Speakers Charles Herring Converge Conference DetroitSignature detection of attacks require an understanding of what is bad. Advanced attackers craft innovative and patient attacks that create a new brand of bad that has no signature. In this session, we will review how real-world breaches in 2013 & 2014 were detected by looking at traffic deviating from normal patterns via metadata/NetFlow analysis.