BSidesFortWayne 2022 - Using open source algorithms for C2 beacon detection with Microsoft Sentinel скачать в хорошем качестве

BSidesFortWayne 2022 - Using open source algorithms for C2 beacon detection with Microsoft Sentinel

Closing Keynote - Dr. Chris Fennell --- Detecting potential command and control beacons remains a critical part of the security of an organization. Beacons by definition are a way for malicious actors to establish communication with a threat actors' technical infrastructure. However, the challenge with detecting beacons is that the communication is often varied and disguised. Using an open source (ML) method, we used a KQL script to implement and unsupervised ML method to categorize and identify potential beacons. Analysis revealed that beacons tend to fall into high and low frequency call outs and is statistically significant. Additional Visualizations and dashboards were used to show patterns that could be useful in detecting beacons. --- Chris Fennell is a cybersecurity researcher with Walmart Information Security who studies how individuals use and interact with security technologies. He has a PhD in Information from Michigan State University and feels blessed to have worked with some amazing researchers and practitioners in the cybersecurity community. He has worked on multiple National Science Foundation grants as well as working at a federally funded research center a part of the Department of Defense. He is passionate about security and is interested in exploring its economic, social and policy impacts.