Threat hunting is a fascinating field that based on the assumption of ‘assuming compromise’, intends to find and identify existing threats in a given network. Looking for threats in a network is challenging, as you assume that the unknown threat you are trying to look for already bypassed all the security mechanisms in place. Can you imagine doing threat hunting at big scale? Now imagine doing threat hunting at a really big, big scale.
This talk will walk you through my experience as a threat hunter in hundreds of networks simultaneously covering more than a million hosts. I will explain how the right combination of different Machine Learning techniques makes this possible, explaining also the challenges and limitations we often face when working with big data. This talk will be illustrated with the methodologies utilized and a technical explanation of novel findings in the 2 years of hunting I’ve experienced.
If I have the data, can I hunt them all? Join me in my attempt to hunt them all.
Veronica is a security researcher from Argentina. She graduated in 2013 with a Master degree in Computer Science from FASTA University. She worked independently in different projects involving data analysis, machine learning and malware sandboxing.
Since 2013 she is part of the Cognitive Threat Analytics team, Cisco Systems. She specializes in malware network traffic analysis, network behavioral patterns and threats categorization. An important part of her role consist in collaborating with other teams in order to find and confirm new threats.