This talk comprises two parts: How to reduce Alert fatigue in security analysts so as to automatically fuse alerts from disparate log sources; and How to Reuse/recycle ML models from one security domain to another. Both systems are in production in Azure Sentinel, Microsoft’s Cloud SIEM. Attendees will takeaway three core concepts: how to encode uncertainties in attacks using probabilistic kill chains; compressing ML models using high capacity LSTMs; and finally the trials and tribulations of building large scale ML systems for security.
Ram Shankar is a Data Cowboy in Azure Security Data Science at Microsoft, working on the intersection of Machine Learning and Cyber Security. Ram is also an affiliate at the Berkman Klein Center at Harvard University, and Technical Advisory Board Member at University of Washington. He graduated from Carnegie Mellon University with a masters in Computer Engineering and a second masters in Innovation Management.