FloCon 2020 has ended
Back To Schedule
Wednesday, January 8 • 2:30pm - 3:00pm
Methods for Testing and Qualifying Analytics

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
This session will describe a process for testing analytics and qualifying them for usage to inform ongoing network defense. The talk starts with a brief discussion of what analytics are and describes some ways in which they fail. A sample analytic is introduced as a running example. Based on this foundation, the talk covers principles for testing analytics in general and the sample analytic in particular. As the principles are introduced, sample testing and results from that testing are provided. The talk concludes with a discussion of what it means to qualify an analytic for use and why such qualification is useful to network defenders.

Attendees Will Learn:
Network analytics have typically been developed and have often been deployed in an on-demand, ad-hoc manner. This has the advantage of timeliness but may lead to reliability and performance issues. This talk discusses how to identify such issues and make informed decisions as to the limitations of a given analytic.

avatar for Timothy Shimeall

Timothy Shimeall

Senior Member of the Technical Staff, CERT Division - SEI/CMU
The only person to make 15 consecutive appearances at FloCon, Tim Shimeall is a Senior Situational Awareness Analyst of the CERT Program at the Software Engineering Institute (SEI). Shimeall is responsible for the development of methods to support decision making in security at and... Read More →

Wednesday January 8, 2020 2:30pm - 3:00pm EST
Regency Ballroom Hyatt Regency Savannah 2 W. Bay Street Savannah GA 31401