October 30–31, 2016: Training
October 31–November 2, 2016: Tutorials & Conference
New York, NY

Security analytics: Machine learning applied in the SOC

Macy Cronkrite (Splunk)
3:50pm–4:30pm Tuesday, 11/01/2016
Security in context (security datasci)
Location: Rendezvous Trianon Level: Beginner
Average rating: **...
(2.67, 6 ratings)

Prerequisite knowledge

  • Familiarity with the problem space of big data and security analytics
  • A general understanding of the use cases that security operations centers typically have

What you'll learn

  • Learn how to find easy-to-build-and-implement machine-learning algorithms


Big data has reached security practitioners’ desktops. Now analysts can pour over machine logs and search for interesting activity, but the data deluge is overwhelming human analyst capacity. However, algorithmic thinking and machine-learning toolsets can be leveraged for many if not most security use cases.

Security knowledge workers are not data scientists by training, yet being able to use data science tools easily is critical for system validation and advancement. The most important technology decision they face is finding easy-to-build-and-implement machine-learning algorithms.

Macy Cronkrite offers context for the discussion and presents the problem before sharing several active examples of machine learning applied to the problem space, including a data exfiltration event analysis, an unusual spike in traffic, and anomalous new port activity. To highlight the importance of tool selection for the SOC team, Macy then demonstrates a few machine-learning toolkits and explains how they are implemented.

Photo of Macy Cronkrite

Macy Cronkrite


Macy Cronkrite is a senior architect at Splunk, where she supports the development and implementation of enterprise sensor networks by providing high-quality analysis from captured machine data in logs, enabling big data analysis as a capability of enterprise IT and SOC operations. Macy is an enterprise-security-focused systems analyst and developer with 15 years of IT experience as well as a coconspirator of Security BSides Boston. Macy holds a BS and MS in information science.