Advanced Analytics for Security: Lateral Movement Detection

https://secure.meetupstatic.com/photos/event/9/c/6/e/600_461680046.jpeg

Speaker

Anirudh Kondaveti (http://linkedin.com/in/anirudhkondaveeti/), Principal Data Scientist at Pivotal, Inc.

NOTE: this meeting is on TUE, 7/25, because of the location availability. (Not the normal Monday for the Data Science talk series)

Agenda

6:30 - 7:00 audience arrives, registers, network, pizza

7:00 - 7:10 ACM announcements, pass mic to audience for DS hiring or announce other events, introduce speaker

7:10 - 8:30-ish presentation (9:00 hard stop for all to be out)

Event Details

It’s never been a harder time to be a security professional. Malware and exploits once held only by national intelligence services are increasingly available to miscreants for malicious activity. And not all of these breaches will originate outside the perimeter -- a persistent, sizable minority will still come from true insiders.

In this session, we’ll discuss data science techniques that are useful in revealing the presence of intruders and malicious insiders – lateral movement detection. Lateral movement refers to the various techniques attackers use to progressively spread through a network as they search for key assets and data, harvest privileged credentials, exfiltrate data, and leave a persistent backdoor for ongoing access.

You’ll leave this session with an in-depth understanding of the analytic techniques useful in lateral movement detection and how to put these ideas into practice in your own organization.

Speaker Bio

Anirudh is Lead Data Scientist for Security at Pivotal, where he’s worked with more than six leading multinational companies to lead and execute data science labs. He’s also filed more than six patents.

In particular, Anirudh has focused on the analytics of lateral movement detection: analyzing the access patterns of users and servers to detect internal threats. He’s developed a behavioral model to identify "needle-in-a-hay-stack" kinds of anomalies by analyzing user-server access patterns using machine learning algorithms like principal component analysis, matrix factorization, and hierarchical clustering. The model has been put into production in five enterprises and is effective in identifying the top one percent of anomalous users with a low false alarm rate. Anirudh has also done significant work in banking fraud detection.

Anirudh holds a PhD in Industrial Engineering from Arizona State University and a Bachelor’s degree from the Indian Institute of Technology.