SlideShare a Scribd company logo

Operationalizing Big Data Security Analytics - IANS Forum Toronto Keynote

Download as PPTX, PDF
Interset
Interset

Presented by Stephan Jou, Interset CTO, at IANS Forum Toronto 2018, this presentation explores how companies can operationalize security analytics with Interset's threat detection platform, which distills billions of events into a handful of prioritized threat leads through unsupervised machine learning and an open source, big data architecture.

1 of 20
1 | © 2018 Interset Software How to Operationalize Big Data Security Analytics Stephan Jou Chief Technology Officer Interset.AI
2 | © 2018 Interset Software Welcome About Interset • 75 employees & growing • 450% ARR growth • Data science & analytics focused on cybersecurity • 100 person-years of Anomaly Detection R&D • Offices in Ottawa, Canada & Newport Beach, California Partners About Me • Data miner scientist since 2006 • 4+ years building machine learning systems for threat hunting • 8 years experience using Hadoop for large scale advanced analytics Field Data Scientist • Identify valuable data feeds • Optimize system for use cases We uncover the threats that matter!
3 | © 2018 Interset Software 3 | © 2018 Interset Software What is AI-Based Security Analytics About? Advanced analytics to help you catch the bad guys
4 | © 2018 Interset Software 4 | © 2018 Interset Software Bringing Together a Fragmented Landscape Fragmented security landscape Integrated view of security data
5 | © 2018 Interset Software 5 | © 2018 Interset Software zz Increasing Threat Hunting Efficiency Low Success Rate SOC Cycle Generate Highly Anomalous Threat Leads
6 | © 2018 Interset Software 6 | © 2018 Interset Software Increasing Visibility by Augmenting Existing Tools SECURITY ANALYTICS SIEM IAMENDPOINT BUSINESS APPLICATIONS CUSTOM DATA NETWORK DLP SIEM IAMENDPOINT NETWORK DLP
7 | © 2018 Interset Software 7 | © 2018 Interset Software Case Study #1: Every Interset Customer Billions of events analyzed with machine learning Anomalies discovered by data science High quality “most wanted” list Analyzes the intersection of data from users, machines, files, projects, servers, sharing behavior, resource, websites, IP Addresses and more 5,210,465,083
8 | © 2018 Interset Software 8 | © 2018 Interset Software z Lesson #1: Less Alerts, Not More  Solution should help you deal with less alerts, not more alerts  Solution should leverage sound statistical methods to reduce false positives and noise  Should allow you to do more with the limited resources you have Recommendations Measure and quantify the amount of work effort involved with and without the Security Analytics system
9 | © 2018 Interset Software Telecom • Potential Data Staging/Theft • Account Compromise • Lateral Movement Indicators Healthcare • Data Theft Field Examples
10 | © 2018 Interset Software 10 | © 2018 Interset Software Case Study #2: Large Telco The Situation • Highly secure & diverse environment – protected by multiple security products The Challenge • Large rule/policy set developed • Too many indicators to optimize threat leads • Inefficient SOC cycle The Solution • Surface mathematically valid leads – ”legit anomalies” • Unique normal baselines – removes threshold/rule limitations Google Drive • Permissive controls • Personal/external sharing Authentication • Sudden change in workstation access • Odd working hours USB • Sudden increase in file copy volumes
11 | © 2018 Interset Software 11 | © 2018 Interset Software z Lesson #2: The Math Matters – Test It Recommendations • Agree on the use cases in advance • Use a proof-of-concept with historical/existing data to test the SA’s math • Engage red team or pen testing if available • Evaluate the results: Do they support the use cases? Google Drive • Permissive controls • Personal/external sharing USB • Sudden increase in file copy volumes Authentication • Sudden change in workstation access • Odd working hours • Data Theft • Data Staging • Lateral Movement • Account Compromise
