2. • Speaker: Lisa Huff
Speaker Bio: Lisa Huff works for a User Behavior Analysis company where she
focuses on consulting with organizations to understand their ongoing security
challenges with existing solutions as well as discuss ways of providing more visibility
into user behavior within organizations and how this adds much needed visibility to
analyst and SOC teams. Lisa has been in the networking and security space for close
to 20 years and has worked with some of the largest organizations to help them
better understand thei ongoing challenges they face with staying ahead of threats to
their organization.
Presentation Title: UBA Awakens
Presentation Description: How Data Science is replacing signatures and rules
Speaker BIO
10. Neiman Marcus… needle in the needle-stack
• ~1.1m Credit cards information exposed (NYT, Jan 13, 2014)
• Industry Averages
► The average enterprise, logs ~160m-200m events a day
► The average enterprise logs up to 150k security events a day
• Neiman Marcus had 60k security alert events per day, yet
suffered from a 3 month breach. (Damballa State of Infections Report 2014)
• Those are just security alerts, numbers exclude noteworthy
infrastructure events
Source: http://www.nytimes.com/2014/01/24/business/neiman-marcus-breach-affected-1-1-million-cards.html
Source: https://www.damballa.com/downloads/r_pubs/Damballa_Q114_State_of_Infections_Report.pdf
Impossible Signal/Noise Ratio
19. 0
50
100
150
200
250
300
350
400
450
500
China Ukraine Germany Canada United States
Frequency
VPN Access sources for user Barbara
Learning a user’s behavior over time
User Barbara connected to VPN from US
User Barbara connected to VPN from US
User Barbara connected to VPN from US
User Barbara connected to VPN from GR
User Barbara connected to VPN from GR
..
..
User Barbara connected to VPN from CN