Overview
Discover the power of flow analysis in network security through this 30-minute conference talk from Derbycon 2016. Learn about flow data collection, its advantages over PCAP, and how to leverage tools like Elastic Search and Silk for efficient analysis. Explore practical demonstrations including identifying suspicious traffic patterns, analyzing HTTP data, and automating flow analysis processes. Gain insights into setting up a Silk collection architecture, querying and visualizing network data, and utilizing advanced features for threat detection. Walk away with valuable knowledge on implementing cost-effective flow analysis techniques to enhance your organization's cybersecurity posture.
Syllabus
Intro
Charity
What is Flow Data
Flow Data vs PCAP
Flow Data Summary
How to Collect Flow Data
Pros of Log Solutions
Elastic Search vs Silk
Get Started with Flow Analysis
What is Silk
Silk Collection Architecture
Installing Silk
Silk Demo
Chicken Brine
Cheetos
Flow Back
Chinese IP Addresses
Query Builder
Sorting Data
Interactive Data
Stats
Port Data
HTTP Traffic
PCAP Traffic
Flow Automation
Asset Plotter
Documentation
Giveaway