From Threat Intelligence to Defense Cleverness: A Data Science Approach (#tidatasci)
|
|
- Lilian Powers
- 8 years ago
- Views:
Transcription
1 From Threat Intelligence to Defense Cleverness: A Data Science Approach (#tidatasci) Alex Pinto Chief Data Scientist Niddel /
2 () { :; }; whoami Alex Pinto That guy that started MLSec Project Chief Data Scientist at Niddel Machine Learning Researcher focused on Security Data Network security and incident response aficionado Tortured by Log Management / SIEMs as a child A BIG FAN of Attack Maps #pewpew Does not know who hacked Sony Has nothing to do with attribution in Operation Capybara
3 Agenda Cyber War Threat Intel What is it good for? Combine and TIQ-test Using TIQ-test Novelty Test Overlap Test Population Test Aging Test Uniqueness Test Use case: Feed Comparison
4 What is TI good for anyway?
5 What is TI good for anyway? 1) Attribution
6 What is TI good for anyway?
7 What is TI good for anyway? 2) Cyber Threat Maps (
8 What is TI good for anyway? 3) How about actual defense? Use it as blacklists? As research data? Thing is RAW DATA is hard to work with
9 (Semi-)Required Reading #tiqtest slides: RPubs Page:
10 Combine and TIQ-Test Combine ( Gathers TI data (ip/host) from Internet and local files Normalizes the data and enriches it (AS / Geo / pdns) Can export to CSV, tiq-test format and CRITs Coming soon: CybOX / STIX TIQ-Test ( Runs statistical summaries and tests on TI feeds Generates charts based on the tests and summaries Written in R (because you should learn a stat language)
11 Using TIQ-TEST Available tests and statistics: NOVELTY How often do they update themselves? OVERLAP How do they compare to what you got? POPULATION How does this population distribution compare to another one? AGING How long does an indicator sit on a feed? UNIQUENESS How many indicators are found in only one feed?
12 Using TIQ-TEST New dataset!
13 Using TIQ-TEST Feeds Selected Dataset was separated into inbound and outbound
14 Using TIQ-TEST Data Prep Extract the raw information from indicator feeds Both IP addresses and hostnames were extracted
15 Using TIQ-TEST Data Prep Convert the hostname data to IP addresses: Active IP addresses for the respective date ( A query) Passive DNS from Farsight Security (DNSDB) For each IP record (including the ones from hostnames): Add asnumber and asname (from MaxMind ASN DB) Add country (from MaxMind GeoLite DB) Add rhost (again from DNSDB) most popular PTR
16 Using TIQ-TEST Data Prep Done
17 Novelty Test measuring added and dropped indicators
18 Novelty Test - Inbound
19 Overlap Test More data is better, but make sure it is not the same data
20 Overlap Test - Inbound
21 Overlap Test - Outbound
22 Population Test Let us use the ASN and GeoIP databases that we used to enrich our data as a reference of the true population. But, but, human beings are unpredictable! We will never be able to forecast this!
23
24 Is your sampling poll as random as you think?
25 Can we get a better look? Statistical inference-based comparison models (hypothesis testing) Exact binomial tests (when we have the true pop) Chi-squared proportion tests (similar to independence tests)
26
27 Aging Test Is someone cleaning this up eventually?
28 INBOUND
29 OUTBOUND
30 Uniqueness Test
31 Uniqueness Test Domain-based indicators are unique to one list between 96.16% and 97.37% IP-based indicators are unique to one list between 82.46% and 95.24% of the time
32
33 Intermission
34 OPTION 1: Cool Story, Bro! Some of you are probably like: You Data Scientists and your algorithms, how quaint. Why aren t you doing some useful research like nation-state attribution?
