Adam Hoffman, Walmart
Threat hunting is the cybersecurity practice of proactively searching for malicious activity within an environment. With the arrival of newer technologies and techniques such as machine learning (ML), these tools help cybersecurity teams to effectively examine broad areas of data by providing metrics for particular datasets. This paper explores the utility of having multiple ML scores generated by separate models against a sanitized subset of data. Utilizing dashboards of the scores provides different perspectives of the same dataset. A low score in one model may very well be a high score in another. This ability allows threat hunters to approach the data through different perspectives and to raise awareness of unique data points that might have otherwise been ignored. Our findings indicate that the greatest utility this approach offers for threat hunting is not in its summative approach of scoring all the data but in its discriminant ability of comparing the different models scores.
Speaker's Biography
Adam Hoffman is a Technical Expert on the UEBA Cybersecurity team with over 12 combined years at Walmart. He has extensive experience in various facets of data analysis including database management, data visualization using various tools/languages, data engineering, and practical machine learning solutions. Adam is known for having the self-discipline to continuously learn and a passion of applying Data Science methodologies within the Security Operation Center and Incident Response domains. He has made a considerable impact that has enabled faster and more agile responses to threats. Adam has received formal recognition at Walmart for his accomplishments including the Making a Difference Award and the Star Award. He holds a Bachelor of Science degree in Marketing Management from the University of Arkansas.