what is the promise of automation, and where did we go wrong
the problems with 'volume' (of logging) and the loss of
a dive into 'exploratory based monitoring'
how does log-based data analysis scale?
baselines, and why 'anomaly detection' has failed us
does machine learning solve the 'hands on keyboard' (continuous
tuning) problem with SIEM?
does today's 'threat intelligence' provide value, and is it
decrying the tools - and blaming the victims
what is machine learning good at, and what won't it be great
Alex Pinto ( @alexcpsec ) - Alex has
almost 15 years dedicated to Information Security solutions
architecture, strategic advisory and security monitoring. He has
been a speaker at major conferences such as BlackHat USA, DefCon,
BSides Las Vegas and BayThreat.
He has been researching and exploring the applications of machine
learning and predictive analytics into information security data
sources, such as logs and threat intelligence feeds.
He launched MLSec Project (https://www.mlsecproject.org) in 2013 to
develop and provide practical implementations of machine learning
algorithms to support the information security monitoring practice.
The goal is to use algoritmic automation to fight the challenges
that we currently face in trying to make sense of day-to-day usage
of SIEM solutions.
Security. Some assembly required.
Security is HARD, and 'real security' is a compromise between usability and security while knowing you're still accepting risk.
This podcast alternates between interesting interviews and news analysis every other week - tune in, subscribe and join the conversation on REAL security issues relevant to your enterprise.
Follow us on Twitter: @DtSR_Podcast
Check out Rafal's SecurityWeek column: http://www.securityweek.com/authors/rafal-los