Data-Driven Methods to Detect Nation-State Actors

Presented by

Joshua Neil, Chief Data Scientist and Oliver Rochford, Senior Director, Cybersecurity Evangelist

About this talk

Nation-state actors are among the most sophisticated we face in enterprise detection and response – stealthier, more patient, and using more advanced techniques than the typical cyber-criminal. This talk will discuss various behavioral approaches to identifying nation-state kill chains and handling low-and-slow attacks through signal combination, accumulators, and a mixture of unsupervised and supervised machine learning. Join Joshua Neil, Chief Data Scientist, and Oliver Rochford, Senior Director, Cybersecurity Evangelist at Securonix, to learn new data-driven detection methods and how nation-state threat actors: - Use techniques to penetrate the organization that avoid protection systems such as anti-virus by developing new exploits or gaining access using stolen credentials or brute force attacks. - Forgo malware use altogether and "live off the land" using system tools available and used natively by the enterprise to accomplish their mission. - Spread the signal of their attack over a more extended period and wash out that signal in the background noise of a normal operating enterprise. A Ph.D. statistician with over 20 years of data science experience, Dr. Neil is the Chief Data Scientist at Securonix. Previously, he served as Principal Data Science Manager at Microsoft and helped design Microsoft Defender detection technology. Beforehand Neil worked at Ernst and Young and as a principal investigator at Los Alamos National Laboratory, with an R&D 100 award for developing PathScan, a network anomaly detection tool. Oliver has worked in cybersecurity for over 20 years, including as a penetration tester, consultant, researcher, and writer for Securityweek, CSO Online, and Dark Reading. As a Gartner industry analyst, he co-named the SOAR market and worked on the SIEM Magic Quadrant. At Securonix, he works with our users on security operations and threat management topics.

Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (62)
Subscribers (11793)
Securonix Next-Gen SIEM delivers unlimited scalability, ML-based analytics, threat modeling with MITRE ATT&CK, and automated incident response. Follow this channel to learn how our SaaS-based, end-to-end security operations platform sets the standard for advanced threat detection and response. Our security experts will discuss threat trends, detection techniques, and SecOps topics such as cloud security, insider threat, NTA, SIEM, UEBA, XDR, and SOAR.