SlideShare uma empresa Scribd logo

Data Science Transforming Security Operations

Priyanka Aash
Priyanka Aash

Data science can transform security operations by being applied across the entire process, beyond just prevention and detection. It can enhance detection through advanced analytics, augment investigations by aggregating alerts and prioritizing threats, improve continuously through feedback loops, enable intelligence sharing, and inform automated responses. Organizations should assess their data science maturity and focus on integrating it throughout their security operations rather than treating it as an isolated feature. Building an in-house data science practice requires alignment, strategic staffing, and a long-term commitment to maximize the benefits.

Tecnologia
1 de 23
Baixar para ler offline
SESSION ID: #RSAC Dr. Alon Kaufman Data Science Transforming Security Operations STR-R02 Director of Data Science & Innovation, RSA
#RSAC Data Science & Security Operation? 2 Who uses data science in their security practice? In what processes throughout your security operations do you use data science? Have you seen a significant value come out of your data science solutions? Do you see data science playing in role in the Cybersecurity market shift: “By 2020, 60% of enterprise information security budgets will be allocated for rapid detection and response approaches, up from less than 20% in 2015 (Gartner) ” Data Science has way more to offer than prevention & detection... It can and should be used as a key methodology and technology spanning all processes in security operations….
#RSAC Agenda 3 What is data science, and why in security? You should know by now ;) What's special about data science in security 5 Maturity levels of data science in security operations Data science goes way beyond the prevention & detection in the entry level… DS maturity survey Where is your organization/product in terms of DS maturity? Building a security data science practice in house, Yes or No? Summary
#RSAC What is Data Science – in 1 Sentence Making sense out of big data… Getting the data we collect to work for us! 4 The demand is just growing… Ratio
#RSAC Why Data Science in Security? 5 We have all (most) of the data already….. Yet still being breached… while the attacks are hidden in our data Security operations are getting too complex for humans alone… and we are facing a huge staffing gap… Other industries demonstrated huge value with DS, given a hard problem and the relevant data at hand: Retail recommendation systems, up-sells, cross-sell Bio-informatics Image object recognition Voice recognition Self driving cars …
#RSAC What's Special About Data Science in Security? 6 Dealing with a hostile dynamic world! Human/Machine synergy High price of False-Negative errors Gathering/Sharing data Lack of labeled attacks for training and learning In security detection is just the beginning….
#RSAC 5 Levels of Data Science Maturity 7 •Known bad •Adaptive learning •Integrated scoring •Aggregate •Prioritize •Automate & Recommend •Basic feedback •Derived feedback •Learning from analyst actions •IoCs •Global learning •Policies Key message: Data science is a key methodology and technology, not a plug-in feature… •Limit •Block •User-support
#RSAC Detection: The Holy Grail of Data Science…. 8 The data exists, and so also endless point solutions for detection The key to success is: Risk Known Bad Patterns Behavior Anomaly Entity Anomaly Compressive Risk Scoring Integrated Approach
#RSAC Comprehensive Risk Score - Example Suspicious User Login Detection Multivariate Machine Learning algorithm to detect login impersonation Multiple inputs from multiple sources: Hostname, location, server, duration, auth, time of day, data tx/rx,…. Model output Risk score (combined measure of how risky the behavior is) Modeling concept: Known bad: blocked users, unrealistic ground-speed, authentication User anomaly: base line per feature and detect deviation from norm Peer group anomaly: Prior knowledge, new user, acceptable behavior changes
#RSAC Integrating Different Approaches - Example Endpoint Malware Detection The market is highly fragmented with endless point solutions Each vendor/solution takes a different valid approach with pros and cons Combining them provides enhanced performance: Human Static analysis Dynamic analysis Community reputation 10
#RSAC Augmented Investigation 11 The goal is not replace the analysts but augment them and simplify their work: Shortage of cybersecurity skills continues to grow Most of analysts’ time goes on selecting what alerts to investigate Attacks typically trigger multiple alerts throughout the different attack phases 70% of the procedures done by analysts are repeatable The Key to success: Prioritize Aggregate Automate & Recommendation 23% 25% 28% 46% 2013 2014 2015 2016 Shortage in CyberSecurity Skills (ESG, 2016)
#RSAC Augmented Investigation - Example Top-down Hierarchical approach Pre-fetch all supporting data Risk scoring prioritization Aggregate across entities (user, devices, application, …) Moving from alerts to attack vectors Guide the analyst with recommendations 12
#RSAC Continuous Learning 13 As in any learning “teachers” are beneficial – supervised learning Feeding back results to the learning engine When direct feedback is lacking it can be derived Learning from analyst behavior and actions
#RSAC Leaning and Self-Improving Detection - Example Ongoing, automatic self-learning fraud detection model Risk Engine Case Mgmt Activity details Policy Mgr. Device Payee Authenticate Continue Step-up AuthenticationFeedback Feedback Challenge Out-of-band Others Knowledge 271937 Deny User Data Science based Risk Engine Account
#RSAC Intelligence Sharing 15 Tiny part of the road from each Analytics Map + prediction + navigation instruction Waze. Outsmarting traffic, Together. Crowdsourced security intel’ Security map + predictions + mitigation instructions To date the industry state of the art sharing is around IoCs, next phase is to share, learn and crowdsource policies, procedures & mitigations
#RSAC Fighting Back Together - Example
#RSAC Response 17 Taking automatic actions based on insights: Limit access / Require additional input Risk based authentication Partial blocking Automatic blocking Guide the analyst through investigation Pre-fetch all required data Recommend next action
#RSAC 5 Levels of Data Science Maturity 18 •Known bad •Adaptive learning •Integrated scoring •Aggregate •Prioritize •Automate & Recommend •Basic feedback •Derived feedback •Learning from analyst actions •IoCs •Global learning •Policies Key message: Data science is a key methodology and technology, not a plug-in feature… •Limit •Block •User-support
#RSAC Survey: How DS-Mature Are Your Operations? (How many fields? (5), Overall score? (22 points) ) 19 Detection Augmented Investigation Continuous Learning Intelligence Sharing  Do you use advanced, adaptive, analytics for detection?  Can you bake into the analytics engines your human insights?  Do you have your various products integrated at the analytics level? Response  Can you combine multiple alerts into some attack description?  Do you have one integrated priority queue?  Do you utilize automatic enrichments, hints, guidance or recommendation to assist analysts?  Do you leverage analysts decision for operations improvement?  Do you have any level of automatic, self learning from feedback?  Do your overall operations improve based on your analysts work?  Do you utilize community data to improve operations?  Do your systems “learn” from data outside of your system?  Do you have a mechanism to improve human actions based on the community?  Do you use automatic response based on analytics?  Are any decisions or actions fed back to analysts as a results of the risk?
#RSAC Building a Security Data Science Practice in House, Yes or No? 20 Applying Data Science requires joint effort between data scientists, security experts and the business owners To date hiring people with a data science background is hard, nevertheless with security domain knowledge From research to an operational process/product – long journey from the proof-of-signal to an operational system Data, Data, Data…. You don’t want data science… you actually want data science backed into your solution in an intuitive, easy to use manner Alignment from stakeholders Invest in staffing and diverse backgrounds Organization & operational breadth Collaborate / share Integrated home grown solution
#RSAC Applying What You Have Learned Today 21 Take the survey and assess how advanced is your DS strategy Identify gaps, and in what area focus is needed Work up the DS stairs: Detection -> Investigation -> continuous learning -> Intl Sharing -> Automatic response (Risk based response) Data Science in house: Alignment cross-org Staff wisely Be prepared for a long (and expensive) journey Constantly strive to see how DS augments your analysts, and not try replace them!
#RSAC Summary 22 Data Science has way more to offer than prevention & detection ... It can and should be used as a key methodology and technology spanning all processes in security operations…
SESSION ID: #RSAC Dr. Alon Kaufman Data Science Transforming Security Operations STR-R02 Director of Data Science & Innovation, RSA Alon.Kaufman@rsa.com

