Cutting Edge

3411 - Replacing SOC1: Building a Culture of Machine Learning in Security Processes

Wednesday, October 10
3:00 PM - 4:00 PM
Location: Floor 3: Mardi Gras: Salon E

This presentation showcases a process-driven workflow for the SOC that combine machine learning with building a proper workflow for transferring operator feedback. In practice, these workflows can effectively enhance Security Operations Centers' vision, analysis and action upon detection of threats. The presentation will describe in detail the concept of micro behaviors, a basic unit within a threat that can be extracted, labeled and used by learners in order to provide multi-contextual, signature-less threat detection. The examples covered will focus on how to decompose high-level security behaviors into these smaller actionable units that are then made more accurate over time using data from standard security investigations. This presentation is augmented by a GitHub repo of security data sets that has been hand labeled for the purpose of building machine learning models to learn from security operators investigation notes and forensic artifacts.


 

Learning Objectives:

Rod Soto, CISSP

Director of Security Research
JASK.AI

Rod Soto has more than 15 years of experience in information technology and security. He currently works as a director of security research at JASK.AI. He has spoken at ISSA, Security Congress, OWASP, DEFCON, Black Hat,RSA, Hackmiami, Bside and, DerbyCon. He's also been featured in Rolling
Stone Magazine, Pentest Magazine and on Univision and CNN. Rod won the 2012 BlackHat LasVegas CTF competition and is the founder and lead developer of the Kommand && KonTroll competitive hacking tournament series.

Presentation(s):

Send Email for Rod Soto

Joseph Zadeh

Director of Data Science
JASK.AI

Joseph Zadeh is the director of data science at JASK. He has an M.S. in mathematics, computational finance and a PhD in mathematics from Purdue University. He came to JASK as one of the foremost experts on AI and security operations. Prior to JASK, he served as the senior data scientist at Splunk through the aquisition of Caspida, where he developed behavior-based analytics for intrusion detection. He applied his research background to artificial intelligence and cybersecurity, delivering presentations at Bsides Las Vegas, Defcon, Blackhat and RSA. Previously, Joe was part of the data science consulting team on cybersecurity analytics at Greenplum/Pivotal, as well as part of Kaiser Permanente’s first cybersecurity R&D team.

Presentation(s):

Send Email for Joseph Zadeh


Assets

3411 - Replacing SOC1: Building a Culture of Machine Learning in Security Processes

Audio

Audio

Video

Video


Attendees who have favorited this

Please enter your access key

The asset you are trying to access is locked. Please enter your access key to unlock.

Send Email for Replacing SOC1: Building a Culture of Machine Learning in Security Processes