Clustering attack vectors, using SecBI
Recently at Info Security Europe 2016 we had a chance to talk to Doron Davidson, VP BD & Customer Success at SecBI (Security Business Intelligence). SecBI focuses in giving security analysts the security intelligence they need to investigate and respond faster. They focus in machine learning to refine, contextualize and prioritize the most valuable information from SIEM and log data sources.
Doron Davidson, who also co-founded SecBI, has over 15 years of experience in IT security and telecommunications. During our chat we asked him how SecBI’s platform correlated information, he commented:
You can connect existing security tools you already have, such as: auto-perimeter defense , web proxies, firewalls, DNS and so on. Then we take this information and we cluster it… For the clustering we’re actually using models that we’ve developed internally. Where every such cluster might represent a behavior that might become or might be an attack against the organisation. We’re then using over 100 sources of threat intelligence in order to indite these cases into an actual incident and if were able to do that then that incident would already include all of the forensic information needed in order to investigate and mitigate [an attack].
*Information supplied by ICO for Q4 of 2015 (https://ico.org.uk/action-weve-taken/data-security-incident-trends/)