The third in a series of three blogs by Grant and Jason Rolleston on the process of identifying actionable insights.
In this series, we’ve been examining how data is collected, processed and analyzed. And, because of the complexity of the task at that analysis stage, we’ve been looking at the task of augmenting human analyst capability with automation and machine learning. Learning mechanisms – for humans and machines – are critical to this final step.
At McAfee, our greatest progress thus far in automating insights has been the application of McAfee Behavioral Analytics (MBA) and McAfee Investigator and customer machine learning classifiers using our McAfee Enterprise Security Manager (ESM) data set. This combination leverages machine learning and deep neural network capabilities to guide analysts to insights that then lead to decisions. We’re now focused on extending these investigation guides at the core of McAfee Investigator, which encapsulate the best thinking and practices of expert threat hunters, so that analysts can gather more relevant intelligence.
Those investigation guides are not just about the questions that good threat hunters ask; they are also about how the best minds answer those questions. Collecting and analyzing the attackers’ objectives, methods, and techniques directly result in operational threat intelligence that leads to conclusions about suspicious activity. For example, do we need to work with our endpoint tools to change the data they throw off and create so that we can be more effective with our investigations later?
To capture these inquiries, we’re tapping into the resources of McAfee Customer Zero, our Security Fusion Center teams. McAfee Product Management, Engineering, and the Office of the CISO are collaborating to expand the investigational use cases that are relevant to actual investigations. We view our own Security Fusion Center as the place to learn, to try things, to fine-tune our products and make them better. In the process, we want to help the Fusion Center teams triage which events matter, to get to root cause and an answer as rapidly as possible.
These are very much human-centric investigations – even with all the AI and machine learning baked in. Human-machine teaming doesn’t try to reduce the role of the person. We’re trying to help the human do more.
We believe that by collaborating and sharing best practices, augmented by machine capabilities, we can help security teams arrive at insights that lead to decision, faster and with more confidence. And that action, achieved together, is a powerful outcome indeed.
McAfee technologies’ features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Learn more at mcafee.com. No computer system can be absolutely secure.
McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether referenced data is accurate.