Name: How Machine Learning is Leveraged for Attack Detection Scenarios
Start: 2023-11-15T19:00:00Z
End: 2023-11-15T19:00:50.000Z
Location: BrightTALK
Rating: 5

Gurucul is transforming enterprise security with user behavior based machine learning and predictive analytics. Using identity to monitor for threats, Gurucul provides Actionable Risk Intelligence™ to protect against targeted and under-the-radar attacks. Gurucul is able to proactively detect, prevent, and deter advanced insider threats, fraud and external threats to system accounts and devices using self-learning, behavioral anomaly detection algorithms.

Gurucul is backed by an advisory board comprised of Fortune 500 CISOs, and world renowned-experts in government intelligence and cyber security. The company was founded by seasoned entrepreneurs with a proven track record of introducing industry changing enterprise security solutions. Our mission is to help organizations protect their intellectual property, regulated information, and brand reputation from insider threats and sophisticated external intrusions.

Machine Learning (ML) is used to identify abnormal behavior and pinpoint malicious behavior. This webinar will show you how Gurucul uses adaptive and static ML models to identify two different MITRE attack stages: Lateral movement (T1110) and Valid/Default Account (T1078/001). In our demonstration, we'll run a basic model and identify an 'outlier' use case. 

During the webinar we'll address the following: 
• How ML models are used 
• How ML minimizes false positives 
• Why you can't rely on security alerts alone 
• Advantages of combining ML with security alerts 

Bring your questions!

How Machine Learning is Leveraged for Attack Detection Scenarios

Take your security operations to the next level by augmenting your current SIEM to seek less, find more, and reduce dwell time. 

Many companies struggle with their current SIEM. While good for compliance or log management use cases, they provide limited value against todays advanced threats. They are like a black hole of operational time and energy, from data ingestion to writing rules that require constant care and feeding, and lengthy swivel-chair investigations. These rule-based solutions swamp SOC analysts with alerts and false positives versus eradicating threats.

BUT legacy and traditional SIEMs have been around for a long time and are difficult to rip and replace with countless time, effort and money invested. There is no need to rip and replace - instead, augment it.

In this webinar we'll cover how you can improve your security operations efficiency by augmenting your SIEM to reduce dwell time. Learn more about the four pillars for augmenting your SIEM:
1) Better Security Visibility: Whether it is cloud, SaaS or some challenging format, we make even the most difficult data easy to ingest and 450+ integrations. 
2) High-fidelity Threat Detections: Move past static rule-based correlation models with Machine Learning-powered analytics and OOTB threat content.
3) Faster Investigations & Response: Speed time to response and reduce dwell time with AI assisted investigations, hunting and customizable response playbooks.
4) Improved Operational Efficiency: Save time with less rule writing and tuning, with full context and automate mundane tasks for faster investigations.

SIEM Augmentation: It's Time to Up Your SIEM Game

The biggest challenge that enterprises face today is that SOC analysts get too many alerts with very little context which results in no actionable intelligence. Many security teams do random sampling of alerts. However, there is a risk of missing out on significant threats that require immediate attention. 

Tying together indicators of compromise and events into understanding an actual attack, then establishing the potential impact and the subsequent response is a painful and mostly manual process for most security operations teams. Identifying and establish risk to the organization must go beyond aggregating third party scores from intelligence sources or vulnerability assessments. 

In this webinar we'll cover how advanced risk scoring provides accuracy and confidence to guide security operations decisions. Gurucul's risk scoring model takes a holistic approach for computing risk. It uses a robust and flexible risk scoring framework which rolls up risk scores from multiple contributing elements and derives a normalized user and entity risk score. This risk score enables organizations to detect threats quickly with no manual threat hunting or use of rules or pattern matching.

How Contextual Risk Scoring Reduces Attack Response Time

Do the complexities of data ingestion leave your SIEM or XDR solution wanting for more? When it comes to data ingestion it sounds simple, but with the constant changes to security analytics platforms, 3rd party vendor modifications, lack of standards, and continuous changes to the data itself, ingestion can be anything but simple and easy. 

A SIEM solution that offers automatic ingestion and interpretation of any data source provides organizations with a powerful advantage in the ever-evolving cybersecurity landscape. Such flexibility enables security teams to seamlessly adapt to new technologies and data formats without the need for manual configuration, saving precious time and resources. 

This adaptability is particularly valuable in complex hybrid-cloud environments and geographically dispersed locations, where data sources may be diverse and continually changing. By effortlessly accommodating data from across the organization’s infrastructure, the SIEM ensures comprehensive visibility into potential security threats, regardless of where they originate. This capability enables security teams to stay ahead of emerging threats and respond swiftly to incidents, reducing the risk of data breaches and operational disruptions.

This webinar will walk you through the advantages of Gurucul's pipeline, demonstrating the creation and mapping of event data.

