24
November
2025

Events TechEX

What Are the Newest Tools Available for Network Security Detection? Find Out at TechEX25

Subscribe for more like this

Share

By Iain Oldman - Copywriter - Content Marketing, Internet2

Estimated reading time: 5 minutes

Learn how machine learning (and other useful tools) can help you secure your network.

It’s no secret that research and higher education network security teams must always stay on their toes.

Even if you’ve built a robust security system, hackers will use tools to probe your systems and networks to see how your defenses react. 

One of the most effective ways to stay ahead of these bad actors is to build more advanced detection mechanisms.

At the 2025 Internet2 Technology Exchange, you can learn how the information security team at Rensselaer Polytechnic Institute (RPI) built advanced alerting to catch attackers as early as possible.

TechEX25 square graphic badge.

Shawn Minarik, security systems architect, and Dale Tuttle, security systems engineer, from RPI, lead the session “Building Alerting & Response Automation” at TechEX25 on Dec. 9 from 11:20 a.m. to 12:10 p.m. 

“Our session covers how to build alerts and then use them to trigger an automated response,” said Shawn. “We generate alerts, use a webhook to pass them to an internally developed system, and handle the automation there.”

With TechEX25 only a few weeks away, Shawn and Dale gave a preview of their session by answering a series of questions, providing insight into the knowledge and tools attendees will gain.

Dale Tuttle headshot photo.

Dale Tuttle
Security Systems Engineer
Rensselaer Polytechnic Institute

Are there other sessions at TechEX that you’re excited to attend?

I’ll be checking out “MFA Hardening” and the Shibboleth project update from the Shibboleth Consortium, as well as “Custom Exploration Validation for Budget-Conscious Blue Teams” by Caeland Garner and the Zero Trust session led by Jon Young and Charles Nutall.

Shawn Minarik headshot photo.

Shawn Minarik
Security Systems Architect
Rensselaer Polytechnic Institute

Are there other sessions at TechEX that you’re excited to attend?

I’m interested in “Key Lessons from Years of Penetration Testing” by Kyle Enlow and “Ransomware in Higher Education” by Sarah Bigham.

What are some of the ways you have leveraged machine learning in your systems and network detection efforts?


Shawn: We use machine learning to detect anomalies in our web access logs, nginx, Apache, and Tomcat. We generate alerts for abnormal user agents, excessive 5xx response codes, infrequently accessed paths, and a high number of SSL requests based on the server name in the SSL cert.

What are some of the key points you will cover in your session?


Shawn: Some of the key points in our session include:
– Best practices that we find to be relatively easy to implement, and provide a good increase in security
– Alerts we find the most useful
– How we create our alerts
– How we use machine learning to generate some of the alerts we use for our automation
– How we built our automation while not spending an excessive amount of our budget

Dale: I’ll add that we will also cover:
– Building alerts in our environment after running various common pentest tools
– Suggestions on alerts to build for AD/O365/Entra/Azure/Web logs
– Using machine learning to look for web scanners

What are some takeaways you want attendees to walk away with after your session?


Shawn: We will be giving out a physical printout — a cheatsheet of sorts — for most of the alerts we have set up. That will include actual event codes and key things to look for, so attendees can take something back to their institutions or organizations and implement it quickly. 

I always want to make sure that there are actual takeaways and examples of what we did and how, so that someone else can replicate it and make it fit their systems. 

I also want attendees to take home that this is a process. It is not quick. It takes a lot of time, and no one tool will solve all of your problems. 

Dale: We want attendees to leave our presentation with ideas they can implement themselves. The tools we suggest don’t need to be run only by a pentester; they should be part of your overall security strategy.

What is your #1 piece of advice for your colleagues about creating alerts within their systems?


Shawn: Validate that your alerts are working by running tools you know should trigger them. Make sure that during your yearly pentest, which we are all supposed to do, they trigger on what the pentester is doing. If not, communicate with the tester and adjust as needed.

Dale: Test your alerts because things can change. 

I found in my own alerts that a field name changed, and the alert was never updated for that change, so it didn’t fire. It’s hard to keep track of all the moving parts, but you still need to regression-test occasionally.

Information Security and More at TechEX25

This session from the RPI Information Security team is part of the Information Security Track at TechEX25. Other session topics in that track include access management, ransomware attacks, new network instruments, and much more.

TechEX25 is just around the corner. You can start building your daily schedule by exploring the full TechEX25 program.

New to TechEX?

Check out our first-timer resources for tips and exclusive events designed to help you connect and maximize your experience.

About the Author(s)

View Author Articles
Iain Oldman ioldman@internet2.edu

Copywriter - Content Marketing, Internet2

Iain writes for the Internet2 Community Engagement team with a focus on digital content and strategic communications. He has a background in digital marketing and journalism, with his byline appearing in newswires, regional publications, and nonprofit news organizations.