Interset CTO Says Data Science Narrows the Gap in Advanced Threat Detection in 2015 Verizon Data Breach Report


Share this page

San Francisco, CA, April 21, 2015 – Security expert and Interset CTO Stephan Jou says modern data science—the application of mathematics, statistics, and machine learning to extract knowledge and detect threat patterns—is an emerging technology that is proving effective at detecting sophisticated inside and cyber threats facing organizations today. In a briefing released this week at the RSA Conference and as part of the Verizon 2015 Data Breach Investigation Report, Jou said successful data science methods can provide a more accurate and operationally sound approach to threat detection, one that permits security teams to focus in on actual threats while simultaneously reducing the time wasting efforts of sorting through unimportant event-based alerts and chasing down false positives.

In the Interset briefing titled “Threat Detection Data Science, Data, Features and Math,” Jou said key data science tools combine:

Machines learning, which defines dynamic range for normal activities to be computed from data separately replacing universal thresholds
Probabilistic math, which uses continuous numbers to describe how risky or suspicious something is
Entity based risk scoring, automatically correlating, corroborating and aggregating risky events and attributing risk to the higher-level actors involved.

Jou said an important new focus to producing successful detection lies in combining multiple data feeds together.

“A compromised account may have an unusual process running (endpoint data), issue suspicious DNS queries (network data), and exhibit anomalous access to network share data (server access data). To mathematically stitch together an accurate picture of the entire kill chain requires holistic access to as many raw data feeds as practical. If the data science solution does not support multiple data sources, then its analytical output will be incomplete,” said Jou.

Visit Interset this week at the RSA 2015 Conference Booth 4317 and see our #CoverYourAssets showcase, a presentation of outside and inside attacks that have been detected and prevented at real Interset customer sites.

Download the Verizon Data Breach Investigations Report.

About Interset
Interset provides highly intelligent, accurate insider and targeted outsider threat detection. Our solution unlocks the power of behavioral analytics, machine learning, and big data to provide the fastest, most flexible, and affordable way for IT teams of all sizes to operationalize a data-protection program. Utilizing agentless data collectors, lightweight endpoint sensors, advanced behavioral analytics, and an intuitive user interface, Interset provides unparalleled visibility into sensitive data. This enables early attack detection and actionable forensic intelligence with reduced false positives and noise. Interset solutions are deployed to protect critical data across the manufacturing, life sciences, high-tech, finance, government, intelligence communities, aerospace and defense, and securities brokerage industries. For more information, visit Interset.com and follow us on Twitter @intersetca.

Contact
Betsy Kosheff
bkosheff@interset.com
413-232-7057


Share this page