How to Operationalize Big Data Security Analytics

Slides:



Advertisements
Similar presentations
1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
Advertisements

COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.
ANALYTICS: BRINGING VALUE TO THE UTILITIES IN MITIGATING ENERGY LOSSES José-Manuel LOPEZ Istanbul, May 9, 2014.
Copyright © 2012, SAS Institute Inc. All rights reserved. Cyber Security threats to Open Government Data Vishal Marria April 2014.
The Most Analytical and Comprehensive Defense Network in a Box.
Solutions & Services to ‘Multiply your Business Performance’ 2013.
4.1.5 System Management Background What is in System Management Resource control and scheduling Booting, reconfiguration, defining limits for resource.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Microsoft Ignite /16/2017 4:54 PM
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
BUILDING A SECURITY PROGRAM THAT PROTECTS AN ORGANIZATION’S MOST CRITICAL ASSETS.
Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Ken Paiboon User Behavior Intelligence Fundamentals: Behaviors, Characteristics, and Facts Ken Paiboon
ELIMINATING DATA SECURITY THREATS Presented by: Michael Hartman Varonis Systems. Proprietary and confidential.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
Ali Alhamdan, PhD National Information Center Ministry of Interior
Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.
THE NEED FOR CONTEXT 1 Applying Machine Learning to Incident Response Matt
Rapid Detection & Incident Response What, Why and How March 2016 Ft Gordon.
1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.
Why SIEM – Why Security Intelligence??
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
Visual Analytics for Cyber Defense Decision-Making Anita D’Amico, Ph.D. Secure Decisions division of Applied Visions, Inc.
Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.
Ken Paiboon User Behavior Intelligence Fundamentals: Behaviors, Characteristics, and Facts Ken Paiboon
An Anatomy of a Targeted Cyberattack
Protect your Digital Enterprise
A Generic Approach to Big Data Alarms Prioritization
OIT Security Operations
Deployment Planning Services
Cloud App Security vs. O365 Advanced Security Management
Makes Insurance Smarter.
Apache Spot (Incubating)
Attention CFOs How to tighten your belt and still survive May 18, 2017.
DISA Global Operations
Defeat Tomorrow’s Threats Today
Introduction to a Security Intelligence Maturity Model
StorNext® Health Check
Business Risks of Insecure Networks
Reduce Security Risks to Protect Your Network
Maximize the value of your cloud
Transfer Learning: Analyst-Sourcing Behavioral Classification

Closing the Breach Detection Gap
Making Information Security Manageable with GRC
Securing Your Digital Transformation
Cybersecurity Insider Threat Analytics
COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES
Varonis Overview.
Cyber Defense Matrix Cyber Defense Matrix
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
PROACTIVE SNOOPING ANALYSIS
Shifting from “Incident” to “Continuous” Response
What issues keep you up at night?
Securing the Threats of Tomorrow, Today.
Panda Adaptive Defense Platform and Services
Human (user) behavior patterns and analytics
Chapter 4: Protecting the Organization
Protecting your data with Azure AD
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
Overview UA has formed is forming a Security Operations Center (SOC) with Students supporting Tier 1 Activities. The SOC provides benefits to the University.
Counter APT Counter APT HUNT operations combine best of breed endpoint detection response technology with an experienced cadre of cybersecurity experts.
Plan and design the solution
Licensed under a CC BY-SA license
STEALTHbits Technologies, Inc.
Fortify YOUR Defense with CyberSponse Adaptive Security
AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.
Presentation transcript:

How to Operationalize Big Data Security Analytics Roy Wilds Field Data Scientist Interset.AI

We uncover the threats that matter. About Interset 75 employees & growing 450% ARR growth Data science & analytics focused on cybersecurity 100 person-years of Anomaly Detection R&D Offices in Ottawa, Canada & Newport Beach, California Welcome About Me Data miner scientist since 2006 4+ years building machine learning systems for threat hunting 8 years experience using Hadoop for large scale advanced analytics Field Data Scientist Identify valuable data feeds Optimize system for use cases Partners We uncover the threats that matter.

What is AI-Based Security Analytics About? Advanced analytics to help you catch the bad guys

Increasing Threat Hunting Efficiency Low Success Rate SOC Cycle Generate Highly Anomalous Threat Leads z z

Increasing Visibility by Augmenting Existing Tools SIEM SECURITY ANALYTICS SIEM IAM ENDPOINT NETWORK DLP IAM ENDPOINT BUSINESS APPLICATIONS CUSTOM DATA NETWORK DLP

Case Study #1: Every SOC Data, Data, Data! Users, machines, files, projects, servers, sharing behavior, resource, websites, IP Addresses, and more 5,210,465,083 Billions of events analyzed with machine learning Anomalies discovered by data science High-quality “most wanted” list

Lesson #1: Fewer Alerts, Not More z Solution should help you deal with fewer alerts, not more alerts Solution should leverage sound statistical methods to reduce false positives and noise Should allow you to do more with the limited resources you have Recommendations Measure and quantify the amount of work effort involved with and without the security analytics system

Field Examples Telecom Healthcare Defense Potential Data Staging/Theft Account Compromise Lateral Movement Indicators Healthcare Data Theft Defense Incident Response

Case Study #2: Large Telco The Situation Highly secure & diverse environment – protected by multiple security products The Challenge Large rule/policy set developed Too many indicators to optimize threat leads Inefficient SOC cycle USB Sudden increase in file copy volumes The Solution Surface mathematically valid leads – “legit anomalies” Unique normal baselines – removes threshold/rule limitations Google Drive Permissive controls Personal/external sharing Authentication Sudden change in workstation access Odd working hours

Lesson #2: The Math Matters – Test It USB Sudden increase in file copy volumes z Data Theft Data Staging Google Drive Permissive controls Personal/external sharing Lateral Movement Account Compromise Authentication Sudden change in workstation access Odd working hours Recommendations Agree on the use cases in advance Use a proof-of-concept with historical/existing data to test the SA’s math Engage red team or pen testing if available Evaluate the results: Do they support the use cases?

Case Study #3: Healthcare Records & Payments Profile: 6.5 billion transactions annually, 750+ customers, 500+ employees Team of 7: CISO, 1 security architect, 3 security analysts, 2 network security Analytics surfaced (for example) an employee who attempted to move “sensitive data” from endpoint to personal Dropbox Employee was arrested and prosecuted using incident data Focus and prioritized incident responses Incident alert accuracy increased from 28% to 92% Incident mitigation coverage doubled from 70 per week to 140

Lesson #3: Meaningful Metrics Hawthorne Effect: Whatever gets measured, gets optimized Recommendations Define meaningful operational metrics (not just “false positives”) Build a process for measuring and quantifying over time, not just during a pilot Ensure the security analytics system supports a feedback process to adjust the analytics to support your target metrics

What Have We Learned? Lessons Learned Recommendations The Math Matters – Test It Fewer Alerts, Not More Automated, Measured Responses Meaningful Metrics Recommendations Agree on the use cases in advance Evaluate results with and without security analytics system Assess risk level, not binary alert Ensure integrated feedback and automated response

Roy Wilds – Field Data Scientist @roywilds QUESTIONS? Learn more at Interset.AI Roy Wilds – Field Data Scientist @roywilds

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.