Data Driven Security

Episode 15 In this episode, Bob & Jay provide your data-driven guide to BSides SF & RSA 2015 Links to featured talks: https://bsidessf2015.sched.org/event/2111124302d7368414eaff6e4e4ddf50 https://bsidessf2015.sched.org/event/d67eb601f2047dbec37f7de91c5e18a9 https://www.rsaconference.com/events/us15/agenda/sessions/1736/vulnerability-management-nirvana-a-study-in https://www.rsaconference.com/events/us15/agenda/sessions/1672/security-data-science-from-theory-to-reality https://www.rsaconference.com/events/us15/agenda/sessions/1581/majority-report-making-security-data-actionable-and https://www.rsaconference.com/events/us15/agenda/sessions/1601/cookin-up-metrics-with-alex-and-david-a-recipe-for https://www.rsaconference.com/events/us15/agenda/sessions/1887/before-and-beyond-the-breach-new-research-in-the https://www.rsaconference.com/events/us15/agenda/sessions/1524/security-metrics-that-your-board-actually-cares https://www.rsaconference.com/events/us15/agenda/sessions/2006/data-science-transforming-security-operations https://www.rsaconference.com/events/us15/agenda/sessions/1538/pragmatic-metrics-for-building-security-dashboards https://www.rsaconference.com/events/us15/agenda/sessions/1679/the-kelvin-mantra-implementing-data-driven-security https://www.rsaconference.com/events/us15/agenda/sessions/1672/security-data-science-from-theory-to-reality

Episode 14 In this episode, Jay & Bob get a data-driven conference review from Mike Sconzo & Jason Trost - Jason Trost - http://twitter.com/jason_trost - Mike Sconzo - http://twitter.com/sooshie - Flocon 2015 Proceedings - http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=432198 - ShmooCon 2015 - http://www.shmoocon.org/ - MC2 Workshop on Data-Driven Approaches to Security and Privacy - http://www.umiacs.umd.edu/~tdumitra/data-driven/#location This podcast is a companion to Data-Driven Security (the book) [http://dds.ec/amzn] & Data-Driven Security (the blog) [http://dds.ec/blog]. You can find us on Twitter at @ddsecblog / @ddsecpodcast and directly at @hrbrmstr / @jayjacobs.

Episode 13 In this episode, Jay & Bob deconstruct VizSec 13 with Lane Harrison & Sophie Engle - Sophie Engle: http://twitter.com/sjengle - Lane Harrison: http://twitter.com/laneharrison - Website: VizSec.org - Twitter: twitter.com/vizsec - VizSec papers site (from @f2cx): http://vizsec.dbvis.de/#/papers - VAST Challenge: http://vacommunity.org/VAST+Challenge+2014 - VizSec 2014 Videos: http://vimeo.com/groups/vizsec2014

Episode 12 In this episode, Jay & Bob put the “Myths of Security Data Science” to the test with three denizens of the SDS Rogues Gallery (Alex Pinto, Michael Roytman & David Severski) + answer listener questions and give a shout out to Seaborn - Watch the UNEDITED BLOOPER REEL! https://www.youtube.com/watch?v=b0Nf6B45Soo - Alex Pinto - @alexcpsec, @mlsecproject - Michael Roytman - @mroytman - David Severski - @dseverski - Seaborn - http://stanford.edu/~mwaskom/software/seaborn/ - Data-Driven Security 30% off! - http://dds.ec/amzn

