Articles by Craig Chamberlain

Head of Detection Science, Elastic


46 days vs. 16 minutes: Detecting emerging threats and reducing dwell time with machine learning

Using ML-based anomaly detection, such as the unsupervised ML jobs in the Elastic stack, we can shrink the dwell time for this malware persistence mechanism from 46 days to less than one day, a decrease by a factor of 1100!


Identifying beaconing malware using Elastic

In this blog, we walk users through identifying beaconing malware in their environment using our beaconing identification framework.


Detecting unusual network activity with Elastic Security and machine learning

In Elastic Security 7.13, we added a new set of machine learning jobs that spot anomalies in network behavior. In this blog post, we’ll explore a case study demonstrating how network data can yield important detections.


ProblemChild: Generate alerts to detect living-off-the-land attacks

In this blog post, we walk through our release of a fully trained detection model, anomaly detection configurations, and detection rules that you can use to get your ProblemChild framework up and running in your environment in minutes.


ProblemChild: Detecting living-off-the-land attacks using the Elastic Stack

In this blog, learn how you can use Elastic machine learning to create your own ProblemChild framework to detect living-off-the-land (LOtL) activity in Windows process event data.


Detecting threats in AWS Cloudtrail logs using machine learning

This post takes an in-depth look at detection techniques through cloud API logs analysis — exploring two real-world incidents in order to better understand how threats can slip through conventional detection methods.


Combining supervised and unsupervised machine learning for DGA detection

In this blog, we announce our first-ever supervised ML and security integration. This offers users a supervised ML solution package to detect domain generation algorithm (DGA) activity in your network data.


Generating MITRE ATT&CK® signals in Elastic SIEM: Sysmon data

In this post, we outline a straightforward approach to detecting threats with Elastic SIEM that doesn't require any specific programming, or analytical knowledge — it's perfect for helping just about any security practitioner stay ahead of attacks.