"Netflow in the Era of EDR and Cloud: Helicopter Parenting for Your Network"
As opportunities for network data collection increase and usage patterns change, "network parenting" methods must evolve. People continue to make mistakes despite well-defined security policies, technical safeguards, and extensive user education, and adversaries continue to be successful. According to Daniel Ruef, a researcher with Carnegie Mellon Software Engineering Institute's (SEI) Computer Emergency Response Team (CERT) Division, using the perspective of a Security Operations Center (SOC) treating their network as children for which they are responsible, aspects of parenting can be applied to determine uses of monitored data to build greater situational awareness. This article continues to discuss the importance of listening to one's network, the role of Endpoint Detection and Response (EDR) data, tailoring analytics to the cloud, and the need for real-time streaming data analysis.