Professional Documents
Culture Documents
User Behavioural Analytics: Machine Learning For Threat Detection
User Behavioural Analytics: Machine Learning For Threat Detection
BEHAVIOURAL
ANALYTICS
Machine Learning for Threat Detection
Harry McLaren – Security Consultant at ECS
HARRY MCLAREN
TECHNOLOGY
DEVELOPMENT
2011
CAPABILITY
2008
2002
1995
END-POINT SECURITY NETWORK SECURITY EARLY CORRELATION PAYLOAD ANALYSIS BEHAVIOR ANALYSIS
EVOLUTION
KILL CHAIN - EVENTS OVERLOAD
SECURITY PLATFORM
EVOLUTION
COMPLEXITY
SUPERVISED MACHINE
LEARNING
POLICY - THRESHOLD
RULES - THRESHOLD
EVOLUTION
WHAT IS SPLUNK
USER BEHAVIORAL ANALYTICS?
DETECT ADVANCED CYBERATTACKS
.
INSIDER
John executes remote desktop to a system
(administrator) - PCI zone
.
THREAT Administrator performs ssh (root) to a file share
- finance department
APPLICATION
HOST
DATA
USER
UBA 2.2 LATEST FEATURES
• Threat Modeling Framework
• Create custom threats using 60+ anomalies.
• Enhanced Security Analytics
• Visibility and baseline metrics around user,
device, application and protocols.
• Risk Percentile & Dynamic Peer Groups
• Support for Additional 3rd Party Devices
QUESTIONS / CONTACT
harry.mclaren@ecs.co.uk
twitter.com/cyberharibu
harrymclaren.co.uk/blog