Napier University, profile picture
Uploaded byNapier University
PPTX, PDF4,540 views

Machine Learning for Threat Detection

This document discusses user behavioral analytics and machine learning for threat detection. It summarizes that legacy security information and event management (SIEM) technologies are not adequate for detecting insider threats and advanced adversaries. It then describes how user behavioral analytics uses machine learning to develop multi-entity behavioral models across users, applications, hosts, and networks to detect anomalous behavior indicative of insider threats or advanced cyberattacks. Contact information is provided for the security consultant presenting on this topic.

Technology
Related topics:
Cyber-Security

Embed presentation

Downloaded 159 times
USER BEHAVIOURAL ANALYTICS Machine Learning for Threat Detection Harry McLaren – Security Consultant at ECS
HARRY MCLAREN •Alumnus of Edinburgh Napier •Security Consultant at ECS • SOC & CSIR Development • Splunk Consultant & Architect
ACCELERATING PACE OF DATA Volume | Velocity | Variety | Variability
Legacy SIEM type technologies aren’t enough to detect insider threats and advanced adversaries and are poorly designed for rapid incident response. [SIEM - Security Information & Event Management]
Inadequate Contextual Data 68% of respondents in the survey said that reports often only indicated changes without specifying what the change was. Innocuous Events of Interest 81% of respondents said that SIEM reports contain too much extraneous information and were overwhelmed with false positives. 2016 SIEM Efficiency Survey - Conducted by Netwrix
1995 2002 2008 2011 2015 END-POINT SECURITY NETWORK SECURITY EARLY CORRELATION PAYLOAD ANALYSIS BEHAVIOR ANALYSIS TECHNOLOGY DEVELOPMENT CAPABILITY EVOLUTION
KILL CHAIN - EVENTS OVERLOAD
SECURITY PLATFORM DETECTING UNKNOWN THREATS SECURITY & COMPLIANCE REPORTING INCIDENT INVESTIGATIONS & FORENSICS REAL-TIME MONITORING OF KNOWN THREATS DETECTION OF INSIDER THREATS DETECTION OF ADVANCED CYBER ATTACKS Splunk Enterprise Security Splunk UBA
MACHINE LEARNING EVOLUTION EVOLUTION COMPLEXITY RULES - THRESHOLD POLICY - THRESHOLD POLICY - STATISTICS UNSUPERVISED MACHINE LEARNING POLICY - PEER GROUP STATISTICS SUPERVISED MACHINE LEARNING
DETECT ADVANCED CYBERATTACKS DETECT MALICIOUS INSIDER THREATS ANOMALY DETECTION THREAT DETECTION UNSUPERVISED MACHINE LEARNING BEHAVIOR BASELINING & MODELING REAL-TIME & BIG DATA ARCHITECTURE WHAT IS SPLUNK USER BEHAVIORAL ANALYTICS?
INSIDER THREAT John connects via VPN Administrator performs ssh (root) to a file share - finance department John executes remote desktop to a system (administrator) - PCI zone John elevates his privileges root copies the document to another file share - Corporate zone root accesses a sensitive document from the file share root uses a set of Twitter handles to chop and copy the data outside the enterprise USER ACTIVITY Day 1 . . Day 2 . . Day N
MULTI-ENTITY BEHAVIORAL MODEL APPLICATION USER HOST NETWORK DATA
UBA 2.2 LATEST FEATURES • Threat Modeling Framework • Create custom threats using 60+ anomalies. • Enhanced Security Analytics • Visibility and baseline metrics around user, device, application and protocols. • Risk Percentile & Dynamic Peer Groups • Support for Additional 3rd Party Devices
QUESTIONS / CONTACT twitter.com/cyberharibu harry.mclaren@ecs.co.uk harrymclaren.co.uk/blog
Machine Learning for Threat Detection
Machine Learning for Threat Detection
Machine Learning for Threat Detection
Machine Learning for Threat Detection
Machine Learning for Threat Detection
Machine Learning for Threat Detection
Machine Learning for Threat Detection
Machine Learning for Threat Detection
Machine Learning for Threat Detection
Machine Learning for Threat Detection
Machine Learning for Threat Detection

