SlideShare ist ein Scribd-Unternehmen logo

Machine Learning + AI for Accelerated Threat-Hunting

Interset
Interset

How quickly can your enterprise find the cyberthreats that matter? In case you missed our talk at #MPOWER17, this is how the new Interset-McAfee security ecosystem helps security teams find them faster.

Technologie
1 von 25
Downloaden Sie, um offline zu lesen
1 |  ©  2017  Interset  Software
2 |  ©  2017  Interset  Software How  Fast  Can  You  Find  The  Threats  That  Matter?
3 |  ©  2017  Interset  Software How  Fast  Can  You  Find  The  Threats  That  Matter?
4 |  ©  2017  Interset  Software Standard  Approach  – Rules  and  Thresholds A  Pattern  for  Increased  Monitoring  for  Intellectual  Property  Theft  by   Departing  Insiders,  Andrew  Moore,  Carnegie  Mellon  2011
5 |  ©  2017  Interset  Software The  Threshold  Approach  Challenge Abnormal Normal
6 |  ©  2017  Interset  Software The  Threshold  Approach  Challenge Abnormal Normal
7 |  ©  2017  Interset  Software The  Threshold  Approach  Challenge Abnormal Normal
8 |  ©  2017  Interset  Software A  Probabilistic  Approach   • Computes  probability  that  a  value  in   a  given  hour  is  anomalous • Bayesian  approach • Explicitly  models  both  normal  and   abnormal  distributions • Gaussian,  Gamma • Estimators  for  both  normal  and   abnormal  based  on  observation
9 |  ©  2017  Interset  Software 500 ANOMALIES 41,465,083 EVENTS 11 RISKY  ENTITIES New  Approach:  Distill  Billions  of  Events  into  Security  Leads
10 |  ©  2017  Interset  Software Anomaly  Detection  and  Risk  Scoring  Process Data Acquisition Correlation Baseline Risk  Story Aggregation John  synced  1029   files from  Project  X John  was  active at  6:30  pm =  95 Outputs  a  score  between  0-­100 Represents  the  probability  that a   behavior  is  anomalous W1 W2 Anomaly Detection Aggregates  risk  score  to   entities  involved  in  the  event • User • File • Machine • Application
11 |  ©  2017  Interset  Software Aggregating  Behaviors  for  Entity  Risk Ann  Funderburk  works  at  an  unusual  hour 15 …  and  accesses  repositories  that  she  and  her  peers  do  not  usually  access   65 …  and  takes  from  a  folder  on  a  repository  an  unusual  number  of  times 80 …  and  moves  a  significantly  high  volume  of  data  than  normal 96 …  VPN’s  in  from  China 46
12 |  ©  2017  Interset  Software The  Interset Synthesis ACQUIRE  DATA   BASELINE DETECT THREAT  LEADS
13 |  ©  2017  Interset  Software How  Billions  of  Events  Become  Qualified  Threat  Leads ACQUIRE   DATA   CREATE  UNIQUE   BASELINES DETECT,  MEASURE   AND  SCORE   ANOMALIES HIGH  QUALITY   THREAT  LEADS Contextual  views. Drill-­‐down  and   cyber-­‐hunting. Broad  data   collection DLP ENDPOINT Biz  Apps CUSTOM   DATA NETWORK IAM Determine   what  is  normal Gather  the   raw  materials Find  the  behavior   that  matters Workflow  engine  for   incident  response.
14 |  ©  2017  Interset  Software Unsupervised  Machine  Learning  &  AI   ACQUIRE   DATA   CREATE  UNIQUE   BASELINES DETECT,  MEASURE   AND  SCORE   ANOMALIES HIGH  QUALITY   THREAT  LEADS INTERNAL  RECON INFECTED  HOST DATA  STAGING  &   THEFT COMPROMISED   ACCOUNT LATERAL   MOVEMENT ACCOUNT  MISUSE CUSTOM FRAUD DLP ENDPOINT Buz Apps CUSTOM   DATA NETWORK IAM Kibana Contextual  views. Drill-­‐down  and   cyber-­‐hunting. Broad  data   collection Determine   what  is  normal Gather  the   raw  materials Find  the  behavior   that  matters Workflow   engine  for   incident   response.
15 |  ©  2017  Interset  Software Scalable  Architecture  for  Self-­‐Learning  Threat  Detection ACQUIRE   DATA   CREATE  UNIQUE   BASELINES DETECT,  MEASURE   AND  SCORE   ANOMALIES HIGH  QUALITY   THREAT  LEADS INTERNAL  RECON INFECTED  HOST DATA  STAGING  &   THEFT COMPROMISED   ACCOUNT LATERAL   MOVEMENT ACCOUNT  MISUSE CUSTOM FRAUD DLP ENDPOINT Buz Apps CUSTOM   DATA NETWORK IAM Kibana Interset Analytics Contextual  views. Drill-­‐down  and   cyber-­‐hunting. Broad  data   collection Determine   what  is  normal Gather  the   raw  materials Find  the  behavior   that  matters Workflow   engine  for   incident   response.
16 |  ©  2017  Interset  Software MCAFEE INTEGRATION
17 |  ©  2017  Interset  Software
18 |  ©  2017  Interset  Software Desired  Outcomes  –McAfee Source:  https://www.mcafee.com/us/resources/misc/infographic-­‐soc-­‐collaboration.pdf
19 |  ©  2017  Interset  Software 500 ANOMALIES   DISCOVERED 41,465,083 EVENTS 11 RISKY  ENTITIES New  Approach:  Distill  Billions  of  Events  into  Security  Leads
20 |  ©  2017  Interset  Software Together,  Powering  The  Business  of  Security Reduce  or   Eliminate   Data  Theft SECURITY  ANALYTICS • Addressing  More  Threats,  Faster  and  with  Fewer  Resources • Machine  finds  ”Leads”  for  Humans  to  Investigate • Results  to  McAfee  Ecosystem  for  Orchestration Business  Outcomes McAfee  Ecosystem   and  Applications Interset  Analytics   Platform Data  Exchange  Layer  (DXL) Reduce  or   Eliminate   Espionage Reduce  or   Eliminate  IP   Theft Reduce  or   Eliminate   Sabotage Reduce  or   Eliminate   Fraud Reduce  or   Eliminate  APT  
21 |  ©  2017  Interset  Software McAfee  ENS  and  DLP  Data  Enrichment  Framework John  synced  1029   files from  Project  X John  was  active at  6:30  pm =  95 P1 P2 W1 W2 P3 Data Acquisition Correlation Baseline Risk  Story Aggregation Anomaly Detection W3
22 |  ©  2017  Interset  Software McAfee  ESM  Integration Security  Analytics DXL
23 |  ©  2017  Interset  Software McAfee  ePO Integration Tag Tag Tag Security  Analytics DXL
24 |  ©  2017  Interset  Software McAfee  MAR  Reaction  Integration Security  Analytics DXL
25 |  ©  2017  Interset  Software More  info:  www.interset.com sales@interset.com www.interset.com Thank  you

