SlideShare ist ein Scribd-Unternehmen logo

Transforming incident Response to Intelligent Response using Graphs

Als PPTX, PDF herunterladen
Ram Shankar Siva Kumar
Ram Shankar Siva Kumar

The market is overflowing with vendors who are out to build—wherein, graphs are used in the Detection phase. This session showcases the collaborative efforts between Azure Security Data Science, Microsoft Research, Azure Security Assurance and Microsoft’s Threat Intelligence Center to explore the idea of using graphs during/after the Incident Response phase, wherein the IOCs have been (or in the process of being) collected. At the end of the session, audience will gain insights from their incident response process using open source tools and take steps towards automating them.

Technologie
1 von 28
TRANSFORMING INCIDENT RESPONSE TO INTELLIGENT RESPONSE USING GRAPHICALANALYSIS RAM SHANKAR SIVA KUMAR SECURITY DATA WRANGLER MICROSOFT (AZURE SECURITY DATA SCIENCE) PETER CAP SENIOR THREATANALYST MICROSOFT (THREAT INTELLIGENCE CENTER)
MICROSOFT ONE HUNT EXERCISE Source Photo: ITV / Carnival Films
18 Log Sources 73 Pieces of Evidence = Source:http://nearpictures.com/pages/p/puzzle-pieces-wallpaper/
TRANSFORMING INCIDENT RESPONSE TO INTELLIGENT RESPONSE
Team Person Expertise Microsoft Threat Intelligence Center Peter Cap Abhijeet Hatekar Security Incident Response Microsoft Research Danyel Fisher Visualization Azure Security Thomas Garnier Engineering Azure Security Data Science Ram Shankar Siva Kumar Data Science Sharepoint Online Matt Swann Security
BOTTOM LINE UPFRONT Close the Incident Response loop with the data owners Using simple graph measures and matching algorithms, we can gain insights into the Incident Response process
AGENDA How graphs are currently, used in the Industry Current pain points in Incident Response Demo! How graphs can help Conclusion
LINK ANALYSIS
PAIN POINTS Investigation spans days to months Query different log sources, minting different IOCs Fighting fires all the time Is there a story? What is the big picture? What was the most “important” log source/IOC? Are there any patterns in how we use our logs?
THE INCIDENT RESPONSE PROCESS Source: http://www.akmgsi.com/
THE INCIDENT RESPONSE PROCESS Source: http://www.akmgsi.com/
DEMO
HOW TO USE GRAPHS IN RESPONSE PHASE?
SYSTEM COMPONENTS 1) Data Aggregator: Collect the required information as your investigation proceeds  Result is a table of IOC and log sources 2) Data Clean up: Covert into XML format with appropriate tags 3) Ingesting into visualization platform: d3.js 4) Incorporating the necessary libraries for computation:
MODELING DATA WITH GRAPHS… Graphs are suitable for capturing arbitrary relations between the various elements. VertexElement Element’s Attributes Relation Between Two Elements Type Of Relation Vertex Label Edge Label Edge Data Instance Graph Instance Provide enormous flexibility for modeling the underlying data as they allow the modeler to decide on what the elements should be and the type of relations to be modeled Source: Lectures by George Karypsis/
Graphs in IR INTELLIGENT RESPONSE USING GRAPHS Graph Theoretic Measures Contextual Visualization Graph Mining • Is there a story? • What is the big picture? Which log source/IOC was critical to the investigation? Is there a pattern to our log usage?
CONTEXTUAL VISUALIZATION FLOW LAYOUTHIERARCHICAL REPRESENTATION COLA LAYOUT
GRAPH THEORETIC MEASURES BETWEENESS CENTRALITYDEGREE CENTRALITY indegree outdegree
DEGREE CENTRALITY BETWEENESS CENTRALITY
FUTURE WORK Once we have collected a corpus of response graphs, Can we tell if the attack at hand, resembles previous attacks? • Motivation: Finding inherent regularities in data in the DIFFERENT graphs • Step 1: Store all IR graphs in graph database • Step 2: Examine if query graph at hand, is part of graph database using sub query graph graph database Source: Lectures by George Karypsis/
WORDS OF WISDOM Open Source Tools: yEd – For graph drawing and Layout Gephi – For graph analysis neO4j – For graph database Scale: • Need to do some sortof clustering Cyclic graphs: • Some of the analysisbreaks.You can cheat by introducingduplicatenodes Play around and try a lot of things!
CONCLUSION There are three benefits to using graphs in IR 1. Contextual visualization 2. Simple graph measures to close feedback with data owners 3. Graph Mining to find inherent patterns in the Incident Response process 10/14/2015 26
ADDITIONAL RESOURCES 1) Kuramochi, Michihiro, and GeorgeKarypis."Finding frequent patternsin a largesparse graph*." Data mining and knowledgediscovery 11.3 (2005): 243-271. http://glaros.dtc.umn.edu/gkhome/fetch/papers/sigramDMKD05.pdf 2) Jiang, Chuntao, Frans Coenen, and Michele Zito."A surveyof frequentsubgraphmining algorithms."The Knowledge EngineeringReview 28.01 (2013): 75-105. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.309.2712&rep=rep1&type= pdf 3) Templatecode for Centrality measures http://nodexl.codeplex.com/SourceControl/latest 4) Templatecode for Cola Visualization- http://marvl.infotech.monash.edu/webcola/ 5) Blog post by John Lambert 10/14/2015 27
THANK YOU

Empfohlen

Infiltrate 2015 - Data Driven Offense
Infiltrate 2015 - Data Driven Offense Infiltrate 2015 - Data Driven Offense
Infiltrate 2015 - Data Driven Offense Ram Shankar Siva Kumar
 
