Share Blog Post
- Cyware Fusion and Threat Response (CFTR) uses ML for assessing incident data to assign the right personnel for handling it effectively.
- CFTR analyzes large quantities of data to discern patterns or anomalies using ML-based pattern recognition and behavioral mapping techniques to aid key security operations.
- With the help of ML, CFTR also automates areas that require tremendous human effort.
- The Incident data analyzed by the ML pipeline includes fields such as Incident ID, Incident Type, Severity, Assigned To, Creation Date, Attack Tactics, Attack Techniques, BU Impacted, Locations Impacted, Malware, Sources, Threat Actors, and All IOCs.
- The Incident Ownership data includes fields such as Incident ID, Assigned Analyst, Incident Status, Creation Date, and Incident Phase.
- To build the ML model, the data is first pre-processed using Synthetic Minority Oversampling Technique (SMOTE) to fix the class imbalance in data.
- XGBoost - XGBoost is a decision tree-based ensemble ML model that uses a gradient-boosting framework.
- GBTe - The GBTe algorithm is a variant of gradient boosting, where one decision tree helps correct errors made by a previously trained tree.
- Random Forest - Random Forests (or Random Decision Forests) is a supervised learning algorithm that consists of a large number of individual decision trees that operate as an ensemble.
- Quadratic Discriminant Analysis (QDA) - QDA is a variant of Linear Discriminant Analysis (LDA), a classification and dimensionality reduction technique for non-linear separation of data.
- Decision Tree Classifier - Decision tree classifiers are a systematic approach to build classification models from an input data set.
- Adaboost Classifier - Adaboost is a boosting technique that combines multiple weak classifiers to build a strong classifier that can accurately predict the class of an object.
- Support Vector Machine (SVM) - SVM is a supervised ML algorithm that can be used for both classification or regression purposes.
- At the end of this automated process, CFTR generates a hybrid ML model that is highly accurate and suitable for your organization.
- The ML model can be deployed as a microservice on the cloud or on-premise deployment models.
- CFTR simplifies this process by automatically suggesting the best-suited analysts by analyzing historic Incident data, Incident ownership details, and Analyst Shift Roster using self-trained ML models.
- The highly accurate ML models are automated right from the collection of data to turning them into useful analyst assignment suggestions.
Posted on: October 23, 2020
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...