SlideShare a Scribd company logo

Machine Learning for Threat Detection

Download as PPTX, PDF
Napier University
Napier University

A presentation by Harry McLaren at The Cyber Academy

Technology
1 of 26
USER BEHAVIOURAL ANALYTICS Machine Learning for Threat Detection Harry McLaren – Security Consultant at ECS
HARRY MCLAREN •Alumnus of Edinburgh Napier •Security Consultant at ECS • SOC & CSIR Development • Splunk Consultant & Architect
ACCELERATING PACE OF DATA Volume | Velocity | Variety | Variability
Legacy SIEM type technologies aren’t enough to detect insider threats and advanced adversaries and are poorly designed for rapid incident response. [SIEM - Security Information & Event Management]
Inadequate Contextual Data 68% of respondents in the survey said that reports often only indicated changes without specifying what the change was. Innocuous Events of Interest 81% of respondents said that SIEM reports contain too much extraneous information and were overwhelmed with false positives. 2016 SIEM Efficiency Survey - Conducted by Netwrix
1995 2002 2008 2011 2015 END-POINT SECURITY NETWORK SECURITY EARLY CORRELATION PAYLOAD ANALYSIS BEHAVIOR ANALYSIS TECHNOLOGY DEVELOPMENT CAPABILITY EVOLUTION
KILL CHAIN - EVENTS OVERLOAD
SECURITY PLATFORM DETECTING UNKNOWN THREATS SECURITY & COMPLIANCE REPORTING INCIDENT INVESTIGATIONS & FORENSICS REAL-TIME MONITORING OF KNOWN THREATS DETECTION OF INSIDER THREATS DETECTION OF ADVANCED CYBER ATTACKS Splunk Enterprise Security Splunk UBA
MACHINE LEARNING EVOLUTION EVOLUTION COMPLEXITY RULES - THRESHOLD POLICY - THRESHOLD POLICY - STATISTICS UNSUPERVISED MACHINE LEARNING POLICY - PEER GROUP STATISTICS SUPERVISED MACHINE LEARNING
DETECT ADVANCED CYBERATTACKS DETECT MALICIOUS INSIDER THREATS ANOMALY DETECTION THREAT DETECTION UNSUPERVISED MACHINE LEARNING BEHAVIOR BASELINING & MODELING REAL-TIME & BIG DATA ARCHITECTURE WHAT IS SPLUNK USER BEHAVIORAL ANALYTICS?
INSIDER THREAT John connects via VPN Administrator performs ssh (root) to a file share - finance department John executes remote desktop to a system (administrator) - PCI zone John elevates his privileges root copies the document to another file share - Corporate zone root accesses a sensitive document from the file share root uses a set of Twitter handles to chop and copy the data outside the enterprise USER ACTIVITY Day 1 . . Day 2 . . Day N
MULTI-ENTITY BEHAVIORAL MODEL APPLICATION USER HOST NETWORK DATA
UBA 2.2 LATEST FEATURES • Threat Modeling Framework • Create custom threats using 60+ anomalies. • Enhanced Security Analytics • Visibility and baseline metrics around user, device, application and protocols. • Risk Percentile & Dynamic Peer Groups • Support for Additional 3rd Party Devices
QUESTIONS / CONTACT twitter.com/cyberharibu harry.mclaren@ecs.co.uk harrymclaren.co.uk/blog
Machine Learning for Threat Detection
Machine Learning for Threat Detection
Machine Learning for Threat Detection
Machine Learning for Threat Detection
Machine Learning for Threat Detection
Machine Learning for Threat Detection
Machine Learning for Threat Detection
Machine Learning for Threat Detection
Machine Learning for Threat Detection
Machine Learning for Threat Detection
Machine Learning for Threat Detection

Recommended

Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learning
Security Bootcamp
 
Malware classification and detection
Malware classification and detectionMalware classification and detection
Malware classification and detection
Chong-Kuan Chen
 
Application of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityApplication of Machine Learning in Cybersecurity
Application of Machine Learning in Cybersecurity
Pratap Dangeti
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
Malware Detection using Machine Learning
Malware Detection using Machine Learning Malware Detection using Machine Learning
Malware Detection using Machine Learning
Cysinfo Cyber Security Community
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability Tester
Aditya Jain
 
Network attacks
Network attacksNetwork attacks
Network attacks
Manjushree Mashal
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made Simple
Paul Melson
 

