The Rise of the Robot Analyst

ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness Theatre

Wed 17th Oct 09:40 to 10:30

Humans are in short supply. This talk will present practical learnings from 6 years of research, using machines to correlate application vulnerabilities and threats; from low level packet drops and vulnerability scan results, to high level APT campaigns lasting months and targeting multiple attack surfaces. An approach is discussed which uses graph structures to represent related security data points, and attribute risk from the perspective of human analysts who must investigate increasing numbers of events, with limited time and resources. Graph structures are further associated together to gain broader views of attack coordination and persistence. Further categorization is applied to graph structures, to initiate those actions which may be safely automated - such as updating an application firewall policy, activating DDoS defenses, or blocking an IP address, without a human in the loop. No specific platform or vendor technology is emphasized. Concepts are illustrated with examples which may refer to common commercial and/or open source tools. 


Photo Speaker Name Profile
Sam Pickles Sam Pickles View Profile