what is the promise of automation, and where did we go wrong (or right?)
the problems with 'volume' (of logging) and the loss of expressiveness
a dive into 'exploratory based monitoring'
how does log-based data analysis scale?
baselines, and why 'anomaly detection' has failed us
does machine learning solve the 'hands on keyboard' (continuous tuning) problem with SIEM?
does today's 'threat intelligence' provide value, and is it really useful?
decrying the tools - and blaming the victims
what is machine learning good at, and what won't it be great at?
Alex Pinto ( @alexcpsec ) - Alex has almost 15 years dedicated to Information Security solutions architecture, strategic advisory and security monitoring. He has been a speaker at major conferences such as BlackHat USA, DefCon, BSides Las Vegas and BayThreat. He has been researching and exploring the applications of machine learning and predictive analytics into information security data sources, such as logs and threat intelligence feeds. He launched MLSec Project (https://www.mlsecproject.org) in 2013 to develop and provide practical implementations of machine learning algorithms to support the information security monitoring practice. The goal is to use algoritmic automation to fight the challenges that we currently face in trying to make sense of day-to-day usage of SIEM solutions.