Recommended

Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learning
Security Bootcamp
 
Malware classification and detection
Malware classification and detectionMalware classification and detection
Malware classification and detection
Chong-Kuan Chen
 
Application of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityApplication of Machine Learning in Cybersecurity
Application of Machine Learning in Cybersecurity
Pratap Dangeti
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
Malware Detection using Machine Learning
Malware Detection using Machine Learning Malware Detection using Machine Learning
Malware Detection using Machine Learning
Cysinfo Cyber Security Community
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability Tester
Aditya Jain
 
Network attacks
Network attacksNetwork attacks
Network attacks
Manjushree Mashal
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made Simple
Paul Melson
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
PECB
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial Intelligence
Inderjeet Singh
 
Malware Detection Approaches using Data Mining Techniques.pptx
Malware Detection Approaches using Data Mining Techniques.pptxMalware Detection Approaches using Data Mining Techniques.pptx
Malware Detection Approaches using Data Mining Techniques.pptx
Alamgir Hossain
 
Introduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for BusinesssIntroduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for Businesss
Andrew Wong
 
top-50-cybersecurity-threats.pdf
top-50-cybersecurity-threats.pdftop-50-cybersecurity-threats.pdf
top-50-cybersecurity-threats.pdf
nowplanettv1
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Aparna Bhadran
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
Rashad Aliyev
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
Ammar WK
 
Biometric security using cryptography
Biometric security using cryptographyBiometric security using cryptography
Biometric security using cryptography
Sampat Patnaik
 
Vapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesVapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) services
Akshay Kurhade
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
pooja_doshi
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
Marco Morana
 
Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021
Amrit Chhetri
 
Malware Dectection Using Machine learning
Malware Dectection Using Machine learningMalware Dectection Using Machine learning
Malware Dectection Using Machine learning
Shubham Dubey
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber Security
RajathV2
 
When Cyber Security Meets Machine Learning
When Cyber Security Meets Machine LearningWhen Cyber Security Meets Machine Learning
When Cyber Security Meets Machine Learning
Lior Rokach
 
Computer security - A machine learning approach
Computer security - A machine learning approachComputer security - A machine learning approach
Computer security - A machine learning approach
Sandeep Sabnani
 

More Related Content

What's hot

Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Biometric security using cryptography
Biometric security using cryptographyBiometric security using cryptography
Biometric security using cryptography
Sampat Patnaik
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
pooja_doshi
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
Marco Morana
 

What's hot (20)

Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial Intelligence
 
Malware Detection Approaches using Data Mining Techniques.pptx
Malware Detection Approaches using Data Mining Techniques.pptxMalware Detection Approaches using Data Mining Techniques.pptx
Malware Detection Approaches using Data Mining Techniques.pptx
 
Introduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for BusinesssIntroduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for Businesss
 
top-50-cybersecurity-threats.pdf
top-50-cybersecurity-threats.pdftop-50-cybersecurity-threats.pdf
top-50-cybersecurity-threats.pdf
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Biometric security using cryptography
Biometric security using cryptographyBiometric security using cryptography
Biometric security using cryptography
 
Vapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesVapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) services
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
 
Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021
 
Malware Dectection Using Machine learning
Malware Dectection Using Machine learningMalware Dectection Using Machine learning
Malware Dectection Using Machine learning
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber Security
 

Viewers also liked

When Cyber Security Meets Machine Learning
When Cyber Security Meets Machine LearningWhen Cyber Security Meets Machine Learning
When Cyber Security Meets Machine Learning
Lior Rokach
 
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Alex Pinto
 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection Systems
Omar Shaya
 
BSidesLV 2013 - Using Machine Learning to Support Information Security
BSidesLV 2013 - Using Machine Learning to Support Information SecurityBSidesLV 2013 - Using Machine Learning to Support Information Security
BSidesLV 2013 - Using Machine Learning to Support Information Security
Alex Pinto
 
Artificial Intelligence and Machine Learning for Cybersecurity
Artificial Intelligence and Machine Learning for CybersecurityArtificial Intelligence and Machine Learning for Cybersecurity
Artificial Intelligence and Machine Learning for Cybersecurity
Dr David Probert
 
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
Alex Pinto
 
SXSW
SXSWSXSW
SXSW
Goodreads
 

Viewers also liked (20)

When Cyber Security Meets Machine Learning
When Cyber Security Meets Machine LearningWhen Cyber Security Meets Machine Learning
When Cyber Security Meets Machine Learning
 
Computer security - A machine learning approach
Computer security - A machine learning approachComputer security - A machine learning approach
Computer security - A machine learning approach
 
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
 
Jim Geovedi - Machine Learning for Cybersecurity
Jim Geovedi - Machine Learning for CybersecurityJim Geovedi - Machine Learning for Cybersecurity
Jim Geovedi - Machine Learning for Cybersecurity
 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection Systems
 
BSidesLV 2013 - Using Machine Learning to Support Information Security
BSidesLV 2013 - Using Machine Learning to Support Information SecurityBSidesLV 2013 - Using Machine Learning to Support Information Security
BSidesLV 2013 - Using Machine Learning to Support Information Security
 
Artificial Intelligence and Machine Learning for Cybersecurity
Artificial Intelligence and Machine Learning for CybersecurityArtificial Intelligence and Machine Learning for Cybersecurity
Artificial Intelligence and Machine Learning for Cybersecurity
 
A review of machine learning based anomaly detection
A review of machine learning based anomaly detectionA review of machine learning based anomaly detection
A review of machine learning based anomaly detection
 
Machine Learning in Information Security by Mohammed Zuber
Machine Learning in Information Security by Mohammed ZuberMachine Learning in Information Security by Mohammed Zuber
Machine Learning in Information Security by Mohammed Zuber
 
Fms goodreads
Fms goodreadsFms goodreads
Fms goodreads
 
Kind of big data in info sec
Kind of big data in info secKind of big data in info sec
Kind of big data in info sec
 
MOBILE DEVICE FORENSICS USING NLP
MOBILE DEVICE FORENSICS USING NLPMOBILE DEVICE FORENSICS USING NLP
MOBILE DEVICE FORENSICS USING NLP
 
Cloudera Federal Forum 2014: The Evolution of Machine Learning from Science t...
Cloudera Federal Forum 2014: The Evolution of Machine Learning from Science t...Cloudera Federal Forum 2014: The Evolution of Machine Learning from Science t...
Cloudera Federal Forum 2014: The Evolution of Machine Learning from Science t...
 
Machine learning cyphort_malware_most_wanted
Machine learning cyphort_malware_most_wantedMachine learning cyphort_malware_most_wanted
Machine learning cyphort_malware_most_wanted
 
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
 
SXSW
SXSWSXSW
SXSW
 
Artificial intelligence in cyber defense
Artificial intelligence in cyber defenseArtificial intelligence in cyber defense
Artificial intelligence in cyber defense
 
Next generation security analytics
Next generation security analyticsNext generation security analytics
Next generation security analytics
 
Data Science Transforming Security Operations
Data Science Transforming Security OperationsData Science Transforming Security Operations
Data Science Transforming Security Operations
 
Detecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking DataDetecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking Data
 

Similar to Machine Learning for Threat Detection

BUSCAS UNA SEGURIDAD INTEGRADA Y DINÁMICA? ; INTELIGENCIA Y COLABORACIÓN LA ...
BUSCAS UNA SEGURIDAD INTEGRADA Y DINÁMICA? ; INTELIGENCIA Y COLABORACIÓN LA ...BUSCAS UNA SEGURIDAD INTEGRADA Y DINÁMICA? ; INTELIGENCIA Y COLABORACIÓN LA ...
BUSCAS UNA SEGURIDAD INTEGRADA Y DINÁMICA? ; INTELIGENCIA Y COLABORACIÓN LA ...
Cristian Garcia G.
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Cristian Garcia G.
 

Similar to Machine Learning for Threat Detection (20)

Security Meetup Scotland - August 2017 (Deconstructing SIEM)
Security Meetup Scotland - August 2017 (Deconstructing SIEM)Security Meetup Scotland - August 2017 (Deconstructing SIEM)
Security Meetup Scotland - August 2017 (Deconstructing SIEM)
 
Deconstructing SIEM
Deconstructing SIEMDeconstructing SIEM
Deconstructing SIEM
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to Know
 
BUSCAS UNA SEGURIDAD INTEGRADA Y DINÁMICA? ; INTELIGENCIA Y COLABORACIÓN LA ...
BUSCAS UNA SEGURIDAD INTEGRADA Y DINÁMICA? ; INTELIGENCIA Y COLABORACIÓN LA ...BUSCAS UNA SEGURIDAD INTEGRADA Y DINÁMICA? ; INTELIGENCIA Y COLABORACIÓN LA ...
BUSCAS UNA SEGURIDAD INTEGRADA Y DINÁMICA? ; INTELIGENCIA Y COLABORACIÓN LA ...
 
Cyber Attack Survival
Cyber Attack SurvivalCyber Attack Survival
Cyber Attack Survival
 
Security Analytics Beyond Cyber
Security Analytics Beyond CyberSecurity Analytics Beyond Cyber
Security Analytics Beyond Cyber
 
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
LIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming SecurityLIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming Security
 
Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst
 
Operational Security for Transportation: Connectivity to Rails
Operational Security for Transportation: Connectivity to Rails Operational Security for Transportation: Connectivity to Rails
Operational Security for Transportation: Connectivity to Rails
 
Cybercrime future perspectives
Cybercrime future perspectivesCybercrime future perspectives
Cybercrime future perspectives
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
 
Windstream Cloud Security Checklist
Windstream Cloud Security Checklist Windstream Cloud Security Checklist
Windstream Cloud Security Checklist
 
Reducing cyber risks in the era of digital transformation
Reducing cyber risks in the era of digital transformationReducing cyber risks in the era of digital transformation
Reducing cyber risks in the era of digital transformation
 
Operationalizing Security Intelligence
Operationalizing Security IntelligenceOperationalizing Security Intelligence
Operationalizing Security Intelligence
 
INTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSINTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICS
 
What your scanner isn't telling you
What your scanner isn't telling youWhat your scanner isn't telling you
What your scanner isn't telling you
 

More from Napier University

More from Napier University (20)

Intrusion Detection Systems
Intrusion Detection SystemsIntrusion Detection Systems
Intrusion Detection Systems
 
Networks
NetworksNetworks
Networks
 
Memory, Big Data and SIEM
Memory, Big Data and SIEMMemory, Big Data and SIEM
Memory, Big Data and SIEM
 
What is Cyber Data?
What is Cyber Data?What is Cyber Data?
What is Cyber Data?
 
Open Source Intelligence
Open Source IntelligenceOpen Source Intelligence
Open Source Intelligence
 
10. Data to Information: NumPy and Pandas
10. Data to Information: NumPy and Pandas10. Data to Information: NumPy and Pandas
10. Data to Information: NumPy and Pandas
 
2. Defence Systems
2. Defence Systems2. Defence Systems
2. Defence Systems
 
1. Cyber and Intelligence
1. Cyber and Intelligence1. Cyber and Intelligence
1. Cyber and Intelligence
 
The Road Ahead for Ripple, Marjan Delatinne
The Road Ahead for Ripple, Marjan DelatinneThe Road Ahead for Ripple, Marjan Delatinne
The Road Ahead for Ripple, Marjan Delatinne
 
Delivering The Tel Aviv Stock Exchange Securities, Duncan Johnston-Watt
Delivering The Tel Aviv Stock Exchange Securities, Duncan Johnston-Watt Delivering The Tel Aviv Stock Exchange Securities, Duncan Johnston-Watt
Delivering The Tel Aviv Stock Exchange Securities, Duncan Johnston-Watt
 
ARTiFACTS, Emma Boswood
ARTiFACTS, Emma BoswoodARTiFACTS, Emma Boswood
ARTiFACTS, Emma Boswood
 
RMIT Blockchain Innovation Hub, Chris Berg
RMIT Blockchain Innovation Hub, Chris BergRMIT Blockchain Innovation Hub, Chris Berg
RMIT Blockchain Innovation Hub, Chris Berg
 
Keynote, Naseem Naqvi
Keynote, Naseem Naqvi Keynote, Naseem Naqvi
Keynote, Naseem Naqvi
 
Browser-based Crypto M, C. F Mondschein
Browser-based Crypto M, C. F MondscheinBrowser-based Crypto M, C. F Mondschein
Browser-based Crypto M, C. F Mondschein
 
Should we transform or adapt to blockchain - a public sector perspective?, Al...
Should we transform or adapt to blockchain - a public sector perspective?, Al...Should we transform or adapt to blockchain - a public sector perspective?, Al...
Should we transform or adapt to blockchain - a public sector perspective?, Al...
 
