Get a free daily review of your organization’s logs and contribute to the MLSec Project! Sign up now
Catch up with the presentation materials from BSidesLV, BlackHat and DefCon here
Let's face it: we may win some battles, but we are losing the war pretty badly. Regardless of the advances in malware and targeted attacks detection technologies, our top security practitioners can only do so much in a 24-hour day; even less, if you let them eat and sleep. On the other hand, there is a severe shortage of capable people to do "simple" security monitoring effectively, let alone complex incident detection and response.
Big Data, Data Science, Machine Learning and Analytics are a few of the new buzzwords that have invaded our industry of late to handle this problem. Again we are being sold a unicorn-laden, silver-bullet panacea by heavy handed marketing folks, evoking an expected pushback from the most enlightened members of our community.
MLSec is a project that aims to apply machine learning to assist in information security monitoring and incident detection. The vision is to create algorithms that automatically prioritize and classify potential events and attacks as something that could potentially be blocked automatically, is clearly benign, or is really worth the time of your analyst.
We aim to create a select community of like-minded individuals that want to work together to reach that goal. There are many ways you can help, but the most pressing need is for real live log data to analyze, and candid feedback on the results reported by the algorithms. See this FAQ entry for more information.
The advances and some of the most interesting findings will be shared regularly in our blog posts, so be sure to subscribe.
FarSight Security is a provider of bleeding edge intelligence feeds and passive DNS data, and has recently established a partnership with the MLSec Project. We will soon publish more details on this on an upcoming blog post.