More Related Content

PDF
Security operations center-SOC Presentation-مرکز عملیات امنیت
byReZa AdineH
 
PPTX
Security operation center (SOC)
byAhmed Ayman
 
PPTX
Machine Learning in Cyber Security
byRishi Kant
 
PPTX
Cloud security ppt
byVenkatesh Chary
 
PPTX
Cyber Security in AI (Artificial Intelligence)
byHarsh Bhanushali
 
PPT
Intrusion detection system ppt
bySheetal Verma
 
PDF
HOW AI CAN HELP IN CYBERSECURITY
byPriyanshu Ratnakar
 
PPTX
Intrusion detection system
byAparna Bhadran
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
byReZa AdineH
 
Security operation center (SOC)
byAhmed Ayman
 
Machine Learning in Cyber Security
byRishi Kant
 
Cloud security ppt
byVenkatesh Chary
 
Cyber Security in AI (Artificial Intelligence)
byHarsh Bhanushali
 
Intrusion detection system ppt
bySheetal Verma
 
HOW AI CAN HELP IN CYBERSECURITY
byPriyanshu Ratnakar
 
Intrusion detection system
byAparna Bhadran
 

What's hot

PPT
SOC presentation- Building a Security Operations Center
byMichael Nickle
 
PPTX
“AI techniques in cyber-security applications”. Flammini lnu susec19
byFrancesco Flammini
 
PDF
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
byIBM Security
 
PDF
Cyber Threat Intelligence
byseadeloitte
 
PDF
Artificial Intelligence in cybersecurity
bySmartlearningUK
 
PPTX
Overview of Artificial Intelligence in Cybersecurity
byOlivier Busolini
 
PDF
Threat Intelligence 101 - Steve Lodin - Submitted
bySteve Lodin
 
PDF
Rothke secure360 building a security operations center (soc)
byBen Rothke
 
PDF
From SIEM to SOC: Crossing the Cybersecurity Chasm
byPriyanka Aash
 
PPTX
Threat Hunting - Moving from the ad hoc to the formal
byPriyanka Aash
 
PPTX
Vulnerability assessment and penetration testing
byAbu Sadat Mohammed Yasin
 
PDF
Security Automation and Machine Learning
bySiemplify
 
PPTX
Cyber threats landscape and defense
byfantaghost
 
PDF
Cyber Threat Intelligence
bymohamed nasri
 
PPTX
Deep learning approach for network intrusion detection system
byAvinash Kumar
 
PPTX
Introduction to Cybersecurity
byAdri Jovin
 
PDF
Artificial Intelligence for Cyber Security
byPriyanshu Ratnakar
 
PPTX
Cyber security system presentation
byA.S. Sabuj
 
PPTX
Understanding Your Attack Surface and Detecting & Mitigating External Threats
byUlf Mattsson
 
PPTX
Insider Threats Detection in Cloud using UEBA
byLucas Ko
 
SOC presentation- Building a Security Operations Center
byMichael Nickle
 
“AI techniques in cyber-security applications”. Flammini lnu susec19
byFrancesco Flammini
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
byIBM Security
 
Cyber Threat Intelligence
byseadeloitte
 
Artificial Intelligence in cybersecurity
bySmartlearningUK
 
Overview of Artificial Intelligence in Cybersecurity
byOlivier Busolini
 
Threat Intelligence 101 - Steve Lodin - Submitted
bySteve Lodin
 
Rothke secure360 building a security operations center (soc)
byBen Rothke
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
byPriyanka Aash
 
Threat Hunting - Moving from the ad hoc to the formal
byPriyanka Aash
 
Vulnerability assessment and penetration testing
byAbu Sadat Mohammed Yasin
 
Security Automation and Machine Learning
bySiemplify
 
Cyber threats landscape and defense
byfantaghost
 
Cyber Threat Intelligence
bymohamed nasri
 
Deep learning approach for network intrusion detection system
byAvinash Kumar
 
Introduction to Cybersecurity
byAdri Jovin
 
Artificial Intelligence for Cyber Security
byPriyanshu Ratnakar
 
Cyber security system presentation
byA.S. Sabuj
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
byUlf Mattsson
 
