Markus DeShonSecurity through Data Fusion: Threat-Driven DetectionThere’s no one right way to develop and enhance your detection & response activities — the best approach for you is probably to start with…Nov 21, 2018Nov 21, 2018
Markus DeShonSecurity through Data Fusion: Incident Response(If you’re new to this series of articles, you might want to start here instead.)May 24, 2018May 24, 2018
Markus DeShonSecurity through Data Fusion: Contextual Intrusion DetectionThe process of writing these articles has clarified my thinking around the terminology of the framework, relating it more closely to…Nov 12, 2017Nov 12, 2017
Markus DeShonSecurity through Data Fusion: Situation AssessmentNow that we’ve covered the more familiar parts of Low-level Data Fusion, I’m sure you’re primarily interested in how to proceed to the…Oct 26, 2017Oct 26, 2017
Markus DeShonSecurity through Data Fusion: Entities →FeaturesIn our data fusion framework, Features are semantically meaningful chunks of data, such as IP Addresses or domain names. We extract them…Oct 15, 20171Oct 15, 20171
Markus DeShonSecurity through Data Fusion: Low-level Data FusionSo far we’ve explored the mainline of analysis up through Entities: Data → Features → Entities. As shown a few times so far, there are…Oct 11, 2017Oct 11, 2017
Markus DeShonSecurity through data fusion: Entity CharacterizationNow that we’ve talked about feature extraction, the next step is Entity Characterization (Features → Entities). We focused on entity…Oct 4, 2017Oct 4, 2017
Markus DeShonSecurity through Data Fusion: Feature extractionAfter Data collection, let’s continue along the analysis mainline through Feature Extraction (Data → Features). I have mentioned that…Oct 1, 2017Oct 1, 2017
Markus DeShonSecurity through Data Fusion: Data collectionIn my last article, I started outlining a framework for security analytics. Now I’d like to focus on the first step in the mainline of…Sep 26, 2017Sep 26, 2017
Markus DeShonSecurity through Data Fusion: constructing an analysis frameworkSince I started working in network security analysis around 2000, I’ve worked on constructing various models of what analysis is. The…Sep 23, 2017Sep 23, 2017