35 OPTION 2: How can I use this awesomeness on my data?
36 Use Case: Comparing Private Feeds How about using TIQ-TEST to evaluate a private intel feed? Trying stuff before you buy is usually a good idea. Just sayin Let s compare a new feed, private1, against our combined outbound indicators
37 Population Test
38 Population Test
39 Population Test
40 Aging Test Mostly DGA Related Churn I guess most DGAs rotate every 24 hours, right? Rotation means the private data is still fresh, from research or DGA generation procedures
41
42
43 A++ WOULD THREAT INTEL AGAIN
44 MLSec Project Both projects are available as GPLv3 by MLSec Project Doing ML research on Security? Let us know! Putting together a trust group to share experiences and develop open-source tools to help with data gathering and analysis Liked TIQ-TEST? We can help benchmark your private feeds using these and other techniques Visit or just me.
45 Don t want to do all this work? Come talk to me about Niddel! Private Beta of Magnet, the Machine Learning-powered Threat Intelligence Platform. Our models extrapolate the knowledge of existing threat intelligence feeds as experienced analysis would. Models make use of the same data analyst would have. Automatically triages and hunts on pivots of enriched information
46 Take Aways Analyze your data. Extract value from it! Try before you buy! Different test results mean different things to different orgs. Try the sample data, replicate the experiments:
47 Greets for helping with for his work on for IPEW and chart revisions for TIQ- TEST All the MLSec Project community peps!
48
49 Thanks! Q&A? Feedback! @NiddelCorp The measure of intelligence is the ability to change." - Albert Einstein
Data-Driven Threat Intelligence: Metrics on Indicator Dissemination and Sharing (#ddti)
Data-Driven Threat Intelligence: Metrics on Indicator Dissemination and Sharing (#ddti) Alex Pinto Chief Data Scientist MLSec Project @alexcpsec @MLSecProject Alexandre Sieira CTO Niddel @AlexandreSieira
More informationData- Driven Threat Intelligence: Metrics on Indicator Dissemination and Sharing (#ddti)
Data- Driven Threat Intelligence: Metrics on Indicator Dissemination and Sharing (#ddti) Alex Pinto Chief Data Scientist Niddel / MLSec Project @alexcpsec @MLSecProject Alexandre Sieira CTO Niddel @AlexandreSieira
More informationData-Driven Threat Intelligence: Metrics on Indicator Dissemination and Sharing (#ddti)
Data-Driven Threat Intelligence: Metrics on Indicator Dissemination and Sharing (#ddti) Alex Pinto Chief Data Scientist MLSec Project / Niddel @alexcpsec @MLSecProject / Niddel Agenda What is TI good for?
More informationMeasuring*the*IQ*of*your*Threat* Intelligence*Feeds*(#TIQtest)*
Measuring*the*IQ*of*your*Threat* Intelligence*Feeds*(#TIQtest)* Alex%Pinto% MLSec%Project% @alexcpsec% @MLSecProject! Kyle%Maxwell% Researcher% @kylemaxwell! whoami(s)* Alex%Pinto% Science%guy%at%MLSec%Project%
More informationSecure Because Math: Understanding ML- based Security Products (#SecureBecauseMath)
Secure Because Math: Understanding ML- based Security Products (#SecureBecauseMath) Alex Pinto Chief Data Scientist Niddel / MLSec Project @alexcpsec @MLSecProject @NiddelCorp MLSec Project / Niddel MLSec
More informationEvolution Of Cyber Threats & Defense Approaches
Evolution Of Cyber Threats & Defense Approaches Antony Abraham IT Architect, Information Security, State Farm Kevin McIntyre Tech Lead, Information Security, State Farm Agenda About State Farm Evolution
More informationApplying Machine Learning to Network Security Monitoring. Alex Pinto Chief Data Scien2st MLSec Project @alexcpsec @MLSecProject!
Applying Machine Learning to Network Security Monitoring Alex Pinto Chief Data Scien2st MLSec Project @alexcpsec @MLSecProject! whoami Almost 15 years in Informa2on Security, done a licle bit of everything.
