Automation, Orchestration, and Actionable Threat Intelligence II
Facebook Twitter LinkedIn

Decision Automation: Teaching Machines to Hunt

Combined Session
Wednesday, October 09, 2019 16:00—17:00
Location: Holeman Lounge

Threat Detection in today's environment requires Security Operational Center (SOC) teams to go beyond SIEM rules and simple correlation. Yet, "blackbox" AI systems often fall short by creating too many false positives and often missing true incidents. Decision Automation is the new paradigm that brings the power of expert root-cause analysis using the 5 Whys approach, coupled with Machine Learning and easily-configured automation platforms, enabling security teams to create powerful intelligent threat detection. This session will explore the fundamentals of Decision Automation along with relevant case studies.

Many enterprise security teams rely on rules and searches to create alerts. Such rules not only have high false positive rates, but have very high false negative rates too. It is easy for a rule based system to miss some very simple attacks that it has not seen before. However, if we give that data to an analyst, they are more often than not, able to detect suspicious behavior and attacks that they have never seen before.

In this talk, we will see how we can build a fully automated system that uses the same techniques as an analyst does, and methodically analyze the data autonomously in order to decide which events are risky and should be turned into incidents. This talk will focus on how to automate threat hunting by using a framework to capture the expertise and techniques of a skilled threat hunter.

Key take-aways:

Decision Automation: Teaching Machines to Hunt
Presentation deck
Decision Automation: Teaching Machines to Hunt
Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.
Kumar Saurabh
Kumar Saurabh
LogicHub
Kumar has 15 years of experience in the enterprise security and log management space leading product development efforts at ArcSight and SumoLogic. He has a passion for helping organizations...

Tickets

CyberNext Summit & Borderless Cyber
€700
€1000
 
All days: Oct
Two day ticket
€550
€750
 
Day 1 + Day 2
€550
€750
 
Day 2 + Day 3
€550
€750
 
Day 1 + Day 3
€550
€750
 
One day ticket
€300
€500
 
Day 1
€300
€500
 
Oct
Day 2
€300
€500
 
Oct
Day 3
€300
€500
 
Oct
CyberNext Summit & Borderless Cyber - Gov. rate
€360
 
Government rate, All days: Oct
Two day ticket - Gov. rate
€295
 
Day 1 + Day 2
€295
 
Day 2 + Day 3
€295
 
Day 1 + Day 3
€295
 
One day ticket - Gov. rate
€230
 
Day 1
€230
 
Oct
Day 2
€230
 
Oct
Day 3
€230
 
Oct
Have you participated in our events?
Contact us to get a special discount
Subscribe for updates
Please provide your email address