Security is all about reacting. It’s time to make some predictions. Michael Roytman explains how Kenna Security used the AWS Machine Learning platform to train a binary classifier for vulnerabilities, allowing the company to predict whether or not a vulnerability will become exploitable.
Michael offers an overview of the process. Kenna enriches the data with more specific, nondefinitional-level data. 500 million live vulnerabilities and their associated close rates inform the epidemiological data, as well as “in the wild” threat data from AlienVault’s OTX and SecureWorks’s CTU, Reversing Labs, and ISC SANS. The company uses 70% of the national vulnerability database as its training dataset and generates over 20,000 predictions on the remainder of the vulnerabilities. It then measures specificity and sensitivity, positive predictive value, and false positive and false negative rates before arriving at an optimal decision cutoff for the problem.
Michael Roytman is the chief data scientist at Kenna Security, where his work focuses on cybersecurity data science and Bayesian algorithms. Michael is also a technical advisor in the humanitarian space, having worked with Doctors Without Borders, the World Health Organization, and the UN. He has spoken at some of the top security conferences in the world, including RSA, SOURCE, BSides, Metricon, and SIRAcon, and has been published in the Advanced Computing Association journal USENIX. Michael is the author of three patents. He holds an MS in operations research from Georgia Tech. His home in Chicago is a mess of broken-down espresso machines.
©2017, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org