Insider Threats Detection in Cloud using UEBA
byLucas Ko
 

Viewers also liked

PPTX
When Cyber Security Meets Machine Learning
byLior Rokach
 
PDF
Artificial Intelligence and Machine Learning for Cybersecurity
byDr David Probert
 
PDF
Using Machine Learning in Networks Intrusion Detection Systems
byOmar Shaya
 
PPTX
A review of machine learning based anomaly detection
byMohamed Elfadly
 
PPTX
Artificial intelligence in cyber defense
byUjjwal Tripathi
 
PPTX
Detecting Hacks: Anomaly Detection on Networking Data
byDataWorks Summit
 
PDF
Jim Geovedi - Machine Learning for Cybersecurity
byidsecconf
 
PDF
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
byAlex Pinto
 
PDF
BSidesLV 2013 - Using Machine Learning to Support Information Security
byAlex Pinto
 
PDF
Data Science Transforming Security Operations
byPriyanka Aash
 
PPTX
Machine Learning in Information Security by Mohammed Zuber
byOWASP Delhi
 
PDF
Next generation security analytics
byChristian Have
 
PDF
Kind of big data in info sec
byBen Finke
 
PDF
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
byAlex Pinto
 
PDF
Computer security - A machine learning approach
bySandeep Sabnani
 
PPTX
MOBILE DEVICE FORENSICS USING NLP
byAnkita Jadhao
 
PPTX
Machine learning cyphort_malware_most_wanted
byCyphort
 
PPTX
Cloudera Federal Forum 2014: The Evolution of Machine Learning from Science t...
byCloudera, Inc.
 
KEY
SXSW
byGoodreads
 
PPT
Fms goodreads
byfmsmediacenter
 
When Cyber Security Meets Machine Learning
byLior Rokach
 
Artificial Intelligence and Machine Learning for Cybersecurity
byDr David Probert
 
Using Machine Learning in Networks Intrusion Detection Systems
byOmar Shaya
 
A review of machine learning based anomaly detection
byMohamed Elfadly
 
Artificial intelligence in cyber defense
byUjjwal Tripathi
 
Detecting Hacks: Anomaly Detection on Networking Data
byDataWorks Summit
 
Jim Geovedi - Machine Learning for Cybersecurity
byidsecconf
 
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
byAlex Pinto
 
BSidesLV 2013 - Using Machine Learning to Support Information Security
byAlex Pinto
 
Data Science Transforming Security Operations
byPriyanka Aash
 
Machine Learning in Information Security by Mohammed Zuber
byOWASP Delhi
 
Next generation security analytics
byChristian Have
 
Kind of big data in info sec
byBen Finke
 
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
byAlex Pinto
 
Computer security - A machine learning approach
bySandeep Sabnani
 
MOBILE DEVICE FORENSICS USING NLP
byAnkita Jadhao
 
Machine learning cyphort_malware_most_wanted
byCyphort
 
Cloudera Federal Forum 2014: The Evolution of Machine Learning from Science t...
byCloudera, Inc.
 