Episode 11 In this episode, Jay & Bob talk Squirrels, Pigs & Maps with Preeminent Data Scientist Jason Trost from ThreatStream, and take a look at what's made the headlines in the data science community since last show. Resources / people featured in the episode - Watch the UNEDITED BLOOPER REEL! http://www.youtube.com/watch?v=3TYr11e9Rjw - Jason Trost https://twitter.com/jason_trost - covert.io blog http://www.covert.io/ - ThreatStream http://threatstream.com/ - Clairvoyant Squirrel: Large Scale Malicious Domain Classification http://www.slideshare.net/jasontrost/flo-con-clairvoyant-squirrel-final - Binary Pig http://blog.cloudera.com/blog/2013/11/binarypig-scalable-static-binary-analysis-over-hadoop/ - Binary Pig github repo https://github.com/endgameinc/binarypig - Modern Honey Network http://threatstream.com/blog/mhn-modern-honey-network - Roll Your Own IP Attack Graphs with IPew http://datadrivensecurity.info/blog/posts/2014/Oct/roll-your-own-ip-attack-graphs/ - Map or Don't Map - http://uxblog.idvsolutions.com/ - DAVIX 2014 Released - http://secviz.org/content/davix-2014-released - http://www.secviz.org/node/89 * flowtag (PCAP interactive network trace viewer) - http://chrislee.dhs.org/projects/flowtag.html * Gephi * ELK * PicViz http://www.picviz.com/en/index.html => references http://www.cs.uic.edu/~kzhao/Papers/06_ICDM_Zhao_Visual.pdf & http://gbook.yolasite.com/resources/2002-Keim-Visualization%20in%20DM-IEEE%20Trans%20Vis.pdf * iPython / RStudio * dns_browse/dns_tree http://www.isi.edu/~johnh/SOFTWARE/DNS/ (dig enhancers) - Lynn Cherny "roundup of recent text analytics & vis work" - http://blogger.ghostweather.com/2014/10/a-roundup-of-recent-text-analytics-and.html - How a fraud detection algorithm consipred to ruin my recent trip - http://junkcharts.typepad.com/numbersruleyourworld/2014/10/how-a-fraud-detection-algorithm-conspired-to-ruin-my-recent-trip.html - Collecting all IPv4 WHOIS records in Python - http://tech.marksblogg.com/all-ipv4-whois-records.html - Linked Small Multiples - http://flowingdata.com/2014/10/15/linked-small-multiples/

Episode 10 In this episode, Jay & Bob have a community discussion with John Langton & Alex Baker about their security data analysis & visualization startup: VisiTrend, and take a look at what's made the headlines in the data science community since last show. Resources / people featured in the episode + link insights from VisiTrend: VisiTrend - @visitrend https://twitter.com/visitrend https://visitrend.com/ VERIS/VCDB general vis - we have a tree map version of the actors, actions, assets, and attributes breakdown which better shows the distribution of events (description on snapshot). Snapshot - https://visitrend.com/cyber/snapshot/snap.html?543acc01e4b0e3434852f71d VERIS/VCDB clustering - each square is an event in the data set. Squares are first grouped based on # of employees (e.g. companies with 1k employees will be grouped together), and then based on industry. Squares are colored based on clustering output - we found 7 clusters. We will provide more detail on what defines these clusters in a blog post. It’s interesting to see that particular industries do have particular attack types according to clustering, shown by blocks of similar color. Snapshot - https://visitrend.com/cyber/snapshot/snap.html?543acac5e4b0e3434852f71b Honeypot overview - this is really cool (I think). Black, square nodes are the honey pots. Node size is based on the # of packets they’re sending. Computers use more different ports are colored red (big red guy doing massive port scan drowns out the others). The force directed layout clusters nodes if they hit the same honeypots. For instance, click a node in an “outer ring” twice to highlight the honeypot it’s hitting, and it will be one. All other nodes in that ring hit the same one. Double click one of the center nodes and you’ll se they’re hitting all of the honeypots. Treemap groups nodes according to subnet addressing. The timeline view shows time-based histogram of packets coming in colored by destination port. The red guy is selected in the snapshot, so you can see that he blasts all the honey pots at relatively same time. Snapshot - can be posted and viewed without logging in: https://visitrend.com/cyber/snapshot/snap.html?543accefe4b0e3434852f720 Honeypot port highlighting - Square nodes are attackers, and circle nodes are ports. Size of the port is how many times packets were sent to that port. Mouse over big purple circle and you see port 1433 is the most popular. You could double click it to see all machines hitting that port. There are two color layers for the node-link graph, you can toggle between them. They both show a version of variability over time (more red = more variable port usage). Treemap shows subnet addressing again but colors a green heat map based on # of diff ports each machine uses. Size based on # of packets they send. Snapshot - can be posted and viewed without logging in: https://visitrend.com/cyber/snapshot/snap.html?543acebce4b0e3434852f722 Finally, a great mentor and visionary pioneer of InfoVis named Matt Ward passed away last weekend. He wrote the most recent, comprehensive infovis book with some other really big guys in the field including Keim and Grinnel. Here’s a link to the book: http://www.idvbook.com/ Data Science Headlines Data science can't be point and click http://simplystatistics.org/2014/10/09/data-science-cant-be-point-and-click/ In-depth introduction to machine learning in 15 hours of expert videos http://www.dataschool.io/15-hours-of-expert-machine-learning-videos/ Data Playlists http://schoolofdata.org/2014/09/25/data-playlists/ Running RStudio via Docker in the Cloud http://www.magesblog.com/2014/09/running-rstudio-via-docker-in-cloud.html Building a DGA Classsifier (in R) - Parts 1-3 http://datadrivensecurity.info/blog/posts/2014/Sep/dga-part1/ http://datadrivensecurity.info/blog/posts/2014/Oct/dga-part2/ http://datadrivensecurity.info/blog/posts/2014/Oct/dga-part3/

