SlideShare a Scribd company logo

Cyber Security and Data Science

A
Ania Wieczorek

This document outlines a presentation by the NYU Data Science and Analytics Club focused on the intersection of cyber security and data science. It covers topics such as the challenges of cyber security, the utilization of data science methods to enhance detection capabilities, and the workflow for improving incident response within the Security Operations Center (SOC). The presentation also discusses analytics opportunities identified during a session with SOC leadership and includes details on operational metrics and data analysis techniques.

Data & Analytics
Related topics:
Data Science Insights Predictive Analytics Cyber-Security Information Security
1 of 34
Download to read offline
1
2
3
4
Most read
5
6
Most read
7
8
9
10
11
12
13
14
15
16
17
Most read
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
Cyber Security + Data Science NYU Data Science and Analytics Club Brennan Lodge September 26, 2018
Agenda • The Target Breach • Cyber Security is hard • A Cyber Security Analyst and the Security Operations Center • A Data Science Lens to Cyber Security • Visualizations and Reporting • A data science model for cyber security • NYU Data Science and Analytics Club plans
Cyber Security and Data Science
Cyber Security and Data Science
+ Ransomeware + Spear Phishing + Crypto + Geopolitical
Cyber Security is hard
Cyber Security and Data Science
Cyber Security and Data Science
Cyber Security and Data Science
Cyber Security and Data Science
Cyber Security and Data Science
Logs, Events, Cases and Operations • Event Workflow • Many, many, many events • Correlation • High, Medium, Low? • Case Workflow • Investigation • Escalate • Review SEIM
Cyber Security and Data Science
Problem Statement • Problem Statement • Many Detections but a lot of noise • How? • Understand the detection rule inventory to identify fidelity in the rule set to reveal noise • Solution • By using data science methods, we can empower analysts to work on higher fidelity alerts
The balance of analysts and defense Defense & Detections Data Scientist Hackers Cyber Security Analysts Insiders
Data Science Project workflow Business Understanding & Requirements Gathering Data Discovery, Data Understanding and Use Case Development Data Preparation, Transformation and prototyping Analytics Delivery Measurements and Evaluation Actionable data-driven insights Data
• Get feedback on analytics to be implemented as reports for the SOC • Held a SEIM application and a data session with Sentinel development team Data Business Understanding & Requirements Gathering Data Discovery, Data Understanding and Use Case Development Data Preparation, Transformation and prototyping Analytics Delivery Measurements and Evaluation Actionable data-driven insights • Met with SOC Leadership to identify analytics opportunities • Operational Analytics • Case Detection Correlation • Identified SEIM Data in the Data Lake and reviewed data dictionary with SEIM dev team • Leveraged Juptyer Notebook and SQL queries to pull Sentinel Data and transform data into analytics• Delivered analytics prototypes to support the use cases and present findings to SOC leadership • Analytics provided to SOC to measure, track, monitor and make better data driven decisions
Operational Metrics qRun Rate ? q The operations q Shift for analyst = 8 hours q Number of Cases Created Per Day q Sustainable Production = # cases per hour q Current Production = Number of cases per hour / # of analysts q Difference = + or –
Rule Detection Analytics 0% 5% 10% 15% 20% 25% 30% 35% 40% 0 20 40 60 80 100 120 140 160 Detection Rules Fired vs Threat Rate Threat Rate More events fired per detection rule… …the higher threat detection rate
Model
SIEM Data Data Source Transformation Services End Services Table Merges SQL Queries Python Scripts Data Ingestion Python pickle file Modeling Dashbaord Reporting
Intrusion Detection Log workflow
Detecting malware from an Email
Logistic Regression to evaluate detections Examples of features and the dependent variable for scoring detections: Independent variables • Sensors • Detection Rules • Day of the week an event has made a detection • Is the event correlated with another event • Priority / Severity of the event as scored by a sensor Dependent Variables • Threat or Non-Threat based off of an analysts decision of closing an investigation
Visualize
Python - Plot.ly Dash
R – Shiny
Splunk
Splunk
Questions ??
NYU Data Science and Analytics Club
Appendix
Cyber Security and Data Science
Cyber Security and Data Science

More Related Content

PDF
Azure Digital Twins.pdf
Tomasz Kopacz
 
PPTX
SOCstock 2021 The Cloud-native SOC
Anton Chuvakin
 
PDF
generative-ai-fundamentals and Large language models
AdventureWorld5
 
PPTX
Security operation center (SOC)
Ahmed Ayman
 
PDF
Building Data Products with BigQuery for PPC and SEO (SMX 2022)
Christopher Gutknecht
 
PDF
OLAP IN DATA MINING
wilifred
 
PDF
Bab 6 (understanding it infrastructure)
Siti Mustiani
 
PDF
Introduction to Data Engineer and Data Pipeline at Credit OK
Kriangkrai Chaonithi
 
Azure Digital Twins.pdf
Tomasz Kopacz
 
SOCstock 2021 The Cloud-native SOC
Anton Chuvakin
 
generative-ai-fundamentals and Large language models
AdventureWorld5
 
Security operation center (SOC)
Ahmed Ayman
 
Building Data Products with BigQuery for PPC and SEO (SMX 2022)
Christopher Gutknecht
 
OLAP IN DATA MINING
wilifred
 
Bab 6 (understanding it infrastructure)
Siti Mustiani
 
Introduction to Data Engineer and Data Pipeline at Credit OK
Kriangkrai Chaonithi
 

What's hot (20)

PDF
Scaling Ride-Hailing with Machine Learning on MLflow
Databricks
 
PDF
ERP Integration and Data Migration
Sean Badiru
 
PDF
Introduction on Data Science
Edureka!
 
PDF
Building an Analytics Enables SOC
Splunk
 
PDF
Unlocking the Power of Generative AI An Executive's Guide.pdf
PremNaraindas1
 
PPTX
Introduction of Data Science
Jason Geng
 
PDF
Bringing ML To Production, What Is Missing? AMLD 2020
Mikio L. Braun
 
PPTX
EDR vs SIEM - The fight is on
Justin Henderson
 
PPTX
Streamline Data Governance with Egeria: The Industry's First Open Metadata St...
DataWorks Summit
 
PDF
Knowledge Graphs, Ontologies, and AI Applications
Earley Information Science
 
PDF
Observability, Distributed Tracing, and Open Source: The Missing Primer
VMware Tanzu
 
PDF
Cybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdf
ssuser7b150d
 
PDF
AI and Cybersecurity - Food for Thought
NUS-ISS
 
PDF
Lessons learned from building practical deep learning systems
Xavier Amatriain
 
PPTX
IT Audit - Shadow IT Systems
Dam Frank
 
PPTX
API Management Within a Microservices Architecture
Nadeesha Gamage
 
PDF
adb.pdf
AdityaMehta724216
 
PPTX
Cyber Threat Intelligence | Information to Insight
Deep Shankar Yadav
 
PPTX
OpenTelemetry For Architects
Kevin Brockhoff
 
PDF
The Data Platform for Today’s Intelligent Applications
Neo4j
 
Scaling Ride-Hailing with Machine Learning on MLflow
Databricks
 
ERP Integration and Data Migration
Sean Badiru
 
Introduction on Data Science
Edureka!
 
