Network Monitoring and Detection
Modern enterprise security faces many challenges. First, and by far the most fundamental is the lack of visibility; Network data can be easily accessed if you only knock on the right doors; a bit of tcpdump and grep can take you a long way. What data resides inside network traffic? Can files be extracted? How to perform various forms of statistical analysis, fingerprint operating systems and applications, hunt user sessions, detect malware, dynamically analyze suspicious code, parse application layer protocols, fingerprint attacks and write your own intrusion detection rules... Knowing your network will get you a step closer towards owning it.