SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsGood security is a moving target. Walls and castles were once good defenses against attackers, but they stand as little chance of preventing an attack by a modern army. Like all defenses, if left unattended, any information security strategy will become obsolete and fail. The problem with building or improving a defense strategy is where to start. Our knowledge and defenses are seldom perfect. More often than not the task of securing a network is gargantuan, and daunting. A good logging and analysis strategy can point the way. By accepting that defenses and configurations are never perfect and ever changing and by analyzing input from the event sources we already have, we can detect threats, direct responses, and tune our defenses. In the paper that follows, a repeatable process for continuously improving security and an outline of log analysis with case studies and sample output based on actual data will be detailed. The process is broadly applicable, and does not require a Security Information and Event Management (SIEM) or centralized log management (LM) system, though they do make the process easier.