Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

of

Machine Learning for Threat Detection Slide 1 Machine Learning for Threat Detection Slide 2 Machine Learning for Threat Detection Slide 3 Machine Learning for Threat Detection Slide 4 Machine Learning for Threat Detection Slide 5 Machine Learning for Threat Detection Slide 6 Machine Learning for Threat Detection Slide 7 Machine Learning for Threat Detection Slide 8 Machine Learning for Threat Detection Slide 9 Machine Learning for Threat Detection Slide 10 Machine Learning for Threat Detection Slide 11 Machine Learning for Threat Detection Slide 12 Machine Learning for Threat Detection Slide 13 Machine Learning for Threat Detection Slide 14 Machine Learning for Threat Detection Slide 15 Machine Learning for Threat Detection Slide 16 Machine Learning for Threat Detection Slide 17 Machine Learning for Threat Detection Slide 18 Machine Learning for Threat Detection Slide 19 Machine Learning for Threat Detection Slide 20 Machine Learning for Threat Detection Slide 21 Machine Learning for Threat Detection Slide 22 Machine Learning for Threat Detection Slide 23 Machine Learning for Threat Detection Slide 24 Machine Learning for Threat Detection Slide 25 Machine Learning for Threat Detection Slide 26

YouTube videos are no longer supported on SlideShare

View original on YouTube

Upcoming SlideShare
When Cyber Security Meets Machine Learning
Next
Download to read offline and view in fullscreen.

5 Likes

Share

Download to read offline

Machine Learning for Threat Detection

Download to read offline

A presentation by Harry McLaren at The Cyber Academy

Related Books

Free with a 30 day trial from Scribd

See all

Machine Learning for Threat Detection

  1. 1. USER BEHAVIOURAL ANALYTICS Machine Learning for Threat Detection Harry McLaren – Security Consultant at ECS
  2. 2. HARRY MCLAREN •Alumnus of Edinburgh Napier •Security Consultant at ECS • SOC & CSIR Development • Splunk Consultant & Architect
  3. 3. ACCELERATING PACE OF DATA Volume | Velocity | Variety | Variability
  4. 4. Legacy SIEM type technologies aren’t enough to detect insider threats and advanced adversaries and are poorly designed for rapid incident response. [SIEM - Security Information & Event Management]
  5. 5. Inadequate Contextual Data 68% of respondents in the survey said that reports often only indicated changes without specifying what the change was. Innocuous Events of Interest 81% of respondents said that SIEM reports contain too much extraneous information and were overwhelmed with false positives. 2016 SIEM Efficiency Survey - Conducted by Netwrix
  6. 6. 1995 2002 2008 2011 2015 END-POINT SECURITY NETWORK SECURITY EARLY CORRELATION PAYLOAD ANALYSIS BEHAVIOR ANALYSIS TECHNOLOGY DEVELOPMENT CAPABILITY EVOLUTION
  7. 7. KILL CHAIN - EVENTS OVERLOAD
  8. 8. SECURITY PLATFORM DETECTING UNKNOWN THREATS SECURITY & COMPLIANCE REPORTING INCIDENT INVESTIGATIONS & FORENSICS REAL-TIME MONITORING OF KNOWN THREATS DETECTION OF INSIDER THREATS DETECTION OF ADVANCED CYBER ATTACKS Splunk Enterprise Security Splunk UBA
  9. 9. MACHINE LEARNING EVOLUTION EVOLUTION COMPLEXITY RULES - THRESHOLD POLICY - THRESHOLD POLICY - STATISTICS UNSUPERVISED MACHINE LEARNING POLICY - PEER GROUP STATISTICS SUPERVISED MACHINE LEARNING
  10. 10. DETECT ADVANCED CYBERATTACKS DETECT MALICIOUS INSIDER THREATS ANOMALY DETECTION THREAT DETECTION UNSUPERVISED MACHINE LEARNING BEHAVIOR BASELINING & MODELING REAL-TIME & BIG DATA ARCHITECTURE WHAT IS SPLUNK USER BEHAVIORAL ANALYTICS?
  11. 11. INSIDER THREAT John connects via VPN Administrator performs ssh (root) to a file share - finance department John executes remote desktop to a system (administrator) - PCI zone John elevates his privileges root copies the document to another file share - Corporate zone root accesses a sensitive document from the file share root uses a set of Twitter handles to chop and copy the data outside the enterprise USER ACTIVITY Day 1 . . Day 2 . . Day N
  12. 12. MULTI-ENTITY BEHAVIORAL MODEL APPLICATION USER HOST NETWORK DATA
  13. 13. UBA 2.2 LATEST FEATURES • Threat Modeling Framework • Create custom threats using 60+ anomalies. • Enhanced Security Analytics • Visibility and baseline metrics around user, device, application and protocols. • Risk Percentile & Dynamic Peer Groups • Support for Additional 3rd Party Devices
  14. 14. QUESTIONS / CONTACT twitter.com/cyberharibu harry.mclaren@ecs.co.uk harrymclaren.co.uk/blog
  • vvajdic

    Jun. 16, 2018
  • cunniet1

    Nov. 10, 2017
  • TianyiXiong

    Sep. 11, 2017
  • diegomariano7509

    Feb. 11, 2017
  • bubbletang

    Aug. 26, 2016

A presentation by Harry McLaren at The Cyber Academy

Views

Total views

3,852

On Slideshare

0

From embeds

0

Number of embeds

705

Actions

Downloads

149

Shares

0

Comments

0

Likes

5

×