12 | © 2018 Interset Software 12 | © 2018 Interset Software Case Study #3: Healthcare Records & Payments  Profile: 6.5 billion transactions annually, 750+ customers, 500+ employees  Team of 7: CISO, 1 security architect, 3 security analysts, 2 network security  Analytics surfaced (for example) an employee who attempted to move “sensitive data” from endpoint to personal Dropbox  Employee was arrested and prosecuted using incident data Focus and prioritized incident responses Incident alert accuracy increased from 28% to 92% Incident mitigation coverage doubled from 70 per week to 140
13 | © 2018 Interset Software 13 | © 2018 Interset Software Lesson #3: Meaningful Metrics Hawthorne Effect: Whatever gets measured, gets optimized Recommendations  Define meaningful operational metrics (not just “false positives”)  Build a process for measuring and quantifying over time, not just during a pilot  Ensure the Security Analytics system supports a feedback process to adjust the analytics to support your target metrics
14 | © 2018 Interset Software 14 | © 2018 Interset Software What Have We Learned? Lessons Learned  The Math Matters – Test It  Less Alerts, Not More  Automated, Measured Responses  Meaningful Metrics Recommendations  Agree on the use cases in advance  Evaluate results with and without security analytics system  Assess risk level, not binary alert  Ensure integrated feedback and automated response
15 | © 2018 Interset Software 15 | © 2018 Interset Software QUESTIONS? Roy Wilds – Field Data Scientist @roywilds Learn more at Interset.AI
16 | © 2018 Interset Software How Millions of Events Become Qualified Threats Leads ACQUIRE DATA CREATE UNIQUE BASELINES DETECT, MEASURE AND SCORE ANOMALIES HIGH QUALITY THREAT LEADS INTERNAL RECON INFECTED HOST DATA STAGING & THEFT COMPROMISED ACCOUNT LATERAL MOVEMENT ACCOUNT MISUSE CUSTOM FRAUD Contextual views. Drill-down and cyber-hunting. Broad data collection DLP ENDPOINT Buz Apps CUSTOM DATA NETWORK IAM Determine what is normal Gather the raw materials Find the behavior that matters W orkflow engine for incident response.
17 | © 2018 Interset Software 17 | © 2018 Interset Software More Case Studies Digital Advertising Agency Prove not cause of Star Wars leak “Interset’s unique ability to analyze billions of events and distill them into high- confidence security intelligence allows us to quickly separate threats from the noise. This visibility and focus allows our security practitioners to quickly investigate and remediate threats even as they become increasingly pervasive and sophisticated.” MSSP “SOC in Box” “By embedding Interset’s security analytics into our Prescriptive Security managed service, we provide our customers with very rapid reaction to threats and improved Security Operations Center efficiency.” - Stephen Shibel, head of Big Data & Cybersecurity for Atos North American Operations
18 | © 2018 Interset Software 18 | © 2018 Interset Software Case Study: Defense Contractor zz High Probability Anomalous Behavior Models  Detected large copies to the portable hard drive, at an unusual time of day  Bayesian models to measure and detect highly improbable events High Risk File Models  Detected high risk files, including PowerPoints collecting large amounts of inappropriate content  Risk aggregation based on suspicious behaviors and unusual derivative movement
19 | © 2018 Interset Software 19 | © 2018 Interset Software Lesson: Automated, Measured Responses  Security Analytics system should allow you to quantify risk, not just a binary alert  Consider how to automate responses to low, medium, high and extreme risk scenarios  Where does security analytics fit into your existing runbook? Recommendations • Ensure the Security Analytics system has the ability to output a risk assessment level or score, not just a binary alert • Ensure the Security Analytics system can integrate with downstream systems • Evaluate the solution with automated response systems as part of the deployment
20 | © 2018 Interset Software 20 | © 2018 Interset Software About Interset.AI SECURITY ANALYTICS LEADER PARTNERSABOUT US Data science & analytics focused on cybersecurity 100 person-years of security analytics and anomaly detection R&D Offices in Ottawa, Canada; Newport Beach, CA Interset.AI

