3.8 KiB
3.8 KiB
Status:: First Pass - no commitee
- Review
- **Technical Innovation **
- 1 - Routine work, untested technical work or impractical idea
- 2 - Good work, not particularly novel, akin to a routine evolution of existing technologies
- 3 - Good technical work with some novel features described
- 4 - Very innovative technical work that demonstrates clear thought leadership for HPE
- 5 - Clearly a breakthrough with significant technical innovation
- Business Impact
- 1 - Impractical idea; limited business value
- 2 - Good work, but with limited direct or indirect business value, no clear path to capture business value+
- 3 - Moderate business impact that merits further assessment
- 4 - Work will provide HPE with valuable and meaningful differentiation in the market
- 5 - Clearly and significant impacts HPE’s business, opens new market opportunities
- Clarity of Presentation
- 1 - Difficult to understand; confusing; incomplete description; very short
- 2 - Hard to follow; uses unfamiliar terminology or acronyms; missing important data
- 3 - Understandable but lacking some relevant information
- 4 - Clear and logical; some important information is missing or unclear
- 5 - Very clearly described; logical flow; well supported with practical results and proof points
- Overall Recommendation
- 1 - Reject
- 2 - Weak Reject
- 3 - Weak Accept
- 4 - Accept
- 5 - Strong Accept
- Suggested Presentation Style
What type of presentation do you recommend for this submission?
- Formal Session
- Poster Session
- Not recommended for presentation
- Favorite
- No
- Yes
- Reviewer Confidence
- 1 - No confidence - I am not qualified to pass judgement on this submission
- 2 - Low confidence - I do not have enough experience in this area to make a definitive decision on this submission
- 3 - Somewhat confident - I have a reasonable understanding of this research area
- 4 - Confident - I have considerable confidence in my review and understanding of this work
- 5 - Very Confident - I am confident in my review and understanding of the work
- Comments for the Authors
Provide constructive comments to the author(s).
- The author(s) present a very well structured paper that clearly articulates the challenge and the solution in an easy to follow manner, while still providing significant detail.
- The challenge outlined by the author(s) relates to the east-west attack vector of networks and the issues related to protecting a complex (and ever changing) environment. The solution described essentially monitors network flows for deviations from a measured baseline and can pro-actively mitigate the unexpected flow and notify the admin.
- While all such approaches have the potential for false-positives, the inclusion of the VMware tag data adds a good second level of confidence.
- It's not stated in the paper directly, but it would be good if there was an option to tell the system that "I'm adding a new DB to App1, expect new flows" to avoid erroneously blocking a valid flow.
- Additionally, since we are reading the VMware tags, could we also add a key with a priv-key signed value to authenticate the system? I would envision that as a hash of common variables unique to the device/VM that could prove it's authorized to be a member of the App1 flow group.
- Finally, it would be interesting to see how the flow assessment changes for non-VM/non-tagged resources.
- Comments for the Program Committee (authors will not see these comments)
Provide comments to the PC (if any) that should not be shared with the author(s).
- **Technical Innovation **
