- Work Areas
Welcome to CERT
New Publications
About CERT
Our mission at the CERT Division is to anticipate and solve the nation's cybersecurity challenges.
- Training
- About Us
Network Situational Awareness (NetSA)
Open Source Tools
Our open source tools help you monitor large-scale networks using flow data.
Network Situational Awareness (NetSA)
SEI Book Series in Software Engineering
Our SEI researchers write books covering software engineering topics for this series of books published by Addison-Wesley Professional.
Network Situational Awareness (NetSA)
Our Take on Network Traffic Data Storage
In our recent blog post and SEI technical report, we explore how to improve network traffic data storage by determining what data to store to meet organizational needs.
Network Situational Awareness (NetSA)
CERT Study on Chinese Cyber Espionage Unit's Infrastructure
An analysis from CERT combines unclassified information and describes a large, malicious network used to steal important information.
Network Situational Awareness (NetSA)
Our Publications
Our publications cover topics such as monitoring networks and analyzing network data, detecting malicious activity, and developing and deploying tools to help you strengthen your networks.
Network Situational Awareness (NetSA)
CERT Is Hiring
Your top-notch skills and knowledge can help us make a difference in our nation’s cybersecurity. Explore our career opportunities today.
Our Mission: We improve network security by identifying and detecting threats early; sharing data in near real time; and playing an active role in providing the knowledge, capability, and capacity to secure and monitor valuable networks.
Achieving network situational awareness depends on an organization's ability to effectively monitor its networks and, ultimately, to analyze that data to detect malicious activity. The CERT Network Situational Awareness (NetSA) group has analyzed hundreds of real-world cases of malicious activity on large, enterprise-scale networks to develop tools and approaches that can help organizations defend their networks from potential attacks.
The CERT NetSA group works to provide broad quantitative insights on network traffic characteristics relevant to the security of the networks involved. This insight ranges from descriptive (What is happening on the network right now? What changed before and after an incident?) to exploratory (What new traffic is appearing on the network? How often does an event happen?) to predictive (If this change is made, what will the impact be? How effective will this kind of additional protection be?). The tools and methods providing this insight are in a constant state of development and improvement. Learn more about our work.
We sponsor the annual FloCon conference.
Our annual network security conference invites operational network analysts, tool developers, researchers, and others to discuss and showcase the next generation of flow-based analysis techniques.
We automate the analysis of large-scale network traffic.
Large networks can generate billions of network transactions each day. Unassisted, network security analysts cannot possibly analyze this volume of data. We develop approaches to automate that analysis and find malicious activity within these huge data sets, and we transition these techniques to our sponsors and the larger network security community.
We develop large-scale, open source tools.
Our open source tools enable organizations to monitor large-scale networks using flow data. These tools grew out of the AirCERT and SiLK projects, and the effort to integrate those projects into a unified, standards-compliant flow collection and analysis platform.Engage with Us
Contact us to learn more about our research, collaborate on new research, seek our help with your critical problems, or provide feedback.
What Is Network Situational Awareness?
Network situational awareness is the systematic gathering, analysis, and interpretation of data from local and remote networks, regarding structure, applications, traffic, and resources to produce actionable information for decision making in network operations and defense.
—Richard Friedberg
Publications & Media
- 05/11/2017 Building Analytics for Network Flow Records Learn how to identify network flow characteristics and metrics that support understanding traffic
- 12/19/2016 Best Practices for Preventing and Responding to Distributed Denial of Service (DDoS) Attacks In this podcast, CERT researcher Rachel Kartch provides an overview of DDoS attacks and best practices for mitigating and responding to them.
- 12/01/2016 Blacklist Ecosystem Analysis: January – June, 2016 This short report provides a summary of the various analyses of the blacklist ecosystem performed to date. It also appends the latest additional data to those analyses; the added data in this report covers the time period from January 1, 2016 through June
- 11/30/2016 Moving Target Defense In this podcast, Andrew Mellinger, a senior software developer in the SEI's Emerging Technology Center discusses work to develop a platform to organize dynamic defenses.
- 08/15/2016 Blacklist Ecosystem Analysis: 2016 Update This white paper, which is the latest in a series of regular updates, builds upon the analysis of blacklists presented in our 2013 and 2014 reports.
Most Recent Blog Posts
FloCon 2015 Presentations Available; FloCon 2016 Program Announced
The presentations from FloCon 2015 are available online. Dates and the venue for FloCon 2016 have been announced.
Learn How to Improve Network Traffic Data Storage
In our recent
blog post and
SEI technical report, we explore how to improve network traffic data storage by determining what data to store to meet organizational needs.
ALTernatives to Signatures (ALTS)
This paper presents the results of a study of non-signature-based approaches to detecting malicious activity in computer network traffic.
CERT Study Examines Chinese Cyber Espionage Unit's Infrastructure
An analysis from CERT, based on data from Mandiant, combines unclassified information and describes a large, malicious network used to steal important information.
- Legal
- Terms of Use
- Privacy Statement
- Intellectual Property
Contact Us