SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsThis paper addresses real-world enterprise Vectra and Cyphort detections and walks through adetailed forensic workflow case study resulting in conclusive findings. Even though theworkflow is based on the Vectra and Cyphort commercial detection platforms, this workflowis applicable to security events generated by other commercial or free products. Vectraperforms behavioral analysis to detect malicious activities on the network. Cyphort performsmalware detection. Upon notification of Vectra and Cyphort events, the security analyst mustdrill into the events with respect to the target host to find out if it was the victim of amalicious attack. This requires an investigative workflow using forensic tools and Internetresearch. Free forensic tools are primarily used for the analysis, but commercial products Bit9and Carbon Black are also used to corroborate evidence. The workflow is the same whetherthe findings are confirmed to be true or false positives.