IoT device attestation system using blockchain, Alistair Duke
IoT device attestation system using blockchain, Alistair DukeIoT device attestation system using blockchain, Alistair Duke
IoT device attestation system using blockchain, Alistair Duke
 
Robust Programming of Smart Contracts in Solidity+, RK Shyamasundar
Robust Programming of Smart Contracts in Solidity+, RK ShyamasundarRobust Programming of Smart Contracts in Solidity+, RK Shyamasundar
Robust Programming of Smart Contracts in Solidity+, RK Shyamasundar
 
Using Blockchain for Evidence Purpose, Rafael Prabucki
Using Blockchain for Evidence Purpose, Rafael PrabuckiUsing Blockchain for Evidence Purpose, Rafael Prabucki
Using Blockchain for Evidence Purpose, Rafael Prabucki
 
Cryptocurrencies and cyberlaundering- the need for regulation, Gian Marco Bov...
Cryptocurrencies and cyberlaundering- the need for regulation, Gian Marco Bov...Cryptocurrencies and cyberlaundering- the need for regulation, Gian Marco Bov...
Cryptocurrencies and cyberlaundering- the need for regulation, Gian Marco Bov...
 
Emerging Regulatory Approaches to Blockchain-based Token Economy, Agata Fereirra
Emerging Regulatory Approaches to Blockchain-based Token Economy, Agata FereirraEmerging Regulatory Approaches to Blockchain-based Token Economy, Agata Fereirra
Emerging Regulatory Approaches to Blockchain-based Token Economy, Agata Fereirra
 

Recently uploaded

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 

Recently uploaded (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

Machine Learning for Threat Detection

Editor's Notes

  1. Slide: Title
  2. Slide: Introduction
  3. Slide: Machine Data
  4. Slide: Problem – Legacy SIEM
  5. Slide: Evidence The same survey showed that over half of the respondents are trying to employ more entry level analysts to deal with the overwhelming (but largely worthless) alerts coming from their legacy SIEMs and further more turning to audits and compliance activities to overcome the SIEMs drawbacks. Sources: http://www.bloomberg.com/research/markets/news/article.asp?docKey=600-201603150921MRKTWIREUSPR_____1249121-1 http://www.information-age.com/technology/information-management/123461162/why-big-data-and-siem-dont-always-equal-big-answers-security
  6. Slide: Technology Development
  7. Slide: Events Overload
  8. Slide: Splunk Security Platform
  9. Slide: Machine Learning Evolution
  10. Slide: Solution – Splunk UBA Splunk User Behavior Analytics is a cyber security and threat detection solution that helps organizations find hidden threats without using rules, signatures or human analysis. It uses behavior modeling, peer group analysis, real-time statistical analysis, collaborative filtering and other machine learning techniques. Has a 99% reduction of notable events in various customer based case studies, enabling analysts to focus on important threats and not waste time confirming false positives. Attack Defenses User & Entity Behavior Baseline Behavioral Peer Group Analysis Insider Threat Detection IP Reputation Analysis Reconnaissance, Botnet and C&C Analysis Statistical Analysis Data Exfiltration Models Lateral Movement Analysis Polymorphic Attack Analysis Cyber Attack / External Threat Detection Entropy/Rare Event Detection User/Device Dynamic Fingerprinting Threat Attack Correlation Data Sources Key: Identity/Authentication Active Directory/Domain Controller Single Sign-on HRIS VPN DNS, DHCP Activity Web Gateway Proxy Server Firewall DLP Security Products Malware Endpoint IDS, IPS, AV Optional: SaaS/Mobile AWS CloudTrail Box, SF.com, Dropbox, other SaaS apps Mobile Devices External Threat Feeds Threat Stream, FS-ISAC or other blacklists for IPs/domains
  11. Slide: Example – Insider Threat
  12. Slide: Behaviour Modelling Categories Deviation from Baseline Time series Rarity, probabilistic difference Rare sequences Outliers Advanced Behaviour Detection Beaconing Exploit kit Malware for HTTP Malware for IP Webshell Graph Models Lateral movement Resource Access Helper Models Anomalies based on rules Externals alarms handlers Session Building Connection between events Track activity from different perspectives in a kill chain Threat Models Graph-based models Session-based models Rule-based models
  13. Demo