Enhance your Security Detections with Machine Learning

Logo
Presented by

Jose Hernandez | Sr. Manager, Threat Research, Splunk David Dorsey | Security Research, Splunk

About this talk

Detection engineers consistently come up with excellent rules and heuristics to detect malicious and anomalous behaviors in their environment; a perfect example of this is password spraying. But since we can’t have nice things, there is always software or behaviors that violate the base assumption for that detection. This doesn’t invalidate the rule, but it does require that the rule have exceptions built into the rules. Doing this manually is tedious and time consuming. When a rule consistently gives false positives, it is natural and understandable to just ignore the rule. But that comes at the expense of when the rule detects something that is malicious. In this talk we will use password spraying as an example use case to showcase how detections can be matured through the use of Machine Learning. - Join our webinar, “Enhance your Security Detections with Machine Learning” and learn: - How to take a data driven approach to detection development - How to mature a detection to detect increasingly sophisticated attackers - How to use Splunk’s Machine Learning Toolkit to understand behaviors

Related topics:

More from this channel

Upcoming talks (15)
On-demand talks (263)
Subscribers (33136)
Splunk is the world’s first Data-to-Everything Platform. Now organizations no longer need to worry about where their data is coming from, and they are free to focus on the business outcomes that data can deliver. Innovators in IT, Security, IoT and business operations can now get a complete view of their business in real time, turn data into business outcomes, and embrace technologies that prepare them for a data-driven future.