ott is a Senior Technical Writer/Editor at Carnegie Mellon University's Software Engineering Institute. She's been writing about highly technical products for longer than she cares to admit.  Before joining SEI, Nancy worked for Carnegie Mellon University's National Robotics... Read More →
avatar for Dillon Lareau

Dillon Lareau

Software Engineer, CERT Division - Software Engineering Institute
Dillon Lareau is a Software Engineer in the CERT division of Carnegie Mellon University’s Software Engineering Institute. As the current lead developer for Analysis Pipeline, Dillon works to help monitor and defend large networks using software. Dillon holds Bachelor of Science... Read More →
avatar for Anusha Sinha

Anusha Sinha

Assistant Software Engineer, CERT Division - Software Engineering Institute
Anusha Sinha is a Software Engineer in the CERT division of Carnegie Mellon University's Software Engineering Institute. She began working at CERT in 2018 and has contributed to the design and development software used to monitor and defend large networks. Anusha holds a Bachelor... Read More →

avatar for Anomali


The Anomali suite of threat intelligence solutions empowers organizations to detect, investigate and respond to active cybersecurity threats. The award-winning ThreatStream threat intelligence platform aggregates and optimizes millions of threat indicators, creating a “cyber no-fly... Read More →
avatar for Cisco Umbrella

Cisco Umbrella

As the industry’s first Secure Internet Gateway in the cloud, Cisco Umbrella provides the first line of defense against threats on the internet. Because Umbrella is delivered from the cloud, it is the easiest way to protect all of your users in minutes.
avatar for CounterFlow AI

CounterFlow AI

CounterFlow AI is driven by a veteran team of data scientists and network security enthusiasts who are dedicated to building solutions that protect and defend some of the largest and most complex enterprise networks in the world. The team behind the technology includes experts who... Read More →
avatar for NetQuest Corporation

NetQuest Corporation

Since its inception in 1987, NetQuest Corporation has provided innovative signals intelligence (SIGINT) and network monitoring solutions to customers around the world. Today, NetQuest is a proven leader in the cyber intelligence community.The company’s product history in monitoring... Read More →
avatar for Suricata


Suricata is a free and open source, mature, fast and robust network threat detection engine.The Suricata engine is capable of real time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM) and offline pcap processing.Suricata inspects the... Read More →

Wednesday January 8, 2020 3:00pm - 5:00pm EST
Scarbrough Ballroom