Automated Prevention of Ransomware with Machine Learning and GPOs (RSA Conference 2017)

This talk will highlight a signature-less method to detect malicious behavior before the delivery of the ransomware payload can infect the machine. The ML-driven detection method is coupled with the automated generation of a Group Policy Object and in this way we demonstrate an automated way to take action and create a policy based on observed IOC’s detected in a zero-day exploit pattern.

Detailed Presentation :

Speakers :

Rob Soto,  Joseph Zadeh

Rod Soto has over 15 years of experience in information technology and security. Currently working as a Security Researcher at Splunk User Behavioral Analytics. He has spoken at ISSA, ISC2, OWASP, DEFCON, Black Hat, Hackmiami and Bsides, and has also been featured in Rolling Stone Magazine, Pentest Magazine, Univision and CNN. Soto was the winner of the 2012 Black Hat Las Vegas CTF competition and is the Founder and Lead Developer of the Kommand && KonTroll competitive hacking tournament series.

Joseph Zadeh is a Data Scientist on the Splunk User Behavior Analytics team. He has been active in the security space since the first time he attended a hacker con (Defcon 8) and since then he has been passionate about security research in different forums at the grassroots level. He received a B.S. from the University California, Riverside and an M.S. and Ph.D. from Purdue University in mathematics. He has presented or co-presented at various security conferences, including DEFCON, BSides, Torcon and Blackhat to name a few. Zadeh loves to work on behavior-based prediction problems and artificial intelligence such as covert channel detection probabilistic identity resolution, machine learning-driven risk profiling and fraud detection.

(Source: RSA USA 2017)

8669813498?profile=original

Discover & Compare 1000+ Cyber Security Products (It's Free!)

FireCompass is an AI Assistant for Cyber Security Decision Making. Discover & Compare 1,000+ Cyber Security Products. Grab your FREE Account Now (For a Limited Time ONLY).

>>Click Here To Sign Up For FREE

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)