Sep 23–26, 2019

Learning asset naming patterns to find risky unmanaged devices

Ryan Foltz (Exabeam)
2:05pm2:45pm Thursday, September 26, 2019
Location: 1A 06/07
Secondary topics:  Deep Learning, Streaming and IoT

Who is this presentation for?

Security professionals

Level

Intermediate

Description

Devices unknown to the corporate IT control management teams pose security threats. Whether they are legitimate but unmanaged devices or unauthorized rogue devices, they represent a security blind spot, as they are potential entry points for malware or adversarial actions. These devices present an attack surface from multiple points. The risks are compromised intellectual property, leaked sensitive data, and a tarnished company reputation. Reducing the security risk from unknown physical or virtual devices is multifaceted. A key first step toward reducing risk from unknown devices is to recognize and identify their presence.

In large corporate networks, devices often adhere to some official naming conventions. In practice, other devices may have their own unofficial naming conventions unknown to IT; for examples, devices from departments outside of formal control policy, legacy systems or domains, external vendors or partners, and communication devices brought in by employees. Our assumption, which holds true for IT practitioners, is that the vast majority of legitimate network devices follow some known and unknown naming conventions. Devices outside of these naming conventions are the very small minority in the network. Devices with unusual names raise security concerns of their existence. IT analysts intimately familiar with their own networking environment can readily point out whether unusually named devices are questionable for further investigation.

To identify these devices, we propose a machine learning method based on Deep Learning to learn and model the hidden character distribution patterns from names of all observed devices on the network, effectively capturing the known and unknown naming conventions of devices. Devices with anomalous or usual names not explained by the model are flagged for review. Their corresponding anomaly scores allow ranking for prioritization. This provides a new tool that can be part of a comprehensive device management program or system.

Prerequisite knowledge

N/A

What you'll learn

Understand this novel data analytics use case to find anomalously named devices Be introduced to the advanced machine learning method based on Deep Learning See examples of the real-world applications of this method Assess and compare alternative methods Understand the constraints where this method applies for operational usage
Photo of Ryan Foltz

Ryan Foltz

Exabeam

Ryan Foltz serves as a data scientist at Smarter SIEM ™ company Exabeam, applying the latest machine learning approaches to cybersecurity. Prior to Exabeam, he earned his PhD (in 2017) at University of California, Riverside, for his research on galaxy formation and evolution. He also worked as a data specialist at the Harvard-Smithsonian Center for Astrophysics and is founder and lead game designer at Epic Banana Studios.

Leave a Comment or Question

Help us make this conference the best it can be for you. Have questions you'd like this speaker to address? Suggestions for issues that deserve extra attention? Feedback that you'd like to share with the speaker and other attendees?

Join the conversation here (requires login)

Contact us

confreg@oreilly.com

For conference registration information and customer service

partners@oreilly.com

For more information on community discounts and trade opportunities with O’Reilly conferences

strataconf@oreilly.com

For information on exhibiting or sponsoring a conference

Contact list

View a complete list of Strata Data Conference contacts