Bianca Rhodes, NVIDIA; Rachel Allen, NVIDIA
We’ll explain how the alerts that a typical security operations center receives are heterogeneous in severity, applicability, and origin. Centers are often overwhelmed and unable to investigate every alert, resulting in missed malicious activity. By leveraging RAPIDS’ data processing and analytic capabilities, we give analysts insights into these alerts. We also provide high-dimensional co-occurrence, trend identification, and rare event flagging. By reducing the noise floor and extracting additional signals and context from existing alerts, we decrease the time it takes for analysts to triage and investigate alerts. We’ll share what technologies and pipelines to use and how to integrate them into existing security environments.