Empfohlen

User and Entity Behavioral Analytics
User and Entity Behavioral AnalyticsUser and Entity Behavioral Analytics
User and Entity Behavioral Analytics
Interset
 
A New Approach to Threat Detection: Big Data Security Analytics
A New Approach to Threat Detection: Big Data Security Analytics A New Approach to Threat Detection: Big Data Security Analytics
A New Approach to Threat Detection: Big Data Security Analytics
Interset
 
WEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
WEBINAR: How To Use Artificial Intelligence To Prevent Insider ThreatsWEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
WEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
Interset
 
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
Interset
 
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Interset
 
IANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight SessionIANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight Session
Interset
 
IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]
IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]
IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]
Interset
 
Operationalizing Big Data Security Analytics - IANS Forum Toronto Keynote
Operationalizing Big Data Security Analytics - IANS Forum Toronto KeynoteOperationalizing Big Data Security Analytics - IANS Forum Toronto Keynote
Operationalizing Big Data Security Analytics - IANS Forum Toronto Keynote
Interset
 

Empfohlen

User and Entity Behavioral Analytics
User and Entity Behavioral AnalyticsUser and Entity Behavioral Analytics
User and Entity Behavioral Analytics
Interset
 
A New Approach to Threat Detection: Big Data Security Analytics
A New Approach to Threat Detection: Big Data Security Analytics A New Approach to Threat Detection: Big Data Security Analytics
A New Approach to Threat Detection: Big Data Security Analytics
Interset
 
WEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
WEBINAR: How To Use Artificial Intelligence To Prevent Insider ThreatsWEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
WEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
Interset
 
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
Interset
 
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Interset
 
IANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight SessionIANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight Session
Interset
 
IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]
IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]
IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]
Interset
 
Operationalizing Big Data Security Analytics - IANS Forum Toronto Keynote
Operationalizing Big Data Security Analytics - IANS Forum Toronto KeynoteOperationalizing Big Data Security Analytics - IANS Forum Toronto Keynote
Operationalizing Big Data Security Analytics - IANS Forum Toronto Keynote
Interset
 
The Myths + Realities of Machine-Learning Cybersecurity
The Myths + Realities of Machine-Learning CybersecurityThe Myths + Realities of Machine-Learning Cybersecurity
The Myths + Realities of Machine-Learning Cybersecurity
Interset
 
Operationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum DallasOperationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum Dallas
Interset
 
DataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the DayDataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the Day
Interset
 
How to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsHow to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security Analytics
Interset
 
Data Connectors San Antonio Cybersecurity Conference 2018
Data Connectors San Antonio Cybersecurity Conference 2018Data Connectors San Antonio Cybersecurity Conference 2018
Data Connectors San Antonio Cybersecurity Conference 2018
Interset
 
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
Interset
 
Lead On: When More Data Becomes Less Work
Lead On: When More Data Becomes Less WorkLead On: When More Data Becomes Less Work
Lead On: When More Data Becomes Less Work
Interset
 
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
SaraPia5
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to Know
MapR Technologies
 
Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence
Stefaan Van daele
 
How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security
Robert Smith
 
Cybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already KnowCybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already Know
jxyz
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence Services
TechBiz Forense Digital
 
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...
Collin Miles
 
User Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To CompaniesUser Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To Companies
Spectorsoft
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
IBM Security
 
Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title) Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title)
Coastal Pet Products, Inc.
 
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON
 
Philly ETE 2016: Securing Software by Construction
Philly ETE 2016: Securing Software by ConstructionPhilly ETE 2016: Securing Software by Construction
Philly ETE 2016: Securing Software by Construction
jxyz
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
IBM Security
 
How to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsHow to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security Analytics
Interset
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
Splunk
 

Weitere ähnliche Inhalte

Was ist angesagt?

TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
SaraPia5
 
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...
Collin Miles
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
IBM Security
 
Philly ETE 2016: Securing Software by Construction
Philly ETE 2016: Securing Software by ConstructionPhilly ETE 2016: Securing Software by Construction
Philly ETE 2016: Securing Software by Construction
jxyz
 

Was ist angesagt? (19)

The Myths + Realities of Machine-Learning Cybersecurity
The Myths + Realities of Machine-Learning CybersecurityThe Myths + Realities of Machine-Learning Cybersecurity
The Myths + Realities of Machine-Learning Cybersecurity
 
Operationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum DallasOperationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum Dallas
 
DataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the DayDataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the Day
 
How to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsHow to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security Analytics
 
Data Connectors San Antonio Cybersecurity Conference 2018
Data Connectors San Antonio Cybersecurity Conference 2018Data Connectors San Antonio Cybersecurity Conference 2018
Data Connectors San Antonio Cybersecurity Conference 2018
 
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
 
Lead On: When More Data Becomes Less Work
Lead On: When More Data Becomes Less WorkLead On: When More Data Becomes Less Work
Lead On: When More Data Becomes Less Work
 
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to Know
 
Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence
 
How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security
 
Cybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already KnowCybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already Know
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence Services
 
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...
 
User Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To CompaniesUser Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To Companies
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
 
Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title) Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title)
 
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
 
Philly ETE 2016: Securing Software by Construction
Philly ETE 2016: Securing Software by ConstructionPhilly ETE 2016: Securing Software by Construction
Philly ETE 2016: Securing Software by Construction
 

Ähnlich wie Machine Learning + AI for Accelerated Threat-Hunting

How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
IBM Security
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
Splunk
 
How big data and AI saved the day: critical IP almost walked out the door
How big data and AI saved the day: critical IP almost walked out the doorHow big data and AI saved the day: critical IP almost walked out the door
How big data and AI saved the day: critical IP almost walked out the door
DataWorks Summit
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
Ulf Mattsson
 
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxLogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
CNSHacking
 

Ähnlich wie Machine Learning + AI for Accelerated Threat-Hunting (20)

How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
How to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsHow to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security Analytics
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
 
Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017
 
How big data and AI saved the day: critical IP almost walked out the door
How big data and AI saved the day: critical IP almost walked out the doorHow big data and AI saved the day: critical IP almost walked out the door
How big data and AI saved the day: critical IP almost walked out the door
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
[Webinar] Supercharging Security with Behavioral Analytics
[Webinar] Supercharging Security with Behavioral Analytics[Webinar] Supercharging Security with Behavioral Analytics
[Webinar] Supercharging Security with Behavioral Analytics
 
Splunk workshop-Threat Hunting
Splunk workshop-Threat HuntingSplunk workshop-Threat Hunting
Splunk workshop-Threat Hunting
 
Splunk Threat Hunting Workshop
Splunk Threat Hunting WorkshopSplunk Threat Hunting Workshop
Splunk Threat Hunting Workshop
 
Modernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led TrainingModernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led Training
 
Webinar - Feel Secure with revolutionary OTM Solution
Webinar - Feel Secure with revolutionary OTM SolutionWebinar - Feel Secure with revolutionary OTM Solution
Webinar - Feel Secure with revolutionary OTM Solution
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session
 
Protecting What Matters Most – Data
Protecting What Matters Most – DataProtecting What Matters Most – Data
Protecting What Matters Most – Data
 
Data Science for Cyber Risk
Data Science for Cyber RiskData Science for Cyber Risk
Data Science for Cyber Risk
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxLogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
 
IANS Forum DC: Operationalizing Big Data Security [Tech Spotlight]
IANS Forum DC: Operationalizing Big Data Security [Tech Spotlight]IANS Forum DC: Operationalizing Big Data Security [Tech Spotlight]
IANS Forum DC: Operationalizing Big Data Security [Tech Spotlight]
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 

