Learning asset naming patterns to find risky unmanaged devices
Who is this presentation for?Security professionals
Devices unknown to the corporate IT control management teams pose security threats. Whether they are legitimate but unmanaged devices or unauthorized rogue devices, they represent a security blind spot, as they are potential entry points for malware or adversarial actions. These devices present an attack surface from multiple points. The risks are compromised intellectual property, leaked sensitive data, and a tarnished company reputation. Reducing the security risk from unknown physical or virtual devices is multifaceted. A key first step toward reducing risk from unknown devices is to recognize and identify their presence.
In large corporate networks, devices often adhere to some official naming conventions. In practice, other devices may have their own unofficial naming conventions unknown to IT; for examples, devices from departments outside of formal control policy, legacy systems or domains, external vendors or partners, and communication devices brought in by employees. Our assumption, which holds true for IT practitioners, is that the vast majority of legitimate network devices follow some known and unknown naming conventions. Devices outside of these naming conventions are the very small minority in the network. Devices with unusual names raise security concerns of their existence. IT analysts intimately familiar with their own networking environment can readily point out whether unusually named devices are questionable for further investigation.
To identify these devices, we propose a machine learning method based on Deep Learning to learn and model the hidden character distribution patterns from names of all observed devices on the network, effectively capturing the known and unknown naming conventions of devices. Devices with anomalous or usual names not explained by the model are flagged for review. Their corresponding anomaly scores allow ranking for prioritization. This provides a new tool that can be part of a comprehensive device management program or system.
What you'll learn
Ryan Foltz serves as a data scientist at Smarter SIEM ™ company Exabeam, applying the latest machine learning approaches to cybersecurity. Prior to Exabeam, he earned his PhD (in 2017) at University of California, Riverside, for his research on galaxy formation and evolution. He also worked as a data specialist at the Harvard-Smithsonian Center for Astrophysics and is founder and lead game designer at Epic Banana Studios.
Leave a Comment or Question
Help us make this conference the best it can be for you. Have questions you'd like this speaker to address? Suggestions for issues that deserve extra attention? Feedback that you'd like to share with the speaker and other attendees?
Join the conversation here (requires login)
For conference registration information and customer service
For more information on community discounts and trade opportunities with O’Reilly conferences
For information on exhibiting or sponsoring a conference
View a complete list of Strata Data Conference contacts