Reserve Presentation: Triangulation of Models for Threat Hunting
45 min
With the arrival of newer technologies and techniques such as machine learning (ML), these tools help cybersecurity teams to effectively examine broad areas of data by providing metrics for particular datasets. This work explores the utility of having multiple ML scores generated by separate models against a sanitized subset of data. Utilizing dashboards of the scores provides different perspectives of the same dataset. A low score in one model may very well be a high score in another. This ability allows threat hunters to approach the data through different perspectives and to raise awareness of unique data points that might have otherwise been ignored. Our findings indicate that the greatest utility this approach offers for threat hunting is not in its summative approach of scoring all the data but in its discriminant ability of comparing the different models scores.
Presenters
minimize chat, to return to chat, click on live chat
For any assistance related to live chat, please contact
800-421-1362