The chief problem with cyber security is that most of our tools and workforce is geared to waiting for adverse events, detecting those events (sometimes months after the fact), investigating the breach that has already occurred, and then cleaning up. This slow and reactive process ensures breaches happen and security staff us overwhelmed under the noise.
This talk will focus on automation and machine learning techniques that can proactively identify threats seen in the wild based on the latest academic research. This techniques allow organizations to identify suspect infrastructure before it is used to attack them. The key to making this work is infusing machine learning with knowledge of how actual attacks work and the threat landscape. Machine learning without intelligence is merely gussied up mensa math exercises.
It isn't enough to know what the attacker will use to attack, however. Armed with this knowledge, organizations now need to safely automatically block these attacks before they occur so breaches never happen to begin with. The goal of automation must be to stop attacks before they are launched, not merely speeding up incident response. Several case studies will be discussed showing how this all can work together in the real world.
- How to use machine learning and why it is essential to use strong intelligence to create models
- Techniques to use automation to block attacks before they are launched against a victim organization
- Cost-effective and safe ways to whitelist and blacklist infrastructure to insure against false positives
Live BrightTALK Webinar with John Bambenek: Stop Watching & Start Blocking, Affordable Machine-Learning Enabled Defense
Date: October 8th
Time: 2 PM PDT
About the Speaker
John Bambenek is VP of Security Research and Intelligence at ThreatSTOP, a lecturer in the Department of Computer Science at the University of Illinois at Urbana-Champaign, and a handler with the SANS Internet Storm Center. He has over 20 years experience in Information Security and leads several International investigative efforts tracking cybercriminals - some of which have lead to high profile arrests and legal action.
He was active in several investigations involving the 2016 election including work that recovered documents from the GRU that were stolen from the Democratic Congressional Campaign Committee.