itrainsec debuts automated intelligence analysis training
Cyber security training company itrainsec, has introduced automated intelligence analysis training, to teach attendees how to apply interpretable machine learning to threat intelligence.
Ero Carrera, a senior software engineer at Google’s Threat Analysis Group (TAG), and trainer of this course, says threat intelligence automation is critical, as it aims to help scale and to reduce “noise”.
“The goal of threat-intelligence automation is to encode, in as much as it is possible, the knowledge and reasoning of human analyst to be able to apply it consistently at scale,” he adds.
“Humans get tired and don’t scale well. Encoding their knowledge enables a team to develop a base-line of their knowledge, which may be simple, but allows automation to use that base-line to take care of the low-hanging fruit, and free analysts to focus their efforts on the more complex and interesting areas of threat-intelligence, those for which no automation exists yet.”
He says over time, those will be automated too and the analysts can keep always working at the cutting edge, evolving their skills and reacting to more advance threats.
Too much for humans
Speaking of why itrainsec developed this course, Carrera says the skyrocketing number of threats and the data available to track them, cannot be managed by people alone. “It’s unfeasible for humans to consider and judge millions of data points. Large organisations also face the challenge of tracking the wide range of bad actors out there, from the criminal to the state-sponsored. They are diverse and abundant.”
The development of modern machine learning and data analysis pipelines have also opened the door for these tools to be enlisted to help threat-intelligence, he says.
During the course, delegates we will learn how to decide whether ML is an adequate solution for every stage of the threat-intel workflow and, if so, develop an intuition as to which algorithms within ML help the most.
“Driven by the participants’ needs and interests, areas we will focus on include reverse engineering automation and extraction of intelligence from malware feeds, fusing and aggregating intelligence from reports and produced in-house, decision making with uncertain intelligence.”
Bridging the gap
Ultimately, the course helps bridge the gap between the data-science experts wishing to go deeper on threat-intelligence domain-expertise and, on the other hand, threat intelligence professionals that want to dabble in data-science, he adds.
Trainees attending the course will see the value of automation, gain an understanding of some of the plethora of tools available to help them and their teams to classify and rank threat-intelligence, from malware to indicators, to intelligence reports.
“From machine learning to statistical tools, we will see practical applications of these in a variety of threat-intelligence tasks,” Carrera adds.
Their organisations will benefit too, by gaining faster, higher-quality, more reliable intelligence, and the expertise needed to respond to the threats affecting them and their industry.
Anyone interested in attending the course, or learning more, can click here.