This presentation will describe ANZ’s journey in using data science and machine learning to detect advanced persistent threats. Initially, the bank ingested two datasets (Netflow and DNS) and ran this through a machine learning algorithm. The journey then moved to concentrating on usability for SOC analysts. The program is now looking at the correlation of weak signals from a range of sources.
Learning Objectives: 1: Learn lessons from firsthand experience in implementing machine learning for security. 2: Understand how to adapt priorities as an organisation learns. 3: Understand the importance of aligning SOC priorities and usability with project goals.