Name
B4. Its Not Magic: Threat Hunting at Scale with Decision Trees, Regressions, and Clustering
Date & Time
Wednesday, May 10, 2017, 11:15 AM - 12:15 PM
Speakers
Description
Session Description:
Threat hunting, at its core, is a data reduction problem. However, in practice it is often treated more as an art than a science. While creativity and innovation are key to any successful analysis team, scalability requires common processes and techniques for analysis. Using common data sources such as netflow, event logs, file listings, and others, this presentation will show how to apply several data analysis algorithms to find anomalies in a repeatable, scalable, and sensible manner. In this way, hunting operations can scale to analyze more data, more often, and provide higher confidence results.
Location Name
Room 709/711
Full Address
Colorado Convention Center
700 14th Street
Denver, CO 80202
United States
700 14th Street
Denver, CO 80202
United States
Category
Emerging Trends
Learner Objectives
After completing this session, the learner will:
- Have a basic understanding of decision trees, linear regressions, and clustering algorithms
- Know several simple hunting filters and algorithms to apply to forensic data
- Be familiar with open-source analysis tools and APIs
- Be familiar with some Python and R commands to use in data analysis
Speaker Bio(s)
Matt Berninger leads Endpoint Detection and Response efforts within the FireEye-as-a-Service division of FireEye. Prior to joining FireEye, Matt served as a Senior Incident Responder at US-CERT.
Sorting Order
4