NorthSec 2021

Igor Kozlov

Igor Kozlov received his PhD from McGill University, Canada. He co-authored 9 research articles in 3 different fields, including computational studies of data from the LHC (biggest experiment in human history). Currently he works as a Data Scientist in Cyber Security at Bell Canada. He is always happy to share his passion for everything (data, computer, natural, applied, fundamental) science.

The speaker's profile picture

What is your title?

Data Scientist

What is your company/affiliation(s)?

Bell Canada

Twitter account (full URL)

https://twitter.com/iekozlov

LinkedIn profile (full URL)

https://ca.linkedin.com/in/iekozlov

GitHub account (full URL)

https://github.com/igor-kozlov


Sessions

05-20
18:00
30min
Data Science way to deal with advanced threats.
Igor Kozlov

Is your SOC flooded with False Positives, but you are afraid to raise the rules' thresholds as this will allow advanced attackers to stay under the radar? Are your SOC analysts overwhelmed with the amount of data that they have to go through in order to give initial assessment of a security event?

In this talk we will share Data Science methods that proved successful in addressing the above mentioned challenges in our corporate setup. Specifically, we will go over combining Unsupervised and Supervised Learning (Elastic and Scikit-Learn), advanced visualizations providing "light speed" deep dive into anomalies triage and environment monitoring (Python and Plotly dashboard). We will demonstrate how all this was used to detect distributed credential attacks that stayed under the radar of other solutions while saving time to our analysts.

Incident response
Main stream
05-20
19:10
30min
Detection engineering
Mathieu Saulnier, Igor Kozlov, Jared Atkinson, Carlos aka Plug

Q&A and discussion for the malware block, hosted and moderated by Jared Atkinson. Questions will be gathered from the audience during the four prior talks.

Incident response
Main stream