This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Applying Machine Learning to Network Security Monitoring
Using Security Intelligence To Mitigate Today's Real Threats by Ken Westin
Regardless of the advances in malware and targeted attacks detection technologies, our top security practitioners can only do so much in a 24-hour day. Triage using alert-based monitoring (from IPSes, SIEMs and such) is inefficient because they are lacking in expressiveness. So how can we better use data from exploration-based and data-rich monitoring tools (such as threat intelligence feeds and network forensics) to effectively triage incidents for our teams to investigate?
Enter the use of Machine Learning as a way to automatically prioritize and classify potential events and attacks in your network. Statistical learning and data mining techniques can be used to automate the analysis of your logs and network data with threat intelligence and Internet topology, DNS, and WHOIS information.
This webcast will present examples and applications of these concepts and algorithms developed by MLSec Project in log data from public feeds and anonymized and summarized real live networks. Our objective is to demonstrate how these data-driven techniques can be used to help us transform our fire hose of available data into actionable intelligence.
Alex Pinto is the Chief Data Scientist of MLSec Project. The goal of the project is to provide a platform for hypothesis testing for people interested in the development of machine learning algorithms to support the information security monitoring practice.
He has over 14 years dedicated to information security solutions architecture, strategic advisory and monitoring. He has experience with a great range of security products, and has managed SOCs and SIEM implementations for 7 years. Alex currently currently holds the CISSP-ISSAP, CISA, CISM and PMP certifications, not that anyone cares. He was also a PCI QSA for almost 7 years, but is almost fully recovered.
Ken Westin is a security researcher at Tripwire, whose technology exploits and endeavors have been featured in Forbes, Good Morning America, Dateline, New York Times, The Economist. He has won awards from MIT, CTIA, Oregon Technology Awards, SXSW, Entrepreneur and named in Portland Business Journal's 2013 "40 Under 40."