More informationDefending Networks with Incomplete Information: A Machine Learning Approach. Alexandre Pinto alexcp@mlsecproject.org @alexcpsec @MLSecProject
Defending Networks with Incomplete Information: A Machine Learning Approach Alexandre Pinto alexcp@mlsecproject.org @alexcpsec @MLSecProject Agenda Security Monitoring: We are doing it wrong Machine Learning
More informationCymon.io. Open Threat Intelligence. 29 October 2015 Copyright 2015 esentire, Inc. 1
Cymon.io Open Threat Intelligence 29 October 2015 Copyright 2015 esentire, Inc. 1 #> whoami» Roy Firestein» Senior Consultant» Doing Research & Development» Other work include:» docping.me» threatlab.io
More informationSecure Because Math: Understanding ML- based Security Products (#SecureBecauseMath)
Secure Because Math: Understanding ML- based Security Products (#SecureBecauseMath) Alex Pinto Chief Data Scien2st Niddel / MLSec Project @alexcpsec @MLSecProject @NiddelCorp Agenda Security Singularity
More informationThreat Intelligence Buyer s Guide
Threat Intelligence Buyer s Guide SANS CTI Summit, 10 February 2014 Rick Holland @rickhholland Principal Analyst Last year 2014 Forrester Research, Inc. Reproduction Prohibited 2 This year, Arnold s back!!
More informationFROM INBOX TO ACTION EMAIL AND THREAT INTELLIGENCE:
WHITE PAPER EMAIL AND THREAT INTELLIGENCE: FROM INBOX TO ACTION There is danger in your email box. You know it, and so does everyone else. The term phishing is now part of our daily lexicon, and even if
More informationAll about Threat Central
All about Threat Central Ted Ross & Nadav Cohen #HPProtect Forward-looking statements This is a rolling (up to three year) Roadmap and is subject to change without notice. This document contains forward
More informationWHITE PAPER: THREAT INTELLIGENCE RANKING
WHITE PAPER: THREAT INTELLIGENCE RANKING SEPTEMBER 2015 2 HOW WELL DO YOU KNOW YOUR THREAT DATA? HOW THREAT INTELLIGENCE FEED MODELING CAN SAVE MONEY AND PREVENT BREACHES Who are the bad guys? What makes
More informationSeparating Signal from Noise: Taking Threat Intelligence to the Next Level
SESSION ID: SPO2-T09 Separating Signal from Noise: Taking Threat Intelligence to the Next Level Doron Shiloach X-Force Product Manager IBM @doronshiloach Agenda Threat Intelligence Overview Current Challenges
More informationModern Approach to Incident Response: Automated Response Architecture
SESSION ID: ANF-T10 Modern Approach to Incident Response: Automated Response Architecture James Carder Director, Security Informatics Mayo Clinic @carderjames Jessica Hebenstreit Senior Manager, Security
More informationThreat Intelligence Platforms: The New Essential Enterprise Software
Gitomer-1 Threat Intelligence Platforms: The New Essential Enterprise Software Due to the ever-increasing volume of cyber attacks and regulatory pressures, there is a need for a new type of enterprise
More informationThe MANTIS Framework Cyber-Threat Intelligence Mgmt. for CERTs Siemens AG 2014. All rights reserved
B. Grobauer, S.Berger, J. Göbel, T. Schreck, J. Wallinger Siemens CERT The MANTIS Framework Cyber-Threat Intelligence Mgmt. for CERTs Note MANTIS is available as Open Source under GPL v2+ from https://github.com/siemens/django-mantis
More information81% of participants believe the government should share more threat intelligence with the private sector.
