Detecting malware with machine learning, from c&c to exfiltration
In this example-driven session, we will cover novel malware detection methods, as used by Cisco Cognitive Threat Analytics (CTA) engine. Participants will learn about:
■ Modern malware, its modus operandi and revenue streams
■ Evasion of traditional security defenses (firewall, antivirus)
■ How network anomaly detection and machine learning can uncover its presence
■ Methods used to reduce false positives (FP) and false negatives (FN)
Cohesive and actionable incident assembly
Prior knowledge of current security trends is recommended. No prior knowledge about machine learning is required.
Michal is a data analytics technical leader in the Cognitive Threat Analytics team within Security and Business Group of Cisco Systems. We do internet-scale security analytics of web traffic meta-data. Our mission is to build AI detection engines that reveal active breaches inside the networks of our customers, and that without traffic content inspection and signatures.Michal's role includes analytics, engineering, as well as leadership and continuous improvement of the team's unique methodology, practices, and tools.