« back

NOTE: The room has been updated!

Guest Lecture: Streaming in the Real-World: Cyber security event correlation and triage (Carolyn Duby)

When: Tuesday, Mar. 3, 9:30 a.m.
Where: MUG 205 at the Mugar Memorial Library.

abstract

Log monitoring is a key aspect of recognizing and responding to cyber security incidents. In larger organizations terabytes of textual security device and applications logs arrive each day in hundreds of different raw text formats. Analysts can only examine a small percentage of the logs but which logs should they investigate? Flagging too many logs as alerts overburdens analysts but alerting on too few logs allows hackers to live off the land evading detection.

After this presentation, attendees will be able to:

1. Describe the streaming ingest pipeline required to triage cyber security event logs
2. Explain why streaming is required
3. Detail open source architecture alternatives
4. List the challenges of deploying production grade streaming ingest pipelines

bio

Carolyn Duby is solutions engineer and lead Cybersecurity SME at Cloudera, where she helps customers harness the power of Apache open source platforms to tackle the most challenging streaming event ingestion problems. Previously, she was the architect for cybersecurity event correlation at Secureworks. A subject-matter expert in cybersecurity and data science, Carolyn is an active leader in the community and frequent speaker at Future of Data meetups in Boston, MA, and Providence, RI, and at conferences such as Strata Data Conference, Dataworks Summit, Open Data Science Conference and Day of Shecurity. Carolyn holds an ScB (magna cum laude) and ScM from Brown University, both in computer science. She’s lifelong learner and recently completed the Johns Hopkins University Coursera data science specialization.