Security Analytics: Less Hype, More Data

Presented at ShmooCon X (2014), Jan. 17, 2014, 5:30 p.m. (30 minutes)

There has been a lot of talk in the industry recently about "analytics" and getting security data from non-security logs. The problem is, very few people are talking about which analysis techniques are actually useful. This talk will look at a few log types and talk through analytics techniques that can be applied to each. For each technique, I'll talk about what it assumes and how it succeeds or fails when using real-world data.

This is (obviously) not going to cover every single analysis technique you could ever run, but it is intended to start bringing facts and real-life data to the discussion of security analytics.

Presenters:

• Aaron Gee-Clough
  Aaron Gee-Clough bailed out on grad school for the .com boom and has been doing security for about 14 years. He also thinks bios are kinda dumb, since you all don't really care anyway. (But, if you insist, several years ago he hacked the ShmooCon Arcade's point display system, but he never did get around to using the video card he "won" from that.)

Similar Presentations:

• DeepSec 2014 „Do you want to know more?“ / Memory Forensics and Security Analytics : Detecting Unknown Malware
• Black Hat USA 2013 / Big Data for Web Application Security
• BSidesSF 2015 / Analyze This!