Today's cyberattacks are much more complex than they were in the "good old days" just a few years ago. Driven by highly skilled attackers and an emerging underground market, their detection requires sophisticated network monitoring that digs deep into the semantics of a site's traffic. In this talk, I discuss our research on scaling in-depth network security monitoring to the needs of some of the fastest networks around. The platform for much of this work is Bro, an open-source intrusion detection system that our group has been developing for almost two decades now, and that today supports operations at major universities, research labs, supercomputing centers, and Fortune 20 companies. By bridging the traditional gap between academia and the operations community, Bro has successfully transitioned many scientific results into practice, while keeping to stimulate novel research directions driven by operational needs.
Robin Sommer is a Senior Researcher at the International Computer Science Institute, Berkeley, and he is also a member of the cyber-security team at the Lawrence Berkeley National Laboratory. He is leading Bro's development team, and he is a co-founder of Broala, a recent start-up offering professional Bro services to corporations and government. Robin's research focuses on network security and privacy, with a particular emphasis on high-performance network monitoring in operational settings. His professional activities include serving as General Chair for the 2013 IEEE Security & Privacy Symposium, and as Program Chair for RAID 2011. Robin Sommer received a doctorate from TU München, Germany.