Recommended

Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Interset
 
IANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight SessionIANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight Session
Interset
 
WEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
WEBINAR: How To Use Artificial Intelligence To Prevent Insider ThreatsWEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
WEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
Interset
 
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
Interset
 
Operationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum DallasOperationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum Dallas
Interset
 
IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]
IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]
IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]
Interset
 
Machine Learning + AI for Accelerated Threat-Hunting
Machine Learning + AI for Accelerated Threat-HuntingMachine Learning + AI for Accelerated Threat-Hunting
Machine Learning + AI for Accelerated Threat-Hunting
Interset
 
DataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the DayDataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the Day
Interset
 

Recommended

Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Interset
 
IANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight SessionIANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight Session
Interset
 
WEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
WEBINAR: How To Use Artificial Intelligence To Prevent Insider ThreatsWEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
WEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
Interset
 
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
Interset
 
Operationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum DallasOperationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum Dallas
Interset
 
IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]
IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]
IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]
Interset
 
Machine Learning + AI for Accelerated Threat-Hunting
Machine Learning + AI for Accelerated Threat-HuntingMachine Learning + AI for Accelerated Threat-Hunting
Machine Learning + AI for Accelerated Threat-Hunting
Interset
 
DataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the DayDataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the Day
Interset
 
User and Entity Behavioral Analytics
User and Entity Behavioral AnalyticsUser and Entity Behavioral Analytics
User and Entity Behavioral Analytics
Interset
 
The Myths + Realities of Machine-Learning Cybersecurity
The Myths + Realities of Machine-Learning CybersecurityThe Myths + Realities of Machine-Learning Cybersecurity
The Myths + Realities of Machine-Learning Cybersecurity
Interset
 
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
Interset
 
A New Approach to Threat Detection: Big Data Security Analytics
A New Approach to Threat Detection: Big Data Security Analytics A New Approach to Threat Detection: Big Data Security Analytics
A New Approach to Threat Detection: Big Data Security Analytics
Interset
 
How to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsHow to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security Analytics
Interset
 
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
Forcepoint LLC
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AI
DexterJanPineda
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?
Raffael Marty
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to Know
MapR Technologies
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in Cybersecurity
Forcepoint LLC
 
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Keith Kraus
 
Webinar: Will the Real AI Please Stand Up?
Webinar: Will the Real AI Please Stand Up?Webinar: Will the Real AI Please Stand Up?
Webinar: Will the Real AI Please Stand Up?
Interset
 
Data Connectors San Antonio Cybersecurity Conference 2018
Data Connectors San Antonio Cybersecurity Conference 2018Data Connectors San Antonio Cybersecurity Conference 2018
Data Connectors San Antonio Cybersecurity Conference 2018
Interset
 
[Webinar] Supercharging Security with Behavioral Analytics
[Webinar] Supercharging Security with Behavioral Analytics[Webinar] Supercharging Security with Behavioral Analytics
[Webinar] Supercharging Security with Behavioral Analytics
Interset
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AI
Raffael Marty
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AI
Forcepoint LLC
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy Franklin
Sridhar Karnam
 
AI In Cybersecurity – Challenges and Solutions
AI In Cybersecurity – Challenges and SolutionsAI In Cybersecurity – Challenges and Solutions
AI In Cybersecurity – Challenges and Solutions
ZoneFox
 
Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title) Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title)
Coastal Pet Products, Inc.
 
Modernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led TrainingModernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led Training
Sqrrl
 
How big data and AI saved the day: critical IP almost walked out the door
How big data and AI saved the day: critical IP almost walked out the doorHow big data and AI saved the day: critical IP almost walked out the door
How big data and AI saved the day: critical IP almost walked out the door
DataWorks Summit
 
Virtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteVirtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - Deloitte
Splunk
 

More Related Content

What's hot

User and Entity Behavioral Analytics
User and Entity Behavioral AnalyticsUser and Entity Behavioral Analytics
User and Entity Behavioral Analytics
Interset
 
The Myths + Realities of Machine-Learning Cybersecurity
The Myths + Realities of Machine-Learning CybersecurityThe Myths + Realities of Machine-Learning Cybersecurity
The Myths + Realities of Machine-Learning Cybersecurity
Interset
 
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
Interset
 
A New Approach to Threat Detection: Big Data Security Analytics
A New Approach to Threat Detection: Big Data Security Analytics A New Approach to Threat Detection: Big Data Security Analytics
A New Approach to Threat Detection: Big Data Security Analytics
Interset
 
How to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsHow to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security Analytics
Interset
 
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
Forcepoint LLC
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AI
DexterJanPineda
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?
Raffael Marty
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to Know
MapR Technologies
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in Cybersecurity
Forcepoint LLC
 
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Keith Kraus
 
Webinar: Will the Real AI Please Stand Up?
Webinar: Will the Real AI Please Stand Up?Webinar: Will the Real AI Please Stand Up?
Webinar: Will the Real AI Please Stand Up?
Interset
 
Data Connectors San Antonio Cybersecurity Conference 2018
Data Connectors San Antonio Cybersecurity Conference 2018Data Connectors San Antonio Cybersecurity Conference 2018
Data Connectors San Antonio Cybersecurity Conference 2018
Interset
 
[Webinar] Supercharging Security with Behavioral Analytics
[Webinar] Supercharging Security with Behavioral Analytics[Webinar] Supercharging Security with Behavioral Analytics
[Webinar] Supercharging Security with Behavioral Analytics
Interset
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AI
Raffael Marty
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AI
Forcepoint LLC
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy Franklin
Sridhar Karnam
 
AI In Cybersecurity – Challenges and Solutions
AI In Cybersecurity – Challenges and SolutionsAI In Cybersecurity – Challenges and Solutions
AI In Cybersecurity – Challenges and Solutions
ZoneFox
 
Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title) Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title)
Coastal Pet Products, Inc.
 
Modernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led TrainingModernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led Training
Sqrrl
 

What's hot (20)

User and Entity Behavioral Analytics
User and Entity Behavioral AnalyticsUser and Entity Behavioral Analytics
User and Entity Behavioral Analytics
 
The Myths + Realities of Machine-Learning Cybersecurity
The Myths + Realities of Machine-Learning CybersecurityThe Myths + Realities of Machine-Learning Cybersecurity
The Myths + Realities of Machine-Learning Cybersecurity
 
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
 
A New Approach to Threat Detection: Big Data Security Analytics
A New Approach to Threat Detection: Big Data Security Analytics A New Approach to Threat Detection: Big Data Security Analytics
A New Approach to Threat Detection: Big Data Security Analytics
 
How to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsHow to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security Analytics
 
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AI
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to Know
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in Cybersecurity
 
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
 
Webinar: Will the Real AI Please Stand Up?
Webinar: Will the Real AI Please Stand Up?Webinar: Will the Real AI Please Stand Up?
Webinar: Will the Real AI Please Stand Up?
 
Data Connectors San Antonio Cybersecurity Conference 2018
Data Connectors San Antonio Cybersecurity Conference 2018Data Connectors San Antonio Cybersecurity Conference 2018
Data Connectors San Antonio Cybersecurity Conference 2018
 
[Webinar] Supercharging Security with Behavioral Analytics
[Webinar] Supercharging Security with Behavioral Analytics[Webinar] Supercharging Security with Behavioral Analytics
[Webinar] Supercharging Security with Behavioral Analytics
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AI
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AI
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy Franklin
 
AI In Cybersecurity – Challenges and Solutions
AI In Cybersecurity – Challenges and SolutionsAI In Cybersecurity – Challenges and Solutions
AI In Cybersecurity – Challenges and Solutions
 
Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title) Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title)
 
Modernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led TrainingModernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led Training
 

Similar to Operationalizing Big Data Security Analytics - IANS Forum Toronto Keynote

How big data and AI saved the day: critical IP almost walked out the door
How big data and AI saved the day: critical IP almost walked out the doorHow big data and AI saved the day: critical IP almost walked out the door
How big data and AI saved the day: critical IP almost walked out the door
DataWorks Summit
 
Virtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteVirtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - Deloitte
Splunk
 
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
Accenture Technology
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
Security Analytics Beyond Cyber
Security Analytics Beyond CyberSecurity Analytics Beyond Cyber
Security Analytics Beyond Cyber
Phil Huggins FBCS CITP
 
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON
 
Security metrics 2
Security metrics 2Security metrics 2
Security metrics 2
Manish Kumar
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
Fahmi Albaheth
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
Splunk
 
How to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsHow to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security Analytics
Interset
 
Too much data and not enough analytics!
Too much data and not enough analytics!Too much data and not enough analytics!
Too much data and not enough analytics!
Emma Kelly
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
IBM Security
 
Applying Lean for information security operations centre
Applying Lean for information security operations centreApplying Lean for information security operations centre
Applying Lean for information security operations centre
Naushad Rajani. - CISA, CISSP, CCSP, PMP, DCPP (Privacy)
 
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
Accenture Technology
 
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
SaraPia5
 
Secure Your High Risk Data
Secure Your High Risk Data Secure Your High Risk Data
Secure Your High Risk Data
Naveed Ahmed
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
OSIsoft, LLC
 
Improve Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseImprove Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small Enterprise
George Goodall
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisCybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log Analysis
Jim Kaplan CIA CFE
 

Similar to Operationalizing Big Data Security Analytics - IANS Forum Toronto Keynote (20)

How big data and AI saved the day: critical IP almost walked out the door
How big data and AI saved the day: critical IP almost walked out the doorHow big data and AI saved the day: critical IP almost walked out the door
How big data and AI saved the day: critical IP almost walked out the door
 
Virtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteVirtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - Deloitte
 
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
 
Security Analytics Beyond Cyber
Security Analytics Beyond CyberSecurity Analytics Beyond Cyber
Security Analytics Beyond Cyber
 
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
 
Security metrics 2
Security metrics 2Security metrics 2
Security metrics 2
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
 
How to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsHow to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security Analytics
 
Too much data and not enough analytics!
Too much data and not enough analytics!Too much data and not enough analytics!
Too much data and not enough analytics!
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
Applying Lean for information security operations centre
Applying Lean for information security operations centreApplying Lean for information security operations centre
Applying Lean for information security operations centre
 
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
 
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
 
Secure Your High Risk Data
Secure Your High Risk Data Secure Your High Risk Data
Secure Your High Risk Data
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
 
Improve Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseImprove Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small Enterprise
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisCybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log Analysis
 

More from Interset

IANS Forum DC: Operationalizing Big Data Security [Tech Spotlight]
IANS Forum DC: Operationalizing Big Data Security [Tech Spotlight]IANS Forum DC: Operationalizing Big Data Security [Tech Spotlight]
IANS Forum DC: Operationalizing Big Data Security [Tech Spotlight]
Interset
 
IANS Forum DC: Everything is a Nail! Machine Learning in Cybersecurity
IANS Forum DC: Everything is a Nail! Machine Learning in CybersecurityIANS Forum DC: Everything is a Nail! Machine Learning in Cybersecurity
IANS Forum DC: Everything is a Nail! Machine Learning in Cybersecurity
Interset
 
IANS Forum Charlotte: Everything is a Nail! Machine Learning in Cybersecurity
IANS Forum Charlotte: Everything is a Nail! Machine Learning in CybersecurityIANS Forum Charlotte: Everything is a Nail! Machine Learning in Cybersecurity
IANS Forum Charlotte: Everything is a Nail! Machine Learning in Cybersecurity
Interset
 
IANS Forum Seattle: Everything is a Nail! Machine Learning in Cybersecurity
IANS Forum Seattle: Everything is a Nail! Machine Learning in CybersecurityIANS Forum Seattle: Everything is a Nail! Machine Learning in Cybersecurity
IANS Forum Seattle: Everything is a Nail! Machine Learning in Cybersecurity
Interset
 
Infographic: Inside Data Breaches
Infographic: Inside Data BreachesInfographic: Inside Data Breaches
Infographic: Inside Data Breaches
Interset
 
Lead On: When More Data Becomes Less Work
Lead On: When More Data Becomes Less WorkLead On: When More Data Becomes Less Work
Lead On: When More Data Becomes Less Work
Interset
 

More from Interset (6)

IANS Forum DC: Operationalizing Big Data Security [Tech Spotlight]
IANS Forum DC: Operationalizing Big Data Security [Tech Spotlight]IANS Forum DC: Operationalizing Big Data Security [Tech Spotlight]
IANS Forum DC: Operationalizing Big Data Security [Tech Spotlight]
 
IANS Forum DC: Everything is a Nail! Machine Learning in Cybersecurity
IANS Forum DC: Everything is a Nail! Machine Learning in CybersecurityIANS Forum DC: Everything is a Nail! Machine Learning in Cybersecurity
IANS Forum DC: Everything is a Nail! Machine Learning in Cybersecurity
 
IANS Forum Charlotte: Everything is a Nail! Machine Learning in Cybersecurity
IANS Forum Charlotte: Everything is a Nail! Machine Learning in CybersecurityIANS Forum Charlotte: Everything is a Nail! Machine Learning in Cybersecurity
IANS Forum Charlotte: Everything is a Nail! Machine Learning in Cybersecurity
 
IANS Forum Seattle: Everything is a Nail! Machine Learning in Cybersecurity
IANS Forum Seattle: Everything is a Nail! Machine Learning in CybersecurityIANS Forum Seattle: Everything is a Nail! Machine Learning in Cybersecurity
IANS Forum Seattle: Everything is a Nail! Machine Learning in Cybersecurity
 
Infographic: Inside Data Breaches
Infographic: Inside Data BreachesInfographic: Inside Data Breaches
Infographic: Inside Data Breaches
 
