AI-Driven Cyber Attacks
Facebook Twitter LinkedIn

AI-Driven Cyber Attacks

Combined Session
Tuesday, October 08, 2019 14:15—15:15
Location: Ballroom

Evaluating Our Defenses with a Data Science Approach

SOC analysts are under siege to keep pace with the ever-changing threat landscape. The analysts are overworked, burnout and bombarded with the sheer number of alerts that they must carefully investigate. This intense workload can be a true testament against anyone’s patience. We need to empower our SOC analysts to overcome this monotonous work that is leading to career burnout.

Our industry is struggling to keep up and is alternatively promoting silver bullets and panaceas to catch zero days, defend against APT and use AI to detect attacks better and faster. Instead of detecting or preventing better and faster, we should be looking inwardly at our SOCs to be better serve our human analysts.

Security departments should be seeking data-driven approaches for more efficient evaluations on operations. Approaches like data science and algorithms to statistically evaluate the operations within a SOC will help.

Big data is becoming a big problem for SOCs. But instead of it being a problem, it should be a solution. Analyst’s laborious investigations already include a variety of data points, logs, analyst’s notes, escalations, and conclusion tags. Combining these data points or independent variables can feed a ML algorithm against a dependent variable or conclusion tags to build an evaluation score against sensors and detection rules.

With proper labeling and data wrangling, an evaluation score can be gleaned from a logistic regression algorithm. This output can evaluate the efficacy of alerts from SIEM’s. With this insight security engineers, management and analysts alike can be empowered to make data driven decisions to tune and lessen the burden on the SOC from investigating fewer false positive related cases.

Key takeaways:  

1. SOC analysts are continually overwhelmed with the honorable job of investigating many alerts. But analysts are overwhelmed by tedious investigations that continue to be resolved with false positive or business as usual conclusions. 
2. We can score these cases by implementing a machine learning model to get closer to signal and more meaningful investigations rather than noisy or false positive related conclusions.

Evaluating Our Defenses with a Data Science Approach
Presentation deck
Evaluating Our Defenses with a Data Science Approach
Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.
Brennan Lodge
Brennan Lodge
Goldman Sachs
Brennan is a self-proclaimed data nerd. He has been working in the financial industry for the past 10 years and is striving to save the world with a little help from our machine friends. He has...

Panel - Artificial Intelligence in Cybersecurity: Recent Advances

Numerous malware variants are being created daily. To adjust to this evolution, machine learning tools are being utilized by security companies to detect the novel threats and new attack vectors. Same for the threat hunting, where the ML helps in proactively and iteratively parsing through networks detecting the advance threats. Important question is where we want to apply these advanced techniques. The technology should be applied in a smart way to tackle specific problems. In this panel we will discuss the current state of AI in cybersecurity and what the future will hold.

Peter Guerra
Peter Guerra
Accenture AI
Peter Guerra is the North America Chief Data Scientist in Accenture's Applied Intelligence practice. He is responsible for leading the data science/ML engineering business to help North American...
Al Lewis
Al Lewis
Doctoral Candidate & Independent Researcher
Al Lewis is currently a doctoral candidate in Global Security in the School of Security and Global Studies at the American Military University. He currently oversees the...
Brennan Lodge
Brennan Lodge
Goldman Sachs
Brennan is a self-proclaimed data nerd. He has been working in the financial industry for the past 10 years and is striving to save the world with a little help from our machine friends. He has...

Tickets

CyberNext Summit & Borderless Cyber
€700
€1000
 
All days: Oct
Two day ticket
€550
€750
 
Day 1 + Day 2
€550
€750
 
Day 2 + Day 3
€550
€750
 
Day 1 + Day 3
€550
€750
 
One day ticket
€300
€500
 
Day 1
€300
€500
 
Oct
Day 2
€300
€500
 
Oct
Day 3
€300
€500
 
Oct
CyberNext Summit & Borderless Cyber - Gov. rate
€360
 
Government rate, All days: Oct
Two day ticket - Gov. rate
€295
 
Day 1 + Day 2
€295
 
Day 2 + Day 3
€295
 
Day 1 + Day 3
€295
 
One day ticket - Gov. rate
€230
 
Day 1
€230
 
Oct
Day 2
€230
 
Oct
Day 3
€230
 
Oct
Have you participated in our events?
Contact us to get a special discount
Subscribe for updates
Please provide your email address