Elaine Hung

Elaine Hung

Speaker
Elaine hung is the lead incident response handler and malware analyst in one of the largest European bank in APAC. She has conducted large number of investigations that span enterprise and industry. She has also spent significant amount of time into developing machine learning model that could enhance the SOC monitoring capabilities. Elaine’s previous experience includes penetration tests, red team and source code review.

Making your SIEM great again - Augmenting your detection via simple machine learning

We have heard tons of User Behaviour Analytics tools that claims to facilitate detections of cyber-attacks. However, it generates tons of alerts every time that causes “Alert fatigue” to SOC analysts and stealthy attacks performed by attackers are often missed. It is often difficult to understand how these alerts are generated as models from these commercial off the shelf products are close-sourced.

I will present a real case example of how I built our own analytics models and threat profile by leveraging machine learning techniques from 3 different use cases: Web Access Anomaly, Windows Access Anomaly and Core Application Anomaly such that everyone could replicate it in their own environment. I will also show examples of how the anomaly user activities could be used as the starting point for proactive threat hunting. The results of the opensource analytics model will be presented and how this was used to replace the UEBA tools we had.



Schedule : September 24, 2020 - 1:30 PM