Lead On: When More Data Becomes Less Work
Lead On: When More Data Becomes Less WorkLead On: When More Data Becomes Less Work
Lead On: When More Data Becomes Less Work
 

Recently uploaded

Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 

Recently uploaded (20)

Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 

Operationalizing Big Data Security Analytics - IANS Forum Toronto Keynote

  • 1. 1 | © 2018 Interset Software How to Operationalize Big Data Security Analytics Stephan Jou Chief Technology Officer Interset.AI
  • 2. 2 | © 2018 Interset Software Welcome About Interset • 75 employees & growing • 450% ARR growth • Data science & analytics focused on cybersecurity • 100 person-years of Anomaly Detection R&D • Offices in Ottawa, Canada & Newport Beach, California Partners About Me • Data miner scientist since 2006 • 4+ years building machine learning systems for threat hunting • 8 years experience using Hadoop for large scale advanced analytics Field Data Scientist • Identify valuable data feeds • Optimize system for use cases We uncover the threats that matter!
  • 3. 3 | © 2018 Interset Software 3 | © 2018 Interset Software What is AI-Based Security Analytics About? Advanced analytics to help you catch the bad guys
  • 4. 4 | © 2018 Interset Software 4 | © 2018 Interset Software Bringing Together a Fragmented Landscape Fragmented security landscape Integrated view of security data
  • 5. 5 | © 2018 Interset Software 5 | © 2018 Interset Software zz Increasing Threat Hunting Efficiency Low Success Rate SOC Cycle Generate Highly Anomalous Threat Leads
  • 6. 6 | © 2018 Interset Software 6 | © 2018 Interset Software Increasing Visibility by Augmenting Existing Tools SECURITY ANALYTICS SIEM IAMENDPOINT BUSINESS APPLICATIONS CUSTOM DATA NETWORK DLP SIEM IAMENDPOINT NETWORK DLP
  • 7. 7 | © 2018 Interset Software 7 | © 2018 Interset Software Case Study #1: Every Interset Customer Billions of events analyzed with machine learning Anomalies discovered by data science High quality “most wanted” list Analyzes the intersection of data from users, machines, files, projects, servers, sharing behavior, resource, websites, IP Addresses and more 5,210,465,083
  • 8. 8 | © 2018 Interset Software 8 | © 2018 Interset Software z Lesson #1: Less Alerts, Not More  Solution should help you deal with less alerts, not more alerts  Solution should leverage sound statistical methods to reduce false positives and noise  Should allow you to do more with the limited resources you have Recommendations Measure and quantify the amount of work effort involved with and without the Security Analytics system
  • 9. 9 | © 2018 Interset Software Telecom • Potential Data Staging/Theft • Account Compromise • Lateral Movement Indicators Healthcare • Data Theft Field Examples
  • 10. 10 | © 2018 Interset Software 10 | © 2018 Interset Software Case Study #2: Large Telco The Situation • Highly secure & diverse environment – protected by multiple security products The Challenge • Large rule/policy set developed • Too many indicators to optimize threat leads • Inefficient SOC cycle The Solution • Surface mathematically valid leads – ”legit anomalies” • Unique normal baselines – removes threshold/rule limitations Google Drive • Permissive controls • Personal/external sharing Authentication • Sudden change in workstation access • Odd working hours USB • Sudden increase in file copy volumes
  • 11. 11 | © 2018 Interset Software 11 | © 2018 Interset Software z Lesson #2: The Math Matters – Test It Recommendations • Agree on the use cases in advance • Use a proof-of-concept with historical/existing data to test the SA’s math • Engage red team or pen testing if available • Evaluate the results: Do they support the use cases? Google Drive • Permissive controls • Personal/external sharing USB • Sudden increase in file copy volumes Authentication • Sudden change in workstation access • Odd working hours • Data Theft • Data Staging • Lateral Movement • Account Compromise
  • 12. 12 | © 2018 Interset Software 12 | © 2018 Interset Software Case Study #3: Healthcare Records & Payments  Profile: 6.5 billion transactions annually, 750+ customers, 500+ employees  Team of 7: CISO, 1 security architect, 3 security analysts, 2 network security  Analytics surfaced (for example) an employee who attempted to move “sensitive data” from endpoint to personal Dropbox  Employee was arrested and prosecuted using incident data Focus and prioritized incident responses Incident alert accuracy increased from 28% to 92% Incident mitigation coverage doubled from 70 per week to 140
