Data Science has become more critical to the ever-changing landscape in technology applied to detecting and defending against sophisticated attacks. 'But what exactly is it? How does it work? And how can it be used for cybersecurity and responding to intrusions? '
The SANS Data Science and Artificial Intelligence Lightning Summit aims to provide a quick readout from some leading experts in this new field, discussing its practical uses in the rapidly evolving cybersecurity field. If you are not asking questions on whether your tools and capabilities are being built with Data Science and Artificial intelligence mechanisms ' this hour-long Lightning Summit is for you.
Overview and Intro - John Hubbard is the Blue Team Ops Curriculum Lead, Certified Instructor, and Course Author at SANS
Practical Machine Learning for Information Security ' David Hoelzer a SANS Fellow and author of more than twenty days of SANS courseware
Machine Learning and AI solutions are here to stay. 'Are you building solutions today? 'Can you build solutions? 'Are there pitfalls? 'David Hoelzer, author of the about-to-debut SEC595 Applied Data Science and Machine Learning for Information Security course will talk about one of the big pitfalls when it comes to building solutions with his mysterious-sounding, 'Of Hammers and Nails. '
Data Science for DFIR ' Jess Garcia a SANS Senior and the founder and technical lead of One eSecurity
In this short talk, Jess will share the benefits of applying Data Science and Machine Learning to DFIR, how these "new" technologies complement our traditional tools and techniques, where they fall in our DFIR methodologies, what is currently available out there, and how to get started with them.
Cyborgs vs Androids: Artificial Intelligence, or Hybrid Intelligence? ' Ken Westin Director of Security Strategy at ReliaQuest
Over the past few years 'artificial intelligence ' has been a buzzword in cybersecurity. But, are these tools really using AI? Is AI even the right approach? Successful security programs still put humans at the center, and leverage technology to serve and empower the analyst to make decisions vs replacing them. Instead of looking at a security program as an android, relying solely on technology, we should be taking a "hybrid intelligence" approach which operates more like a cyborg and leverages principles of cybernetics where technology such as machine learning and automation are used to extend the human analysts capabilities. 'Machines are good at gathering, parsing, and analyzing data quickly via correlation rules, machine learning and analytics, but it still must be presented to the human analyst to make critical decisions, who can then trigger automated actions via integrated tools. This presentation will show examples of where machine learning and automation can be used to provide more context, better visibility, and faster response for threat hunting and incident response use cases, which puts the human analyst at the center.
The Rise of Cyber Analytics Powered by the Data Lakehouse - Jason Trost, Head of Analytic Engines in HSBC's Cybersecurity Sciences and Analytics division
The Data Lakehouse architecture has emerged over the past 2 years.'this architecture combines the best elements of traditional data warehouses and data lakes, as well as with the scalability of the cloud. This technology is already starting to enable many new Cyber analytics across several industries.'this talk introduces the Data Lakehouse, discusses several security use-cases that this technology is unlocking and how it will empower security data scientists and security analysts of the future.