Alison Ryan of Reservoir Labs is proud to be co-presenting with Eric Dull of Deloitte at the National Cyber Summit in Huntsville AL June 7–9. Please join us at 3:00PM on June 8 for a talk entitled: Enabling the Analyst at 40 Gb/s and Billions of Records, Really. We will share practical insights from recent engagements and discuss purposefully to leverage Data Science and Cyber Analytics.
Production networks operating at 40 Gb/s rates produce no shortage of data. More, there is no shortage of products and services implying they can make it “easy” to identify a software product’s behaviors to gather actionable insight. While not easy, it is possible. It requires sensors that can process carrier-grade bandwidths and produce full-take metadata that summarizes terabytes of network data into clearly expressed behaviors. This metadata, measured in 100s of millions to billions, then needs to be analyzed by human analysts, and they must be aided by data science tools, in seconds to allow them to identify and characterize the network behaviors exhibited by a variety of tools functioning within live networks. Processing these data volumes with this required responsiveness and then using those behaviors in operational networks, requires multiple computing architectures working together, including cloud computing, supercomputing, and high-speed complex event processors.
We will outline how these new techniques and approaches have been combined to effectively identify and then combat three phases of a malicious software’s behavior: the breach, the dormant, and the active. Utilizing video and screen captures, we’ll walk through several use cases to outline how we’ve leveraged this new combination of architectures to identify software behaviors and crystalize understanding from indicators of compromise through actionable insights.
Learn more about Reservoir’s cyber security sensor R-Scope.