Data Science for SOC: A Practical Example of Detecting Advanced Credential Attacks

Data Science for SOC: A Practical Example of Detecting Advanced Credential Attacks

Channel:
United States SANS Cyber Defense
Subscribers:
20,300
Published on ● Video Link: https://www.youtube.com/watch?v=NzoBiurSUNA


Duration: 31:02
713 views
22

Is your SOC flooded with False Positives, but you are afraid to raise the rules' thresholds as this will allow advanced attackers to stay under the radar? Are your SOC analysts overwhelmed with the amount of data that they have to go through in order to give initial assessment of a security event? In this talk we will share Data Science methods that proved successful in addressing the above mentioned challenges in our corporate setup. Specifically, we will go over combining Unsupervised and Supervised Learning (Elastic and Scikit-Learn), advanced visualizations providing "light speed" deep dive into anomalies triage and environment monitoring (Python and Plotly dashboard). We will demonstrate how all this was used to detect distributed credential attacks that stayed under the radar of other solutions while saving time to our analysts.

Igor Kozlov, Data Scientist, Bell Canada

View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at https://www.sans.org/u/1iaE
#BlueTeamSummit #DataScience #SOC



Other Videos By SANS Cyber Defense


2021-11-12Building on the Foundations of OSINT with SEC587: Advanced Open-Source Intelligence
2021-11-12AI & ML in the Modern SOC
2021-11-11YARA for Mere Mortals
2021-11-09Threat Sightings: The Power of Observation for Driving Cyber Threat Detection Improvements
2021-11-07Blue-Team-as-Code: Lessons From Real-world Red Team Detection Automation Using Logs
2021-11-05Measuring Detection Engineering Teams
2021-11-02Monitoring and Incident Response in Azure AD
2021-11-01Threats & Challenges 2021: What Cyber Defenders Need to Know – and Do
2021-10-30Knocking on Clouds Door: Threat Hunting Powered by Azure AD Reports and Azula
2021-10-29Random Forests: Still Useful?
2021-10-28Data Science for SOC: A Practical Example of Detecting Advanced Credential Attacks
2021-10-26TShark: Leveraging statistics | Nik Alleyne
2021-10-26The Yellow Brick Road: Where Lions and Tigers and Bears Meet
2021-10-24Adversary Simulation: Measure and Close the Gaps in Your Security Posture
2021-10-22Can we REALLY 10X the SOC?
2021-10-21Zero Trust Architecture – Applying ZTA in Today’s Environment
2021-10-20A River Runs Through IT: What Whitewater Rafting Taught Me About Incident Response
2021-10-15Network Protocol Classification with Random Forests
2021-10-15Container Monitoring
2021-10-08Applying Machine Learning to Network Anomalies | Part 3
2021-09-17Machine Learning with Zeek and Tensorflow (Part 2): Processing the Data


Tags:
sans institute
blue team
blue team operations
blue team summit
igor kozlov
sans blue team summit
soc
security operations center
soc analyst
data science
security operations center (SOC)
soc analyst training
data science for soc
data science for security operations center