Status:: First Pass - no commitee - - ![611.pdf](../assets/611_1725987651480_0.pdf) - **Review** - **Technical Innovation ** * [ ] 1 - Routine work, untested technical work or impractical idea * [ ] 2 - Good work, not particularly novel, akin to a routine evolution of existing technologies * [ ] 3 - Good technical work with some novel features described * [x] 4 - Very innovative technical work that demonstrates clear thought leadership for HPE * [ ] 5 - Clearly a breakthrough with significant technical innovation - **Business Impact** * [ ] 1 - Impractical idea; limited business value * [ ] 2 - Good work, but with limited direct or indirect business value, no clear path to capture business value+ * [ ] 3 - Moderate business impact that merits further assessment * [ ] 4 - Work will provide HPE with valuable and meaningful differentiation in the market * [x] 5 - Clearly and significant impacts HPE’s business, opens new market opportunities - **Clarity of Presentation** * [ ] 1 - Difficult to understand; confusing; incomplete description; very short * [ ] 2 - Hard to follow; uses unfamiliar terminology or acronyms; missing important data * [ ] 3 - Understandable but lacking some relevant information * [ ] 4 - Clear and logical; some important information is missing or unclear * [x] 5 - Very clearly described; logical flow; well supported with practical results and proof points - **Overall Recommendation** * [ ] 1 - Reject * [ ] 2 - Weak Reject * [ ] 3 - Weak Accept * [ ] 4 - Accept * [x] 5 - Strong Accept - **Suggested Presentation Style** *What type of presentation do you recommend for this submission?* * [x] Formal Session * [ ] Poster Session * [ ] Not recommended for presentation - **Favorite** * [ ] No * [x] Yes - **Reviewer Confidence** * [ ] 1 - No confidence - I am not qualified to pass judgement on this submission * [ ] 2 - Low confidence - I do not have enough experience in this area to make a definitive decision on this submission * [ ] 3 - Somewhat confident - I have a reasonable understanding of this research area * [ ] 4 - Confident - I have considerable confidence in my review and understanding of this work * [x] 5 - Very Confident - I am confident in my review and understanding of the work - **Comments for the Authors** *Provide constructive comments to the author(s).* - The author(s) present a very well structured paper that clearly articulates the challenge and the solution in an easy to follow manner, while still providing significant detail. - The challenge outlined by the author(s) relates to the east-west attack vector of networks and the issues related to protecting a complex (and ever changing) environment. The solution described essentially monitors network flows for deviations from a measured baseline and can pro-actively mitigate the unexpected flow and notify the admin. - While all such approaches have the potential for false-positives, the inclusion of the VMware tag data adds a good second level of confidence. - It's not stated in the paper directly, but it would be good if there was an option to tell the system that "I'm adding a new DB to App1, expect new flows" to avoid erroneously blocking a valid flow. - Additionally, since we are reading the VMware tags, could we also add a key with a priv-key signed value to authenticate the system? I would envision that as a hash of common variables unique to the device/VM that could prove it's authorized to be a member of the App1 flow group. - Finally, it would be interesting to see how the flow assessment changes for non-VM/non-tagged resources. - **Comments for the Program Committee (authors will not see these comments)** *Provide comments to the PC (if any) that should not be shared with the author(s).* - -