At FireEye we are fortunate to have a wide array of backgrounds, including experienced data scientists, security analysts, software engineers, and incident responders. In this episode of State of the Hack, Nick Carr and Christopher Glyer interview Matt Berninger about his journey from incident responder to data scientist and how that has shaped his perspective on some machine learning applications and issues in the community today.
This discussion covers a brief overview of data science foundations and how they apply to common cyber security problems. The trio also discuss how to navigate the deluge of machine learning marketing, and what considerations to make before including machine learning in a security stack. Finally, they dive into some recent data science projects and explain how the FireEye Data Science team works with practitioners around the company to solve complex problems.
FireEye Data Science Blog Posts
- Open Sourcing StringSifter
- Showing Vulnerability to a Machine: Automated Prioritization of Software Vulnerabilities
- Learning to Rank Strings Output for Speedier Malware Analysis
- Churning Out Machine Learning Models: Handling Changes in Model Predictions
- Going ATOMIC: Clustering and Associating Attacker Activity at Scale
- What are Deep Neural Networks Learning About Malware?
- Obfuscated Command Line Detection Using Machine Learning
- Malicious PowerShell Detection via Machine Learning
- Reverse Engineering the Analyst: Building Machine Learning Models for the SOC
Additional Data Science Resources
- Security Repo (open source cyber security datasets)
- Coursera Data Science Courses
- Udemy Data Science Courses
- ResNet is a model, not a dataset
- ’overfitting’ is used to describe the ransomware model issues; this could also be viewed as ‘bias’ in the training data
State of the Hack® is FireEye's monthly broadcast series, hosted by Christopher Glyer (@cglyer) and Nick Carr (@itsreallynick), that discusses the latest in information security, cyber espionage, attack trends, and tales from the front lines of responding to targeted intrusions. If you want to experience the magic, you can watch all State of the Hack episodes now. All episodes are also available as podcasts.