Subverting Machine Learning Detections for fun and profit
Subverting Machine Learning Detections for fun and profitSubverting Machine Learning Detections for fun and profit
Subverting Machine Learning Detections for fun and profitRam Shankar Siva Kumar
 
A review of machine learning based anomaly detection
A review of machine learning based anomaly detectionA review of machine learning based anomaly detection
A review of machine learning based anomaly detectionMohamed Elfadly
 
Anomaly detection (Unsupervised Learning) in Machine Learning
Anomaly detection (Unsupervised Learning) in Machine LearningAnomaly detection (Unsupervised Learning) in Machine Learning
Anomaly detection (Unsupervised Learning) in Machine LearningKuppusamy P
 
Spam email filtering
Spam email filteringSpam email filtering
Spam email filteringNational Institute
 
Simple math for anomaly detection toufic boubez - metafor software - monito...
Simple math for anomaly detection toufic boubez - metafor software - monito...Simple math for anomaly detection toufic boubez - metafor software - monito...
Simple math for anomaly detection toufic boubez - metafor software - monito...tboubez
 
Intern Poster Presentation
Intern Poster PresentationIntern Poster Presentation
Intern Poster PresentationDaniel Lee
 
Machine Learning Algorithm & Anomaly detection 2021
Machine Learning Algorithm & Anomaly detection 2021Machine Learning Algorithm & Anomaly detection 2021
Machine Learning Algorithm & Anomaly detection 2021Chakrit Phain
 

Empfohlen

Infiltrate 2015 - Data Driven Offense
Infiltrate 2015 - Data Driven Offense Infiltrate 2015 - Data Driven Offense
Infiltrate 2015 - Data Driven Offense Ram Shankar Siva Kumar
 
Subverting Machine Learning Detections for fun and profit
Subverting Machine Learning Detections for fun and profitSubverting Machine Learning Detections for fun and profit
Subverting Machine Learning Detections for fun and profitRam Shankar Siva Kumar
 
A review of machine learning based anomaly detection
A review of machine learning based anomaly detectionA review of machine learning based anomaly detection
A review of machine learning based anomaly detectionMohamed Elfadly
 
Anomaly detection (Unsupervised Learning) in Machine Learning
Anomaly detection (Unsupervised Learning) in Machine LearningAnomaly detection (Unsupervised Learning) in Machine Learning
Anomaly detection (Unsupervised Learning) in Machine LearningKuppusamy P
 
Spam email filtering
Spam email filteringSpam email filtering
Spam email filteringNational Institute
 
Simple math for anomaly detection toufic boubez - metafor software - monito...
Simple math for anomaly detection toufic boubez - metafor software - monito...Simple math for anomaly detection toufic boubez - metafor software - monito...
Simple math for anomaly detection toufic boubez - metafor software - monito...tboubez
 
Intern Poster Presentation
Intern Poster PresentationIntern Poster Presentation
Intern Poster PresentationDaniel Lee
 
Machine Learning Algorithm & Anomaly detection 2021
Machine Learning Algorithm & Anomaly detection 2021Machine Learning Algorithm & Anomaly detection 2021
Machine Learning Algorithm & Anomaly detection 2021Chakrit Phain
 
Navy security contest-bigdataforsecurity
Navy security contest-bigdataforsecurityNavy security contest-bigdataforsecurity
Navy security contest-bigdataforsecuritystelligence
 
Anomaly detection, part 1
Anomaly detection, part 1Anomaly detection, part 1
Anomaly detection, part 1David Khosid
 
Adversarial ML - Part 2.pdf
Adversarial ML - Part 2.pdfAdversarial ML - Part 2.pdf
Adversarial ML - Part 2.pdfKSChidanandKumarJSSS
 
Adversarial ML - Part 1.pdf
Adversarial ML - Part 1.pdfAdversarial ML - Part 1.pdf
Adversarial ML - Part 1.pdfKSChidanandKumarJSSS
 
Cognitive Analysis With SparkSecure
Cognitive Analysis With SparkSecureCognitive Analysis With SparkSecure
Cognitive Analysis With SparkSecureSparkCognition
 
Heuristic design of experiments w meta gradient search
Heuristic design of experiments w meta gradient searchHeuristic design of experiments w meta gradient search
Heuristic design of experiments w meta gradient searchGreg Makowski
 
How to Use Artificial Intelligence to Minimize your Cybersecurity Attack Surface
How to Use Artificial Intelligence to Minimize your Cybersecurity Attack SurfaceHow to Use Artificial Intelligence to Minimize your Cybersecurity Attack Surface
How to Use Artificial Intelligence to Minimize your Cybersecurity Attack SurfaceSparkCognition
 
Introduction to machine learning
Introduction to machine learningIntroduction to machine learning
Introduction to machine learningKoundinya Desiraju
 
Robust recommendation
Robust recommendationRobust recommendation
Robust recommendationAravindharamanan S
 
rsec2a-2016-jheaton-morning
rsec2a-2016-jheaton-morningrsec2a-2016-jheaton-morning
rsec2a-2016-jheaton-morningJeff Heaton
 
Distributional Semantics and Unsupervised Clustering for Sensor Relevancy Pre...
Distributional Semantics and Unsupervised Clustering for Sensor Relevancy Pre...Distributional Semantics and Unsupervised Clustering for Sensor Relevancy Pre...
Distributional Semantics and Unsupervised Clustering for Sensor Relevancy Pre...iammyr
 
Musings of kaggler
Musings of kagglerMusings of kaggler
Musings of kagglerKai Xin Thia
 
Battista Biggio @ AISec 2013 - Is Data Clustering in Adversarial Settings Sec...
Battista Biggio @ AISec 2013 - Is Data Clustering in Adversarial Settings Sec...Battista Biggio @ AISec 2013 - Is Data Clustering in Adversarial Settings Sec...
Battista Biggio @ AISec 2013 - Is Data Clustering in Adversarial Settings Sec...Pluribus One
 