Threat Intelligence Sharing & the Government s Role in It Results of a Survey at InfoSec 2015 Section 1 1.1 Executive summary The last few years has seen a rise in awareness regarding security breaches
More informationAfter the Attack: RSA's Security Operations Transformed
After the Attack: RSA's Security Operations Transformed Ben Smith, CISSP RSA Field CTO (East), Security Portfolio Senior Member, ISSA Northern Virginia 1 The Environment ~ 2,000 security devices ~55M security
More informationOpen Source Threat Intelligence. Kyle R Maxwell (@kylemaxwell) Senior Researcher, Verizon RISK Team
Open Source Threat Intelligence Kyle R Maxwell (@kylemaxwell) Senior Researcher, Verizon RISK Team 2 Before we begin All trademarks belong to their respective owners. No association with any other organizations,
More informationWhat s New in Security Analytics 10.4. Be the Hunter.. Not the Hunted
What s New in Security Analytics 10.4 Be the Hunter.. Not the Hunted Attackers Are Outpacing Detection Attacker Capabilities Time To Discovery Source: VERIZON 2014 DATA BREACH INVESTIGATIONS REPORT 2 TRANSFORM
More informationQuality Over Quantity
Presented by Rod Rasmussen June 16, 2015 FIRST Conference, Berlin Quality Over Quantity CUTTING THROUGH CYBERTHREAT INTELLIGENCE NOISE Rod Rasmussen IID founder, CTO Co-chair Anti- Phishing Working Group
More informationOperational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel
Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel @Ben_Smith Ben Smith, CISSP Field CTO (US East), Security Portfolio A Security Maturity Path CONTROLS COMPLIANCE IT RISK BUSINESS
More informationThe New ROI: Results Oriented Intel. David Amsler, Founder
The New ROI: Results Oriented Intel David Amsler, Founder Foreground Security Dedicated Security services firm Founded in 2000 with offices in Florida, Virginia, and Maryland Federal and commercial clients
More informationESG Threat Intelligence Research Project
TM Enterprise Strategy Group Getting to the bigger truth. ESG Threat Intelligence Research Project May 2015 Jon Oltsik, Senior Principal Analyst Project Overview 304 completed online surveys with IT professionals
More informationWHEN THE HUNTER BECOMES THE HUNTED HUNTING DOWN BOTNETS USING NETWORK TRAFFIC ANALYSIS
WHEN THE HUNTER BECOMES THE HUNTED HUNTING DOWN BOTNETS USING NETWORK TRAFFIC ANALYSIS /ABOUT/ME Thomas Chopitea - Incident handler @CertSG Digital forensics & incident response (#DFIR), malware analysis,
More informationEnabling Security Operations with RSA envision. August, 2009
Enabling Security Operations with RSA envision August, 2009 Agenda What is security operations? How does RSA envision help with security operations? How does RSA envision fit with other EMC products? If
More informationSecurity Analytics for Smart Grid
Security Analytics for Smart Grid Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC robert.griffin@rsa.com blogs.rsa.com/author/griffin @RobtWesGriffin 1 No Shortage of Hard
More informationHow To Use Data Analysis And Machine Learning For Information Security
Secure because Math: A deep- dive on Machine Learning- based Monitoring Alex Pinto alexcp@mlsecproject.org / @alexcpsec Chief Data Scientist of MLSec Project Introduction and Abstract We could all have
More informationBIG DATA CALLS FOR BIG SECURITY!
BIG DATA CALLS FOR BIG SECURITY! Jason Rader - Chief Security Strategist, RSA Global Services RSA, The Security Division of EMC Session ID: DAS-W02 Session Classification: General Interest Agenda Why Big
More informationTy Miller. Director, Threat Intelligence Pty Ltd
Ty Miller Director, Threat Intelligence Pty Ltd Security Specialist Creator of Threat Analytics CREST Tech Lead, Assessor, Board of Directors Trained likes of FBI, US DoD, US Mil, International Govt agencies,
More informationActionable information for security incident response
Actionable information for security incident response Cosmin Ciobanu 2015 European Union Agency for Network and Information Security www.enisa.europa.eu European Union Agency for Network and Information
More informationThe Five Most Common Cyber-Attack Myths Debunked
cybereason The Five Most Common Cyber-Attack Myths Debunked 2016 Cybereason. All rights reserved. 1 Cyber attacks show no sign of decreasing any time soon. If anything, hackers have expanded the type of
More informationConducting a Successful Cloudmarket CIO
