NISlecture 2017/5 (02.06.2017, 12.15-13.00 in K102)
Title: The Modern Cybersecurity Stack: Data-driven Network Monitoring with Bro
Speaker: Robin Sommer, nternational Computer Science Institute (ICSI) in Berkeley, California
Abstract: Faced with today´s sophisticated cyberattacks, classic intrusion detection systems often leave defenders with playing games of whack-a-mole. Offering an alternative, the open-source network security monitor Bro has become a driver behind a recent paradigm shift inside the incident response community: By facilitating data-driven, site-specific network traffic analyses, Bro empowers operators to defend their organizations against a broad range of attacks, from indiscriminate to highly targeted. This talk will recap Bro`s evolution from a niche software developed by a small academic research group into a widely deployed system that`s now protecting some of the world`s largest organizations. We will examine Bro`s scientific foundation, discuss experiences transitioning the system from a research platform to large-scale operational deployment, and present current research efforts that seek to further advance today`s network defense capabilities.
About the Speaker : Robin Sommer is a senior researcher at the International Computer Science Institute (ICSI) in Berkeley, California, where he leads the team developing Bro. He is also the CTO of Corelight, a recent network security startup offering professional Bro solutions to corporations and government organizations. He is furthermore an affiliated researcher at Lawrence Berkeley National Laboratory, where he works with the Lab¹s security team. Robin Sommer holds a doctorate degree from TU München, Germany.