Hi [[ session.user.profile.firstName ]]

How Machine Learning Can Be Applied in Network Traffic Analysis

In the new security landscape, blind spots in network traffic can not solely be monitored by security tools designed for simple, on-premise traditional architectures.

Modern organizations are implementing a combination of machine learning, advanced analytics, and rule-based detection to detect suspicious activities on enterprise networks.

In this presentation we'll go through three uses cases where machine learning can be applied in network traffic analysis:

*Detecting Credential Misuse using Lateral Movement
*Identify Credential Stuffing Attack using Behavioral Modeling
*C2 (Command & Control) Detection using Relationship Based Modeling
Recorded Oct 28 2020 59 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Alissa Torres, SANS Analyst & Abhishek Sharma, Data Scientist
Presentation preview: How Machine Learning Can Be Applied in Network Traffic Analysis

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Live Demo: Proactive Capabilities of Fidelis Elevate XDR Dec 16 2020 5:00 pm UTC 27 mins
    Ken Donze, Senior Security Engineer
    You can’t protect your data without understanding your cyber terrain. Attackers conduct recon on environments to understand breaks in the attack surface. In order to effectively defend the enterprise, security teams must have holistic, correlative insight into the environment.

    With this visibility of the cyber terrain and understanding of attacker movements and methods, organizations can anticipate threats and shift their security posture to a more proactive strategy and shorten time to detect and uncover threats.

    Join Ken Donze, Senior Security Engineer for a demo of Fidelis Elevate and find out how to:

    *Why knowing Terrain matters
    *Assess and Identify High-Risk assets within your terrain
    *Leveraging Deception Technologies to continuously alter that terrain
  • Live Demo: Retrospective Capabilities of Fidelis Elevate XDR Dec 9 2020 5:00 pm UTC 22 mins
    Sal Sanshez, Security Engineer
    Continuously Collect and (Re)assess Metadata from Past Incidents to Help Prevent Future Breaches

    In order to find attackers who are working hard to stay out of sight, you need to collect the right data to find them. Fidelis Elevate captures and breaks down sessions into rich metadata at the content and context level. The richer the metadata you have indexed, the richer the set of questions you can query and search as part of your threat hunting efforts, and the faster you can interact with high speed iteration.

    Join Sal Sanshez, Security Engineer for a demo of Fidelis Network and find out how to:

    *Understand the value of Metadata
    *Leverage Metadata to uncover how a breach occurred
    *Threat hunting in Metadata
  • Live Demo: Predictive Capabilities of Fidelis Elevate XDR Dec 2 2020 5:00 pm UTC 26 mins
    Martha Goodwin, Security Engineer
    Using ML/AI and Metadata to Detect Anomalous Activity and Produce Actionable Alerts for Known/Unknown Threats

    Collecting hundreds of log types and analyzing them has shown to be an ineffective approach to threat detection, even when applying behavior analysis and machine learning. The converse entails capturing the raw data and facing delays to decode and reassemble, plus high storage expenses. Logs lack content and context, and the raw data itself is too slow to analyze and expensive if you require a time span of months or a year. And while most security tools focus on specific detection techniques, Fidelis leverages more than 20 different detection methods… including endpoint and asset terrain, deep session and deep packet inspection, sandboxing, malware detection, metadata analytics, threat intelligence and more… making it that much harder for attackers to evade.

    Join Martha Goodwin, Security Engineer for a demo of Fidelis Network and find out how to:

    *Use ML and Anomaly Detection
    *Use Metadata Analysis to search for Known/Unknowns
    *Create Analytical rules to predict possible incidents
  • Live Demo: Reactive Capabilities of Fidelis Elevate XDR Recorded: Nov 18 2020 25 mins
    Chuck Burley, Security Engineer
    Breaches Happen, What You Need to Automate Post Breach Detection & Response

    Threat actors are constantly adapting their tactics, techniques and procedures to evade preventive defenses and as a result, consideration of detection and response capabilities has never been more vital.

    Reactive countermeasures include techniques to prevent attacks from succeeding in real time, including signature detection to quarantine known-bad files at the endpoint; behavior analysis to kill a process at the endpoint; network session disruption upon detection of files and network behaviors; and email quarantine

    Join Chuck Burley, Security Engineer, Fidelis Cybersecurity for a demo of Fidelis Endpoint and find out how to:

    Using Playbooks to automate post-breach detection and response
    Leverage behavioral indicators to isolate an infected endpoint
    Kill Processes that will spread the infection
  • Live Demo: Protective Capabilities of Fidelis Elevate XDR Recorded: Nov 11 2020 22 mins
    Jamie Lertora, Security Engineer
    Adversaries are going undetected for months on their victim’s network because most detection solutions do not provide deep enough visibility and are blind to where the attackers are operating.

    What visibility do you need in order to ensure that your data is not lost, misused or accessed by unapproved individuals?

    Join Jamie Lertora, Security Engineer for a demo of Fidelis Network and Endpoint and find out how to:

    *Extend threat insights to encrypted traffic with Fidelis Decryption
    *See deeper into applications and content with Deep Session Inspection
    *Gain greater visibility into all threat activity at the endpoint and automate response with EDR
  • How Machine Learning Can Be Applied in Network Traffic Analysis Recorded: Oct 28 2020 59 mins
    Alissa Torres, SANS Analyst & Abhishek Sharma, Data Scientist
    In the new security landscape, blind spots in network traffic can not solely be monitored by security tools designed for simple, on-premise traditional architectures.