As companies emerge from challenging economic times and turn the corner to face tremendous opportunities, the CIO's role is more and more about strategy and optimizing business results. Today s complex
More informationAugust 2011. Investigating an Insider Threat. A Sensage TechNote highlighting the essential workflow involved in a potential insider breach
August 2011 A Sensage TechNote highlighting the essential workflow involved in a potential insider breach Table of Contents Executive Summary... 1... 1 What Just Happened?... 2 What did that user account
More informationHunting for the Undefined Threat: Advanced Analytics & Visualization
SESSION ID: ANF-W04 Hunting for the Undefined Threat: Advanced Analytics & Visualization Joshua Stevens Enterprise Security Architect Hewlett-Packard Cyber Security Technology Office Defining the Hunt
More informationLogs and Tactical Defence. Allan Stojanovic David Auclair University of Toronto #include <disclaimer.h>
R A O M Logs and Tactical Defence Allan Stojanovic David Auclair University of Toronto #include Our Environment Six /16 IPv4 networks one /32 IPv6 network (393,204 Ipv4s and 4,294,967,296
More informationcybereason Data Breaches Don t Blame Security Teams, Blame Lack of Context 2016 Cybereason. All rights reserved. 1
cybereason Data Breaches Don t Blame Security Teams, Blame Lack of Context 2016 Cybereason. All rights reserved. 1 The increased likelihood that an organization will be breached has security teams under
More informationAdvanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA
Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery
More informationTHE EVOLUTION OF SIEM
THE EVOLUTION OF SIEM WHY IT IS CRITICAL TO MOVE BEYOND LOGS Despite increasing investments in security, breaches are still occurring at an alarming rate. 43% Traditional SIEMs have not evolved to meet
More informationIntrusion Detection in AlienVault
Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat
More informationFirst Step Guide for Building Cyber Threat Intelligence Team. Hitoshi ENDOH (NTT-CERT) Natsuko INUI (CDI-CIRT)
First Step Guide for Building Cyber Threat Intelligence Team Hitoshi ENDOH (NTT-CERT) Natsuko INUI (CDI-CIRT) Agenda About Us CDI-CIRT NTT-CERT Part 1 Cyber Threat Intelligence Team Building Basics Part
More informationUnified Security, ATP and more
SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users
More informationThreat Intelligence: Friend of the Enterprise
SECURELY ENABLING BUSINESS Threat Intelligence: Friend of the Enterprise Danny Pickens Principal Intelligence Analyst MSS FishNet Security DANNY PICKENS Principal Intelligence Analyst, FishNet Security
More informationA Primer on Cyber Threat Intelligence
A Primer on Cyber Threat Intelligence AS ADVERTISED 2 BUZZWORD BINGO! 3 TODAY S CYBER SECURITY CHALLENGES CISOs finding it difficult to define security ROI to executives Short shelf life for CISOs Vastly
More informationActive Response: Automated Risk Reduction or Manual Action?
SESSION ID: CRWD-01 Active Response: Automated Risk Reduction or Manual Action? sec ops dream Monzy Merza Chief Security Evangelist Splunk @monzymerza Agenda Active Response Drivers Facets of Active Response
More informationA New Security Dimension: Industry Experience Using Open Standards to Accelerate Threat Response
A New Security Dimension: Industry Experience Using Open Standards to Accelerate Threat Response Jason Corbin VP Product Management and Strategy IBM Security Cyber Threat Intelligence Refresher Payload
More informationWe Know It Before You Do: Predicting Malicious Domains
We Know It Before You Do: Predicting Malicious Domains Abstract Malicious domains play an important role in many attack schemes. From distributing malware to hosting command and control (C&C) servers and
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationDefending Networks with Incomplete Information: A Machine Learning Approach. Alexandre Pinto alexcp@mlsecproject.org @alexcpsec @MLSecProject
Defending Networks with Incomplete Information: A Machine Learning Approach Alexandre Pinto alexcp@mlsecproject.org @alexcpsec @MLSecProject ** WARNING ** This is a talk about DEFENDING not attacking NO
More informationTesting Your Security A Security Testing How To From Someone Who s Likely Broken Into An Organization Just Like Yours
