Presented at
BSidesSF 2015,
April 19, 2015, 4 p.m.
(60 minutes)
Many presentations about "Big Data" security analysis focus on where to store the data and basic data searches, but where are the analytics? This presentation discusses a handful of "big data" security analytics that are easy to implement and have proven to be useful for detecting intruder activity from readily available data sources. These security analytics surface anomalous and malicious activity using "signatureless" detection techniques.
Presenters:
-
Aaron Shelmire
- Sr. Intrusion Analyst - E8 Security
While having "played around" with computers as far back as high school, Aaron held out hope to become a famous dj or video game creator in the 90s. It wasn't until 2004 when he began his long twisted journey into information security, when the super computers he was working on at PSC were hacked by a dire and sophisticated threat that penetrated over a thousand organizations over a multi-year period…that turned out to be a 16 year old kid in Uppsala, Sweden during the Stakkato attacks. Aaron switched gears, began piecing together a security practice at the PSC, went to grad school at Carnegie Mellon, and hopped gigs to go work at CERT/CC. He then began sharing his knowledge with graduate students at CMU as adjunct faculty. After a few years of "applied research", he jumped gigs for more "applied"-ness / less "research"-ness in the Dell SecureWorks CounterThreatUnit's Special Ops team, which created and operated an end point detection platform in Targeted Incident Response engagements. After providing a service, he switched focus again to join forces with an ex-Professor and ex-boss of his from CERT/CC to create a security analytics platform at a startup named E8 Security.
Links:
Similar Presentations: