How to Separate True Threats from False Positives with Machine Learning
Today’s AppSec teams need to secure more applications, more transactions and must do so with limited security staff. To keep pace, the old, time-consuming, and high false positive WAF models need to evolve. Security teams simply must be able to automate the defense of their applications without getting in the way of valid users.
This requires more than just a single magical feature or technique. Instead, we need to automate security decisions that incorporate a variety of contexts and can continue to learn and adapt over time. This is where Machine Learning comes in. Machine Learning is a powerful tool but is often used incorrectly or not to its full capacity.
This paper will first introduce various Machine Learning, analysis, and threat intelligence techniques as they apply to cybersecurity, including:
- Supervised Machine Learning
- Unsupervised Machine Learning
- Intensity Analysis
- K-Means Clustering
- Active Deception
- Fingerprinting
Then, we will explore how to build a Decision Engine by integrating multiple perspectives and analysis techniques into a unified view of risk and response. Learn how it works and why its blended approach is crucial for modern AppSec.