Testing Your Security A Security Testing How To From Someone Who s Likely Broken Into An Organization Just Like Yours Tom Liston Senior Security Consultant InGuardians, Inc. Director InGuardians Labs tom@inguardians.com
More information2012 SaaS Conversions Benchmark
2012 SaaS Conversions Benchmark Website visitors Website visitors 2% Free trial signups 50% Paying users 60% Active paying users Based on the engagement with about 100 SaaS companies Monthly churn 2.5%
More informationTake the Red Pill: Becoming One with Your Computing Environment using Security Intelligence
Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Chris Poulin Security Strategist, IBM Reboot Privacy & Security Conference 2013 1 2012 IBM Corporation Securing
More informationUsing SIEM for Real- Time Threat Detection
Using SIEM for Real- Time Threat Detection Presentation to ISSA Baltimore See and secure what matters Joe Magee CTO and Co-Founder March, 27 2013 About us Vigilant helps clients build and operate dynamic,
More informationComprehensive Understanding of Malicious Overlay Networks
Comprehensive Understanding of Malicious Overlay Networks Cyber Security Division 2012 Principal Investigators Meeting October 10, 2012 Wenke Lee and David Dagon Georgia Institute of Technology wenke@cc.gatech.edu
More informationAchieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR
Achieving Actionable Situational Awareness... McAfee ESM Ad Quist, Sales Engineer NEEUR The Old SECURITY Model Is BROKEN 2 Advanced Targeted Attacks The Reality ADVANCED TARGETED ATTACKS COMPROMISE TO
More informationIntrusion Along the Kill Chain
Intrusion Along the Kill Chain Part I: On the State of things Intrusion detection systems have been around for almost two decades as a way to attempt to fill in the gap for when preventative security fails.
More informationThreat Intelligence: STIX and Stones Will Break Your Foes
Copyright 2014 Splunk Inc. Threat Intelligence: STIX and Stones Will Break Your Foes Fred Wilmot Director, Global Security PracCce Brad Lindow a.k.a. Superman Global Security Strategist, Splunk Disclaimer
More informationSORTING OUT YOUR SIEM STRATEGY:
SORTING OUT YOUR SIEM STRATEGY: FIVE-STEP GUIDE TO TO FULL SECURITY INFORMATION VISIBILITY AND CONTROLLED THREAT MANAGEMENT INTRODUCTION It s your business to know what is happening on your network. Visibility
More informationUsing Big Data to Align IT Security with Business Risk Mark Seward, Senior Director, Security and Compliance
Copyright 2013 Splunk, Inc. Using Big Data to Align IT Security with Business Risk Mark Seward, Senior Director, Security and Compliance Legal Notices During the course of this presentation, we may make
More informationRashmi Knowles Chief Security Architect EMEA
Rashmi Knowles Chief Security Architect EMEA AGENDA Transformation of IT New cyber-security challenges Intelligence Driven Security Security Analytics Q&A 2 ENTERPRISE DATA CENTER ADVANCED SECURITY A UNIQUE
More informationIntegrating cloud services with Polaris. Presented by: Wes Osborn
Integrating cloud services with Polaris Presented by: Wes Osborn Topics Why the cloud? Cloud Backups DNS Notices IAAS vs PAAS Cloud Providers IAAS = Infrastructure as a Service Run a virtual machine on
More informationAnatomy of Cyber Threats, Vulnerabilities, and Attacks
Anatomy of Cyber Threats, Vulnerabilities, and Attacks ACTIONABLE THREAT INTELLIGENCE FROM ONTOLOGY-BASED ANALYTICS 1 Anatomy of Cyber Threats, Vulnerabilities, and Attacks Copyright 2015 Recorded Future,
More informationEndpoint Threat Detection without the Pain
WHITEPAPER Endpoint Threat Detection without the Pain Contents Motivated Adversaries, Too Many Alerts, Not Enough Actionable Information: Incident Response is Getting Harder... 1 A New Solution, with a
More informationFrancois Ajenstat, Tableau Stephanie McReynolds, Aster Data Steve e Wooledge, Aster Data
Deep Data Exploration: Find Patterns in Your Data Faster & Easier Curt Monash, Founder and President, Monash Research Francois Ajenstat, Tableau Stephanie McReynolds, Aster Data Steve e Wooledge, Aster
More informationNetwork Security Monitoring
Network Security Monitoring Network Startup Resource Center www.nsrc.org These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)
More informationAnalytics: The Future of Security
Analytics: The Future of Security Yong Qiao, Vice President of Software Engineering & Chief Security Architect, MicroStrategy Agenda Introduction: Security Analytics Usher Analytics What is Usher Analytics?
