## Unsupervised: Prelert's Machine Learning Blog

### Filter by Interest

If you are working in the security space, you’ve probably heard of the recent critical DROWN Vulnerability (CVE-2016-0800,CVE-2016-0703) reported last month, which can be used by attackers to decrypt both passively eavesdropped and MITM-proxied TLS sessions putting millions of HTTPS/OpenSSL-secured sites at risk [1,6].

What’s interesting about this latest high-impact vulnerability is that it leverages a combination of protocols and misconfiguration of a target server, not a specific software security flaw as many vulnerabilities do, affecting a significant number of HTTPS, SMTP, SMTPS, IMAP, IMAPS, POP3, and POP3S servers supporting SSLv2.

According to the paper describing the DROWN vulnerability, approximately 11.5 million (33%) of all HTTPS servers (general version of the attack) / 26% of all HTTPS servers (special version of attack, fast enough to decrypt premaster online during a connection handshake) are affected by this vulnerability.

The -Xmx option can be used to tell a JVM the maximum heap size it’s allowed to use.  The “top” command on Linux can report current resource usage for running processes.  But if the JVM really is respecting the maximum heap size specified by the -Xmx option, how come the virtual memory usage reported by “top” is so high?

The retail analytics market is growing almost as fast as the retail market itself. In fact, a recent study by Reportlinker estimates that the retail analytics market will grow from $2.2 billion in 2015 to$5.1 billion in 2020. The report finds that the factors driving this growth include the rise in retail data volumes, types and accumulation, as well as demand for omnichannel insights.

However, most retailers have not yet deployed analytics solutions at scale, and most who have are still in the early stages of deployment. That means it’s not too late to get started, and you still have a huge opportunity to gain an edge on your competitors using data. In fact, it’s never too late to get a competitive edge from your data.

To accomplish this, you will want to start at the top, using analytics to first detect revenue-impacting events, including operational issues such as a broken checkout button or internal process interruptions, business issues such as rapid consumer behavior changes, or even Internet infrastructure issues, as quickly as possible. We’ll refer to this subset of retail analytics as Retail Order Analytics. Below, we’ll explain how automated machine learning has proven itself to be the preferred technology for companies who want to stay competitive in today’s eCommerce landscape, and we’ll highlight some of the key mathematical challenges involved in accurately analyzing retail operations data to detect revenue-impacting events. Below, we share seven reasons to deploy retail order analytics and some key factors you should consider before deciding on any retail analytics solution:

For forward-thinking organizations, advanced security analytics powered by machine learning is more than just a pipe dream: it’s an absolutely necessary component to identifying security issues early. This is especially critical when you consider what’s at stake. If the recent high-profile breaches have taught us anything, it’s that no organization is immune to an attack, even those that don’t specifically deal with monetized data.

It seems like every year the threat landscape expands—and RSA, arguably the most well-known cybersecurity conference in the world, keeps growing right along with it. This year we’re thrilled to be participating in everything from product demos to a social “pub crawl.” If you’re going to be at RSA this week, we’d love to meet you, learn about your security plans for 2016 and show you what’s under the hood of Prelert’s rapidly evolving behavioral analytics platform.

Detecting changes in endpoint process behavior over time can be a valuable detection method for modern endpoint security. This is because many attackers nowadays prefer to use native tools ditching malicious implants completely until much later in the attack lifecycle to lose, as they say, “security detection weight” by going on a “malware-free diet."

On Windows systems, for example, the native tools often used by attackers may include powershell, cscript, wmic, winrs, and others. Attacks typically use the tools for covert operations as much as possible leveraging legitimate remote access solutions for entry and valid system administrator tools for lateral movement following the living-off-the-land approach [1].

Detection of such process behavior changes is not an easy problem to solve, but there are things you, as a security expert, can do, and, Machine learning (ML) can be an effective tool in your arsenal by allowing you to augment your capabilities with a brigade of what can be viewed as "algorithmic assistants" to help you automate the analysis of data by looking for helpful anomalies and patterns in the data that can indicate malicious activity.

It's an exciting time at Prelert as we announce our newest product, Behavioral Analytics for the Elastic Stack. At Prelert we've always believed in bringing our analytics to where the data is, avoiding the hassle and expense of overcoming data gravity, and this new product release continues that tradition.

Whether you’re a big-box retailer or a direct-to-consumer manufacturer selling your wares online, eCommerce is big business in 2016. No matter which online business model you employ, you can’t afford to let operational hiccups affect your online revenue streams. That’s why we created a solution tailored to eCommerce that helps online and multichannel retailers identify technical and operational issues as they crop up, preventing major losses and protecting revenue.

Although we’re officially announcing our Retail Order Analytics solution today, the technology is already being used by several major online retailers to improve digital commerce efficiency. Our Retail Order Analytics solution automates analysis of metrics such as:

Guided by an organization's internal security experts,'algorithmic assistants' provide a powerful new way to find anomalies and patterns for detecting cyberthreat activity.

Machine learning has a perception problem. I recently met with a public company CEO who told me that "machine learning" has become an overused buzzword just like "big data" was a few years ago. Only it's even worse with machine learning because no one really understands what it means.

In the most common misperception, machine learning is thought to be a magic box of algorithms that you let loose on your data and they start producing nuggets of brilliant insight for you. If you apply this misperception to the use of machine learning for cybersecurity, you might think that after deploying machine learning, your security experts will be out of a job since algorithms will be doing all their important threat detection and prevention work.

An important aspect of time series data is temporal correlation. In particular, the relationships between time series values frequently vary with their separation in time. It is often convenient when modeling time series to imagine decomposing these relationships into say a deterministic component, a smooth function of time, and a stochastic component. This deterministic component, or trend, will itself often be further decomposed into one or more periodic components and a long-term trend.