Verizon 2015 Data Breach Investigation Report: Interset CTO Stephan Jou Says Data Science Narrows the Gap Between Advanced Threats & Successful Threat Detection

Share Article

The application of mathematics, statistics, and machine learning to extract knowledge and detect threat patterns is an emerging technology that is proving effective at detecting sophisticated inside and cyber threats.

Interset - The Science of Threat Detection

Interset - the Science of Threat Detection at RSA 2015 4317

If the data science solution does not support multiple data sources, then its analytical output will be incomplete.

Security expert and Interset CTO Stephan Jou says modern data science -- the application of mathematics, statistics, and machine learning to extract knowledge and detect threat patterns -- is an emerging technology that is proving effective at detecting sophisticated inside and cyber threats facing organizations today. In a briefing released this week at the RSA Conference and as part of the Verizon 2015 Data Breach Investigation Report, Jou said successful data science methods can provide a more accurate and operationally sound approach to threat detection, one that permits security teams to focus in on actual threats while simultaneously reducing the time wasting efforts of sorting through unimportant event-based alerts and chasing down false positives.

In the Interset briefing titled "Threat Detection Data Science: Data, Features and Math," Jou describes three implementation areas, and outlines effective data science principles, such as:

  •     Machine learning, to to automatically compute and learn what normal is, instead of relying on manual thresholds
  •     Probabilistic math, to use continuous numbers to describe how risky or suspicious something is
  •     Entity based risk scoring, to automatically correlate, corroborate and aggregate risky events and attribute risk to the higher-level actors involved.

Jou said an important new focus to producing successful detection lies in combining multiple data feeds together.

"A compromised account may have an unusual process running (endpoint data), issue suspicious DNS queries (network data), and exhibit anomalous access to network share data (server access data). To mathematically stitch together an accurate picture of the entire kill chain requires holistic access to as many raw data feeds as practical. If the data science solution does not support multiple data sources, then its analytical output will be incomplete," said Jou.

Visit Interset this week at the RSA 2015 Conference Booth 4317 and see our #CoverYourAssets showcase, a presentation of outside and inside attacks that have been detected and prevented at real Interset customer sites.

Download the Interset briefing, "Threat Detection Data Science, Data, Features and Math," at https://www.interset.com/wp/interset-2015-verizon-dbr/

The Verizon Data Breach Investigations Report is available at: http://www.verizonenterprise.com/DBIR/2015/insiders/

About Interset
Interset provides a highly intelligent and accurate insider and targeted outsider threat detection solution that unlocks the power of behavioral analytics, machine learning and big data to provide the fastest, most flexible and affordable way for IT teams of all sizes to operationalize a data protection program. Utilizing agentless data collectors, lightweight endpoint sensors, advanced behavioral analytics and an intuitive user interface; Interset provides unparalleled visibility over sensitive data, enabling early attack detection and actionable forensic intelligence with reduced false positives and noise. Interset solutions are deployed to protect critical data across the manufacturing, life sciences, hi-tech, finance, government, aerospace & defense and securities brokerage industries.
For more information, visit https://www.interset.com/ and follow us on twitter @intersetca.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Betsy Kosheff
Interset
+1 (413) 232-7057
Email >
Visit website