The history of hacking shows that bad actors use good technologies for bad purposes.  Machine learning is no different: it has never been easier for white hats and black hats to obtain and learn the tools of the machine learning trade. Software is readily available at little or no cost, and machine learning tutorials are just as easy to obtain.

Last month's ICIT Winter Summit hosted a packed house of cybersecurity thought leaders from the industry and the public sector. The summit convened with an opening keynote on Securing the Cyber Frontline from Brigadier General (Ret.) Greg Touhill, former Federal CISO.

We all know that the Internet of Things (IoT) is here. But IT professionals responsible for enterprise communications networks aren’t exactly sure where IoT resides on their networks or whether these devices are secured. Rogue devices are everywhere (although not all are out to steal the blueprints to the Death Star) but according to a survey sponsored by ForeScout Technologies, only 30% are confident that they know what IoT devices are on their network.

Late last year, the government’s Commission on Enhancing National Cybersecurity published a detailed report, at President Obama’s request, to provide short- and long-term recommendations to strengthen cybersecurity in the public and private sector (you can read the full report on the NIST website).

The concepts of threat hunting and threat intelligence went mainstream in 2016 bringing with it a whole new paradigm to threat mitigation and cybersecurity. But what is threat hunting and what use cases does it serve?

On the same day that U.S. intelligence agencies issued a non-classified report citing that Russian state-sponsored influence campaigns sought to “undermine public faith in the U.S. democratic process…” using a blend of covert activity (such as cyber activity) with overt efforts (state-funded media, paid trolls, etc.) the Department of Homeland Security took steps to protect the bedrock of our voting system – the nation’s election infrastructure.

Got breach fatigue yet? Yes, it’s been another bad year for computer security. 2016 saw the announcement of the biggest breach ever – the Myspace hack. But, that was quickly eclipsed by the September Yahoo data breach which resulted in the exfiltration of extensive account information, included passwords, from 500 million users.

The OPM breach of 2014/2015, the largest government cybersecurity breach in history, was easily preventable. That’s according to a report released by The House Committee on Oversight and Government Reform published on September 7^th, 2016.

The report, titled: “How the Government Jeopardized Our National Security for More than a Generation” urges federal CIOs to act:

When your agency detects a network attack, you need to act fast to understand what’s going on. But getting the insights and analytics you need takes time and often doesn’t trace threats back to the source.

Security Information Event Management (SIEM) tools have been around for quite some time. SIEMs are great for aggregating log files, parsing them, and using real-time correlation rules to spot security incidents. But more advanced incidents can evade detection by your SIEM. Finding those evasive threats becomes a lot easier if you employ threat hunting.