  • 13. 13 | © 2018 Interset Software 13 | © 2018 Interset Software Lesson #3: Meaningful Metrics Hawthorne Effect: Whatever gets measured, gets optimized Recommendations  Define meaningful operational metrics (not just “false positives”)  Build a process for measuring and quantifying over time, not just during a pilot  Ensure the Security Analytics system supports a feedback process to adjust the analytics to support your target metrics
  • 14. 14 | © 2018 Interset Software 14 | © 2018 Interset Software What Have We Learned? Lessons Learned  The Math Matters – Test It  Less Alerts, Not More  Automated, Measured Responses  Meaningful Metrics Recommendations  Agree on the use cases in advance  Evaluate results with and without security analytics system  Assess risk level, not binary alert  Ensure integrated feedback and automated response
  • 15. 15 | © 2018 Interset Software 15 | © 2018 Interset Software QUESTIONS? Roy Wilds – Field Data Scientist @roywilds Learn more at Interset.AI
  • 16. 16 | © 2018 Interset Software How Millions of Events Become Qualified Threats Leads ACQUIRE DATA CREATE UNIQUE BASELINES DETECT, MEASURE AND SCORE ANOMALIES HIGH QUALITY THREAT LEADS INTERNAL RECON INFECTED HOST DATA STAGING & THEFT COMPROMISED ACCOUNT LATERAL MOVEMENT ACCOUNT MISUSE CUSTOM FRAUD Contextual views. Drill-down and cyber-hunting. Broad data collection DLP ENDPOINT Buz Apps CUSTOM DATA NETWORK IAM Determine what is normal Gather the raw materials Find the behavior that matters W orkflow engine for incident response.
  • 17. 17 | © 2018 Interset Software 17 | © 2018 Interset Software More Case Studies Digital Advertising Agency Prove not cause of Star Wars leak “Interset’s unique ability to analyze billions of events and distill them into high- confidence security intelligence allows us to quickly separate threats from the noise. This visibility and focus allows our security practitioners to quickly investigate and remediate threats even as they become increasingly pervasive and sophisticated.” MSSP “SOC in Box” “By embedding Interset’s security analytics into our Prescriptive Security managed service, we provide our customers with very rapid reaction to threats and improved Security Operations Center efficiency.” - Stephen Shibel, head of Big Data & Cybersecurity for Atos North American Operations
  • 18. 18 | © 2018 Interset Software 18 | © 2018 Interset Software Case Study: Defense Contractor zz High Probability Anomalous Behavior Models  Detected large copies to the portable hard drive, at an unusual time of day  Bayesian models to measure and detect highly improbable events High Risk File Models  Detected high risk files, including PowerPoints collecting large amounts of inappropriate content  Risk aggregation based on suspicious behaviors and unusual derivative movement
  • 19. 19 | © 2018 Interset Software 19 | © 2018 Interset Software Lesson: Automated, Measured Responses  Security Analytics system should allow you to quantify risk, not just a binary alert  Consider how to automate responses to low, medium, high and extreme risk scenarios  Where does security analytics fit into your existing runbook? Recommendations • Ensure the Security Analytics system has the ability to output a risk assessment level or score, not just a binary alert • Ensure the Security Analytics system can integrate with downstream systems • Evaluate the solution with automated response systems as part of the deployment
  • 20. 20 | © 2018 Interset Software 20 | © 2018 Interset Software About Interset.AI SECURITY ANALYTICS LEADER PARTNERSABOUT US Data science & analytics focused on cybersecurity 100 person-years of security analytics and anomaly detection R&D Offices in Ottawa, Canada; Newport Beach, CA Interset.AI

Editor's Notes

  1. Reactive Scattered Overwhelming 60–80% false positives Not enough data for visibility Not enough staff
  2. Use cases: Insider threat, account compromise, fraud, HIPAA compliance Data sources: Endpoints, AD via Splunk, Fileshare logs, EMR application logs, prescription logs
  3. 4 key components you need for an effective security analytics solution -You need to compute unique normal -You need unsupervised machine learning – making no assumptions as to behavior or distribution of data. In fact, these types of datasets involved in insider attacks rarely have much meta-data that describes the data itself. -You need a Big Data infrastructure – need the ability to compute at scale in a cost effective manner -You need a mathematical framework – to ingest billions of events every day and reduce it down to a handful of real threat leads. -Also, the ability to integrate into your security eco-system is critical so the solution is completely API driven