Cybersecurity

The Problem Modern threat detection requires data – lots of data – typically from multiple sources. This brings with it a number of interesting data engineering challenges, especially when we want to materialize that data into a single view and execute analysis in a timely and cost-effective manner. Finding indicators of behavior (IoBs) in real time amplifies already significant challenges: processing enough of the right kind of data from multiple sources in a timely fashion is beyond the...

The Problem Discovering advanced persistent threats (APT) is, by design, akin to finding a needle in a haystack. The threat actors behind APTs combine multiple tactics, techniques, and procedures (TTP) over extended periods of time to compromise and maintain access to their targets. The IBM Cost of Data Breach Report 2021 reported an average attacker dwell time of 212 days. APTs evade legacy security solutions which rely on time-batched loads of data that filter for Indicators of Compromise...

The Problem AWS CloudTrail logs are full of untapped information that can help reduce risk and improve event response times, especially when analyzed in context and in real time. A thatDot cyber security customer seeking to expand their offerings to include threat detection monitoring of AWS CloudTrail logs faced three challenges. They needed to: Reliably identify hard-to-detect insider and external threats using Indicators of Behavior (IoB) analysis Generate highly informative alerts that...