Episode 9 In this episode, Jay & Bob have a late night conversation with Mike Sconzo from Click Security about what got him into security data science along with a great discussion about machine learning and round out the show with a data science internet roundup Mike Sconzo - @sooshie https://twitter.com/sooshie B-Sides Machine Learning http://www.irongeek.com/i.php?page=videos/bsideslasvegas2014/gt03-clusterf-ck-actionable-intelligence-from-machine-learning-mike-sconzo Click Security https://www.clicksecurity.com/ Data Hacking http://clicksecurity.github.io/data_hacking/ Data science: how is it different to statistics? - IMS Bulletin http://bulletin.imstat.org/2014/09/data-science-how-is-it-different-to-statistics%E2%80%89/ The Importance Of 'Janitorial Work’ In Research - Data Science L.A. blog http://datascience.la/the-importance-of-janitorial-work-in-research/ Building a Spam filter with R - ThinkToStart http://thinktostart.com/build-a-spam-filter-with-r/ 10 FREE Resources to Learn Statistics - Marketing Distillery http://www.marketingdistillery.com/2014/09/06/10-free-resources-to-learn-statistics/ Predictive Analytics Primer - HBR http://blogs.hbr.org/2014/09/a-predictive-analytics-primer/ GitHut - Carlo Zapponi http://githut.info/

Episode 8 In this episode, Jay & Bob invite “The Gang” - Russell Thomas, Michael Roytman & Alex Pinto - back on to see what they’ve been up to since January, including recent talks and research projects, plus give a sneak peak into SIRAcon 2014 where they’ll all be presenting! Resources / people featured in the episode: Michael Roytman - @mroytman - http://twitter.com/mroytman The Power Law of Information Michael Roytman http://www.irongeek.com/i.php?page=videos/bsideslasvegas2014/gt00-the-power-law-of-information-michael-roytman Alex Pinto - @alexcpsec - http://twitter.com/alexcpsec UMeasuring the IQ of your Threat Intelligence feeds - http://www.irongeek.com/i.php?page=videos/bsideslasvegas2014/gt01-measuring-the-iq-of-your-threat-intelligence-feeds-alex-pinto-kyle-maxwell Secure Because Math - http://www.slideshare.net/AlexandrePinto10/secure-because-math-a-deepdive-on-machine-learningbased-monitoring-securebecausemath Russell Thomas - @mrmeritology - http://twitter.com/mrmeritology 10 Dimensions of Security Performance for Agility & Rapid Learning - http://www.rsaconference.com/writable/presentations/file_upload/str-w03a-10-dimensions-of-security-performance-v2.pdf The dynamics of correlated novelties - http://www.nature.com/srep/2014/140731/srep05890/full/srep05890.html See The Gang at SIRAcon 2014 - http://societyinforisk.org/

Episode 7 In this episode, Jay & Bob enter the echo chamber with Andrew Hay and Thibault Reuille of OpenDNS to talk about their new security data analysis/visualization tool - OpenGraphiti - being announced at BlackHat. Listen in to learn about how graph analysis can take your security practice to a whole other dimension. Resources / people featured in the episode: BlackHat TALK https://www.blackhat.com/us-14/speakers/Thibault-Reuille.html https://www.blackhat.com/us-14/briefings.html#unveiling-the-open-source-visualization-engine-for-busy-hackers OpenDNS http://www.opendns.com/ https://twitter.com/opendns Thibault Reuille https://twitter.com/ThibaultReuille Andrew Hay https://twitter.com/andrewsmhay Skyler Hawthorne https://twitter.com/dead10ck OpenGraphiti http://labs.opendns.com/2014/08/05/opengraphiti-open-source-data-visualization-3d-engine-busy-hackers/ http://www.opengraphiti.com/ https://github.com/opendns/dataviz NetworkX https://networkx.github.io/ igraph http://igraph.org/index.html Gehphi http://gephi.github.io/ Neo4j http://www.neo4j.org/ Coursera https://www.coursera.org/

Episode 6 In this episode, Jay & Bob have a late-night chat with Stephen Boyer, CTO of BitSight about discerning information about the security health of an organization solely through what can be publicly observed and the tools & infrastructure such an undertaking requires. You'll also hear Stephen's thoughts on reproducible security research, what he looks for in a data scientist and how to communicate results clearly & effectively. Resources / people featured in the episode: Stephen's Twitter Handle (@swboyer) BitSight - http://bitsighttech.com/ BitSight Insights - Most recent report - http://info.bitsighttech.com/bitsight-insights-industry-security-ratings-vol-4-blog Python https://www.python.org/ IPython http://ipython.org/ Data breach notifications BitSight post. They are tracking the legal side pretty closely and reference some work where we published FOIA results in healthcare. http://blog.bitsighttech.com/an-update-on-data-breach-notification Info about reproducible research http://reproducibleresearch.net/

Episode 5 In this episode, Jay & Bob sit down with David Severski, Manager of the Information Security program at Seattle Children's Hospital to talk about the challenges & rewards of building a data-driven security program from the ground up. Along the way, they cover education, tools, engaging the community and what lies ahead for data-driven security. Resources / people featured in the episode: David Severski's Blog - http://blog.severski.net/ Building a Log Analysis Pipeline (David's "ELK" talk) - http://www.slideshare.net/davidski1/building-a-log-analysis-pipeline Coursera - https://www.coursera.org/ - (MOOC with many data analysis courses) UW Certificate in Data Science - http://www.pce.uw.edu/certificates/data-science.html - You will be equipped with the fundamental tools, techniques and practical experience to acquire valuable insights from data sets at any scale – from gigabytes to petabytes. The Phoenix Project http://www.amazon.com/The-Phoenix-Project-Helping-Business/dp/0988262592 Rich Mogull - https://twitter.com/rmogull Andrew Hay - http://www.andrewhay.ca/ Chef, Puppet, Vagrant - http://www.reddit.com/r/sysadmin/comments/1yj0y1/how_should_i_choose_between_puppet_chef_and/

Episode 4 In this episode Bob & Jay talk with Kymberlee Price - http://twitter.com/kym_possible - @kym_possible - about her work with vulnerability data at BlackBerry and her real-life superheroic philanthropic work. One Spark Foundation - http://www.1spark.net/ (their Facebook page is more active https://www.facebook.com/onesparkcanstartafire) Help Aidan Love Fight Cancer - http://www.gofundme.com/6go95w Beading Divas (Greyhound and general animal welfare advocates) - https://greyhoundinjuryfund.wordpress.com/category/beading-divas-to-the-rescue/ Project Genesis (advocacy and support for victims of human trafficking, Seattle has the third highest rate of underage sex trafficking in the US) - http://gpseattle.net/ Homeless shelters - no specific link - I mentioned the Seattle Tent City, but there are countless organizations in local communities worldwide that can use your help to prevent homelessness, and help those who are homeless. Beading Divas (Greyhound and general animal welfare advocates) - https://greyhoundinjuryfund.wordpress.com/category/beading-divas-to-the-rescue/ Spots & Stripes Exotic Cat Sanctuary - http://www.ssbcr.com/ (their facebook page https://www.facebook.com/spotsandstripesbengalcatrescue is more active and informational than their website) Hackers for Charity - http://www.hackersforcharity.org/ Johnny is such an amazing guy, I'm honored to call him my friend. He would tell you he isn't a superhero either. That is one of the things I love about all my inspirational friends. None of them do this for their ego or to promote their self image/social standing. They do it because they believe it is the right thing to do, and it makes them feel good to know they have made a difference for another person (or animal). DataKind - http://www.datakind.org/