SXSW
byGoodreads
 
Fms goodreads
byfmsmediacenter
 

Similar to Machine Learning for Threat Detection

PPTX
Splunk for Enterprise Security featuring User Behavior Analytics
bySplunk
 
PPTX
Enterprise Security and User Behavior Analytics
bySplunk
 
PPTX
Splunk for Enterprise Security and User Behavior Analytics
bySplunk
 
PPTX
Splunk for Enterprise Security featuring User Behavior Analytics
bySplunk
 
PPTX
Splunk for Enterprise Security featuring UBA
bySplunk
 
PPTX
Splunk for Enterprise Security Featuring UBA
bySplunk
 
PPTX
Splunk for Security Breakout Session
bySplunk
 
PPTX
Splunk for Enterprise Security featuring User Behavior Analytics
bySplunk
 
PPTX
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
bySplunk
 
PPTX
Splunk for Enterprise Security featuring User Behavior Analytics
bySplunk
 
PPTX
Splunk for Enterprise Security featuring UBA Breakout Session
bySplunk
 
PDF
Enterprise Security featuring UBA
bySplunk
 
PPTX
Big Data For Threat Detection & Response
byHarry McLaren
 
PDF
Splunk for Security
byGabrielle Knowles
 
PDF
SplunkLive Wellington 2015 - Splunk for Security
bySplunk
 
PDF
SplunkLive Auckland 2015 - Splunk for Security
bySplunk
 
PPTX
Splunk for Enterprise Security featuring UBA Breakout Session
bySplunk
 
PPTX
SplunkLive! - Splunk for Security
bySplunk
 
PPTX
Enterprise Sec + User Bahavior Analytics
bySplunk
 
PPTX
Splunk User Group Edinburgh - November Event
byHarry McLaren
 
Splunk for Enterprise Security featuring User Behavior Analytics
bySplunk
 
Enterprise Security and User Behavior Analytics
bySplunk
 
Splunk for Enterprise Security and User Behavior Analytics
bySplunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
bySplunk
 
Splunk for Enterprise Security featuring UBA
bySplunk
 
Splunk for Enterprise Security Featuring UBA
bySplunk
 
Splunk for Security Breakout Session
bySplunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
bySplunk
 
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
bySplunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
bySplunk
 
Splunk for Enterprise Security featuring UBA Breakout Session
bySplunk
 
Enterprise Security featuring UBA
bySplunk
 
Big Data For Threat Detection & Response
byHarry McLaren
 
Splunk for Security
byGabrielle Knowles
 
SplunkLive Wellington 2015 - Splunk for Security
bySplunk
 
SplunkLive Auckland 2015 - Splunk for Security
bySplunk
 
Splunk for Enterprise Security featuring UBA Breakout Session
bySplunk
 
SplunkLive! - Splunk for Security
bySplunk
 
Enterprise Sec + User Bahavior Analytics
bySplunk
 
Splunk User Group Edinburgh - November Event
byHarry McLaren
 

More from Napier University

PPTX
Memory, Big Data and SIEM
byNapier University
 
PDF
Delivering The Tel Aviv Stock Exchange Securities, Duncan Johnston-Watt
byNapier University
 
PPTX
Emerging Regulatory Approaches to Blockchain-based Token Economy, Agata Fereirra
byNapier University
 
PPTX
ARTiFACTS, Emma Boswood
byNapier University
 
PDF
2. Defence Systems
byNapier University
 
PPTX
IoT device attestation system using blockchain, Alistair Duke
byNapier University
 
PPTX
Networks
byNapier University
 
PDF
Intrusion Detection Systems
byNapier University
 
PPT
Browser-based Crypto M, C. F Mondschein
byNapier University
 
PPTX
RMIT Blockchain Innovation Hub, Chris Berg
byNapier University
 
PPTX
Should we transform or adapt to blockchain - a public sector perspective?, Al...
byNapier University
 
PPTX
Open Source Intelligence
byNapier University
 
PDF
1. Cyber and Intelligence
byNapier University
 
PPTX
Cryptocurrencies and cyberlaundering- the need for regulation, Gian Marco Bov...
byNapier University
 
PDF
10. Data to Information: NumPy and Pandas
byNapier University
 
PDF
Using Blockchain for Evidence Purpose, Rafael Prabucki
byNapier University
 
PPTX
What is Cyber Data?
byNapier University
 
PPTX
The Road Ahead for Ripple, Marjan Delatinne
byNapier University
 
PPTX
Robust Programming of Smart Contracts in Solidity+, RK Shyamasundar
byNapier University
 
PPTX
Keynote, Naseem Naqvi
byNapier University
 
Memory, Big Data and SIEM
byNapier University
 
Delivering The Tel Aviv Stock Exchange Securities, Duncan Johnston-Watt
byNapier University
 
Emerging Regulatory Approaches to Blockchain-based Token Economy, Agata Fereirra
byNapier University
 