More informationThe Third Rail: New Stakeholders Tackle Security Threats and Solutions
SESSION ID: CXO-R03 The Third Rail: New Stakeholders Tackle Security Threats and Solutions Ted Ross Director, Threat Intelligence HP Security Research @tedross Agenda My brief background An example of
More informationReduce Your Network's Attack Surface
WHITE PAPER Reduce Your Network's Attack Surface Ixia's ThreatARMOR Frees Up Security Resources and Personnel The Threat Landscape When you re dealing with network security, one of the primary measurements
More informationEight Essential Elements for Effective Threat Intelligence Management May 2015
INTRODUCTION The most disruptive change to the IT security industry was ignited February 18, 2013 when a breach response company published the first research that pinned responsibility for Advanced Persistent
More informationSorting out SIEM strategy Five step guide to full security information visibility and controlled threat management
Sorting out SIEM strategy Five step guide to full security information visibility and controlled threat management This guide will show you how a properly implemented and managed SIEM solution can solve
More informationGood Guys vs. the Bad Guys: Can Big Data Tools Counteract Advanced Threats?
Good Guys vs. the Bad Guys: Can Big Data Tools Counteract Advanced Threats? Will Froning, Information Security Manager, American University of Sharjah Mark Seward, Senior Director, Security and Compliance
More information5 Reasons Why Your Security Education Program isn t Working (and how to fix it)
5 Reasons Why Your Security Education Program isn t Working (and how to fix it) February 2015 Presentation Agenda 5 Reasons Your Program isn t Working 10 Learning Science Principles Continuous Training
More informationThe Big Data Paradigm Shift. Insight Through Automation
The Big Data Paradigm Shift Insight Through Automation Agenda The Problem Emcien s Solution: Algorithms solve data related business problems How Does the Technology Work? Case Studies 2013 Emcien, Inc.
More informationIBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief IBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: Many enterprise organizations claim that they already
More informationThreatSTOP Technology Overview
ThreatSTOP Technology Overview The Five Parts to ThreatSTOP s Service We provide 5 integral services to protect your network and stop botnets from calling home ThreatSTOP s 5 Parts: 1 Multiple threat feeds
More informationIndicator Expansion Techniques Tracking Cyber Threats via DNS and Netflow Analysis
Indicator Expansion Techniques Tracking Cyber Threats via DNS and Netflow Analysis United States Computer Emergency Readiness Team (US-CERT) Detection and Analysis January 2011 Background As the number
More informationCYBER SCIENCE 2015 AN ANALYSIS OF NETWORK TRAFFIC CLASSIFICATION FOR BOTNET DETECTION
CYBER SCIENCE 2015 AN ANALYSIS OF NETWORK TRAFFIC CLASSIFICATION FOR BOTNET DETECTION MATIJA STEVANOVIC PhD Student JENS MYRUP PEDERSEN Associate Professor Department of Electronic Systems Aalborg University,
More informationIntelligence Driven Security
Intelligence Driven Security RSA Advanced Cyber Defense Workshop Shane Harsch Senior Solutions Principal, RSA 1 Agenda Approach & Activities Operations Intelligence Infrastructure Reporting & Top Findings
More informationThreat Intelligence is Like Three Day Potty Training
SESSION ID: CXO-T08R Threat Intelligence is Like Three Day Potty Training Rick Holland Principal Analyst Forrester Research @rickhholland Potty training method that guarantees success so you can say goodbye
More informationDNS Firewall Overview Speaker Name. Date
DNS Firewall Overview Speaker Name 1 1 Date Reserved. Agenda DNS Security Challenges DNS Firewall Solution Customers Call to Action 2 2 Reserved. APTs: The New Threat Landscape Nation-state or organized-crime
More informationMachine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense
Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense By: Daniel Harkness, Chris Strasburg, and Scott Pinkerton The Challenge The Internet is an integral part of daily
More informationData Warehousing Dashboards & Data Mining. Empowering Extraordinary Patient Care
Data Warehousing Dashboards & Data Mining Empowering Extraordinary Patient Care Your phone has been automatically muted. Please use the Q&A panel to ask questions during the presentation. Introduction
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationThe session is about to commence. Please switch your phone to silent!
