Presented By
O’Reilly + Cloudera
Make Data Work
29 April–2 May 2019
London, UK

Evaluating cybersecurity defenses with a data science approach

Brennan Lodge (Goldman Sachs), Jay Kesavan (Bowery Analytics LLC)
16:3517:15 Thursday, 2 May 2019
Data Science, Machine Learning & AI
Location: Capital Suite 14
Average rating: ***..
(3.00, 3 ratings)

Who is this presentation for?

  • Data scientists

Level

Intermediate

Prerequisite knowledge

  • A working knowledge of data science

What you'll learn

  • Explore a machine learning model to get closer to signal and more meaningful investigations rather than noisy or false-positive-related conclusions

Description

Cybersecurity analysts are under siege to keep pace with the ever-changing threat landscape. The analysts are overworked as they are bombarded with and burned out by the sheer number of alerts that they must carefully investigate. This intense workload can be a true testament to anyone’s patience.

Our industry is struggling to keep up and is alternatively promoting silver bullets and panaceas to catch zero days, defend against APT and use AI to detect attacks better and faster. Instead of detecting or preventing better and faster, we should be looking inwardly at our security operation centers (SOC) to be better serve our human analysts. Security departments should be seeking data-driven approaches for more efficient evaluations on operations. Approaches like data science and algorithms to statistically evaluate the operations within a SOC will help.

Big data is becoming a big problem for SOCs, but it should be a solution. Brennan Lodge and Jay Kesavan explain how to use a data science model for alert evaluations to empower your cybersecurity analysts and help them overcome the monotonous work that leads to career burnout.

Analysts’ laborious investigations already include a variety of data points, logs, notes, escalations, and conclusion tags. Combining these data points or independent variables can feed a ML algorithm against a dependent variable or conclusion tags to build an evaluation score against sensors and detection rules. With proper labeling and data wrangling, an evaluation score can be gleaned from a logistic regression algorithm. This output can evaluate the efficacy of alerts from SIEMs. With this insight, security engineers, management, and analysts alike can be empowered to make data-driven decisions to tune and lessen the burden on the SOC from investigating fewer false-positive-related cases.

Photo of Brennan Lodge

Brennan Lodge

Goldman Sachs

Brennan Lodge is a data scientist at Goldman Sachs. A self-proclaimed data nerd, he’s been working in the financial industry for the past 10 years and is striving to save the world with a little help from our machine friends. He’s held cybersecurity, data scientist, and leadership roles at JPMorgan Chase, the Federal Reserve Bank of New York, Bloomberg, and Goldman Sachs. Brennan holds a masters’ degree in Business Analytics from New York University and participates in the data science community with his nonprofit pro bono work at DataKind and as a co-organizer for the NYU Data Science and Analytics Meetup. Brennan is also an instructor at the New York Data Science Academy and teaches data science courses in R and Python.

Photo of Jay Kesavan

Jay Kesavan

Bowery Analytics LLC

Jay Kesavan is the head of the Analytics Practice at Bowery Analytics LLC, where he works with clients to devise predictive analytics strategies for executive decision makers. This involves advising companies on different modeling techniques, data transformation and visualization needs, and the software and human resources needed to execute analytics projects. He has spent the last 14 years working with Fortune 100 clients across industries executing large-scale transformation projects in CRM, order management, pricing engines, customer management systems, and advanced marketing solutions. He holds a BS in computer science from Andrews University, an MS in business analytics from NYU, and an MS in tech management from Columbia University as well as a certificate in leadership from IE, Madrid.