    Modern organizations are implementing a combination of machine learning, advanced analytics, and rule-based detection to detect suspicious activities on enterprise networks.

    In this presentation we'll go through three uses cases where machine learning can be applied in network traffic analysis:

    *Detecting Credential Misuse using Lateral Movement
    *Identify Credential Stuffing Attack using Behavioral Modeling
    *C2 (Command & Control) Detection using Relationship Based Modeling
  • How to Regain Control of Your Cybersecurity Tech Stack Recorded: Oct 14 2020 40 mins
    Craig Harber, COO
    It all starts so simple; you acquire a tool to solve a security concern. Then another problem arises, so you need to purchase another security tool. Next thing you know you have 60+ different products in your security stack and more problems than ever.

    To make matters worse, most cybersecurity stacks are not well integrated or properly configured. When security stacks lack integration and automation, it means a good deal of human intervention is required to address and triage alerts, which results in slower response times.

    In this presentation, we’ll show you how to regain control of an unruly security stack. We’ll do a thorough demonstration of how to use the MITRE ATT&CK Cyber Threat Framework to help you develop your approach to rationalizing your cybersecurity stack.
  • Threat Hunting 101: Educational Workshop Recorded: Sep 30 2020 91 mins
    Nick Copeland, Sr. Security Engineer
    The future of cybersecurity will require a new set of skills as we move to cloud and hybrid security environments. Today’s security teams need continued professional development to maintain the adequate skills and knowledge required to tackle the various types of advanced threats.

    One such skill is proactive Threat Hunting. Threat hunting is the process of identifying unknown threats in your environment.

    In this workshop, we’ll teach you each key element of the threat hunting process and then we’ll demonstrate how to apply threat hunting techniques. By the end of this workshop, you’ll be able to generate a hypothesis-based threat hunt and develop a threat hunting template.
  • How to Use Deception Technology to Defend Against Various Cyber Attacks Recorded: Sep 16 2020 62 mins
    Kyle Dickinson & Rami Mizrahi
    The security landscape that’s been in place for the last 20 years is no longer valid. Security professionals need to plan for the hybrid security model of the future. Utilizing deception technology can help security teams do just that.
    A key goal of deception is to alter the attack surface to confuse and misdirect the adversary. In this presentation, we'll demonstrate how deception technology can help cybersecurity professionals defend against various attack scenarios.
  • You’re Under Attack – How to Expedite Incident Response Recorded: Sep 9 2020 27 mins
    Tony Allegrati, Security Engineer
    When it comes to cyber attacks, it’s no longer a matter of if, it’s a matter of when. How quickly you can contain and remediate the issue is critical. The key to quick response is visibility – you can’t find what you can’t see. Having visibility from the network and cloud traffic to endpoint activity is a must to understand the who, what, when, where, and how of an attack.

    In this presentation, we’ll review how to write scripts on the fly and how use automated playbooks for rapid incident response.
  • How to Stop the Spread of a Ransomware Attack Recorded: Sep 2 2020 31 mins
    David Braun, Security Engineer
    There is no such thing as 100% prevention from cyber attacks. The question is how long the attacker will be in your network before they can exfiltrate your data. Ransomware attacks surged during the first half of this year, as cyber criminals looked to spread their malware while many people are working from home.

    In this presentation, we’ll review a ransomware case example. Using a real life attack, we’ll cover how to identify the attack and how to stop if from spreading.
  • Hunting for Advanced Threats - Tips and Tricks Recorded: Aug 26 2020 31 mins
    Ken Donze, Security Engineer
    The COVID-19 pandemic has presented a once-in-a-lifetime opportunity for attackers. In a rare occurrence, security professionals know cyber attacks are coming, they just don’t know when. Preventative defenses are not enough, security professionals must proactively hunt for the advanced cyber threats. Threat hunting is more than just searching for threats, threat hunting involves researching unusual activity, correlating suspicious activity, and attempting to find the unknown in the known.

    In this presentation, we’ll review the steps today’s security professionals must take to proactively hunting for sophisticated threats.
  • How to Detect and Prevent New Cyber Threats Post COVID-19 Recorded: Aug 19 2020 22 mins
    Martha Goodwin, Security Engineer
    Attackers are opportunistic, they are utilizing a slew of tactics - credential hacking, malware, phishing attacks – just to name a few. The FBI and the DoJ have recently warned that the coronavirus-related cyber threat is growing. Furthermore, there is a massive spike in hackers and scammers using the COVID-19 crisis to target Americans for financial or informational gain.

    In this presentation, we’ll review how to proactively protect your network from the latest cyber threats.
  • How to Enable Visibility of Remote Worker's Assets in Your Network Recorded: Aug 12 2020 30 mins
    Kyle Van Schalkwyk, Security Engineer
    The number one concern amongst security professionals during the COVID-19 pandemic has been identifying remote endpoints. And with good reason, cyber-attacks have exploded since the start of the pandemic.

    In this presentation, we'll review how remote security teams can gain greater visibility into endpoints on or off the network.
by Threat Hunters for Threat Hunters
Security tactics for elite security professionals. We help security teams actively defend their organizations with best practices and expert knowledge on threat hunting, threat intelligence and detection & response.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: How Machine Learning Can Be Applied in Network Traffic Analysis
  • Live at: Oct 28 2020 4:00 pm
  • Presented by: Alissa Torres, SANS Analyst & Abhishek Sharma, Data Scientist
  • From:
Your email has been sent.
or close