Big data has reached security practitioners’ desktops. Now analysts can pour over machine logs and search for interesting activity, but the data deluge is overwhelming human analyst capacity. However, algorithmic thinking and machine-learning toolsets can be leveraged for many if not most security use cases.
Security knowledge workers are not data scientists by training, yet being able to use data science tools easily is critical for system validation and advancement. The most important technology decision they face is finding easy-to-build-and-implement machine-learning algorithms.
Macy Cronkrite offers context for the discussion and presents the problem before sharing several active examples of machine learning applied to the problem space, including a data exfiltration event analysis, an unusual spike in traffic, and anomalous new port activity. To highlight the importance of tool selection for the SOC team, Macy then demonstrates a few machine-learning toolkits and explains how they are implemented.
Macy Cronkrite is a senior architect at Splunk, where she supports the development and implementation of enterprise sensor networks by providing high-quality analysis from captured machine data in logs, enabling big data analysis as a capability of enterprise IT and SOC operations. Macy is an enterprise-security-focused systems analyst and developer with 15 years of IT experience as well as a coconspirator of Security BSides Boston. Macy holds a BS and MS in information science.
©2016, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • email@example.com