Wednesday, April 6, 2011


As the world awakens to the need for network monitoring, training will be an area we'll need to take a look at and put some effort into. The threat against us and the operational challenges confronting us are real. The network traffic analysis skill set, once an obscure, niche skill set, will need to be something we can rapidly imbue cyber security professionals with. There are a few challenges here:
  1. There isn't a great deal of literature/background reading on the topic
  2. There aren't specialized training classes that a cyber security professional can enroll in to gain this skill set per se
  3. It turns out that it's often quite hard to do analysis for a number of reasons (reference an earlier post entitled "Making Analysis About Analysis").
For point 1, I'm looking to my recent ISSA Journal article, along with articles (past, present, and future) from others in the field to form the beginnings of a knowledge base for the industry. I envision this knowledge base growing over time to provide the necessary background material for those new to the network monitoring field.

Regarding point 2, I'm hoping that the various different cyber security training institutions/organizations that exist will begin to form curricula around the topic of network monitoring/network traffic analysis. I see this as necessary, since those organizations have trained and will continue to train a large number of professionals in the field.

On point 3, I'm looking to technology to help address this point. There are emerging products and technologies that will help address this point by providing an analytical platform upon which network monitoring/network traffic analysis techniques can be developed without all the frustrations of "fighting with the data" that are commonplace today.

There is some work that we as a community need to do here. I am optimistic that we will together rise to the challenge. The time has come to get to work.

No comments:

Post a Comment