data science atl meetup - risk i/o security data science
DESCRIPTION
This is a talk about data science operations and the applications of Risk I/Os insights to the security industry - how we went about mining insights from our large datasetTRANSCRIPT
![Page 1: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/1.jpg)
What Your Security Data Isn’t
Telling You
@mroytman
![Page 2: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/2.jpg)
Michael RoytmanData Scientist, Risk I/OM.S. Operations Research, Georgia Tech
![Page 3: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/3.jpg)
PART 1: !
DATA SCI OPS: !
LESS IS MORE !
![Page 4: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/4.jpg)
LESS TOOLS
LESS DATALESS MODEL COMPLEXITY
MORE IMPACT
LESS DATA SCIENTISTS
![Page 5: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/5.jpg)
SAY “BIG DATA”
ONE MORE TIME
![Page 6: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/6.jpg)
EVERYONE IS A DATA SCIENTIST
![Page 7: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/7.jpg)
![Page 8: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/8.jpg)
TAKE ONLY WHAT YOU NEED
![Page 9: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/9.jpg)
PART 2: !
FIX WHAT MATTERS
![Page 10: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/10.jpg)
Remove the Threat
RemediationAccept the Risk
Repair the Vulnerability
![Page 11: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/11.jpg)
“It is a capital mistake to theorize before one has data.
!
!
!
!
Insensibly, one begins to twist facts to suit theories, instead of
theories to suit facts.”
![Page 12: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/12.jpg)
C(ommon) V(ulnerability) S(coring) S(ystem)
“CVSS is designed to rank information system vulnerabilities”
Exploitability/Temporal (Likelihood)
Impact/Environmental (Severity)
The Good: Open, Standardized Scores
![Page 13: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/13.jpg)
FAIL 1: A Priori Modeling“Following up my previous email, I have tweaked my equation to try to achieve better separation between adjacent scores and to have CCC have a perfect (storm) 10 score...There is probably a way to optimize the problem numerically, but doing trial and error gives one plausible set of parameters...except that the scores of 9.21 and 9.54 are still too close together. I can adjust x.3 and x.7 to get a better separation . . .”
![Page 14: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/14.jpg)
2: Data FundamentalismSince 2006 Vulnerabilities have declined by 26 percent.” http://csrc.nist.gov/groups/SNS/rbac/documents/vulnerability-trends10.pdf !
!
The total number of vulnerabilities in 2013 is up 16 percent so far when compared to what we saw in the same time period in 2012. ” http://www.symantec.com/content/en/us/enterprise/other_resources/b-intelligence_report_06-2013.en-us.pdf
![Page 15: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/15.jpg)
3: Attackers Change Tactics Daily
![Page 16: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/16.jpg)
![Page 17: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/17.jpg)
![Page 18: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/18.jpg)
![Page 19: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/19.jpg)
![Page 20: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/20.jpg)
![Page 21: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/21.jpg)
![Page 22: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/22.jpg)
Repair the Vulnerability
![Page 23: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/23.jpg)
I Love It When You Call Me Big Data50,000,000 Live Vulnerabilities
1,500,000 Assets
2,000 Organizations
![Page 24: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/24.jpg)
I Love It When You Call Me Big Data
15,000,000 Breaches
![Page 25: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/25.jpg)
![Page 26: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/26.jpg)
![Page 27: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/27.jpg)
Baseline AllthethingsProbability (You Will Be Breached On A Particular Open Vulnerability)?
=(Open Vulnerabilities | Breaches Occurred On Their CVE) /(Total Open Vulnerabilities)
2%
![Page 28: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/28.jpg)
Probability A Vuln Having Property X Has Observed Breaches
RANDOM VULN
CVSS 10
CVSS 9
CVSS 8
CVSS 6
CVSS 7
CVSS 5
CVSS 4
Has Patch
0.000 0.010 0.020 0.030 0.040
![Page 29: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/29.jpg)
![Page 30: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/30.jpg)
Counterterrorism
Known Groups
Surveillance
Threat Intel, Analysts
Targets, Layouts
Past Incidents, Close Calls
![Page 31: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/31.jpg)
![Page 32: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/32.jpg)
Uh, Sports?
Opposing Teams, Specific Players
Gameplay
Scouting Reports, Gametape
Roster, Player Skills
Learning from Losing
![Page 33: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/33.jpg)
Defend Like You’ve Done It Before
Groups, Motivations
Exploits
Vulnerability Definitions
Asset Topology, Actual Vulns on System
Learning from Breaches
![Page 34: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/34.jpg)
Probability A Vuln Having Property X Has Observed Breaches
Random Vuln
CVSS 10
Exploit DB
Metasploit
MSP+EDB
0.0 0.1 0.2 0.2 0.3
![Page 35: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/35.jpg)
![Page 36: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/36.jpg)
Data is Everything and Everything is DataSpray and Pray = 2%
CVSS 10 = 4%
Metasploit and Exploit DB = 30%
![Page 37: Data Science ATL Meetup - Risk I/O Security Data Science](https://reader038.vdocuments.us/reader038/viewer/2022103016/553acff155034657228b45eb/html5/thumbnails/37.jpg)
www.risk.io/jobs
@mroytman
THANKS!