BLOG

Reducing Teams’ Burdens–ThreatML w/ Supervised Learning

John Pinkham Miniatura
John Pinkham
Published June 21, 2022

Threat Stack is now F5 Distributed Cloud App Infrastructure Protection (AIP). Start using Distributed Cloud AIP with your team today.

Cybersecurity is known for adding resource burdens to DevSecOps teams. But those burdens can be significantly reduced by the right cloud security solutions. Threat Stack’s RVP of Product and Engineering Chris Ford discusses how ThreatML, now with supervised learning, is reducing both false positives and false negatives in detection. He discusses how machine learning in application infrastructure protection can lead to reducing the burden on teams, while making certain you find the vulnerabilities and threats that you should find. In this snippet from a larger webinar called “Machine Learning Done Right“, he also discusses how using machine learning is automating a lot of the tuning, adding suppressions, and review of alerts in context through detection-in-depth.

 

 

Transcript About Workload Reduction through Supervised Learning

Chris Ford, RVP of Product and Engineering, Threat Stack , about Supervised Learning

“We sought to really create a solution that would meaningfully reduce the number of findings that security teams have to go through. And security teams are under stress.  There are an increasing number of threats, and most security teams are relatively modest in size. So they don’t have a lot of time to spend sifting through findings.  But you have to be willing to generate a finding if there is a real security issue. So we wanted to make sure that our approach was focused on very, very high efficacy; that is, alerting only on things that are real actionable threats, but also making sure that we have proper coverage of known and unknown behaviors.

There are also unknown behaviors, things that you haven’t thought to look for, but should be looking for.  And that’s where machine learning can come into play, particularly anomaly detection using unsupervised learning.

And so it is supervised learning then that really ties together rules and anomaly detection in a nice way, in that you’ve got both of those approaches, and you’re using supervised learning to basically filter the output of both, so that you’re looking for what is predictable: What is it?

At the end of the day, you’re reducing both false positives and false negatives. So you’re reducing the burden on teams and you are finding the things that you should find. And because we’re using machine learning here, then you’re automating a lot of the tuning, adding of suppressions, and review of alerts.”

Learn how ThreatML with supervised learning reduces the burden on DevSecOps teams: contact us today.

Threat Stack is now F5 Distributed Cloud App Infrastructure Protection (AIP). Start using Distributed Cloud AIP with your team today.