Articles by Craig Chamberlain
Head of Detection Science, Elastic
46 days vs. 16 minutes: Detecting emerging threats and reducing dwell time with machine learning
Using ML-based anomaly detection, such as the unsupervised ML jobs in the Elastic stack, we can shrink the dwell time for this malware persistence mechanism from 46 days to less than one day, a decrease by a factor of 1100!
Detecting unusual network activity with Elastic Security and machine learning
In Elastic Security 7.13, we added a new set of machine learning jobs that spot anomalies in network behavior. In this blog post, we’ll explore a case study demonstrating how network data can yield important detections.
ProblemChild: Generate alerts to detect living-off-the-land attacks
In this blog post, we walk through our release of a fully trained detection model, anomaly detection configurations, and detection rules that you can use to get your ProblemChild framework up and running in your environment in minutes.
Detecting threats in AWS Cloudtrail logs using machine learning
This post takes an in-depth look at detection techniques through cloud API logs analysis — exploring two real-world incidents in order to better understand how threats can slip through conventional detection methods.
Combining supervised and unsupervised machine learning for DGA detection
In this blog, we announce our first-ever supervised ML and security integration. This offers users a supervised ML solution package to detect domain generation algorithm (DGA) activity in your network data.
Generating MITRE ATT&CK® signals in Elastic SIEM: Sysmon data
In this post, we outline a straightforward approach to detecting threats with Elastic SIEM that doesn't require any specific programming, or analytical knowledge — it's perfect for helping just about any security practitioner stay ahead of attacks.