Here is a case study with Vnet Security’s Paul A. Henry, a senior certified SANS instructor who explains how using CloudShark in his coursework has made network security education faster and clearer for his students.
The Challenge: Helping Students Navigate the Deep and Complex World of Packets
If anyone knows that network security isn’t easy, it’s Paul A. Henry, head of Vnet Security, LLC. When he’s not on the front lines assistance in network / virtualization security, incident response and digital forensic investigations around the world, Paul does his best to fill the gap of network security knowledge as a senior certified SANS instructor. His classes cover everything from the basics, to advanced forensics and incident response, to VoIP security.
Critical to this educational process are the use of packet captures. However, getting students to be able to easily understand them using complex and dedicated software like Wireshark can become unwieldy.
“While Wireshark is certainly the standard, analysis is difficult, especially for new users, and some of the graphical analysis tools are difficult to read,” said Paul. “I wanted a way to make understanding network traffic flows quick and simple.”
The Solution: Using CloudShark in the SANS Classroom
“Getting students to do analysis of pcap files in CloudShark is just easier,” said Paul. “The graphics rock and clearly present the relevant data to students in an easy to understand format.”
CloudShark’s repository was also a key benefit. “I also don’t need to rely on distributing the capture files to all of my students,” said Paul. “I can keep them in one place and add notes directly in the capture to guide the coursework.”
A Complete Solution for pcaps in Network Forensics - Inside and Outside the Classroom
With Vnet Security, LLC, Paul also acts as an experienced specialist for incident response and forensics. CloudShark has helped him in this significantly. “Passing around pcaps and downloading them from the cloud to do local analysis is tedious,” said Paul. “Doing this in CloudShark is much faster - speed was a huge factor and was the first consideration in using CloudShark. That and the clarity of analysis made it an easy choice.”