Sep 23–26, 2019

Learning asset naming patterns to find risky unmanaged devices

Ryan Foltz (Exabeam)
2:05pm2:45pm Thursday, September 26, 2019
Location: 1A 06/07
Secondary topics:  Deep Learning, Streaming and IoT
Average rating: *****
(5.00, 1 rating)

Who is this presentation for?

  • Security professionals

Level

Intermediate

Description

Devices unknown to the corporate IT control management teams pose security threats. Whether they’re legitimate but unmanaged or unauthorized rogue devices, they represent a security blind spot as they are potential entry points for malware or adversarial actions. Reducing the security risk from unknown physical or virtual devices is multifaceted, and a key first step toward reducing risk from unknown devices is to recognize and identify their presence.

In large corporate networks, devices often adhere to some official naming conventions. In practice, other devices may have their own unofficial naming conventions unknown to IT; for example, devices from departments outside of formal control policy, legacy systems or domains, external vendors or partners, and communication devices brought in by employees. Ryan Foltz’s assumption, which holds true for IT practitioners, is that the vast majority of legitimate network devices follow some known and unknown naming conventions. Devices outside of these naming conventions are the very small minority in the network, and devices with unusual names raise security concerns. IT analysts intimately familiar with their own networking environment can readily point out whether unusually named devices are questionable for further investigation.

To identify these devices, Ryan proposes a machine learning method based on deep learning to identify and model the hidden character distribution patterns from names of all observed devices on the network, effectively capturing the known and unknown naming conventions of devices. Devices with anomalous or usual names not explained by the model are flagged for review, and their corresponding anomaly scores allow ranking for prioritization. This provides a new tool that can be part of a comprehensive device management program or system.

What you'll learn

  • Understand this novel data analytics use case to find anomalously named devices and the constraints where this method applies for operational usage
  • Be introduced to the advanced machine learning method based on deep learning
  • See examples of the real-world applications of this method
  • Assess and compare alternative methods
Photo of Ryan Foltz

Ryan Foltz

Exabeam

Ryan Foltz is a data scientist at Smarter SIEM company Exabeam, applying the latest machine learning approaches to cybersecurity. Previously, he was a data specialist at the Harvard-Smithsonian Center for Astrophysics, and he is founder and lead game designer at Epic Banana Studios. He earned his PhD at the University of California, Riverside, for his research on galaxy formation and evolution.

    Contact us

    confreg@oreilly.com

    For conference registration information and customer service

    partners@oreilly.com

    For more information on community discounts and trade opportunities with O’Reilly conferences

    strataconf@oreilly.com

    For information on exhibiting or sponsoring a conference

    pr@oreilly.com

    For media/analyst press inquires