Recomendados

Digital Transformation
Digital TransformationDigital Transformation
Digital TransformationAmazon Web Services
 
Fraud Detection and Prevention on AWS using Machine Learning
Fraud Detection and Prevention on AWS using Machine LearningFraud Detection and Prevention on AWS using Machine Learning
Fraud Detection and Prevention on AWS using Machine LearningAmazon Web Services
 
10 Key Considerations for AI/ML Model Governance
10 Key Considerations for AI/ML Model Governance10 Key Considerations for AI/ML Model Governance
10 Key Considerations for AI/ML Model GovernanceQuantUniversity
 
Responsible AI & Cybersecurity: A tale of two technology risks
Responsible AI & Cybersecurity: A tale of two technology risksResponsible AI & Cybersecurity: A tale of two technology risks
Responsible AI & Cybersecurity: A tale of two technology risksLiming Zhu
 
Cloud computing paper presentation
Cloud computing paper presentationCloud computing paper presentation
Cloud computing paper presentationGlobal R & D Services
 
Microservices Workshop - Craft Conference
Microservices Workshop - Craft ConferenceMicroservices Workshop - Craft Conference
Microservices Workshop - Craft ConferenceAdrian Cockcroft
 
TDM: Masking, Subsetting and generating Synthetic Data
TDM: Masking, Subsetting and generating Synthetic Data TDM: Masking, Subsetting and generating Synthetic Data
TDM: Masking, Subsetting and generating Synthetic Data CA Technologies
 
How to Interview a Data Scientist
How to Interview a Data ScientistHow to Interview a Data Scientist
How to Interview a Data ScientistDaniel Tunkelang
 

Recomendados

Digital Transformation
Digital TransformationDigital Transformation
Digital TransformationAmazon Web Services
 
Fraud Detection and Prevention on AWS using Machine Learning
Fraud Detection and Prevention on AWS using Machine LearningFraud Detection and Prevention on AWS using Machine Learning
Fraud Detection and Prevention on AWS using Machine LearningAmazon Web Services
 
10 Key Considerations for AI/ML Model Governance
10 Key Considerations for AI/ML Model Governance10 Key Considerations for AI/ML Model Governance
10 Key Considerations for AI/ML Model GovernanceQuantUniversity
 
Responsible AI & Cybersecurity: A tale of two technology risks
Responsible AI & Cybersecurity: A tale of two technology risksResponsible AI & Cybersecurity: A tale of two technology risks
Responsible AI & Cybersecurity: A tale of two technology risksLiming Zhu
 
Cloud computing paper presentation
Cloud computing paper presentationCloud computing paper presentation
Cloud computing paper presentationGlobal R & D Services
 
Microservices Workshop - Craft Conference
Microservices Workshop - Craft ConferenceMicroservices Workshop - Craft Conference
Microservices Workshop - Craft ConferenceAdrian Cockcroft
 
TDM: Masking, Subsetting and generating Synthetic Data
TDM: Masking, Subsetting and generating Synthetic Data TDM: Masking, Subsetting and generating Synthetic Data
TDM: Masking, Subsetting and generating Synthetic Data CA Technologies
 
How to Interview a Data Scientist
How to Interview a Data ScientistHow to Interview a Data Scientist
How to Interview a Data ScientistDaniel Tunkelang
 
5 Ways AI will Revolutionize Supply Chains
5 Ways AI will Revolutionize Supply Chains5 Ways AI will Revolutionize Supply Chains
5 Ways AI will Revolutionize Supply ChainsMoataz Rashad
 
Practicing Data Science: A Collection of Case Studies
Practicing Data Science: A Collection of Case StudiesPracticing Data Science: A Collection of Case Studies
Practicing Data Science: A Collection of Case StudiesKNIMESlides
 
Alibaba Cloud
Alibaba CloudAlibaba Cloud
Alibaba CloudShwetDadhaniya1
 
AWS re:Invent 2016: Building a Solid Business Case for Cloud Migration (ENT308)
AWS re:Invent 2016: Building a Solid Business Case for Cloud Migration (ENT308)AWS re:Invent 2016: Building a Solid Business Case for Cloud Migration (ENT308)
AWS re:Invent 2016: Building a Solid Business Case for Cloud Migration (ENT308)Amazon Web Services
 
The future of AIOps
The future of AIOpsThe future of AIOps
The future of AIOpsGAVS Technologies
 
Accelerating hybrid-cloud adoption in banking and securities
Accelerating hybrid-cloud adoption in banking and securitiesAccelerating hybrid-cloud adoption in banking and securities
Accelerating hybrid-cloud adoption in banking and securitiesMcKinsey & Company
 
Asia Cloud Computing Association's Financial Services in the Cloud Report 202...
Asia Cloud Computing Association's Financial Services in the Cloud Report 202...Asia Cloud Computing Association's Financial Services in the Cloud Report 202...
Asia Cloud Computing Association's Financial Services in the Cloud Report 202...accacloud
 
Digital Fragmentation: Adapt To Succeed In A Fragmented World
Digital Fragmentation: Adapt To Succeed In A Fragmented WorldDigital Fragmentation: Adapt To Succeed In A Fragmented World
Digital Fragmentation: Adapt To Succeed In A Fragmented WorldAccenture Insurance
 
AI Use Cases OA
AI Use Cases OAAI Use Cases OA
AI Use Cases OAObject Automation
 
Accenture Cloud Platform: Control, Manage and Govern the Enterprise Cloud
Accenture Cloud Platform: Control, Manage and Govern the Enterprise CloudAccenture Cloud Platform: Control, Manage and Govern the Enterprise Cloud
Accenture Cloud Platform: Control, Manage and Govern the Enterprise Cloudaccenture
 
Digital Consumers, Emerging Markets, and the $4 Trillion Future
Digital Consumers, Emerging Markets, and the $4 Trillion FutureDigital Consumers, Emerging Markets, and the $4 Trillion Future
Digital Consumers, Emerging Markets, and the $4 Trillion FutureBoston Consulting Group
 
Machine Learning In Insurance
Machine Learning In InsuranceMachine Learning In Insurance
Machine Learning In InsuranceAccenture Insurance
 
FinOps: A Culture Transformation to Bring DevOps, Finance and the Business To...
FinOps: A Culture Transformation to Bring DevOps, Finance and the Business To...FinOps: A Culture Transformation to Bring DevOps, Finance and the Business To...
FinOps: A Culture Transformation to Bring DevOps, Finance and the Business To...Amazon Web Services
 
Supply Chain Transformation on the Cloud |Accenture
Supply Chain Transformation on the Cloud |AccentureSupply Chain Transformation on the Cloud |Accenture
Supply Chain Transformation on the Cloud |Accentureaccenture
 
The Datafication of HR: People Science is Here
The Datafication of HR: People Science is HereThe Datafication of HR: People Science is Here
The Datafication of HR: People Science is HereJosh Bersin
 
GenAI in Research with Responsible AI
GenAI in Research with Responsible AIGenAI in Research with Responsible AI
GenAI in Research with Responsible AILiming Zhu
 
Cloud migration slides
Cloud migration slidesCloud migration slides
Cloud migration slidesErika Barron
 
Accenture Industry X0 | Surmonter la crise grâce à la collaboration | France
Accenture Industry X0 | Surmonter la crise grâce à la collaboration | FranceAccenture Industry X0 | Surmonter la crise grâce à la collaboration | France
Accenture Industry X0 | Surmonter la crise grâce à la collaboration | Franceaccenture
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security PresentationAjay p
 
Green Venture Opportunities
Green Venture Opportunities Green Venture Opportunities
Green Venture Opportunities Boston Consulting Group
 
Mobile, Wearables, Big Data and A Strategy to Move Forward (with NTT Data Ent...
Mobile, Wearables, Big Data and A Strategy to Move Forward (with NTT Data Ent...Mobile, Wearables, Big Data and A Strategy to Move Forward (with NTT Data Ent...
Mobile, Wearables, Big Data and A Strategy to Move Forward (with NTT Data Ent...Barcoding, Inc.
 
Using Hadoop to Drive Down Fraud for Telcos
Using Hadoop to Drive Down Fraud for TelcosUsing Hadoop to Drive Down Fraud for Telcos
Using Hadoop to Drive Down Fraud for TelcosCloudera, Inc.
 

Mais conteúdo relacionado

Mais procurados

5 Ways AI will Revolutionize Supply Chains
5 Ways AI will Revolutionize Supply Chains5 Ways AI will Revolutionize Supply Chains
5 Ways AI will Revolutionize Supply ChainsMoataz Rashad
 
Practicing Data Science: A Collection of Case Studies
Practicing Data Science: A Collection of Case StudiesPracticing Data Science: A Collection of Case Studies
Practicing Data Science: A Collection of Case StudiesKNIMESlides
 
AWS re:Invent 2016: Building a Solid Business Case for Cloud Migration (ENT308)
AWS re:Invent 2016: Building a Solid Business Case for Cloud Migration (ENT308)AWS re:Invent 2016: Building a Solid Business Case for Cloud Migration (ENT308)
AWS re:Invent 2016: Building a Solid Business Case for Cloud Migration (ENT308)Amazon Web Services
 
Accelerating hybrid-cloud adoption in banking and securities
Accelerating hybrid-cloud adoption in banking and securitiesAccelerating hybrid-cloud adoption in banking and securities
Accelerating hybrid-cloud adoption in banking and securitiesMcKinsey & Company
 
Asia Cloud Computing Association's Financial Services in the Cloud Report 202...
Asia Cloud Computing Association's Financial Services in the Cloud Report 202...Asia Cloud Computing Association's Financial Services in the Cloud Report 202...
Asia Cloud Computing Association's Financial Services in the Cloud Report 202...accacloud
 
Digital Fragmentation: Adapt To Succeed In A Fragmented World
Digital Fragmentation: Adapt To Succeed In A Fragmented WorldDigital Fragmentation: Adapt To Succeed In A Fragmented World
Digital Fragmentation: Adapt To Succeed In A Fragmented WorldAccenture Insurance
 
Accenture Cloud Platform: Control, Manage and Govern the Enterprise Cloud
Accenture Cloud Platform: Control, Manage and Govern the Enterprise CloudAccenture Cloud Platform: Control, Manage and Govern the Enterprise Cloud
Accenture Cloud Platform: Control, Manage and Govern the Enterprise Cloudaccenture
 
Digital Consumers, Emerging Markets, and the $4 Trillion Future
Digital Consumers, Emerging Markets, and the $4 Trillion FutureDigital Consumers, Emerging Markets, and the $4 Trillion Future
Digital Consumers, Emerging Markets, and the $4 Trillion FutureBoston Consulting Group
 
FinOps: A Culture Transformation to Bring DevOps, Finance and the Business To...
FinOps: A Culture Transformation to Bring DevOps, Finance and the Business To...FinOps: A Culture Transformation to Bring DevOps, Finance and the Business To...
FinOps: A Culture Transformation to Bring DevOps, Finance and the Business To...Amazon Web Services
 
Supply Chain Transformation on the Cloud |Accenture
Supply Chain Transformation on the Cloud |AccentureSupply Chain Transformation on the Cloud |Accenture
Supply Chain Transformation on the Cloud |Accentureaccenture
 
The Datafication of HR: People Science is Here
The Datafication of HR: People Science is HereThe Datafication of HR: People Science is Here
The Datafication of HR: People Science is HereJosh Bersin
 
GenAI in Research with Responsible AI
GenAI in Research with Responsible AIGenAI in Research with Responsible AI
GenAI in Research with Responsible AILiming Zhu
 
Cloud migration slides
Cloud migration slidesCloud migration slides
Cloud migration slidesErika Barron
 
Accenture Industry X0 | Surmonter la crise grâce à la collaboration | France
Accenture Industry X0 | Surmonter la crise grâce à la collaboration | FranceAccenture Industry X0 | Surmonter la crise grâce à la collaboration | France
Accenture Industry X0 | Surmonter la crise grâce à la collaboration | Franceaccenture
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security PresentationAjay p
 

Mais procurados (20)

5 Ways AI will Revolutionize Supply Chains
5 Ways AI will Revolutionize Supply Chains5 Ways AI will Revolutionize Supply Chains
5 Ways AI will Revolutionize Supply Chains
 
Practicing Data Science: A Collection of Case Studies
Practicing Data Science: A Collection of Case StudiesPracticing Data Science: A Collection of Case Studies
Practicing Data Science: A Collection of Case Studies
 
Alibaba Cloud
Alibaba CloudAlibaba Cloud
Alibaba Cloud
 
AWS re:Invent 2016: Building a Solid Business Case for Cloud Migration (ENT308)
AWS re:Invent 2016: Building a Solid Business Case for Cloud Migration (ENT308)AWS re:Invent 2016: Building a Solid Business Case for Cloud Migration (ENT308)
AWS re:Invent 2016: Building a Solid Business Case for Cloud Migration (ENT308)
 
The future of AIOps
The future of AIOpsThe future of AIOps
The future of AIOps
 
Accelerating hybrid-cloud adoption in banking and securities
Accelerating hybrid-cloud adoption in banking and securitiesAccelerating hybrid-cloud adoption in banking and securities
Accelerating hybrid-cloud adoption in banking and securities
 
Asia Cloud Computing Association's Financial Services in the Cloud Report 202...
Asia Cloud Computing Association's Financial Services in the Cloud Report 202...Asia Cloud Computing Association's Financial Services in the Cloud Report 202...
Asia Cloud Computing Association's Financial Services in the Cloud Report 202...
 
Digital Fragmentation: Adapt To Succeed In A Fragmented World
Digital Fragmentation: Adapt To Succeed In A Fragmented WorldDigital Fragmentation: Adapt To Succeed In A Fragmented World
Digital Fragmentation: Adapt To Succeed In A Fragmented World
 
AI Use Cases OA
AI Use Cases OAAI Use Cases OA
AI Use Cases OA
 
Accenture Cloud Platform: Control, Manage and Govern the Enterprise Cloud
Accenture Cloud Platform: Control, Manage and Govern the Enterprise CloudAccenture Cloud Platform: Control, Manage and Govern the Enterprise Cloud
Accenture Cloud Platform: Control, Manage and Govern the Enterprise Cloud
 
Digital Consumers, Emerging Markets, and the $4 Trillion Future
Digital Consumers, Emerging Markets, and the $4 Trillion FutureDigital Consumers, Emerging Markets, and the $4 Trillion Future
Digital Consumers, Emerging Markets, and the $4 Trillion Future
 
Machine Learning In Insurance
Machine Learning In InsuranceMachine Learning In Insurance
Machine Learning In Insurance
 
FinOps: A Culture Transformation to Bring DevOps, Finance and the Business To...
FinOps: A Culture Transformation to Bring DevOps, Finance and the Business To...FinOps: A Culture Transformation to Bring DevOps, Finance and the Business To...
FinOps: A Culture Transformation to Bring DevOps, Finance and the Business To...
 
Supply Chain Transformation on the Cloud |Accenture
Supply Chain Transformation on the Cloud |AccentureSupply Chain Transformation on the Cloud |Accenture
Supply Chain Transformation on the Cloud |Accenture
 
The Datafication of HR: People Science is Here
The Datafication of HR: People Science is HereThe Datafication of HR: People Science is Here
The Datafication of HR: People Science is Here
 
GenAI in Research with Responsible AI
GenAI in Research with Responsible AIGenAI in Research with Responsible AI
GenAI in Research with Responsible AI
 
Cloud migration slides
Cloud migration slidesCloud migration slides
Cloud migration slides
 
Accenture Industry X0 | Surmonter la crise grâce à la collaboration | France
Accenture Industry X0 | Surmonter la crise grâce à la collaboration | FranceAccenture Industry X0 | Surmonter la crise grâce à la collaboration | France
Accenture Industry X0 | Surmonter la crise grâce à la collaboration | France
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security Presentation
 
Green Venture Opportunities
Green Venture Opportunities Green Venture Opportunities
Green Venture Opportunities
 

Destaque

Mobile, Wearables, Big Data and A Strategy to Move Forward (with NTT Data Ent...
Mobile, Wearables, Big Data and A Strategy to Move Forward (with NTT Data Ent...Mobile, Wearables, Big Data and A Strategy to Move Forward (with NTT Data Ent...
Mobile, Wearables, Big Data and A Strategy to Move Forward (with NTT Data Ent...Barcoding, Inc.
 
Using Hadoop to Drive Down Fraud for Telcos
Using Hadoop to Drive Down Fraud for TelcosUsing Hadoop to Drive Down Fraud for Telcos
Using Hadoop to Drive Down Fraud for TelcosCloudera, Inc.
 
Transforming incident Response to Intelligent Response using Graphs
Transforming incident Response to Intelligent Response using GraphsTransforming incident Response to Intelligent Response using Graphs
Transforming incident Response to Intelligent Response using GraphsRam Shankar Siva Kumar
 
us-15-Zadeh-From-False-Positives-To-Actionable-Analysis-Behavioral-Intrusion-...
us-15-Zadeh-From-False-Positives-To-Actionable-Analysis-Behavioral-Intrusion-...us-15-Zadeh-From-False-Positives-To-Actionable-Analysis-Behavioral-Intrusion-...
us-15-Zadeh-From-False-Positives-To-Actionable-Analysis-Behavioral-Intrusion-...jzadeh
 
Machine learning Mindmap
Machine learning MindmapMachine learning Mindmap
Machine learning MindmapYee Jie NG
 
Jim Geovedi - Machine Learning for Cybersecurity
Jim Geovedi - Machine Learning for CybersecurityJim Geovedi - Machine Learning for Cybersecurity
Jim Geovedi - Machine Learning for Cybersecurityidsecconf
 
Data Science ATL Meetup - Risk I/O Security Data Science
Data Science ATL Meetup - Risk I/O Security Data ScienceData Science ATL Meetup - Risk I/O Security Data Science
Data Science ATL Meetup - Risk I/O Security Data ScienceMichael Roytman
 
Machine Learning for Threat Detection
Machine Learning for Threat DetectionMachine Learning for Threat Detection
Machine Learning for Threat DetectionNapier University
 
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Alex Pinto
 
(SEC326) Security Science Using Big Data
(SEC326) Security Science Using Big Data(SEC326) Security Science Using Big Data
(SEC326) Security Science Using Big DataAmazon Web Services
 
Computer security - A machine learning approach
Computer security - A machine learning approachComputer security - A machine learning approach
Computer security - A machine learning approachSandeep Sabnani
 
When Cyber Security Meets Machine Learning
When Cyber Security Meets Machine LearningWhen Cyber Security Meets Machine Learning
When Cyber Security Meets Machine LearningLior Rokach
 
Risk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsRisk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsPriyanka Aash
 
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Cybereason
 
Network Forensics and Practical Packet Analysis
Network Forensics and Practical Packet AnalysisNetwork Forensics and Practical Packet Analysis
Network Forensics and Practical Packet AnalysisPriyanka Aash
 
Practical Applications of Block Chain Technologies
Practical Applications of Block Chain Technologies Practical Applications of Block Chain Technologies
Practical Applications of Block Chain Technologies Priyanka Aash
 

Destaque (17)

Mobile, Wearables, Big Data and A Strategy to Move Forward (with NTT Data Ent...
Mobile, Wearables, Big Data and A Strategy to Move Forward (with NTT Data Ent...Mobile, Wearables, Big Data and A Strategy to Move Forward (with NTT Data Ent...
Mobile, Wearables, Big Data and A Strategy to Move Forward (with NTT Data Ent...
 
Using Hadoop to Drive Down Fraud for Telcos
Using Hadoop to Drive Down Fraud for TelcosUsing Hadoop to Drive Down Fraud for Telcos
Using Hadoop to Drive Down Fraud for Telcos
 
Transforming incident Response to Intelligent Response using Graphs
Transforming incident Response to Intelligent Response using GraphsTransforming incident Response to Intelligent Response using Graphs
Transforming incident Response to Intelligent Response using Graphs
 
Merging fraud in a full IP environment
Merging fraud in a full IP environmentMerging fraud in a full IP environment
Merging fraud in a full IP environment
 
us-15-Zadeh-From-False-Positives-To-Actionable-Analysis-Behavioral-Intrusion-...
us-15-Zadeh-From-False-Positives-To-Actionable-Analysis-Behavioral-Intrusion-...us-15-Zadeh-From-False-Positives-To-Actionable-Analysis-Behavioral-Intrusion-...
us-15-Zadeh-From-False-Positives-To-Actionable-Analysis-Behavioral-Intrusion-...
 
Machine learning Mindmap
Machine learning MindmapMachine learning Mindmap
Machine learning Mindmap
 
Jim Geovedi - Machine Learning for Cybersecurity
Jim Geovedi - Machine Learning for CybersecurityJim Geovedi - Machine Learning for Cybersecurity
Jim Geovedi - Machine Learning for Cybersecurity
 
Data Science ATL Meetup - Risk I/O Security Data Science
Data Science ATL Meetup - Risk I/O Security Data ScienceData Science ATL Meetup - Risk I/O Security Data Science
Data Science ATL Meetup - Risk I/O Security Data Science
 
Machine Learning for Threat Detection
Machine Learning for Threat DetectionMachine Learning for Threat Detection
Machine Learning for Threat Detection
 
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
 
(SEC326) Security Science Using Big Data
(SEC326) Security Science Using Big Data(SEC326) Security Science Using Big Data
(SEC326) Security Science Using Big Data
 
Computer security - A machine learning approach
Computer security - A machine learning approachComputer security - A machine learning approach
Computer security - A machine learning approach
 
When Cyber Security Meets Machine Learning
When Cyber Security Meets Machine LearningWhen Cyber Security Meets Machine Learning
When Cyber Security Meets Machine Learning
 
Risk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsRisk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security Controls
 
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
 
Network Forensics and Practical Packet Analysis
Network Forensics and Practical Packet AnalysisNetwork Forensics and Practical Packet Analysis
Network Forensics and Practical Packet Analysis
 
Practical Applications of Block Chain Technologies
Practical Applications of Block Chain Technologies Practical Applications of Block Chain Technologies
Practical Applications of Block Chain Technologies
 

Semelhante a Data Science Transforming Security Operations

RSA 2016 Security Analytics Presentation
RSA 2016 Security Analytics PresentationRSA 2016 Security Analytics Presentation
RSA 2016 Security Analytics PresentationAnton Chuvakin
 
Creating Order from Chaos: Metrics That Matter
Creating Order from Chaos: Metrics That MatterCreating Order from Chaos: Metrics That Matter
Creating Order from Chaos: Metrics That MatterPriyanka Aash
 
CounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementCounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementMighty Guides, Inc.
 