The session is about to commence. Please switch your phone to silent! 1 Defend with Confidence Against Advanced Threats Nicholas Chia SE Manager, SEA RSA 2 TRUST? Years to earn, seconds to break 3 Market
More informationThreat Intelligence: An Essential Component of Cyber Incident Response. Jeanie M Larson, CISSP-ISSMP, CISM, CRISC
Threat Intelligence: An Essential Component of Cyber Incident Response Jeanie M Larson, CISSP-ISSMP, CISM, CRISC What are we going to cover? Setting the Stage Why is Incident Response Critical? Cyber Threat
More informationSecurity Intelligence and Analytics in Industrial Systems
Users Group Europe, Middle East and Africa Security Intelligence and Analytics in Industrial Systems Eric D Knapp, About the Presenter Eric D. Knapp Global Director of Cyber Security Solutions and Technology
More informationBig Data and Security: At the Edge of Prediction
Big Data and Security: At the Edge of Prediction Mark Seward Splunk Inc. Fred Wilmot Splunk Inc. Session ID: Session Classification: SPO2-T17 Intermediate The Way Cyber Adversaries Think Where is the most
More informationCyber Security Metrics Dashboards & Analytics
Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics
More informationTHREAT VISIBILITY & VULNERABILITY ASSESSMENT
THREAT VISIBILITY & VULNERABILITY ASSESSMENT Date: April 15, 2015 IKANOW Analysts: Casey Pence IKANOW Platform Build: 1.34 11921 Freedom Drive, Reston, VA 20190 IKANOW.com TABLE OF CONTENTS 1 Key Findings
More informationCALNET 3 Category 7 Network Based Management Security. Table of Contents
State of California IFB STPD 12-001-B CALNET 3 Category 7 Network Based Security Table of Contents 7.2.1.4.a DDoS Detection and Mitigation Features... 1 7.2.2.3 Email Monitoring Service Features... 2 7.2.3.2
More informationFuture Threat Landscape - How will technology evolve and what does it mean for cyber security?
James Hanlon CISSP, CISM Security Strategist Office of the CTO EMEA Future Threat Landscape - How will technology evolve and what does it mean for cyber security? Think > What does the future of technology
More informationWhy Your SIEM Isn t Adding Value And Why It May Not Be The Tool s Fault. Best Practices Whitepaper June 18, 2014
Why Your SIEM Isn t Adding Value And Why It May Not Be The Tool s Fault Best Practices Whitepaper June 18, 2014 2 Table of Contents LIVING UP TO THE SALES PITCH... 3 THE INITIAL PURCHASE AND SELECTION
More informationGETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"
GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA" A Roadmap for "Big Data" in Security Analytics ESSENTIALS This paper examines: Escalating complexity of the security management environment, from threats
More informationGetting the Most Out of SIEM. Presentation Title. Data in Big Data. Presented By: Dr. Char Sample, CERT
Getting the Most Out of SIEM Presentation Title Data in Big Data Presented By: Dr. Char Sample, CERT Acknowledgements Dr. Ben Shniederman, UMD Big Data Big Insights George Jones, John Stogoski, CERT Alternatives
More informationThis Symposium brought to you by www.ttcus.com
This Symposium brought to you by www.ttcus.com Linkedin/Group: Technology Training Corporation @Techtrain Technology Training Corporation www.ttcus.com Big Data Analytics as a Service (BDAaaS) Big Data
More informationEnterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: Large organizations have spent millions of dollars on security
More informationTraffic analysis with NetFlow
Traffic analysis with NetFlow Paolo Lucente http://www.pmacct.net/ RIPE Regional meeting, Dubrovnik Sep 2011 Traffic analysis with NetFlow Agenda o o whoami: Paolo & pmacct Ramblings:
More information