At Rapid7, we’re using tools like Project Sonar to investigate the threat landscape across the Internet as a whole. In this talk, we’ll show how we use tools to identify stable, macro-level attack trends invisible on the scale of individual IP addresses that might be found in threat intel feeds. In particular, we demonstrate that a small subset of autonomous systems (ASes) have hosted a disproportionate amount of phishing activity--across the entire IPv4 space--in the past decade. We'll show that smaller ASes are becoming more ubiquitous, and will detail the cost structure involved in setting up IP blocks in malicious ASes. Last, we'll detail the size, composition, and fragmentation of malicious ASes, and present examples of network and system characteristics that are common among particularly malicious ASes. This research represents an example of how Internet-scale data science help defenders respond more efficiently to attacks that conform to larger threat patterns. We'll also provide examples of how individual researchers and data science teams within organizations can use Rapid7's massive, open cyber data resources to "Try This at Home" and gain better insight into attackers playbooks.
Suchin Gururangan is a data scientist at Rapid7 working on applications of machine learning to a variety of security problems, including network anomaly detection, incident investigation, and large-scale trends in malicious activity across the Internet. He was formerly a data scientist at the VC firm Accomplice, where he lead efforts around data-driven early-stage startup investing. Prior to that, Suchin was a published researcher in computational neuroscience, investigating how machine learning techniques can advance brain-machine interfaces and brain mapping. He studied math, machine learning, and computational neuroscience at the University of Chicago.
Bob Rudis has over 20 years of experience using data to help defend global Fortune 100 companies and is currently [Master] Chief Security Data Scientist at Rapid7. He was formerly a Security Data Scientist & Managing Principal at Verizon, overseeing the team that produces the annual Data Breach Investigations Report. Bob is a serial tweeter (@hrbrmstr), avid blogger (rud.is), author (Data-Driven Security), speaker, and regular contributor to the open source community (github.com/hrbrmstr). He currently serves on the board of directors for the Society of Information Risk Analysts, is on the editorial board of SANS Securing The Human program and was co-chair of the 2014 Metricon security metrics/analytics conference. He was chosen as SANS "People Who Made a Difference In Security in 2015" and holds a bachelor's degree in computer science from the University of Scranton.