This event has ended. Create your own event on Sched.
Tuesday, October 24 • 4:00pm - 4:15pm
Graph Analysis for Information Security Incident Response

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Timing is everything when investigating security incidents. When a threat is first identified, it can take several teams to identify the scope of the incident before an adequate response can take place. The Data Intelligence team within Microsoft's Digital Security and Risk Engineering organization exists to research the latest threats in the industry while collecting valuable insights about our own environment to enable faster incident resolution.

Combining and analyzing this intelligence using graph technologies allows us to stay ahead of cyber-threats. Using custom tooling with Neo4j at the backend provides responders with the capability to rapidly identify patterns during an event to reduce the time to investigate an incident and instead, focusing on removing the threat. Later, these same tools allow us to learn how the event began and ultimately find ways to mitigate future incidents of a similar nature.

This talk will give a brief overview of Microsoft's Threat Intelligence program and showcase some of the capabilities we've designed to aid our incident response teams in their line of duty.

avatar for Cory Gehr

Cory Gehr

Service Engineer, Digital Security and Risk Engineering, Microsoft
Cory Gehr is a Service Engineer in Microsoft's Digital Security and Risk Engineering group where he focuses on Data Intelligence. His primary goal is investigating the use of graph databases to mitigate threats to the company and to improve the incident response process.

Tuesday October 24, 2017 4:00pm - 4:15pm
Lightning Talk