Decrease the Complexity and Cost of SOC Operations with Improved Data Ingestion

Difficulty in determining the right priority for patching vulnerabilities continues to be a challenge for both vulnerability and even security operations teams. The key is to determine which vulnerabilities are the most applicable to your environment, have the potential to be exploited and could cause the most damage. 

This is where it critical to go beyond current vulnerability management solutions by unifying visibility across all assets and effectively scoring and prioritizing vulnerability risk based on full context across all attack surfaces. 

In this demo we’ll show you how Gurucul can enrich your vulnerability scan results with telemetry across your entire attack surface. In addition, we’ll show you how we apply Risk-Chain Analysis powered by machine learning models to generate a risk score that is driven by contextual analysis of your entire attack surface combined with external vulnerability and threat intelligence. Lastly, we’ll show you how to generate prioritized playbooks for patching assets that are of the most immediate need to protect the organization from exploitation.

Contextual Vulnerability Prioritization & Remediation Across the Attack Surface

Insider Threats pose a significant threat to enterprises because they are authorized users that have no need to breach your perimeter. While identifying risk behavior early is critical, that does not always mean it will lead to malicious activity. For an insider threat security team to continue to evaluate whether a user’s risky behavior is appropriate to act on is much more complex and challenging than how a traditional security operations center works. It is important to work cross-functionally to build a program that must align technology, people, and processes to be successful. 

In this webinar, we will provide:

1.        Research into trends regarding insider threats
2.        The challenges with identifying insider threats
3.        How technology, people and process must work together to ensure a successful program that goes beyond just security or IT.

Threats From Within: A Programmatic Approach to Managing Insider Risk

The 2023 Insider Threat Report, produced by Cybersecurity Insiders, surveyed hundreds of cybersecurity professionals to reveal the latest trends and challenges facing organizations in today's everchanging threat landscape. The report explores how IT and cybersecurity professionals adapt to better deal with risky insiders and how organizations are preparing to better protect their critical data and IT infrastructure.

Key findings include:

  •  99% of organizations are vulnerable to insider threats 
  •  74% of organizations say insider attacks have become more frequent
  •  More than half of organizations have experienced an insider threat in the last year, and 8% have experienced more than 20
  •  53% say detecting insider attacks is harder in the cloud

Join us as we present the 2023 Insider Threat Report survey results. Viewers will gain a better understanding of the current state of cybersecurity and how organizations can better respond to the evolving insider risks in the cloud.

2023 Insider Threat Report: Presenting the Survey Results

Established User and Entity Behavior Analytics (UEBA) has become a critical capability for security operations in identifying known threats earlier and detecting unknown threats and new variants. While finding anomalous activity is important to provide an early warning into a potential attack campaign, combining that with identity analytics can better validate whether the anomaly is indicative of an attack. This unified set of analytics can greatly improve the efficacy of security operations in preventing a successful breach.

In this webinar, we'll explore how security teams can improve their threat detection and incident response plan with UEBA and Identity Analytics and cover the following:

- Introduction to UEBA why you need it
- How Identity Analytics can provide great value to the SOC
- How the combination can accelerate security operations
- Common use cases that can be optimized
- Quick Demo

Early Determination of Attack Risk with Behavioral and Identity Analytics

Current SIEM solutions have numerous challenges supporting the needs of security operations teams as organizations continue to move and more of their applications and infrastructure into the cloud. While hybrid cloud infrastructure is complex enough to support,  many organizations have the requirement of supporting decentralized cloud architectures across geographic regions as well as multi-cloud architectures. 

In this webinar we'll cover the challenges most SIEM providers have in supporting these architectures as well as what features are necessary to fully support the needs of security teams in monitoring for threats and preventing breaches.

Effective Hybrid Multi-Cloud Monitoring for the SOC

Implementing Zero Trust is based on the desire to “never trust, always verify”. To start off, a unified set of identity analytics, that pulls across different identity solutions, is important for implementing understanding and analyzing your current identity and access posture. However, with so many threat actors leveraging stolen credentials, a sudden resurgence in insider threats and supply chain attacks via partners in this webinar we will discuss how identity analytics used in Zero Trust implementations can also be leveraged by SOC teams to incorporate Identity Threat Detection, Investigation and Response (ITDR) capabilities as part of their operations to help them thwart identity-based attacks. We will also have a short demo to follow.

Zero Trust Begins with Identity Analytics and Ends with ITDR

Improving threat detection, investigation and response within your SOC requires the ability to optimize, accelerate and improve the accuracy across four key areas:

• Improve the Deployment, Ingestion and Operationalization of your SIEM
• Increase the Accuracy and Accelerate Detection of Attacks
• Validate the Attack Campaign by Eliminating Manual Investigation Steps
• Build Confidence Through a Dynamic, Risk-Prioritized Response

In this webinar, we'll cover how these areas are necessary for today's Modern SOC and how organizations can achieve these improvements through their SIEM.