Building an Analytics Enables SOC
Splunk
 
Unlocking the Power of Generative AI An Executive's Guide.pdf
PremNaraindas1
 
Introduction of Data Science
Jason Geng
 
Bringing ML To Production, What Is Missing? AMLD 2020
Mikio L. Braun
 
EDR vs SIEM - The fight is on
Justin Henderson
 
Streamline Data Governance with Egeria: The Industry's First Open Metadata St...
DataWorks Summit
 
Knowledge Graphs, Ontologies, and AI Applications
Earley Information Science
 
Observability, Distributed Tracing, and Open Source: The Missing Primer
VMware Tanzu
 
Cybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdf
ssuser7b150d
 
AI and Cybersecurity - Food for Thought
NUS-ISS
 
Lessons learned from building practical deep learning systems
Xavier Amatriain
 
IT Audit - Shadow IT Systems
Dam Frank
 
API Management Within a Microservices Architecture
Nadeesha Gamage
 
adb.pdf
AdityaMehta724216
 
Cyber Threat Intelligence | Information to Insight
Deep Shankar Yadav
 
OpenTelemetry For Architects
Kevin Brockhoff
 
The Data Platform for Today’s Intelligent Applications
Neo4j
 
Ad

Similar to Cyber Security and Data Science (20)

PDF
Constant Contact: An Online Marketing Leader’s Data Lake Journey
Seeling Cheung
 
PDF
IT Operation Analytic for security- MiSSconf(sp1)
stelligence
 
PDF
Finding the needle in the haystack: how Nestle is leveraging big data to defe...
Big Data Spain
 
PPTX
Heureka Webinar – Security, the Growth Engine for eDiscovery Professionals
Heureka Software
 
PDF
CaseWare Monitor - New in 5.4 Release
Alessa
 
PPTX
351315535-Module-1-Intro-to-Data-Science-pptx.pptx
XanGwaps
 
PPTX
Data_Analytics_Types_Presentation12.pptx
M.H.Saboo Siddik Polytechnic
 
PPTX
20160000 Cloud Discovery Event - Cloud Access Security Brokers
Robin Vermeirsch
 
PPTX
E discovery Process Improvement
Paralegal Rainmakers
 
PDF
CNIT 160 4d Security Program Management (Part 4)
Sam Bowne
 
PPTX
Digital Forensics Triage and Cyber Security
Amrit Chhetri
 
PPTX
How to Use Big Data to Transform IT Operations
ExtraHop Networks
 
PPTX
Netrascale Regtech Presentation Saeed.pptx
Denis Nwanshi, MBA
 
PPT
SplunkLive! Cincinnati - Hurricane Labs - Oct 2012
Splunk
 
PDF
IOUG93 - Technical Architecture for the Data Warehouse - Presentation
David Walker
 
PPTX
Data Connectors San Antonio Cybersecurity Conference 2018
Interset
 
PDF
Steps in it audit
kinjalmkothari92
 
PDF
CNIT 160 4d Security Program Management (Part 4)
Sam Bowne
 
PDF
lec1.pdf
nimmakiran1
 
PDF
Advanced Project Data Analytics for Improved Project Delivery
Mark Constable
 
Constant Contact: An Online Marketing Leader’s Data Lake Journey
Seeling Cheung
 
IT Operation Analytic for security- MiSSconf(sp1)
stelligence
 
Finding the needle in the haystack: how Nestle is leveraging big data to defe...
Big Data Spain
 
Heureka Webinar – Security, the Growth Engine for eDiscovery Professionals
Heureka Software
 
CaseWare Monitor - New in 5.4 Release
Alessa
 
351315535-Module-1-Intro-to-Data-Science-pptx.pptx
XanGwaps
 
Data_Analytics_Types_Presentation12.pptx
M.H.Saboo Siddik Polytechnic
 
20160000 Cloud Discovery Event - Cloud Access Security Brokers
Robin Vermeirsch
 
E discovery Process Improvement
Paralegal Rainmakers
 
CNIT 160 4d Security Program Management (Part 4)
Sam Bowne
 
Digital Forensics Triage and Cyber Security
Amrit Chhetri
 
How to Use Big Data to Transform IT Operations
ExtraHop Networks
 
Netrascale Regtech Presentation Saeed.pptx
Denis Nwanshi, MBA
 
SplunkLive! Cincinnati - Hurricane Labs - Oct 2012
Splunk
 
IOUG93 - Technical Architecture for the Data Warehouse - Presentation
David Walker
 
Data Connectors San Antonio Cybersecurity Conference 2018
Interset
 
Steps in it audit
kinjalmkothari92
 
CNIT 160 4d Security Program Management (Part 4)
Sam Bowne
 
lec1.pdf
nimmakiran1
 
Advanced Project Data Analytics for Improved Project Delivery
Mark Constable
 
Ad

Recently uploaded (20)

PPTX
DISORDERS OF THE LIVER, GALLBLADDER AND PANCREASE (1).pptx
chepkoitcheruiyot
 
PDF
Lecture1 pattern recognition............
ZafriFarid
 
PDF
22.Patil - Early prediction of Alzheimer’s disease using convolutional neural...
ngaviet5
 
PPTX
Acceptance and paychological effects of mandatory extra coach I classes.pptx
ZaheerAhmad228692
 
PPTX
mbdjdhjjodule 5-1 rhfhhfjtjjhafbrhfnfbbfnb
CHINTU5000
 
PDF
TRAFFIC-MANAGEMENT-AND-ACCIDENT-INVESTIGATION-WITH-DRIVING-PDF-FILE.pdf
chouziyu14
 
PPT
Quality review (1)_presentation of this 21
abobaker13
 
PPTX
Database Infoormation System (DBIS).pptx
TefferiMekonnen2
 
PPTX
CEE 2 REPORT G7.pptxbdbshjdgsgjgsjfiuhsd
hildogavino28
 
PPTX
Data_Analytics_and_PowerBI_Presentation.pptx
ZubyrAhmed
 
PPTX
Moving the Public Sector (Government) to a Digital Adoption
PaulYoung221210
 
PPTX
MODULE 8 - DISASTER risk PREPAREDNESS.pptx
AceAquino4
 
PPTX
1_Introduction to advance data techniques.pptx
AshutoshDeshmukh33
 
PPTX
Supervised vs unsupervised machine learning algorithms
agarwal18harsh08
 
PPTX
Introduction to Firewall Analytics - Interfirewall and Transfirewall.pptx
kuthubussaman1
 
PDF
Introduction to Business Data Analytics.
jamalmumthaj
 
PDF
BF and FI - Blockchain, fintech and Financial Innovation Lesson 2.pdf
JamesWilliams752225
 
PDF
Mega Projects Data Mega Projects Data
saidsalah8181
 
PPT
Chapter 2 METAL FORMINGhhhhhhhjjjjmmmmmmmmm
JanakiRaman206018
 
PPTX
The THESIS FINAL-DEFENSE-PRESENTATION.pptx
hshakobe3
 
DISORDERS OF THE LIVER, GALLBLADDER AND PANCREASE (1).pptx
chepkoitcheruiyot
 
Lecture1 pattern recognition............
ZafriFarid
 
22.Patil - Early prediction of Alzheimer’s disease using convolutional neural...
ngaviet5
 
Acceptance and paychological effects of mandatory extra coach I classes.pptx
ZaheerAhmad228692
 
mbdjdhjjodule 5-1 rhfhhfjtjjhafbrhfnfbbfnb
CHINTU5000
 
TRAFFIC-MANAGEMENT-AND-ACCIDENT-INVESTIGATION-WITH-DRIVING-PDF-FILE.pdf
chouziyu14
 
Quality review (1)_presentation of this 21
abobaker13
 
Database Infoormation System (DBIS).pptx
TefferiMekonnen2
 
CEE 2 REPORT G7.pptxbdbshjdgsgjgsjfiuhsd
hildogavino28
 
Data_Analytics_and_PowerBI_Presentation.pptx
ZubyrAhmed
 
Moving the Public Sector (Government) to a Digital Adoption
PaulYoung221210
 
MODULE 8 - DISASTER risk PREPAREDNESS.pptx
AceAquino4
 
1_Introduction to advance data techniques.pptx
AshutoshDeshmukh33
 
Supervised vs unsupervised machine learning algorithms
agarwal18harsh08
 
Introduction to Firewall Analytics - Interfirewall and Transfirewall.pptx
kuthubussaman1
 
Introduction to Business Data Analytics.
jamalmumthaj
 
BF and FI - Blockchain, fintech and Financial Innovation Lesson 2.pdf
JamesWilliams752225
 
Mega Projects Data Mega Projects Data
saidsalah8181
 
Chapter 2 METAL FORMINGhhhhhhhjjjjmmmmmmmmm
JanakiRaman206018
 
The THESIS FINAL-DEFENSE-PRESENTATION.pptx
hshakobe3
 

Cyber Security and Data Science

  • 1. Cyber Security + Data Science NYU Data Science and Analytics Club Brennan Lodge September 26, 2018
  • 2. Agenda • The Target Breach • Cyber Security is hard • A Cyber Security Analyst and the Security Operations Center • A Data Science Lens to Cyber Security • Visualizations and Reporting • A data science model for cyber security • NYU Data Science and Analytics Club plans
  • 5. + Ransomeware + Spear Phishing + Crypto + Geopolitical
  • 12. Logs, Events, Cases and Operations • Event Workflow • Many, many, many events • Correlation • High, Medium, Low? • Case Workflow • Investigation • Escalate • Review SEIM
  • 14. Problem Statement • Problem Statement • Many Detections but a lot of noise • How? • Understand the detection rule inventory to identify fidelity in the rule set to reveal noise • Solution • By using data science methods, we can empower analysts to work on higher fidelity alerts
  • 15. The balance of analysts and defense Defense & Detections Data Scientist Hackers Cyber Security Analysts Insiders
  • 16. Data Science Project workflow Business Understanding & Requirements Gathering Data Discovery, Data Understanding and Use Case Development Data Preparation, Transformation and prototyping Analytics Delivery Measurements and Evaluation Actionable data-driven insights Data
  • 17. • Get feedback on analytics to be implemented as reports for the SOC • Held a SEIM application and a data session with Sentinel development team Data Business Understanding & Requirements Gathering Data Discovery, Data Understanding and Use Case Development Data Preparation, Transformation and prototyping Analytics Delivery Measurements and Evaluation Actionable data-driven insights • Met with SOC Leadership to identify analytics opportunities • Operational Analytics • Case Detection Correlation • Identified SEIM Data in the Data Lake and reviewed data dictionary with SEIM dev team • Leveraged Juptyer Notebook and SQL queries to pull Sentinel Data and transform data into analytics• Delivered analytics prototypes to support the use cases and present findings to SOC leadership • Analytics provided to SOC to measure, track, monitor and make better data driven decisions
  • 18. Operational Metrics qRun Rate ? q The operations q Shift for analyst = 8 hours q Number of Cases Created Per Day q Sustainable Production = # cases per hour q Current Production = Number of cases per hour / # of analysts q Difference = + or –
  • 19. Rule Detection Analytics 0% 5% 10% 15% 20% 25% 30% 35% 40% 0 20 40 60 80 100 120 140 160 Detection Rules Fired vs Threat Rate Threat Rate More events fired per detection rule… …the higher threat detection rate
  • 20. Model
  • 21. SIEM Data Data Source Transformation Services End Services Table Merges SQL Queries Python Scripts Data Ingestion Python pickle file Modeling Dashbaord Reporting
  • 24. Logistic Regression to evaluate detections Examples of features and the dependent variable for scoring detections: Independent variables • Sensors • Detection Rules • Day of the week an event has made a detection • Is the event correlated with another event • Priority / Severity of the event as scored by a sensor Dependent Variables • Threat or Non-Threat based off of an analysts decision of closing an investigation
  • 31. NYU Data Science and Analytics Club