Reducing Teams’ Burdens–ThreatML w/ Supervised Learning

Chris Ford, RVP of Product and Engineering, Threat Stack , about Supervised Learning

“We sought to really create a solution that would meaningfully reduce the number of findings that security teams have to go through. And security teams are under stress.  There are an increasing number of threats, and most security teams are relatively modest in size. So they don’t have a lot of time to spend sifting through findings.  But you have to be willing to generate a finding if there is a real security issue. So we wanted to make sure that our approach was focused on very, very high efficacy; that is, alerting only on things that are real actionable threats, but also making sure that we have proper coverage of known and unknown behaviors.

There are also unknown behaviors, things that you haven’t thought to look for, but should be looking for.  And that’s where machine learning can come into play, particularly anomaly detection using unsupervised learning.

And so it is supervised learning then that really ties together rules and anomaly detection in a nice way, in that you’ve got both of those approaches, and you’re using supervised learning to basically filter the output of both, so that you’re looking for what is predictable: What is it?

At the end of the day, you’re reducing both false positives and false negatives. So you’re reducing the burden on teams and you are finding the things that you should find. And because we’re using machine learning here, then you’re automating a lot of the tuning, adding of suppressions, and review of alerts.”

Learn how ThreatML with supervised learning reduces the burden on DevSecOps teams: contact us today.