Kürzlich hochgeladen

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 

Kürzlich hochgeladen (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

Machine Learning + AI for Accelerated Threat-Hunting

  • 1. 1 |  ©  2017  Interset  Software
  • 2. 2 |  ©  2017  Interset  Software How  Fast  Can  You  Find  The  Threats  That  Matter?
  • 3. 3 |  ©  2017  Interset  Software How  Fast  Can  You  Find  The  Threats  That  Matter?
  • 4. 4 |  ©  2017  Interset  Software Standard  Approach  – Rules  and  Thresholds A  Pattern  for  Increased  Monitoring  for  Intellectual  Property  Theft  by   Departing  Insiders,  Andrew  Moore,  Carnegie  Mellon  2011
  • 5. 5 |  ©  2017  Interset  Software The  Threshold  Approach  Challenge Abnormal Normal
  • 6. 6 |  ©  2017  Interset  Software The  Threshold  Approach  Challenge Abnormal Normal
  • 7. 7 |  ©  2017  Interset  Software The  Threshold  Approach  Challenge Abnormal Normal
  • 8. 8 |  ©  2017  Interset  Software A  Probabilistic  Approach   • Computes  probability  that  a  value  in   a  given  hour  is  anomalous • Bayesian  approach • Explicitly  models  both  normal  and   abnormal  distributions • Gaussian,  Gamma • Estimators  for  both  normal  and   abnormal  based  on  observation
  • 9. 9 |  ©  2017  Interset  Software 500 ANOMALIES 41,465,083 EVENTS 11 RISKY  ENTITIES New  Approach:  Distill  Billions  of  Events  into  Security  Leads
  • 10. 10 |  ©  2017  Interset  Software Anomaly  Detection  and  Risk  Scoring  Process Data Acquisition Correlation Baseline Risk  Story Aggregation John  synced  1029   files from  Project  X John  was  active at  6:30  pm =  95 Outputs  a  score  between  0-­100 Represents  the  probability  that a   behavior  is  anomalous W1 W2 Anomaly Detection Aggregates  risk  score  to   entities  involved  in  the  event • User • File • Machine • Application
  • 11. 11 |  ©  2017  Interset  Software Aggregating  Behaviors  for  Entity  Risk Ann  Funderburk  works  at  an  unusual  hour 15 …  and  accesses  repositories  that  she  and  her  peers  do  not  usually  access   65 …  and  takes  from  a  folder  on  a  repository  an  unusual  number  of  times 80 …  and  moves  a  significantly  high  volume  of  data  than  normal 96 …  VPN’s  in  from  China 46
  • 12. 12 |  ©  2017  Interset  Software The  Interset Synthesis ACQUIRE  DATA   BASELINE DETECT THREAT  LEADS
  • 13. 13 |  ©  2017  Interset  Software How  Billions  of  Events  Become  Qualified  Threat  Leads ACQUIRE   DATA   CREATE  UNIQUE   BASELINES DETECT,  MEASURE   AND  SCORE   ANOMALIES HIGH  QUALITY   THREAT  LEADS Contextual  views. Drill-­‐down  and   cyber-­‐hunting. Broad  data   collection DLP ENDPOINT Biz  Apps CUSTOM   DATA NETWORK IAM Determine   what  is  normal Gather  the   raw  materials Find  the  behavior   that  matters Workflow  engine  for   incident  response.
  • 14. 14 |  ©  2017  Interset  Software Unsupervised  Machine  Learning  &  AI   ACQUIRE   DATA   CREATE  UNIQUE   BASELINES DETECT,  MEASURE   AND  SCORE   ANOMALIES HIGH  QUALITY   THREAT  LEADS INTERNAL  RECON INFECTED  HOST DATA  STAGING  &   THEFT COMPROMISED   ACCOUNT LATERAL   MOVEMENT ACCOUNT  MISUSE CUSTOM FRAUD DLP ENDPOINT Buz Apps CUSTOM   DATA NETWORK IAM Kibana Contextual  views. Drill-­‐down  and   cyber-­‐hunting. Broad  data   collection Determine   what  is  normal Gather  the   raw  materials Find  the  behavior   that  matters Workflow   engine  for   incident   response.
  • 15. 15 |  ©  2017  Interset  Software Scalable  Architecture  for  Self-­‐Learning  Threat  Detection ACQUIRE   DATA   CREATE  UNIQUE   BASELINES DETECT,  MEASURE   AND  SCORE   ANOMALIES HIGH  QUALITY   THREAT  LEADS INTERNAL  RECON INFECTED  HOST DATA  STAGING  &   THEFT COMPROMISED   ACCOUNT LATERAL   MOVEMENT ACCOUNT  MISUSE CUSTOM FRAUD DLP ENDPOINT Buz Apps CUSTOM   DATA NETWORK IAM Kibana Interset Analytics Contextual  views. Drill-­‐down  and   cyber-­‐hunting. Broad  data   collection Determine   what  is  normal Gather  the   raw  materials Find  the  behavior   that  matters Workflow   engine  for   incident   response.
  • 16. 16 |  ©  2017  Interset  Software MCAFEE INTEGRATION
  • 17. 17 |  ©  2017  Interset  Software
  • 18. 18 |  ©  2017  Interset  Software Desired  Outcomes  –McAfee Source:  https://www.mcafee.com/us/resources/misc/infographic-­‐soc-­‐collaboration.pdf
  • 19. 19 |  ©  2017  Interset  Software 500 ANOMALIES   DISCOVERED 41,465,083 EVENTS 11 RISKY  ENTITIES New  Approach:  Distill  Billions  of  Events  into  Security  Leads
  • 20. 20 |  ©  2017  Interset  Software Together,  Powering  The  Business  of  Security Reduce  or   Eliminate   Data  Theft SECURITY  ANALYTICS • Addressing  More  Threats,  Faster  and  with  Fewer  Resources • Machine  finds  ”Leads”  for  Humans  to  Investigate • Results  to  McAfee  Ecosystem  for  Orchestration Business  Outcomes McAfee  Ecosystem   and  Applications Interset  Analytics   Platform Data  Exchange  Layer  (DXL) Reduce  or   Eliminate   Espionage Reduce  or   Eliminate  IP   Theft Reduce  or   Eliminate   Sabotage Reduce  or   Eliminate   Fraud Reduce  or   Eliminate  APT  
  • 21. 21 |  ©  2017  Interset  Software McAfee  ENS  and  DLP  Data  Enrichment  Framework John  synced  1029   files from  Project  X John  was  active at  6:30  pm =  95 P1 P2 W1 W2 P3 Data Acquisition Correlation Baseline Risk  Story Aggregation Anomaly Detection W3
  • 22. 22 |  ©  2017  Interset  Software McAfee  ESM  Integration Security  Analytics DXL
  • 23. 23 |  ©  2017  Interset  Software McAfee  ePO Integration Tag Tag Tag Security  Analytics DXL
  • 24. 24 |  ©  2017  Interset  Software McAfee  MAR  Reaction  Integration Security  Analytics DXL
  • 25. 25 |  ©  2017  Interset  Software More  info:  www.interset.com sales@interset.com www.interset.com Thank  you