From False Positives to Actionable Analysis: Behavioral Intrusion Detection Machine Learning and The SOC

by Joseph Zadeh
Sept. 18, 2017 1 comment Black Hat belen_caty Detection & Response

This talk outlines an approach to modeling human behavior in network traffic with the goal of automatically labeling events that have security context. Large-scale defensive programs now have the opportunity to invest resources in next generation distributed architectures and software stacks to build custom security solutions to augment existing SIEM and point solution driven escalations. We describe ways to create such a scalable framework of distributed forensic artificial intelligences to hunt for evil and to minimize time spent on repeatable remediation and evidence collection processes. This type of next-gen cybersecurity analytics engine can add immediate value through alarm reduction and attribution of attacks to threat actors and campaigns over time.

Steven Ulm 5 months ago

The forensic artificial intelligence could be the key to a better online (and cyber) security. We DO need to invest more in this area...