Zero to SIEM in Seconds

As insider threats have started to escalate in recent years, it is even more important to build and implement a successful insider threat program. However, to do this effectively requires a multi-disciplinary approach with a higher level of contextual analysis that is difficult to achieve today based on current solutions. Credential-based external attacks are also making it even more difficult for security teams to distinguish malicious insiders from external threat actors. Fundamentally, we must change how we look at insider risk and associated threats and implement new strategies to work cross-functionally to protect the organization from both insider and external threats.

In this session we will show you what is required to implement a new or improve an existing insider threat program. In addition, we will help you understand what sort of information and context you will need to better identify risks and accelerate the detection of insider threats before damage is done to your organization.

Improving Contextual Analysis for Protecting Organizations from Insider Threats

The SOC is in a never-ending race to collect and analyze data to make better decisions. Many factors can positively or negatively impact their success. In this webinar, we’ll discuss four trends that are shaping the future of security operations, including how to:

 - Automate repeatable decision making processes
 - Operate at speed and scale with full data and risk visibility
 - Use AI/ML to facilitate investigations and improve MTTD and MTTR
 - Aggregate telemetry and security-relevant data from diverse sources

Top 4 Trends for the SOC

XDR is one of the more recent acronyms that have contributed to the cybersecurity jargon that plagues security teams and decision makers. We already have SIEM, EDR, SOAR, NDA or NTA, and more recently ITDR (Identity Threat Detection and Response). However, there is a lot of confusion in the market as to what it is that makes up an XDR and more importantly how it truly can augment or improve security operations. Despite some vendors' desire, except in smaller organizations with a very limited security team, it is not a long-term replacement for the SIEM as the core of most SOCs.

 In this webinar, we will talk through:
 - What XDR was meant to solve?
 - How is the definition of XDR evolving? Including Traditional XDR and Open XDR
 - What its real value is to the SOC, and 
 - Is XDR here to stay?

Is XDR a Long Term Solution?

Many solutions that have some threat detection and response capabilities, such as SIEM and XDR, are claiming to add User and Entity Behavior Analytics (UEBA) to their solutions. The dirty secret is that they still produce single indicators of compromise (IoCs) that are not battle-tested enough and also siloed from other analytics or detection models to be effective. In fact, they flood security teams with even more alerts and false positives. 

In this webinar we'll show you how a more integrated and mature approach to implementing UEBA can prevent damage to organizations. Gurucul UEBA accelerates the detection and validation of common threats that continue to evade current solutions or require slow and wasteful manual efforts to identify.

How Mature Behavior Analytics Accelerates Detection of Persistent Threats

We are proud to announce that Gurucul Next Generation SIEM has been recognized as a top 3 vendor in the 2022 GartnerTM Critical Capabilities for SIEM report and the most visionary in the 2022 GartnerTM Magic Quadrant for SIEM. 

Join us for an interactive session with Antony Farrow, Sr Director of Solution Architecture, and Sanjay Raja, VP of Product Marketing and Solutions at Gurucul, where he will share detailed insights into:

·    The key innovations that we’ve built to address the needs of current and emerging security operations
that led to our recognition as the most visionary in the Magic Quadrant.
·    The differentiated use cases and capabilities included in this year's Gartner Critical Capabilities
report and the value offered by Gurucul Next Generation SIEM across these use
cases.
·    What is most important in evaluating a SIEM and how it can better help you with compliance objectives,
threat detection, investigation, and response, and achieving better ROI.

Deep Dive into 2022 Gartner SIEM Critical Capabilities and Magic Quadrant

Machine Learning

Cyber Security

Cyber Defence

UEBA

Security Analytics

Cyber Incident Response

Cyber Attacks

Cyber Intelligence

MITRE

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Practicing business intelligence allows your company to transform raw data into sets of insights for targeted business growth. The business intelligence and analytics community on BrightTALK is made up of thousands of data scientists, database administrators, business analysts and other data professionals. Find relevant webinars and videos on business analytics, business intelligence, data analysis and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Business Intelligence and Analytics

Welcome to the big data and data management community on BrightTALK. Join thousands of data quality engineers, data scientists, database administrators and other professionals to find more information about the hottest topics affecting your data. Subscribe now to learn about efficiently storing, optimizing a complex infrastructure, developing governing policies, ensuring data quality and analyzing data to make better informed decisions. Join the conversation by watching live and on-demand webinars and take the opportunity to interact with top experts and thought leaders in the field.

Big Data and Data Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Thousands of healthcare IT professionals compose the health IT community on BrightTALK. Learn alongside them with relevant webinars on healthcare IT compliance, big data in healthcare and IT solutions for healthcare organizations. Join the conversation by asking questions and engaging with other participants during live webinars and organized discussions.

Health IT

Healthcare

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

Join this new, vibrant community to learn and connect with top thought leaders, startups and banks who are disrupting the financial services industry. Keep up with the latest news and trends in Fintech and take part in lively debates on topical issues and challenges.

Fintech

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

How Machine Learning is Leveraged for Attack Detection Scenarios

Presented by

About this talk

More from this channel