Anomaly Detection and Spark Implementation - Meetup Presentation.pptx
Anomaly Detection and Spark Implementation - Meetup Presentation.pptxAnomaly Detection and Spark Implementation - Meetup Presentation.pptx
Anomaly Detection and Spark Implementation - Meetup Presentation.pptxImpetus Technologies
 
Anomaly Detection for Real-World Systems
Anomaly Detection for Real-World SystemsAnomaly Detection for Real-World Systems
Anomaly Detection for Real-World SystemsManojit Nandi
 
Monitoring "unknown unknowns" - Guy Fighel - DevOpsDays Tel Aviv 2017
Monitoring "unknown unknowns" - Guy Fighel - DevOpsDays Tel Aviv 2017Monitoring "unknown unknowns" - Guy Fighel - DevOpsDays Tel Aviv 2017
Monitoring "unknown unknowns" - Guy Fighel - DevOpsDays Tel Aviv 2017DevOpsDays Tel Aviv
 
Anomaly Detection - Real World Scenarios, Approaches and Live Implementation
Anomaly Detection - Real World Scenarios, Approaches and Live ImplementationAnomaly Detection - Real World Scenarios, Approaches and Live Implementation
Anomaly Detection - Real World Scenarios, Approaches and Live ImplementationImpetus Technologies
 
Battista Biggio @ S+SSPR2014, Joensuu, Finland -- Poisoning Complete-Linkage ...
Battista Biggio @ S+SSPR2014, Joensuu, Finland -- Poisoning Complete-Linkage ...Battista Biggio @ S+SSPR2014, Joensuu, Finland -- Poisoning Complete-Linkage ...
Battista Biggio @ S+SSPR2014, Joensuu, Finland -- Poisoning Complete-Linkage ...Pluribus One
 
Predictive Model and Record Description with Segmented Sensitivity Analysis (...
Predictive Model and Record Description with Segmented Sensitivity Analysis (...Predictive Model and Record Description with Segmented Sensitivity Analysis (...
Predictive Model and Record Description with Segmented Sensitivity Analysis (...Greg Makowski
 
Anomaly detection with machine learning at scale
Anomaly detection with machine learning at scaleAnomaly detection with machine learning at scale
Anomaly detection with machine learning at scaleImpetus Technologies
 
Strata San Jose 2016 - Reduce False Positives in Security
Strata San Jose 2016 - Reduce False Positives in Security Strata San Jose 2016 - Reduce False Positives in Security
Strata San Jose 2016 - Reduce False Positives in Security Ram Shankar Siva Kumar
 
Operationalizing security data science for the cloud: Challenges, solutions, ...
Operationalizing security data science for the cloud: Challenges, solutions, ...Operationalizing security data science for the cloud: Challenges, solutions, ...
Operationalizing security data science for the cloud: Challenges, solutions, ...Ram Shankar Siva Kumar
 

Weitere ähnliche Inhalte

Was ist angesagt?

Navy security contest-bigdataforsecurity
Navy security contest-bigdataforsecurityNavy security contest-bigdataforsecurity
Navy security contest-bigdataforsecuritystelligence
 
Anomaly detection, part 1
Anomaly detection, part 1Anomaly detection, part 1
Anomaly detection, part 1David Khosid
 
Cognitive Analysis With SparkSecure
Cognitive Analysis With SparkSecureCognitive Analysis With SparkSecure
Cognitive Analysis With SparkSecureSparkCognition
 
Heuristic design of experiments w meta gradient search
Heuristic design of experiments w meta gradient searchHeuristic design of experiments w meta gradient search
Heuristic design of experiments w meta gradient searchGreg Makowski
 
How to Use Artificial Intelligence to Minimize your Cybersecurity Attack Surface
How to Use Artificial Intelligence to Minimize your Cybersecurity Attack SurfaceHow to Use Artificial Intelligence to Minimize your Cybersecurity Attack Surface
How to Use Artificial Intelligence to Minimize your Cybersecurity Attack SurfaceSparkCognition
 
Introduction to machine learning
Introduction to machine learningIntroduction to machine learning
Introduction to machine learningKoundinya Desiraju
 
rsec2a-2016-jheaton-morning
rsec2a-2016-jheaton-morningrsec2a-2016-jheaton-morning
rsec2a-2016-jheaton-morningJeff Heaton
 
Distributional Semantics and Unsupervised Clustering for Sensor Relevancy Pre...
Distributional Semantics and Unsupervised Clustering for Sensor Relevancy Pre...Distributional Semantics and Unsupervised Clustering for Sensor Relevancy Pre...
Distributional Semantics and Unsupervised Clustering for Sensor Relevancy Pre...iammyr
 
Musings of kaggler
Musings of kagglerMusings of kaggler
Musings of kagglerKai Xin Thia
 
Battista Biggio @ AISec 2013 - Is Data Clustering in Adversarial Settings Sec...
Battista Biggio @ AISec 2013 - Is Data Clustering in Adversarial Settings Sec...Battista Biggio @ AISec 2013 - Is Data Clustering in Adversarial Settings Sec...
Battista Biggio @ AISec 2013 - Is Data Clustering in Adversarial Settings Sec...Pluribus One
 
Anomaly Detection and Spark Implementation - Meetup Presentation.pptx
Anomaly Detection and Spark Implementation - Meetup Presentation.pptxAnomaly Detection and Spark Implementation - Meetup Presentation.pptx
Anomaly Detection and Spark Implementation - Meetup Presentation.pptxImpetus Technologies
 
Anomaly Detection for Real-World Systems
Anomaly Detection for Real-World SystemsAnomaly Detection for Real-World Systems
Anomaly Detection for Real-World SystemsManojit Nandi
 
