Add to my Schedule Holeman Lounge Borderless Cyber Track (BC)
Oct 09, 2019 04:00 PM - 04:30 PM (UTC)
20191009T1600 20191009T1630 UTC BC Track: Decision Automation: Teaching machines to hunt Threat Detection in today's environment requires Security Operational Center (SOC) teams to go beyond SIEM rules and simple correlation. Yet, "blackbox" AI systems often fall short by creating too man... Holeman Lounge Borderless Cyber USA / Washington, D.C. / 8-10 October 2019 events@oasis-open.org

Threat Detection in today's environment requires Security Operational Center (SOC) teams to go beyond SIEM rules and simple correlation. Yet, "blackbox" AI systems often fall short by creating too many false positives and often missing true incidents. Decision Automation is the new paradigm that brings the power of expert root-cause analysis using the 5 Whys approach, coupled with Machine Learning and easily-configured automation platforms, enabling security teams to create powerful intelligent threat detection. This session will explore the fundamentals of Decision Automation along with relevant case studies.




Many enterprise security teams rely on rules and searches to create alerts. Such rules not only have high false positive rates, but have very high false negative rates too. It is easy for a rule based system to miss some very simple attacks that it has not seen before. However, if we give that data to an analyst, they are more often than not, able to detect suspicious behavior and attacks that they have never seen before.


In this talk, we will see how we can build a fully automated system that uses the same techniques as an analyst does, and methodically analyze the data autonomously in order to decide which events are risky and should be turned into incidents. This talk will focus on how to automate threat hunting by using a framework to capture the expertise and techniques of a skilled threat hunter.


Key take-aways:

  • Learn common techniques threat hunters use to hunt for threats without apriori knowledge of what those threats like.

  • Discover how to automate threat hunting, so that you can find threats much more effectively at machine speed.
     
  • Learn how to apply automation, machine learning and feedback loops to build a much better Threat Detection system.

  • Hear about success stories from real world implementations that are applying automation to alert triage.
     
  • Learn about a process that has been applied in many companies to measure the effectiveness of automation and how that leads to higher trust in automation.