Stop Watching and Start Blocking: Affordable Machine-Learning Enabled Defense

Presented by

John Bambenek, VP of Security Research and Intelligence at ThreatSTOP, Inc.

About this talk

The chief problem with cybersecurity is that most of our tools and workforce is geared to waiting for adverse events, detecting those events (sometimes months after the fact), investigating the breach that has already occurred, and then cleaning up. This slow and reactive process ensures breaches happen and security staff us overwhelmed under the noise. This talk will focus on automation and machine learning techniques that can proactively identify threats seen in the wild based on the latest academic research. This techniques allow organizations to identify suspect infrastructure before it is used to attack them. The key to making this work is infusing machine learning with knowledge of how actual attacks work and the threat landscape. Machine learning without intelligence is merely gussied up mensa math exercises. It isn't enough to know what the attacker will use to attack, however. Armed with this knowledge, organizations now need to safely automatically block these attacks before they occur so breaches never happen to begin with. The goal of automation must be to stop attacks before they are launched, not merely speeding up incident response. Several case studies will be discussed showing how this all can work together in the real world. Takeaways: - How to use machine learning and why it is essential to use strong intelligence to create models - Techniques to use automation to block attacks before they are launched against a victim organization - Cost-effective and safe ways to whitelist and blacklist infrastructure to insure against false positives

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (44)
Subscribers (3714)
Join BrightTALK and partners as we celebrate the 17th Anniversary of NCSAM in October 2020 with a series of #BeCyberSmart panels, webinar presentations and video tutorials.