Monitoring "unknown unknowns" - Guy Fighel - DevOpsDays Tel Aviv 2017
Monitoring "unknown unknowns" - Guy Fighel - DevOpsDays Tel Aviv 2017Monitoring "unknown unknowns" - Guy Fighel - DevOpsDays Tel Aviv 2017
Monitoring "unknown unknowns" - Guy Fighel - DevOpsDays Tel Aviv 2017DevOpsDays Tel Aviv
 
Anomaly Detection - Real World Scenarios, Approaches and Live Implementation
Anomaly Detection - Real World Scenarios, Approaches and Live ImplementationAnomaly Detection - Real World Scenarios, Approaches and Live Implementation
Anomaly Detection - Real World Scenarios, Approaches and Live ImplementationImpetus Technologies
 
Battista Biggio @ S+SSPR2014, Joensuu, Finland -- Poisoning Complete-Linkage ...
Battista Biggio @ S+SSPR2014, Joensuu, Finland -- Poisoning Complete-Linkage ...Battista Biggio @ S+SSPR2014, Joensuu, Finland -- Poisoning Complete-Linkage ...
Battista Biggio @ S+SSPR2014, Joensuu, Finland -- Poisoning Complete-Linkage ...Pluribus One
 
Predictive Model and Record Description with Segmented Sensitivity Analysis (...
Predictive Model and Record Description with Segmented Sensitivity Analysis (...Predictive Model and Record Description with Segmented Sensitivity Analysis (...
Predictive Model and Record Description with Segmented Sensitivity Analysis (...Greg Makowski
 
Anomaly detection with machine learning at scale
Anomaly detection with machine learning at scaleAnomaly detection with machine learning at scale
Anomaly detection with machine learning at scaleImpetus Technologies
 

Was ist angesagt? (20)

Navy security contest-bigdataforsecurity
Navy security contest-bigdataforsecurityNavy security contest-bigdataforsecurity
Navy security contest-bigdataforsecurity
 
Anomaly detection, part 1
Anomaly detection, part 1Anomaly detection, part 1
Anomaly detection, part 1
 
Adversarial ML - Part 2.pdf
Adversarial ML - Part 2.pdfAdversarial ML - Part 2.pdf
Adversarial ML - Part 2.pdf
 
Adversarial ML - Part 1.pdf
Adversarial ML - Part 1.pdfAdversarial ML - Part 1.pdf
Adversarial ML - Part 1.pdf
 
Cognitive Analysis With SparkSecure
Cognitive Analysis With SparkSecureCognitive Analysis With SparkSecure
Cognitive Analysis With SparkSecure
 
Heuristic design of experiments w meta gradient search
Heuristic design of experiments w meta gradient searchHeuristic design of experiments w meta gradient search
Heuristic design of experiments w meta gradient search
 
How to Use Artificial Intelligence to Minimize your Cybersecurity Attack Surface
How to Use Artificial Intelligence to Minimize your Cybersecurity Attack SurfaceHow to Use Artificial Intelligence to Minimize your Cybersecurity Attack Surface
How to Use Artificial Intelligence to Minimize your Cybersecurity Attack Surface
 
Introduction to machine learning
Introduction to machine learningIntroduction to machine learning
Introduction to machine learning
 
Robust recommendation
Robust recommendationRobust recommendation
Robust recommendation
 
rsec2a-2016-jheaton-morning
rsec2a-2016-jheaton-morningrsec2a-2016-jheaton-morning
rsec2a-2016-jheaton-morning
 
Distributional Semantics and Unsupervised Clustering for Sensor Relevancy Pre...
Distributional Semantics and Unsupervised Clustering for Sensor Relevancy Pre...Distributional Semantics and Unsupervised Clustering for Sensor Relevancy Pre...
Distributional Semantics and Unsupervised Clustering for Sensor Relevancy Pre...
 
Musings of kaggler
Musings of kagglerMusings of kaggler
Musings of kaggler
 
Battista Biggio @ AISec 2013 - Is Data Clustering in Adversarial Settings Sec...
Battista Biggio @ AISec 2013 - Is Data Clustering in Adversarial Settings Sec...Battista Biggio @ AISec 2013 - Is Data Clustering in Adversarial Settings Sec...
Battista Biggio @ AISec 2013 - Is Data Clustering in Adversarial Settings Sec...
 
Anomaly Detection and Spark Implementation - Meetup Presentation.pptx
Anomaly Detection and Spark Implementation - Meetup Presentation.pptxAnomaly Detection and Spark Implementation - Meetup Presentation.pptx
Anomaly Detection and Spark Implementation - Meetup Presentation.pptx
 
Anomaly Detection for Real-World Systems
Anomaly Detection for Real-World SystemsAnomaly Detection for Real-World Systems
Anomaly Detection for Real-World Systems
 
Monitoring "unknown unknowns" - Guy Fighel - DevOpsDays Tel Aviv 2017
Monitoring "unknown unknowns" - Guy Fighel - DevOpsDays Tel Aviv 2017Monitoring "unknown unknowns" - Guy Fighel - DevOpsDays Tel Aviv 2017
Monitoring "unknown unknowns" - Guy Fighel - DevOpsDays Tel Aviv 2017
 
Anomaly Detection - Real World Scenarios, Approaches and Live Implementation
Anomaly Detection - Real World Scenarios, Approaches and Live ImplementationAnomaly Detection - Real World Scenarios, Approaches and Live Implementation
Anomaly Detection - Real World Scenarios, Approaches and Live Implementation
 
Battista Biggio @ S+SSPR2014, Joensuu, Finland -- Poisoning Complete-Linkage ...
Battista Biggio @ S+SSPR2014, Joensuu, Finland -- Poisoning Complete-Linkage ...Battista Biggio @ S+SSPR2014, Joensuu, Finland -- Poisoning Complete-Linkage ...
Battista Biggio @ S+SSPR2014, Joensuu, Finland -- Poisoning Complete-Linkage ...
 