Too much data and not enough analytics!
Too much data and not enough analytics!Too much data and not enough analytics!
Too much data and not enough analytics!Emma Kelly
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowMapR Technologies
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...Kaspersky
 
Machine Learning: Addressing the Disillusionment to Bring Actual Business Ben...
Machine Learning: Addressing the Disillusionment to Bring Actual Business Ben...Machine Learning: Addressing the Disillusionment to Bring Actual Business Ben...
Machine Learning: Addressing the Disillusionment to Bring Actual Business Ben...Jon Mead
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Karl Kispert
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfJustinBrown267905
 
Designing for Data Security by Karen Lopez
Designing for Data Security by Karen LopezDesigning for Data Security by Karen Lopez
Designing for Data Security by Karen LopezKaren Lopez
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsSirius
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackAujas
 
How to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital PresenceHow to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital PresenceSurfWatch Labs
 
PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?Lumension
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultSOCVault
 

Semelhante a Data Science Transforming Security Operations (20)

RSA 2016 Security Analytics Presentation
RSA 2016 Security Analytics PresentationRSA 2016 Security Analytics Presentation
RSA 2016 Security Analytics Presentation
 
Creating Order from Chaos: Metrics That Matter
Creating Order from Chaos: Metrics That MatterCreating Order from Chaos: Metrics That Matter
Creating Order from Chaos: Metrics That Matter
 
CounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementCounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat Management
 
Too much data and not enough analytics!
Too much data and not enough analytics!Too much data and not enough analytics!
Too much data and not enough analytics!
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to Know
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
 
Machine Learning: Addressing the Disillusionment to Bring Actual Business Ben...
Machine Learning: Addressing the Disillusionment to Bring Actual Business Ben...Machine Learning: Addressing the Disillusionment to Bring Actual Business Ben...
Machine Learning: Addressing the Disillusionment to Bring Actual Business Ben...
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 
Designing for Data Security by Karen Lopez
Designing for Data Security by Karen LopezDesigning for Data Security by Karen Lopez
Designing for Data Security by Karen Lopez
 
Information Leakage - A knowledge Based Approach
Information Leakage - A knowledge Based ApproachInformation Leakage - A knowledge Based Approach
Information Leakage - A knowledge Based Approach
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
 
Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key Considerations
 
Data Science for Cyber Risk
Data Science for Cyber RiskData Science for Cyber Risk
Data Science for Cyber Risk
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
 
How to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital PresenceHow to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital Presence
 
PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVault
 

Mais de Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

Mais de Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Último

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 

Último (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

Data Science Transforming Security Operations

  • 1. SESSION ID: #RSAC Dr. Alon Kaufman Data Science Transforming Security Operations STR-R02 Director of Data Science & Innovation, RSA
  • 2. #RSAC Data Science & Security Operation? 2 Who uses data science in their security practice? In what processes throughout your security operations do you use data science? Have you seen a significant value come out of your data science solutions? Do you see data science playing in role in the Cybersecurity market shift: “By 2020, 60% of enterprise information security budgets will be allocated for rapid detection and response approaches, up from less than 20% in 2015 (Gartner) ” Data Science has way more to offer than prevention & detection... It can and should be used as a key methodology and technology spanning all processes in security operations….
  • 3. #RSAC Agenda 3 What is data science, and why in security? You should know by now ;) What's special about data science in security 5 Maturity levels of data science in security operations Data science goes way beyond the prevention & detection in the entry level… DS maturity survey Where is your organization/product in terms of DS maturity? Building a security data science practice in house, Yes or No? Summary
  • 4. #RSAC What is Data Science – in 1 Sentence Making sense out of big data… Getting the data we collect to work for us! 4 The demand is just growing… Ratio
  • 5. #RSAC Why Data Science in Security? 5 We have all (most) of the data already….. Yet still being breached… while the attacks are hidden in our data Security operations are getting too complex for humans alone… and we are facing a huge staffing gap… Other industries demonstrated huge value with DS, given a hard problem and the relevant data at hand: Retail recommendation systems, up-sells, cross-sell Bio-informatics Image object recognition Voice recognition Self driving cars …
  • 6. #RSAC What's Special About Data Science in Security? 6 Dealing with a hostile dynamic world! Human/Machine synergy High price of False-Negative errors Gathering/Sharing data Lack of labeled attacks for training and learning In security detection is just the beginning….
  • 7. #RSAC 5 Levels of Data Science Maturity 7 •Known bad •Adaptive learning •Integrated scoring •Aggregate •Prioritize •Automate & Recommend •Basic feedback •Derived feedback •Learning from analyst actions •IoCs •Global learning •Policies Key message: Data science is a key methodology and technology, not a plug-in feature… •Limit •Block •User-support
  • 8. #RSAC Detection: The Holy Grail of Data Science…. 8 The data exists, and so also endless point solutions for detection The key to success is: Risk Known Bad Patterns Behavior Anomaly Entity Anomaly Compressive Risk Scoring Integrated Approach
  • 9. #RSAC Comprehensive Risk Score - Example Suspicious User Login Detection Multivariate Machine Learning algorithm to detect login impersonation Multiple inputs from multiple sources: Hostname, location, server, duration, auth, time of day, data tx/rx,…. Model output Risk score (combined measure of how risky the behavior is) Modeling concept: Known bad: blocked users, unrealistic ground-speed, authentication User anomaly: base line per feature and detect deviation from norm Peer group anomaly: Prior knowledge, new user, acceptable behavior changes
  • 10. #RSAC Integrating Different Approaches - Example Endpoint Malware Detection The market is highly fragmented with endless point solutions Each vendor/solution takes a different valid approach with pros and cons Combining them provides enhanced performance: Human Static analysis Dynamic analysis Community reputation 10
  • 11. #RSAC Augmented Investigation 11 The goal is not replace the analysts but augment them and simplify their work: Shortage of cybersecurity skills continues to grow Most of analysts’ time goes on selecting what alerts to investigate Attacks typically trigger multiple alerts throughout the different attack phases 70% of the procedures done by analysts are repeatable The Key to success: Prioritize Aggregate Automate & Recommendation 23% 25% 28% 46% 2013 2014 2015 2016 Shortage in CyberSecurity Skills (ESG, 2016)
  • 12. #RSAC Augmented Investigation - Example Top-down Hierarchical approach Pre-fetch all supporting data Risk scoring prioritization Aggregate across entities (user, devices, application, …) Moving from alerts to attack vectors Guide the analyst with recommendations 12
  • 13. #RSAC Continuous Learning 13 As in any learning “teachers” are beneficial – supervised learning Feeding back results to the learning engine When direct feedback is lacking it can be derived Learning from analyst behavior and actions
  • 14. #RSAC Leaning and Self-Improving Detection - Example Ongoing, automatic self-learning fraud detection model Risk Engine Case Mgmt Activity details Policy Mgr. Device Payee Authenticate Continue Step-up AuthenticationFeedback Feedback Challenge Out-of-band Others Knowledge 271937 Deny User Data Science based Risk Engine Account
  • 15. #RSAC Intelligence Sharing 15 Tiny part of the road from each Analytics Map + prediction + navigation instruction Waze. Outsmarting traffic, Together. Crowdsourced security intel’ Security map + predictions + mitigation instructions To date the industry state of the art sharing is around IoCs, next phase is to share, learn and crowdsource policies, procedures & mitigations
  • 17. #RSAC Response 17 Taking automatic actions based on insights: Limit access / Require additional input Risk based authentication Partial blocking Automatic blocking Guide the analyst through investigation Pre-fetch all required data Recommend next action
  • 18. #RSAC 5 Levels of Data Science Maturity 18 •Known bad •Adaptive learning •Integrated scoring •Aggregate •Prioritize •Automate & Recommend •Basic feedback •Derived feedback •Learning from analyst actions •IoCs •Global learning •Policies Key message: Data science is a key methodology and technology, not a plug-in feature… •Limit •Block •User-support
  • 19. #RSAC Survey: How DS-Mature Are Your Operations? (How many fields? (5), Overall score? (22 points) ) 19 Detection Augmented Investigation Continuous Learning Intelligence Sharing  Do you use advanced, adaptive, analytics for detection?  Can you bake into the analytics engines your human insights?  Do you have your various products integrated at the analytics level? Response  Can you combine multiple alerts into some attack description?  Do you have one integrated priority queue?  Do you utilize automatic enrichments, hints, guidance or recommendation to assist analysts?  Do you leverage analysts decision for operations improvement?  Do you have any level of automatic, self learning from feedback?  Do your overall operations improve based on your analysts work?  Do you utilize community data to improve operations?  Do your systems “learn” from data outside of your system?  Do you have a mechanism to improve human actions based on the community?  Do you use automatic response based on analytics?  Are any decisions or actions fed back to analysts as a results of the risk?
  • 20. #RSAC Building a Security Data Science Practice in House, Yes or No? 20 Applying Data Science requires joint effort between data scientists, security experts and the business owners To date hiring people with a data science background is hard, nevertheless with security domain knowledge From research to an operational process/product – long journey from the proof-of-signal to an operational system Data, Data, Data…. You don’t want data science… you actually want data science backed into your solution in an intuitive, easy to use manner Alignment from stakeholders Invest in staffing and diverse backgrounds Organization & operational breadth Collaborate / share Integrated home grown solution
  • 21. #RSAC Applying What You Have Learned Today 21 Take the survey and assess how advanced is your DS strategy Identify gaps, and in what area focus is needed Work up the DS stairs: Detection -> Investigation -> continuous learning -> Intl Sharing -> Automatic response (Risk based response) Data Science in house: Alignment cross-org Staff wisely Be prepared for a long (and expensive) journey Constantly strive to see how DS augments your analysts, and not try replace them!
  • 22. #RSAC Summary 22 Data Science has way more to offer than prevention & detection ... It can and should be used as a key methodology and technology spanning all processes in security operations…
  • 23. SESSION ID: #RSAC Dr. Alon Kaufman Data Science Transforming Security Operations STR-R02 Director of Data Science & Innovation, RSA Alon.Kaufman@rsa.com