3411 - Replacing SOC1: Building a Culture of Machine Learning in Security Processes
Wednesday, October 10
3:00 PM - 4:00 PM
Location: Floor 3: Mardi Gras: Salon E
This presentation showcases a process-driven workflow for the SOC that combine machine learning with building a proper workflow for transferring operator feedback. In practice, these workflows can effectively enhance Security Operations Centers' vision, analysis and action upon detection of threats. The presentation will describe in detail the concept of micro behaviors, a basic unit within a threat that can be extracted, labeled and used by learners in order to provide multi-contextual, signature-less threat detection. The examples covered will focus on how to decompose high-level security behaviors into these smaller actionable units that are then made more accurate over time using data from standard security investigations. This presentation is augmented by a GitHub repo of security data sets that has been hand labeled for the purpose of building machine learning models to learn from security operators investigation notes and forensic artifacts.
- Learn functional/practical use cases for applying machine learning to Security Operations Centers Level 1 tasks.
- Discover how to apply experienced operator feedback to enhance automated SOC workflows.
- Under how algorithms can and will eventually replace SOC1 operators.