Predictive Model and Record Description with Segmented Sensitivity Analysis (...
Predictive Model and Record Description with Segmented Sensitivity Analysis (...Predictive Model and Record Description with Segmented Sensitivity Analysis (...
Predictive Model and Record Description with Segmented Sensitivity Analysis (...
 
Anomaly detection with machine learning at scale
Anomaly detection with machine learning at scaleAnomaly detection with machine learning at scale
Anomaly detection with machine learning at scale
 

Andere mochten auch

Strata San Jose 2016 - Reduce False Positives in Security
Strata San Jose 2016 - Reduce False Positives in Security Strata San Jose 2016 - Reduce False Positives in Security
Strata San Jose 2016 - Reduce False Positives in Security Ram Shankar Siva Kumar
 
Operationalizing security data science for the cloud: Challenges, solutions, ...
Operationalizing security data science for the cloud: Challenges, solutions, ...Operationalizing security data science for the cloud: Challenges, solutions, ...
Operationalizing security data science for the cloud: Challenges, solutions, ...Ram Shankar Siva Kumar
 
Strata 2015 Presentation -- Detecting Lateral Movement
Strata 2015 Presentation -- Detecting Lateral Movement Strata 2015 Presentation -- Detecting Lateral Movement
Strata 2015 Presentation -- Detecting Lateral Movement Ram Shankar Siva Kumar
 
Empirically Detecting False Test Alarms Using Association Rules @ ICSE 2015
Empirically Detecting False Test Alarms Using Association Rules @ ICSE 2015Empirically Detecting False Test Alarms Using Association Rules @ ICSE 2015
Empirically Detecting False Test Alarms Using Association Rules @ ICSE 2015Kim Herzig
 
Data Science Transforming Security Operations
Data Science Transforming Security OperationsData Science Transforming Security Operations
Data Science Transforming Security OperationsPriyanka Aash
 
Using Hadoop to Drive Down Fraud for Telcos
Using Hadoop to Drive Down Fraud for TelcosUsing Hadoop to Drive Down Fraud for Telcos
Using Hadoop to Drive Down Fraud for TelcosCloudera, Inc.
 
us-15-Zadeh-From-False-Positives-To-Actionable-Analysis-Behavioral-Intrusion-...
us-15-Zadeh-From-False-Positives-To-Actionable-Analysis-Behavioral-Intrusion-...us-15-Zadeh-From-False-Positives-To-Actionable-Analysis-Behavioral-Intrusion-...
us-15-Zadeh-From-False-Positives-To-Actionable-Analysis-Behavioral-Intrusion-...jzadeh
 
Machine learning Mindmap
Machine learning MindmapMachine learning Mindmap
Machine learning MindmapYee Jie NG
 
Jim Geovedi - Machine Learning for Cybersecurity
Jim Geovedi - Machine Learning for CybersecurityJim Geovedi - Machine Learning for Cybersecurity
Jim Geovedi - Machine Learning for Cybersecurityidsecconf
 
Data Science ATL Meetup - Risk I/O Security Data Science
Data Science ATL Meetup - Risk I/O Security Data ScienceData Science ATL Meetup - Risk I/O Security Data Science
Data Science ATL Meetup - Risk I/O Security Data ScienceMichael Roytman
 
Machine Learning for Threat Detection
Machine Learning for Threat DetectionMachine Learning for Threat Detection
Machine Learning for Threat DetectionNapier University
 
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Alex Pinto
 
(SEC326) Security Science Using Big Data
(SEC326) Security Science Using Big Data(SEC326) Security Science Using Big Data
(SEC326) Security Science Using Big DataAmazon Web Services
 
Computer security - A machine learning approach
Computer security - A machine learning approachComputer security - A machine learning approach
Computer security - A machine learning approachSandeep Sabnani
 
Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...
Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...
Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...Kevin Mao
 
When Cyber Security Meets Machine Learning
When Cyber Security Meets Machine LearningWhen Cyber Security Meets Machine Learning
When Cyber Security Meets Machine LearningLior Rokach
 
Risk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsRisk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsPriyanka Aash
 
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Cybereason
 
Network Forensics and Practical Packet Analysis
Network Forensics and Practical Packet AnalysisNetwork Forensics and Practical Packet Analysis
Network Forensics and Practical Packet AnalysisPriyanka Aash
 

Andere mochten auch (20)

Strata San Jose 2016 - Reduce False Positives in Security
Strata San Jose 2016 - Reduce False Positives in Security Strata San Jose 2016 - Reduce False Positives in Security
Strata San Jose 2016 - Reduce False Positives in Security
 
Operationalizing security data science for the cloud: Challenges, solutions, ...
Operationalizing security data science for the cloud: Challenges, solutions, ...Operationalizing security data science for the cloud: Challenges, solutions, ...
Operationalizing security data science for the cloud: Challenges, solutions, ...
 
Strata 2015 Presentation -- Detecting Lateral Movement
Strata 2015 Presentation -- Detecting Lateral Movement Strata 2015 Presentation -- Detecting Lateral Movement
Strata 2015 Presentation -- Detecting Lateral Movement
 
Empirically Detecting False Test Alarms Using Association Rules @ ICSE 2015
Empirically Detecting False Test Alarms Using Association Rules @ ICSE 2015Empirically Detecting False Test Alarms Using Association Rules @ ICSE 2015
Empirically Detecting False Test Alarms Using Association Rules @ ICSE 2015
 
Data Science Transforming Security Operations
Data Science Transforming Security OperationsData Science Transforming Security Operations
Data Science Transforming Security Operations
 
Using Hadoop to Drive Down Fraud for Telcos
Using Hadoop to Drive Down Fraud for TelcosUsing Hadoop to Drive Down Fraud for Telcos
Using Hadoop to Drive Down Fraud for Telcos
 
Merging fraud in a full IP environment
Merging fraud in a full IP environmentMerging fraud in a full IP environment
Merging fraud in a full IP environment
 
us-15-Zadeh-From-False-Positives-To-Actionable-Analysis-Behavioral-Intrusion-...
us-15-Zadeh-From-False-Positives-To-Actionable-Analysis-Behavioral-Intrusion-...us-15-Zadeh-From-False-Positives-To-Actionable-Analysis-Behavioral-Intrusion-...
us-15-Zadeh-From-False-Positives-To-Actionable-Analysis-Behavioral-Intrusion-...
 
Machine learning Mindmap
Machine learning MindmapMachine learning Mindmap
Machine learning Mindmap
 
Jim Geovedi - Machine Learning for Cybersecurity
Jim Geovedi - Machine Learning for CybersecurityJim Geovedi - Machine Learning for Cybersecurity
Jim Geovedi - Machine Learning for Cybersecurity
 
Data Science ATL Meetup - Risk I/O Security Data Science
Data Science ATL Meetup - Risk I/O Security Data ScienceData Science ATL Meetup - Risk I/O Security Data Science
Data Science ATL Meetup - Risk I/O Security Data Science
 
Machine Learning for Threat Detection
Machine Learning for Threat DetectionMachine Learning for Threat Detection
Machine Learning for Threat Detection
 
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
 
(SEC326) Security Science Using Big Data
(SEC326) Security Science Using Big Data(SEC326) Security Science Using Big Data
(SEC326) Security Science Using Big Data
 
Computer security - A machine learning approach
Computer security - A machine learning approachComputer security - A machine learning approach
Computer security - A machine learning approach
 
Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...
Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...
Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...
 
When Cyber Security Meets Machine Learning
When Cyber Security Meets Machine LearningWhen Cyber Security Meets Machine Learning
When Cyber Security Meets Machine Learning
 
Risk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsRisk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security Controls
 
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
 
Network Forensics and Practical Packet Analysis
Network Forensics and Practical Packet AnalysisNetwork Forensics and Practical Packet Analysis
Network Forensics and Practical Packet Analysis
 

Ähnlich wie Transforming incident Response to Intelligent Response using Graphs

Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...
Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...
Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...polochau
 
Data Visualizations in Cyber Security: Still Home of the WOPR?
Data Visualizations in Cyber Security: Still Home of the WOPR?Data Visualizations in Cyber Security: Still Home of the WOPR?
Data Visualizations in Cyber Security: Still Home of the WOPR?Matthew Park
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in CybersecurityForcepoint LLC
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousRaffael Marty
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousPriyanka Aash
 
Baythreat Cryptolocker Presentation
Baythreat Cryptolocker PresentationBaythreat Cryptolocker Presentation
Baythreat Cryptolocker PresentationOpenDNS
 
BsidesLVPresso2016_JZeditsv6
BsidesLVPresso2016_JZeditsv6BsidesLVPresso2016_JZeditsv6
BsidesLVPresso2016_JZeditsv6Rod Soto
 
The Lambda Defense Functional Paradigms for Cyber Security
The Lambda Defense Functional Paradigms for Cyber SecurityThe Lambda Defense Functional Paradigms for Cyber Security
The Lambda Defense Functional Paradigms for Cyber SecurityRod Soto
 
rpaper
rpaperrpaper
rpaperimu409
 
Implementation of Secured Network Based Intrusion Detection System Using SVM ...
Implementation of Secured Network Based Intrusion Detection System Using SVM ...Implementation of Secured Network Based Intrusion Detection System Using SVM ...
Implementation of Secured Network Based Intrusion Detection System Using SVM ...IRJET Journal
 
Machine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the HaystackMachine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the HaystackAlistair Gillespie
 
Natural Language Processing & Semantic Models in an Imperfect World
Natural Language Processing & Semantic Models in an Imperfect WorldNatural Language Processing & Semantic Models in an Imperfect World
Natural Language Processing & Semantic Models in an Imperfect WorldVital.AI
 
Android malware detection through online learning
Android malware detection through online learningAndroid malware detection through online learning
Android malware detection through online learningIJARIIT
 
Image Steganography: An Inevitable Need for Data Security, Authors: Sneh Rach...
Image Steganography: An Inevitable Need for Data Security, Authors: Sneh Rach...Image Steganography: An Inevitable Need for Data Security, Authors: Sneh Rach...
Image Steganography: An Inevitable Need for Data Security, Authors: Sneh Rach...Rajesh Kumar
 
Understanding Jupyter notebooks using bioinformatics examples
Understanding Jupyter notebooks using bioinformatics examplesUnderstanding Jupyter notebooks using bioinformatics examples
Understanding Jupyter notebooks using bioinformatics examplesLynn Langit
 
Splunk for Enterprise Security featuring UBA
Splunk for Enterprise Security featuring UBA Splunk for Enterprise Security featuring UBA
Splunk for Enterprise Security featuring UBA Splunk
 
A Structured Approach for Conducting a Series of Controlled Experiments in So...
A Structured Approach for Conducting a Series of Controlled Experiments in So...A Structured Approach for Conducting a Series of Controlled Experiments in So...
A Structured Approach for Conducting a Series of Controlled Experiments in So...Richard Müller
 
expeditions praneeth_june-2021
expeditions praneeth_june-2021expeditions praneeth_june-2021
expeditions praneeth_june-2021Praneeth Vepakomma
 
ARTIFICIAL INTELLIGENCE IN CYBER SECURITY
ARTIFICIAL INTELLIGENCE IN CYBER SECURITYARTIFICIAL INTELLIGENCE IN CYBER SECURITY
ARTIFICIAL INTELLIGENCE IN CYBER SECURITYCynthia King
 

Ähnlich wie Transforming incident Response to Intelligent Response using Graphs (20)

Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...
Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...
Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...
 
