Graph Analysis for Information Security Incident Response — Cory Gehr, Microsoft



Timing is everything when investigating security incidents. When a threat is first identified, it can take several teams to identify the scope of the incident before an adequate response can take place. The Data Intelligence team within Microsoft’s Digital Security and Risk Engineering organization exists to research the latest threats in the industry while collecting valuable insights about our own environment to enable faster incident resolution. Combining and analyzing this intelligence using graph technologies allows us to stay ahead of cyber-threats. Using custom tooling with Neo4j at the backend provides responders with the capability to rapidly identify patterns during an event to reduce the time to investigate an incident and instead, focusing on removing the threat. Later, these same tools allow us to learn how the event began and ultimately find ways to mitigate future incidents of a similar nature. This talk will give a brief overview of Microsoft’s Threat Intelligence program and showcase some of the capabilities we’ve designed to aid our incident response teams in their line of duty. Speaker: Cory Gehr Location: GraphConnect