Filter by Interest

Anomaly Detection in Elasticsearch 101: Unstructured Data

My blog series on anomaly detection in Elasticsearch continues with this third installment - finding anomalies in unstructured data by first bringing structure via dynamic categorization from machine learning.

Read More
Anomaly Detection in Elasticsearch 101: Metric Deviations

In the first blog of this series, we discussed how to detect changes in event rates. This, the second blog, focuses on detecting unusual temporal changes in metric values.

Read More
Anomaly Detection in Elasticsearch 101: Event Count Change Detection

I’m kicking off a multi-part series of blogs around effective anomaly detection for data in Elasticsearch. These will cover the basics around several different kinds of fundamental use cases and data types. The first in the series is this article: Event Count Change Detection.

Read More
Star Wars X – Attack of the DROWNs: Machine Learning-based Anomaly Detection Finds the DROWN SSLv2 Vulnerability

If you are working in the security space, you’ve probably heard of the recent critical DROWN Vulnerability (CVE-2016-0800,CVE-2016-0703) reported last month, which can be used by attackers to decrypt both passively eavesdropped and MITM-proxied TLS sessions putting millions of HTTPS/OpenSSL-secured sites at risk [1,6].

What’s interesting about this latest high-impact vulnerability is that it leverages a combination of protocols and misconfiguration of a target server, not a specific software security flaw as many vulnerabilities do, affecting a significant number of HTTPS, SMTP, SMTPS, IMAP, IMAPS, POP3, and POP3S servers supporting SSLv2.

According to the paper describing the DROWN vulnerability, approximately 11.5 million (33%) of all HTTPS servers (general version of the attack) / 26% of all HTTPS servers (special version of attack, fast enough to decrypt premaster online during a connection handshake) are affected by this vulnerability.

Read More
Java 8 and Virtual Memory on Linux

The -Xmx option can be used to tell a JVM the maximum heap size it’s allowed to use.  The “top” command on Linux can report current resource usage for running processes.  But if the JVM really is respecting the maximum heap size specified by the -Xmx option, how come the virtual memory usage reported by “top” is so high?

Read More
7 Reasons to Deploy Retail Order Analytics

The retail analytics market is growing almost as fast as the retail market itself. In fact, a recent study by Reportlinker estimates that the retail analytics market will grow from $2.2 billion in 2015 to $5.1 billion in 2020. The report finds that the factors driving this growth include the rise in retail data volumes, types and accumulation, as well as demand for omnichannel insights.

However, most retailers have not yet deployed analytics solutions at scale, and most who have are still in the early stages of deployment. That means it’s not too late to get started, and you still have a huge opportunity to gain an edge on your competitors using data. In fact, it’s never too late to get a competitive edge from your data.

To accomplish this, you will want to start at the top, using analytics to first detect revenue-impacting events, including operational issues such as a broken checkout button or internal process interruptions, business issues such as rapid consumer behavior changes, or even Internet infrastructure issues, as quickly as possible. We’ll refer to this subset of retail analytics as Retail Order Analytics. Below, we’ll explain how automated machine learning has proven itself to be the preferred technology for companies who want to stay competitive in today’s eCommerce landscape, and we’ll highlight some of the key mathematical challenges involved in accurately analyzing retail operations data to detect revenue-impacting events. Below, we share seven reasons to deploy retail order analytics and some key factors you should consider before deciding on any retail analytics solution:

Read More
Machine Learning Is Cybersecurity’s Answer to Detecting Advanced Breaches

As originally published by insideBIGDATA

For forward-thinking organizations, advanced security analytics powered by machine learning is more than just a pipe dream: it’s an absolutely necessary component to identifying security issues early. This is especially critical when you consider what’s at stake. If the recent high-profile breaches have taught us anything, it’s that no organization is immune to an attack, even those that don’t specifically deal with monetized data.

Read More
Stop By: We’re at 2600 South at RSA 2016

It seems like every year the threat landscape expands—and RSA, arguably the most well-known cybersecurity conference in the world, keeps growing right along with it. This year we’re thrilled to be participating in everything from product demos to a social “pub crawl.” If you’re going to be at RSA this week, we’d love to meet you, learn about your security plans for 2016 and show you what’s under the hood of Prelert’s rapidly evolving behavioral analytics platform.

Read More
Detecting Malware-Free Intrusions and Advanced Cyber Threats with Anomaly Detection and "Behavioral MD5" of Endpoint Processes

Detecting changes in endpoint process behavior over time can be a valuable detection method for modern endpoint security. This is because many attackers nowadays prefer to use native tools ditching malicious implants completely until much later in the attack lifecycle to lose, as they say, “security detection weight” by going on a “malware-free diet."

On Windows systems, for example, the native tools often used by attackers may include powershell, cscript, wmic, winrs, and others. Attacks typically use the tools for covert operations as much as possible leveraging legitimate remote access solutions for entry and valid system administrator tools for lateral movement following the living-off-the-land approach [1].

Detection of such process behavior changes is not an easy problem to solve, but there are things you, as a security expert, can do, and, Machine learning (ML) can be an effective tool in your arsenal by allowing you to augment your capabilities with a brigade of what can be viewed as "algorithmic assistants" to help you automate the analysis of data by looking for helpful anomalies and patterns in the data that can indicate malicious activity.

Read More
Prelert Behavioral Analytics Extends Capabilities to the Elastic Stack

It's an exciting time at Prelert as we announce our newest product, Behavioral Analytics for the Elastic Stack. At Prelert we've always believed in bringing our analytics to where the data is, avoiding the hassle and expense of overcoming data gravity, and this new product release continues that tradition.

Read More


Why All IT Security Professionals Should Be Using Anomaly Detection Software



Security Analytics: Machine Learning Anomaly Detection