Data Visualizations in Cyber Security: Still Home of the WOPR?
Data Visualizations in Cyber Security: Still Home of the WOPR?Data Visualizations in Cyber Security: Still Home of the WOPR?
Data Visualizations in Cyber Security: Still Home of the WOPR?
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in Cybersecurity
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
 
Baythreat Cryptolocker Presentation
Baythreat Cryptolocker PresentationBaythreat Cryptolocker Presentation
Baythreat Cryptolocker Presentation
 
BsidesLVPresso2016_JZeditsv6
BsidesLVPresso2016_JZeditsv6BsidesLVPresso2016_JZeditsv6
BsidesLVPresso2016_JZeditsv6
 
The Lambda Defense Functional Paradigms for Cyber Security
The Lambda Defense Functional Paradigms for Cyber SecurityThe Lambda Defense Functional Paradigms for Cyber Security
The Lambda Defense Functional Paradigms for Cyber Security
 
rpaper
rpaperrpaper
rpaper
 
AI and Deep Learning
AI and Deep Learning AI and Deep Learning
AI and Deep Learning
 
Implementation of Secured Network Based Intrusion Detection System Using SVM ...
Implementation of Secured Network Based Intrusion Detection System Using SVM ...Implementation of Secured Network Based Intrusion Detection System Using SVM ...
Implementation of Secured Network Based Intrusion Detection System Using SVM ...
 
Machine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the HaystackMachine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
 
Natural Language Processing & Semantic Models in an Imperfect World
Natural Language Processing & Semantic Models in an Imperfect WorldNatural Language Processing & Semantic Models in an Imperfect World
Natural Language Processing & Semantic Models in an Imperfect World
 
Android malware detection through online learning
Android malware detection through online learningAndroid malware detection through online learning
Android malware detection through online learning
 
Image Steganography: An Inevitable Need for Data Security, Authors: Sneh Rach...
Image Steganography: An Inevitable Need for Data Security, Authors: Sneh Rach...Image Steganography: An Inevitable Need for Data Security, Authors: Sneh Rach...
Image Steganography: An Inevitable Need for Data Security, Authors: Sneh Rach...
 
Understanding Jupyter notebooks using bioinformatics examples
Understanding Jupyter notebooks using bioinformatics examplesUnderstanding Jupyter notebooks using bioinformatics examples
Understanding Jupyter notebooks using bioinformatics examples
 
Splunk for Enterprise Security featuring UBA
Splunk for Enterprise Security featuring UBA Splunk for Enterprise Security featuring UBA
Splunk for Enterprise Security featuring UBA
 
A Structured Approach for Conducting a Series of Controlled Experiments in So...
A Structured Approach for Conducting a Series of Controlled Experiments in So...A Structured Approach for Conducting a Series of Controlled Experiments in So...
A Structured Approach for Conducting a Series of Controlled Experiments in So...
 
expeditions praneeth_june-2021
expeditions praneeth_june-2021expeditions praneeth_june-2021
expeditions praneeth_june-2021
 
ARTIFICIAL INTELLIGENCE IN CYBER SECURITY
ARTIFICIAL INTELLIGENCE IN CYBER SECURITYARTIFICIAL INTELLIGENCE IN CYBER SECURITY
ARTIFICIAL INTELLIGENCE IN CYBER SECURITY
 

