Big Data, Data Science, Machine Learning and Analytics are a few of the new buzzwords that have invaded out industry of late. Again we are being sold a unicorn-laden, silver-bullet panacea by heavy handed marketing folks, evoking an expected pushback from the most enlightened members of our community.
However, as was the case before, there might just be enough technical meat in there to help out with our security challenges and the overwhelming odds we face everyday. And if so, what do we as a community have to know about these technologies in order to be better professionals? Can we really use the data we have been collecting to help automate our security decision making? Is a robot going to steal my job?
If you are interested in what is behind this marketing buzz and are not scared of a little math (not crypto, though ), this talk would like to address some insights into applying Machine Learning techniques to data any of us have easy access to, and try to bring home the point that if all of this technology can be used to show us “better” ads in social media and track our behavior online (and a bit more than that) it can also be used to defend our networks as well.
Alexandre Pinto (or just Alex) has over 13 years dedicated to information security solutions architecture, strategy advisory and monitoring. He has experience with a great range of security products, and has even been know to do pen-testing from time to time. Alex holds the CISSP-ISSAP, CISA, CISM, CREST CCT APP and PMP certifications. And somehow he is still a nice guy. He was also a PCI QSA for 5+ years, but is almost fully recovered. Alex was responsible over the last 3 years for kickstarting his previous company’s offices in 2 different countries mainly because he is able to perform competently on a very deep technical level on all the company services, from risk auditing (*sigh*) to network and web application penetration testing. For the past year, as a part of his sabbatical, he has been researching and exploring the applications of Machine Learning and Predictive Analytics into Information Security Data, specially in supporting the mess that we currently face in trying to make sense of day to day usage of SIEM solutions as a whole.