The detection of malicious activity can occur at many places within an enterprise. One area that is a natural extension of perimeter based approaches is that of internal network monitoring. This talk will discuss work done to better detect malicious activityon an enterprise by monitoring internal network traffic. The state ofthe art will be discussed, as well as the limitations inherent in thismonitoring approach. Promising results will be discussed as well asmethods that were not as effective. About the speaker: Mr. Marc Brooks is a cyber security researcher at the MITREcorporation, a non-profit organization chartered to work in the publicinterest. He is the focal point for the Insider Threat capabilitywithin the Cyber Security Division of the MITRE Corporation. He isresponsible for helping coordinate division support to various InsiderThreat activities, as well as being actively involved in researchactivities on the topic.Mr. Brooks has worked in the defense, intelligence, and lawenforcement communities for more than ten years. Mr. Brooks began hiscareer at MITRE developing internet based technologies for the AirForce out of the MITRE Bedford, MA location. Since then, Mr. Brookshas supported technology research and development within MITRE via itsinternal research program, DISA, a DOJ sponsor, and other governmentsponsors. Mr. Brooks also served as the chief engineer for the MITREInformation Analysis and Engineering department, while supporting anoperational Insider Threat program. Mr. Brooks currently works onresearch in detecting the advanced cyber threat and maliciousinsiders.Mr. Brooks has a bachelor's degree in computer science from AmherstCollege, a master's in business administration from the University ofMaryland, and is currently earning a PhD in computer science atGeorge Mason University.