what is the promise of automation, and where did we go wrong
the problems with 'volume' (of logging) and the loss of
a dive into 'exploratory based monitoring'
how does log-based data analysis scale?
baselines, and why 'anomaly detection' has failed us
does machine learning solve the 'hands on keyboard' (continuous
tuning) problem with SIEM?
does today's 'threat intelligence' provide value, and is it
decrying the tools - and blaming the victims
what is machine learning good at, and what won't it be great
Alex Pinto ( @alexcpsec ) - Alex has
almost 15 years dedicated to Information Security solutions
architecture, strategic advisory and security monitoring. He has
been a speaker at major conferences such as BlackHat USA, DefCon,
BSides Las Vegas and BayThreat.
He has been researching and exploring the applications of machine
learning and predictive analytics into information security data
sources, such as logs and threat intelligence feeds.
He launched MLSec Project (https://www.mlsecproject.org) in 2013 to
develop and provide practical implementations of machine learning
algorithms to support the information security monitoring practice.
The goal is to use algoritmic automation to fight the challenges
that we currently face in trying to make sense of day-to-day usage
of SIEM solutions.
Take a step outside the echo chamber - gain some perspective and context.
Welcome to one of the longest-running cybersecurity focused podcasts in existence. Here we talk real problems, real solutions, and make real big fun of ridiculous things. This show is part ideation, part "get off my lawn", and always a chuckle.
Join us, subscribe, and share in the conversation.
Follow us on Twitter: @DtSR_Podcast
Check out Rafal's @Medium blog at https://medium.com/@BlogWh1t3Rabbit