1. GreatHorn Of Robots and Response Times: Automating
Cybersecurity Analysis #REWORKDL
2. Why Are We Talking About Security? 1. Affects all of us 2.
Well suited to machine learning 3. Huge market, huge opportunity to
do good, not a lot of traction (yet)
3. A Snippet of History
4. Three Fundamental Unsolved Problems Problem One: IT
complexity is outpacing our expertise
5. Three Fundamental Unsolved Problems Problem Two: Years of
technical debt, data overload
6. Three Fundamental Unsolved Problems Problem Three: Manual
labor is not a solution
7. Multiple attack methodologies and vectors Establishment of
Command and Control (hands on keyboard) access Low and Slow
East-west movement, migration, attacks Constant, coordinated, human
effort Specific objective and attack Ubiquitous Hoodie-Clad Hacker
Buzzword Time: APT
8. Multilayer Analytics For APTs Attack Anatomy Reconnaissance
Weaponization Command and Control Data Loss (Breach)
9. Events {a, b, c, ...} are indicative of a breach; do you
agree? Analyst-Based (Supervised) Unsupervised Result-Driven On a
time-series model N, IOCs {x, y, z...} are being seen across
industries like yours. Across a data lake of N incidents, weight
incident and correlate it to known breach indicator; treat the
result as an input to the learning algorithm Training the InfoSec
Analyst Robots
10. Where Does This All Lead? Multi-Dimensional (Organization)
Security Input Predictive Security Output
11. Recap and Questions Security needs to evolve from manual to
(semi-?) automated analysis Core technical challenges are: Data
normalization Incident-to-narrative connection Behavioral analytics
Prescriptive / automated response From a CISO/CSO perspective, the
outcome needs to demonstrably reduce risk of breach, without
increasing analyst workload/cost GreatHorn www.greathorn.com
[email protected]
12. [email protected] (800) 605-2566 116 Beech St Belmont,
MA 02478 thank you