Episode 3 METRICON 9/RSA 2014 EDITION! In this episode Bob & Jay debrief from their exploits in San Francisco, including an in-depth look at the happenings at METRICON 9 and showcasing some the data-driven companies on the RSA show floor. They also discuss some recent blog posts and give a preview of upcoming podcast guests. Resources / people featured in the episode: METRICON 9 Agenda http://datadrivensecurity.info/blog/posts/2014/Feb/metricon-9-final-program-agenda/ METRICON 9 - Storified http://datadrivensecurity.info/blog/posts/2014/Mar/metricon-9-storified/ Kymberlee Price https://twitter.com/Kym_Possible Michael Roytman https://twitter.com/mroytman Paper by Roytman and Geer https://www.usenix.org/system/files/login/articles/14_geer-online_0.pdf Adopting A Real-Time, Data-Driven Security Practice https://www.risk.io/data-driven-security Stephen Boyer https://twitter.com/swboyer Christophe Huygens http://people.cs.kuleuven.be/~christophe.huygens/ Geoffrey Hill https://www.linkedin.com/pub/geoffrey-hill/0/7bb/61b Katherine Brocklehurst http://www.tripwire.com/state-of-security/contributors/katherine-brocklehurst/ Russell Thomas http://exploringpossibilityspace.blogspot.com/ Patrick Florer http://www.riskcentricsecurity.com/AnalysisCenter/ ClickSecurity (Data Hacking) http://clicksecurity.github.io/data_hacking/ AlienVault / Jaime Blasco http://www.alienvault.com/who-we-are/team/jaime-blasco VisiTrend / Dr. John T Langton http://www.visitrend.com/

In this episode of the Data Driven Security Podcast, Bob and Jay review the DDS coverage of Harvard's "Weathering the Data Storm" symposium including some specific focus on the IPython talk by Fernando Pérez, Cynthia Rudin's "Manhole Event" paper and the pretty consistent theme of "need to prove your models in little data before driving them to scale". Then, they execute a whirlwind review of recent blog posts, give a preview of an upcoming talk at RSA by Jay & Wade Baker, plus give a preview of upcoming DDS blog and podcast topics. NOTE: An enhanced, video version of Episode 2 is available on YouTube: http://youtu.be/U5fus3hMM18 Resources mentioned in this episode: Weathering the Data Storm symposium http://computefest.seas.harvard.edu/data-storm DDS Tweetscription of the symposium with links to resources covered in the talks http://datadrivensecurity.info/blog/posts/2014/Jan/weathering-the-data-storm/ openPERT https://code.google.com/p/openpert/ The new DDS Data Set Collection http://datadrivensecurity.info/blog/pages/dds-dataset-collection.html DDS' new short domain http://dds.ec/ Review of recent DDS blog posts http://datadrivensecurity.info/blog/archives.html SolvoMediocris - "FAIR"-like risk analysis tools built by DDS http://shiny.dds.ec/solvomediocris Jay & Bob's ZeroAccess collaboration http://rud.is/b/?s=zeroaccess More ZeroAccess machinations http://www.verizonenterprise.com/security/blog/index.xml?postid=1603 Facebook/Princeton Article with mixed ggplot and Excel graphics https://www.facebook.com/notes/mike-develin/debunking-princeton/10151947421191849

Episode 1 brings three pre-eminent security data scientists : Alex Pinto, Michael Roytman & Russ Thomas : onto the show to discuss all things surrounding “security data science”