Kürzlich hochgeladen

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 

Kürzlich hochgeladen (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 

Transforming incident Response to Intelligent Response using Graphs

  • 1. TRANSFORMING INCIDENT RESPONSE TO INTELLIGENT RESPONSE USING GRAPHICALANALYSIS RAM SHANKAR SIVA KUMAR SECURITY DATA WRANGLER MICROSOFT (AZURE SECURITY DATA SCIENCE) PETER CAP SENIOR THREATANALYST MICROSOFT (THREAT INTELLIGENCE CENTER)
  • 2. MICROSOFT ONE HUNT EXERCISE Source Photo: ITV / Carnival Films
  • 3. 18 Log Sources 73 Pieces of Evidence = Source:http://nearpictures.com/pages/p/puzzle-pieces-wallpaper/
  • 4. TRANSFORMING INCIDENT RESPONSE TO INTELLIGENT RESPONSE
  • 5. Team Person Expertise Microsoft Threat Intelligence Center Peter Cap Abhijeet Hatekar Security Incident Response Microsoft Research Danyel Fisher Visualization Azure Security Thomas Garnier Engineering Azure Security Data Science Ram Shankar Siva Kumar Data Science Sharepoint Online Matt Swann Security
  • 6. BOTTOM LINE UPFRONT Close the Incident Response loop with the data owners Using simple graph measures and matching algorithms, we can gain insights into the Incident Response process
  • 7. AGENDA How graphs are currently, used in the Industry Current pain points in Incident Response Demo! How graphs can help Conclusion
  • 8.
  • 9.
  • 10.
  • 12. PAIN POINTS Investigation spans days to months Query different log sources, minting different IOCs Fighting fires all the time Is there a story? What is the big picture? What was the most “important” log source/IOC? Are there any patterns in how we use our logs?
  • 13. THE INCIDENT RESPONSE PROCESS Source: http://www.akmgsi.com/
  • 14. THE INCIDENT RESPONSE PROCESS Source: http://www.akmgsi.com/
  • 15. DEMO
  • 16. HOW TO USE GRAPHS IN RESPONSE PHASE?
  • 17. SYSTEM COMPONENTS 1) Data Aggregator: Collect the required information as your investigation proceeds  Result is a table of IOC and log sources 2) Data Clean up: Covert into XML format with appropriate tags 3) Ingesting into visualization platform: d3.js 4) Incorporating the necessary libraries for computation:
  • 18. MODELING DATA WITH GRAPHS… Graphs are suitable for capturing arbitrary relations between the various elements. VertexElement Element’s Attributes Relation Between Two Elements Type Of Relation Vertex Label Edge Label Edge Data Instance Graph Instance Provide enormous flexibility for modeling the underlying data as they allow the modeler to decide on what the elements should be and the type of relations to be modeled Source: Lectures by George Karypsis/
  • 19. Graphs in IR INTELLIGENT RESPONSE USING GRAPHS Graph Theoretic Measures Contextual Visualization Graph Mining • Is there a story? • What is the big picture? Which log source/IOC was critical to the investigation? Is there a pattern to our log usage?
  • 21. GRAPH THEORETIC MEASURES BETWEENESS CENTRALITYDEGREE CENTRALITY indegree outdegree
  • 23.
  • 24. FUTURE WORK Once we have collected a corpus of response graphs, Can we tell if the attack at hand, resembles previous attacks? • Motivation: Finding inherent regularities in data in the DIFFERENT graphs • Step 1: Store all IR graphs in graph database • Step 2: Examine if query graph at hand, is part of graph database using sub query graph graph database Source: Lectures by George Karypsis/
  • 25. WORDS OF WISDOM Open Source Tools: yEd – For graph drawing and Layout Gephi – For graph analysis neO4j – For graph database Scale: • Need to do some sortof clustering Cyclic graphs: • Some of the analysisbreaks.You can cheat by introducingduplicatenodes Play around and try a lot of things!
  • 26. CONCLUSION There are three benefits to using graphs in IR 1. Contextual visualization 2. Simple graph measures to close feedback with data owners 3. Graph Mining to find inherent patterns in the Incident Response process 10/14/2015 26
  • 27. ADDITIONAL RESOURCES 1) Kuramochi, Michihiro, and GeorgeKarypis."Finding frequent patternsin a largesparse graph*." Data mining and knowledgediscovery 11.3 (2005): 243-271. http://glaros.dtc.umn.edu/gkhome/fetch/papers/sigramDMKD05.pdf 2) Jiang, Chuntao, Frans Coenen, and Michele Zito."A surveyof frequentsubgraphmining algorithms."The Knowledge EngineeringReview 28.01 (2013): 75-105. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.309.2712&rep=rep1&type= pdf 3) Templatecode for Centrality measures http://nodexl.codeplex.com/SourceControl/latest 4) Templatecode for Cola Visualization- http://marvl.infotech.monash.edu/webcola/ 5) Blog post by John Lambert 10/14/2015 27

Hinweis der Redaktion

  1. Our first Cross Company Red-Blue Engagement.  Microsoft is super siloed (Big joint exercise; 6 Red teams going after 8 online services) Spanned 50 participants and supporting roles from the red and blue teams across all Online Services. Ram and I are from the blue team, and our task was to find out what the red team had done. Good news: Because all the blue teams worked together we were able to catch the red team in record time.
  2. Bad news: We were struggling to articulate what the big picture is. At the end of the investigation, across the 8 online services, we used 18 log sources to find 73 pieces of evidence. Which Log source was super important in driving the investigation? What are the key takeaways from the investigation? We wanted a tool that could answer all these questions
  3. HeatRay paper from Microsoft Research tool developed by John Lambert and Matt Thomilson looked for EoP…done all the way back in 2009 Nodes represent machines, arrows represent connection from one machine to another.
  4. Strata conference this year flooded with “Using graphs for catching APT” using Attack graphs.
  5. Expectation is everything sorted for you
  6. Each dog is an IOC – Now go and chase them. Question is: Can we transform this chaotic process into a structured process?
  7. Resolution: 1080p, Chrome Zoom: 75% The process is represented as directed graph. A round vertex represents the tool used to mine for new IOC; a rectangular vertex represents the IOC that was minted from the round vertex. Since this is a directed graph, there edges are arrows such that the direction of the arrowhead denotes the direction of the result: an incoming arrow to a vertex represents that it was fed as input; an outgoing vertex represents the result from the analysis.
  8. Graphs are a natural extension of Data Analysis. Every element of a graph, can be mapped back to retro data-mining Some of the vertices can be attributes themselves (computer has file; file has atr1; file has attr2) - You need to identify the drivers; initially elements can be anything - What is the importance of Relationship between two elements (list view is NOT apparent with relationship)
  9. Link to slide 10 (Pain points slide)
  10. Hierarchical representation shows a “timeline view” – from the IOC that started this investigation, all the way to catching the adversary Flow Layout – Imagine the nodes are objects connected to each other using springs. This layout, ensures that the graph is stable just like physical force of mass is concentrated You get hierarchical and Flow for Free if you use d3.js Cola Layout - cola.js is an open-source JavaScript library CoLa achieves higher quality layout because it stops with local minima It is much more stable in interactive applications (no "jitter"); it allows user specified constraints such as alignments and grouping; -> We said “all directed edges should point down”
  11. Degree centrality: An important node is involved in large number of interactions High Indegree = prominent (like many ppl nominating the same person for an award; or highly cited paper); high out degree = influential (twitter follower) Betweenness centrality:"An important node will lie on a high proportion of paths between other nodes in the network."
  12. Size of the node proportional to the score
  13. Source: Lectures by Jiawei Han & Micheline Kamber What to expect in your current investigation based on previous investigation This is typically tribal knowledge – objective way of “doing investigation” – This step is hard vs. easy
  14. Have some concrete examples (if we have time) But Must show class of solutions to the problems we faced