BSidesSF 2018

Proper data modeling is probably the most underrated aspect of security data analysis. Our addiction to logs and string pattern matching as a primary source of knowledge have painted the security industry practitioners into a corner. The data never tells the full story, and the path to discovery is laborious and painful.

We'll discover how graph based ontologies can help consolidate all relevant information across technical verticals, model expert knowledge, and serve as a single source of knowledge. We'll discuss how semantic reasoning can revolutionize low-level data analysis and reduce 'zombie workflows' by automatically drawing hard logical conclusions the same way a human analyst does. And lastly, we'll touch on how Bayes belief networks can help trace cause and effect in events reported by common monitoring and detection tools, establishing chains of events.