>> More Details About My Talk ("Me, My Adversary and AI") at the RSA Conference Next Month
As some of you already know, I will have the honor to speak at the upcoming RSA Conference on May 17th.
Since I recognize that the abstract that I originally wrote (and is currently published at the RSA website) is a little generic, I would like to share more details about my talk:
I will certainly not spoil the talk by telling you exactly what I will be unveiling, but I would like to provide additional information with two objectives:
That you understand better what the the talk will be about.
That, in case you want to be better prepared for understanding what is discussed in the talk, you can read about it beforehand so you can technically make the most of it (I will be covering this in a follow-up post).
The formal abstract is the following:
AI is changing the world, and Cybersecurity and DFIR are no exception. This pioneering, first-ever talk on the topic will share how machine/deep learning helps in real-world threat Hunting and complex investigations by tackling problems perfectly suited for AI (complexity, volume, correlation, etc) with open AI DFIR resources (aidfir.io).
Which I must confess is a little generic.
The Big Question to Answer
Let me give you some extra motivation… The talk will try to answer the following question:
The talk will be presenting innovative Machine Learning-centric approaches to Threat Hunting and Forensic Analysis, both in terms of methodology and technology, and will evaluate how effective they are in detecting an attack such as the Solarwinds one, in the absence of IOCs.
At the same time, the talk will be building on top of a best practices Threat Hunting model, which might be interesting for you specially if you are not so familiar with Threat Hunting.
Audience: The content presented in the talk is deeply technical, however the talk itself should be easily followed and understood by everyone with a reasonable cybersecurity background.
Real-world: The research and results presented in the talk have been carried out on real-world data, injecting the malicious Solarwinds attack activity (aligned with Intelligence Reports details) in the real-world data. This means that the methodologies presented are not just “lab research”, they can be used in the real-world.
Focus: The talk will focus in a “new” methodology to Hunt which combines Machine Learning (ML) and Forensic Analysis, as well as the evaluation of the effectiveness of different ML models to detect the malicious activity.
Supporting DS4N6 Projects:
The talk has been built “on the shoulders” of several DS4N6 open source projects (ds4n6_lib, DAISY, HAM, ADAM, D4ML). We will only briefly talk about them in the talk so, if you want to know more about them, visit Tools section
Demos: The talk includes several demos that will get you familiar on how the presented Machine Learning models perform in different situations, as well as how they perform in the detection of the Solarwinds attack, directly or via the new Hunting methodology proposed.
Open Source: The tools and research presented in the talk will be shared with the Community via our ds4n6.io website after the talk.
I humbly believe that you will have quite some fun with my talk and you will learn quite a few things in different areas (DFIR, Data Science, Machine Learning), so it would be great to have you in the audience!
See you at the RSA Conference on May 17!