Build Better Defenses
October 29–30, 2017: Training
October 30–November 1, 2017: Tutorials & Conference
New York, NY

Schedule: Security analytics sessions

1:30pm–5:00pm Monday, October 30, 2017
Location: Sutton South
Ido Safruti (PerimeterX), Amir Shaked (PerimeterX)
Average rating: ***..
(3.00, 2 ratings)
Ido Safruti and Amir Shaked offer an overview of the data analysis tools that every web security analyst should be familiar with in their daily work, including ELK, BigQuery, and Python as well as other helpful online services. These tools will help you analyze incidents on your web application and network and alert you when an attack starts. Read more.
11:20am–12:00pm Tuesday, October 31, 2017
Location: Sutton North
Julian Wong (DataVisor)
Average rating: ****.
(4.00, 1 rating)
Using research from more than one billion users, 500 billion events, and 50 million malicious accounts collected from global online services, Julian Wong details some of the sophisticated attack techniques being used by modern day online criminals and demonstrates how these types of attacks can be detected and mitigated by leveraging artificial intelligence. Read more.
1:15pm–1:55pm Tuesday, October 31, 2017
Location: Sutton North
Quiessence Phillips (City of New York)
In a daily fight to secure organizations, security analysts are inundated with a massive log set (if one is so fortunate), but with it comes a high signal-to-noise ratio. Increase your signal by adding context to your logs. Join Quiessence Phillips to learn about the type of context that could be added and the value of its addition. Read more.
2:10pm–2:50pm Tuesday, October 31, 2017
Location: Sutton North
Michael Roytman (Kenna Security)
Security is all about reacting. It's time to make some predictions. Michael Roytman explains how Kenna Security used the AWS Machine Learning platform to train a binary classifier for vulnerabilities, allowing the company to predict whether or not a vulnerability will become exploitable. Read more.
3:50pm–4:30pm Tuesday, October 31, 2017
Location: Sutton North
Alex Pinto (Niddel)
Average rating: ***..
(3.00, 1 rating)
Alex Pinto shares an automation model that elevates the quality of data available to automation processes to efficiently simulate analyst intuition and significantly augment human analysts. The hunting automation maturity model (HAMM) organizes these techniques around capability milestones, including internal and external context and analytical tooling. Read more.
4:45pm–5:25pm Tuesday, October 31, 2017
Location: Sutton North
Thomas Mathew (Cisco Umbrella (OpenDNS)), DHIA MAHJOUB (Cisco Umbrella (OpenDNS))
Average rating: ****.
(4.00, 2 ratings)
Open source datasets contain a wealth of information that can aid security practitioners. However, large public datasets are usually unstructured and noisy, posing difficulties for researchers trying to extract useful information. Thomas Mathew and Dhia Mahjoub explain how they used graph and clustering analytics on an SSL scan dataset to identify domains associated with the Zbot botnet. Read more.
11:20am–12:00pm Wednesday, November 1, 2017
Location: Beekman
brian candlish (Telstra), Christian Teutenberg (Telstra)
Brian Candlish and Christian Teutenberg discuss a security incident Telstra suffered as a result of an acquisition and the ongoing year of incident response that followed to evict the intruders. Read more.
4:45pm–5:25pm Wednesday, November 1, 2017
Location: Beekman
Peleus Uhley (Adobe)
Average rating: *****
(5.00, 1 rating)
An accurate understanding of your public network and application exposure is necessary for everything from scalable security automation to red team exercises, but it can be overwhelming trying to keep up with a large organization. Peleus Uhley shares techniques for leveraging freely available data to create complete network graphs, track best practices, and identify security issues. Read more.