These are the meeting notes from 8/19.  Please feel free to comment or make corrections.



Actor: Agreed to change from “IaaS orchestrator” to any API consumer.  Similar to OpenStack dashboard.

Further development of our three use cases:
Security Analytics
– defined posture as a collection of (security) state information
– identity management, who (or what) is accessing the network and what are they doing? 

(users/customers/orchestration systems/etc.)
– SIEM-like functionality, connection attempts/failed connection attempts
– *BUT* need to define the difference between what network security analytics provides vs. a SIEM –

potentially the difference lies in correlation network topo/perf information
– understand the network security level – a security health score?
– what if analysis of security events

Topology Analytics
– Inventory management + how its all connected together
– physical (links/errors/hashing) + logical topology – state of how each relates to the other (network

segmentation/network functions) – in layers built up from physical
– hot points due to traffic conditions, etc.
– maintenance, device failure (what-if analysis)

Performance Analytics
– based on workload (# of things to be deployed, data volumes, etc)
– when to scale out, more firewalls, for instance