ARTiFACTS, Emma Boswood
byNapier University
 
2. Defence Systems
byNapier University
 
IoT device attestation system using blockchain, Alistair Duke
byNapier University
 
Networks
byNapier University
 
Intrusion Detection Systems
byNapier University
 
Browser-based Crypto M, C. F Mondschein
byNapier University
 
RMIT Blockchain Innovation Hub, Chris Berg
byNapier University
 
Should we transform or adapt to blockchain - a public sector perspective?, Al...
byNapier University
 
Open Source Intelligence
byNapier University
 
1. Cyber and Intelligence
byNapier University
 
Cryptocurrencies and cyberlaundering- the need for regulation, Gian Marco Bov...
byNapier University
 
10. Data to Information: NumPy and Pandas
byNapier University
 
Using Blockchain for Evidence Purpose, Rafael Prabucki
byNapier University
 
What is Cyber Data?
byNapier University
 
The Road Ahead for Ripple, Marjan Delatinne
byNapier University
 
Robust Programming of Smart Contracts in Solidity+, RK Shyamasundar
byNapier University
 
Keynote, Naseem Naqvi
byNapier University
 

Recently uploaded

PPTX
Fortify Your Digital Defenses with ServiceNow Security Operations by Suma Soft
byGavin Ellis
 
PPTX
Becoming Frontier for Dynamics 365 Finance PPT
byjonbravetti
 
PDF
AI Data Analyst: Smarter Insights for Modern Real Estate Decisions
byLeni Analyst
 
PDF
Are AI Hallucinations Getting Better or Worse? We Analyzed the Data.
byScott M. Graffius
 
PDF
A paper in the leading academic journal Telecommunication Policy cited Scott ...
byScott M. Graffius
 
PDF
Pervasive Encryption - Keeping Data Secure.pdf
byPrecisely
 
PDF
Profiting from Technological Innovation: Managing Intellectual Property to Bu...
byDavid Teece
 
PDF
Best 10 Dedicated Servers in Amsterdam, Netherlands (2026 Enterprise Edition)...
byAtal Networks
 
PDF
Hart, Inc. M&A Data Transition Checklist
byHart, Inc.
 
PDF
Why Enterprises Are Moving to Dedicated Servers in the Netherlands
byAtal Networks
 
PPTX
The Abomination of AI – keynote at ICoSCI 2026
byAlan Dix
 
PDF
Adding Copilot+ PCs with Snapdragon to your HP fleet won’t require IT deploym...
byPrincipled Technologies
 
PDF
TrustArc Webinar - Unpacking India’s DPDP Act: What You Should Know
byTrustArc
 
PDF
2006 IEEE International Solid-State Circuits Conference
bySlide_N
 
PDF
Special Reeling Cable Specification _ Anhui Feichun Special Cable Co., Ltd_.pdf
byAnhui Feichun Special Cable Co., Ltd.
 
PDF
Implementing A Data Lakehouse Using Iceberg & Spark
byAnass Nabil
 
PDF
Building Voice Agents with Google Agent Development Kit
bySuresh Peiris
 
PDF
January Patch Tuesday
byIvanti
 
PDF
UiPath Coded Agents - A Developer Driven Agentic Automation Era
byUiPathCommunity
 
PDF
2025-CB-NCAE-slide-deck.pptx-1-83.pdf Virtual Orientation on the Administrati...
byNelizabethEsplaguera1
 
Fortify Your Digital Defenses with ServiceNow Security Operations by Suma Soft
byGavin Ellis
 
Becoming Frontier for Dynamics 365 Finance PPT
byjonbravetti
 
AI Data Analyst: Smarter Insights for Modern Real Estate Decisions
byLeni Analyst
 
Are AI Hallucinations Getting Better or Worse? We Analyzed the Data.
byScott M. Graffius
 
A paper in the leading academic journal Telecommunication Policy cited Scott ...
byScott M. Graffius
 
Pervasive Encryption - Keeping Data Secure.pdf
byPrecisely
 
Profiting from Technological Innovation: Managing Intellectual Property to Bu...
byDavid Teece
 
Best 10 Dedicated Servers in Amsterdam, Netherlands (2026 Enterprise Edition)...
byAtal Networks
 
Hart, Inc. M&A Data Transition Checklist
byHart, Inc.
 
