Enhancing SOC1 by using feedback loops

Presented at BSides Austin 2018, March 9, 2018, 2:30 p.m. (60 minutes).

Cloud enabled Security Operations Center level 1 workflows can be enhanced by using security outcome data. This feedback becomes a force multiplier that helps experience analyst to create more accurate threat profiles and the possibility of predicting new attack campaigns. The proposed approach is based on crowdsource operator feedback. This crowdsourced operator feedback is possible by creating a global reinforcement crowdsourced learning engine. The objective is to provide defenders/operators with the ability to compare their local responses/feedback about threats and malicious campaigns against global data by providing a distributed learning network with open standards that reflect patterns and behaviors of experienced defenders/operators. These feedback loops can then be used to train algorithms and implement automated functions that will enhance less experience SOC operators.

Presenters:

  • Joseph Zadeh
  • Rod Soto
    Rod Soto Director of Security Research at JASK.AI. Joseph Zadeh Director of Data Science at JASK.AI Longer Bios --> https://www.blackhat.com/eu-17/presenters/Rod-Soto.html https://www.blackhat.com/eu-17/presenters/Joseph-Zadeh.html

Links:

Similar Presentations: