Behavioral Analysis using DNS, Network Traffic and Logs

Multiple methods exist for detecting malicious activity in a network, including intrusion detection, anti-virus, and log analysis. However, the majority of these use signatures, looking for already known events and they typically require some level of human intervention and maintenance. Using behavioral analysis methods, it may be possible to observe and create a baseline of average behavior on a network, enabling intelligent notification of anomalous activity. This talk will demonstrate methods of performing this activity in different environments. Attendees will learn new methods which they can apply to further monitor and secure their networks Josh is a security researcher with OpenDNS/Cisco Umbrella. He's worked as a threat analyst at NASA, where he was part of the team that built the NASA Security Operations Center. He has also done some time at Mandiant. His professional interests involve network, computer and data security with a goal of maintaining and improving the security of as many systems and networks as possible. Josh has presented at Defcon, B Sides Austin, Chicago, San Francisco, Los Angeles and Vienna, Source Boston, Source Seattle, Derbycon, InfoSecurity World, DeepSec Vienna and Qbit Prague. He hosts a podcast: rootaccesspodcast.com