Congratulations to our summer interns Emily Sann, Heather DeVal and Luke Roepe on winning SIPS 2019! The Summer Intern Presentation Showcase (SIPS), is an AFCEA Central Maryland sponsored event that invites the next generation of technical professionals present their summer projects in front of a diverse audience and compete against other companies for cash prizes towards their college expenses.
Team ESI presented “Packet Patrol” on Monday, August 5th at the SIPS event and won Best Overall Presentation! The excerpt below is a description of their winning project. As Emily, Heather and Luke wrap up their summer internship with us, we congratulate them on all of their hard work this summer. We also are excited to welcome Heather as a part-time employee!
With the expanding use of network technology in our daily lives, there is an ever increasing need for protection from cybersecurity threats. Among the various cyber threats, a serious and often overlooked vulnerability is the malicious use of the Domain Name System (DNS). The DNS protocol is a fundamental part of the Internet, translating human readable domains (e.g. google.com) into IP addresses for use in networking applications. Because of its ubiquity, necessity, and inability to carry large amounts of data, DNS traffic is often ignored when considering network security.
PacketPatrol is a cyber-defense capability that targets malicious usage of the DNS protocol. PacketPatrol harnesses the power of machine learning to detect and report abusive behavior on a customer’s network for eventual analysis and remediation. Through the use of Docker containers and Kubernetes cluster management via Rancher, PacketPatrol is able to manage and deploy its algorithms quickly. This provides a customer with the flexibility to tailor PacketPatrol to the risk profile of their network, and allows defenders to quickly respond to changing circumstances. This project also combines InfluxDB (a time series database) with Grafana (visualization software), to provide the customer with real-time monitoring and alerting capability.