Why Enterprises Are Moving to Dedicated Servers in the Netherlands
byAtal Networks
 
The Abomination of AI – keynote at ICoSCI 2026
byAlan Dix
 
Adding Copilot+ PCs with Snapdragon to your HP fleet won’t require IT deploym...
byPrincipled Technologies
 
TrustArc Webinar - Unpacking India’s DPDP Act: What You Should Know
byTrustArc
 
2006 IEEE International Solid-State Circuits Conference
bySlide_N
 
Special Reeling Cable Specification _ Anhui Feichun Special Cable Co., Ltd_.pdf
byAnhui Feichun Special Cable Co., Ltd.
 
Implementing A Data Lakehouse Using Iceberg & Spark
byAnass Nabil
 
Building Voice Agents with Google Agent Development Kit
bySuresh Peiris
 
January Patch Tuesday
byIvanti
 
UiPath Coded Agents - A Developer Driven Agentic Automation Era
byUiPathCommunity
 
2025-CB-NCAE-slide-deck.pptx-1-83.pdf Virtual Orientation on the Administrati...
byNelizabethEsplaguera1
 

Machine Learning for Threat Detection

Editor's Notes

  • #2 Slide: Title
  • #3 Slide: Introduction
  • #4 Slide: Machine Data
  • #5 Slide: Problem – Legacy SIEM
  • #6 Slide: Evidence The same survey showed that over half of the respondents are trying to employ more entry level analysts to deal with the overwhelming (but largely worthless) alerts coming from their legacy SIEMs and further more turning to audits and compliance activities to overcome the SIEMs drawbacks. Sources: http://www.bloomberg.com/research/markets/news/article.asp?docKey=600-201603150921MRKTWIREUSPR_____1249121-1 http://www.information-age.com/technology/information-management/123461162/why-big-data-and-siem-dont-always-equal-big-answers-security
  • #7 Slide: Technology Development
  • #8 Slide: Events Overload
  • #9 Slide: Splunk Security Platform
  • #10 Slide: Machine Learning Evolution
  • #11 Slide: Solution – Splunk UBA Splunk User Behavior Analytics is a cyber security and threat detection solution that helps organizations find hidden threats without using rules, signatures or human analysis. It uses behavior modeling, peer group analysis, real-time statistical analysis, collaborative filtering and other machine learning techniques. Has a 99% reduction of notable events in various customer based case studies, enabling analysts to focus on important threats and not waste time confirming false positives. Attack Defenses User & Entity Behavior Baseline Behavioral Peer Group Analysis Insider Threat Detection IP Reputation Analysis Reconnaissance, Botnet and C&C Analysis Statistical Analysis Data Exfiltration Models Lateral Movement Analysis Polymorphic Attack Analysis Cyber Attack / External Threat Detection Entropy/Rare Event Detection User/Device Dynamic Fingerprinting Threat Attack Correlation Data Sources Key: Identity/Authentication Active Directory/Domain Controller Single Sign-on HRIS VPN DNS, DHCP Activity Web Gateway Proxy Server Firewall DLP Security Products Malware Endpoint IDS, IPS, AV Optional: SaaS/Mobile AWS CloudTrail Box, SF.com, Dropbox, other SaaS apps Mobile Devices External Threat Feeds Threat Stream, FS-ISAC or other blacklists for IPs/domains
  • #12 Slide: Example – Insider Threat
  • #13 Slide: Behaviour Modelling Categories Deviation from Baseline Time series Rarity, probabilistic difference Rare sequences Outliers Advanced Behaviour Detection Beaconing Exploit kit Malware for HTTP Malware for IP Webshell Graph Models Lateral movement Resource Access Helper Models Anomalies based on rules Externals alarms handlers Session Building Connection between events Track activity from different perspectives in a kill chain Threat Models Graph-based models Session-based models Rule-based models
  • #14 Demo