2nd Edition

Tracking the trends and news for IT and IT Security

Paul

Netfox Detective: An Alternative Open-Source Packet Analysis Tool

favicon.icoNetfox Detective: An Alternative Open-Source Packet Analysis Tool>
SANS – Johannes Ullrich
Responsible usage of AI is growing extensively since 2017 and 2021 will see expansion fully into the operationalization of AI ethical principles, frameworks, and policies. Operationalization defined as taking principles into useful practice and thus requiring prioritization for businesses. The challenge is focusing on the top initiatives which I will identify in this article.

With more than 300 AI principles, frameworks, policy, and regulatory initiativesâbusinesses must keep current of the top contenders as AI usage grows. The business adoption of AI is 50% or 57% (respectively: McKinsey The State of AI in 2020, BCG/MIT Expanding AIâs Impact with Organizational Learning) and expected penetration more than 80% by 2025 (WEF, Future of Jobs Report 2020).

CB Insights Game Changers 2020 features AI Transparency as one of its 12 categories of game changing innovations and startups to watch. AI transparency providing explainability (how and why AI works) and trustworthiness (framework indicating when and where it can be trusted and by how much). They list 3 startups as leading in this area: Fiddler Labs (explainable AI engine); Kydi (automates regulated business processes); DarwinAI (AI tools providing explainability, trustworthiness assessment, and AI model optimization).

The top considerations and keywords in responsible AI, data governance, and social impact

I recently came across an open-source tool for packet analysis named Netfox Detective [1], developed by the Networked and Embedded Systems Research Group at Brno University of Technology [2]. To showcase some of its features, I mainly used the packet capture created in my previous diary [3]. Firstly, with reference to Figure 1, a workspace needs to be created. As the name implies, the created workspace will contain artifacts such as packet captures or logs that would be analyzed (in this example, I only used network packet captures and did not import any logs). As always, there are strengths and weaknesses in the various tools we use for packet analysis. Netfox Detective can only be installed on Microsoft Windows (Windows Vista SP2 or newer), and supports a smaller subset of protocols as compared to other tools such as WireShark [1]. However, the various tabbed views at Layer 3, 4 and 7, packet visualizations and ability to group related packet captures in a same workspace offers a refreshing perspective for incident handlers to perform their analysis/triage on network packet captures. Moreover, the open-source nature of Netfox Detective allows further enhancements to the tool itself.
Link: https://isc.sans.edu/diary/rss/26950

Categories:

Tags: