Early Detection Of Malicious Patterns In Event-Streaming Data | Hyrum Anderson
Talk Abstract: Adversarial activity can no longer be described purely in terms of static indicators of compromise, which are brittle to evolving adversaries. Instead,behavioral indicators, such as those taxonomically organized in the MITRE ATT&CK framework, offer detection durability. Technical challenges include the fact that many behaviors are not atomic, but span multiple events in an event stream that may be arbitrarily and inconsistently separated in time by benign nuisance events. …