55 lines
3.8 KiB
Markdown
55 lines
3.8 KiB
Markdown
Status:: First Pass - no commitee
|
||
|
||
-
|
||
- 
|
||
- **Review**
|
||
- **Technical Innovation **
|
||
* [ ] 1 - Routine work, untested technical work or impractical idea
|
||
* [ ] 2 - Good work, not particularly novel, akin to a routine evolution of existing technologies
|
||
* [ ] 3 - Good technical work with some novel features described
|
||
* [x] 4 - Very innovative technical work that demonstrates clear thought leadership for HPE
|
||
* [ ] 5 - Clearly a breakthrough with significant technical innovation
|
||
- **Business Impact**
|
||
* [ ] 1 - Impractical idea; limited business value
|
||
* [ ] 2 - Good work, but with limited direct or indirect business value, no clear path to capture business value+
|
||
* [ ] 3 - Moderate business impact that merits further assessment
|
||
* [ ] 4 - Work will provide HPE with valuable and meaningful differentiation in the market
|
||
* [x] 5 - Clearly and significant impacts HPE’s business, opens new market opportunities
|
||
- **Clarity of Presentation**
|
||
* [ ] 1 - Difficult to understand; confusing; incomplete description; very short
|
||
* [ ] 2 - Hard to follow; uses unfamiliar terminology or acronyms; missing important data
|
||
* [ ] 3 - Understandable but lacking some relevant information
|
||
* [ ] 4 - Clear and logical; some important information is missing or unclear
|
||
* [x] 5 - Very clearly described; logical flow; well supported with practical results and proof points
|
||
- **Overall Recommendation**
|
||
* [ ] 1 - Reject
|
||
* [ ] 2 - Weak Reject
|
||
* [ ] 3 - Weak Accept
|
||
* [ ] 4 - Accept
|
||
* [x] 5 - Strong Accept
|
||
- **Suggested Presentation Style**
|
||
*What type of presentation do you recommend for this submission?*
|
||
* [x] Formal Session
|
||
* [ ] Poster Session
|
||
* [ ] Not recommended for presentation
|
||
- **Favorite**
|
||
* [ ] No
|
||
* [x] Yes
|
||
- **Reviewer Confidence**
|
||
* [ ] 1 - No confidence - I am not qualified to pass judgement on this submission
|
||
* [ ] 2 - Low confidence - I do not have enough experience in this area to make a definitive decision on this submission
|
||
* [ ] 3 - Somewhat confident - I have a reasonable understanding of this research area
|
||
* [ ] 4 - Confident - I have considerable confidence in my review and understanding of this work
|
||
* [x] 5 - Very Confident - I am confident in my review and understanding of the work
|
||
- **Comments for the Authors**
|
||
*Provide constructive comments to the author(s).*
|
||
- The author(s) present a very well structured paper that clearly articulates the challenge and the solution in an easy to follow manner, while still providing significant detail.
|
||
- The challenge outlined by the author(s) relates to the east-west attack vector of networks and the issues related to protecting a complex (and ever changing) environment. The solution described essentially monitors network flows for deviations from a measured baseline and can pro-actively mitigate the unexpected flow and notify the admin.
|
||
- While all such approaches have the potential for false-positives, the inclusion of the VMware tag data adds a good second level of confidence.
|
||
- It's not stated in the paper directly, but it would be good if there was an option to tell the system that "I'm adding a new DB to App1, expect new flows" to avoid erroneously blocking a valid flow.
|
||
- Additionally, since we are reading the VMware tags, could we also add a key with a priv-key signed value to authenticate the system? I would envision that as a hash of common variables unique to the device/VM that could prove it's authorized to be a member of the App1 flow group.
|
||
- Finally, it would be interesting to see how the flow assessment changes for non-VM/non-tagged resources.
|
||
- **Comments for the Program Committee (authors will not see these comments)**
|
||
*Provide comments to the PC (if any) that should not be shared with the author(s).*
|
||
- <PLACEHOLDER>
|
||
- |