Seminar: Adam Bates (University of Illinois Urbana-Champaign), Don’t shout “Bingo!” Understanding (and Addressing) the Shortcomings of Enterprise Threat Detection Products
Content
Speaker
Abstract
We are still awful at preventing data breaches and other cybersecurity incidents. Why are these sophisticated (and costly) commercial threat detection products continuing to fail? In this talk, I'll describe our efforts to better understand, and even address, these failure points. First, I'll provide evidence that the extraordinarily high false alarm rates observed in Endpoint Detection & Response (EDR) products can be eliminated through examining the history of alert-triggering processes. Second, I'll explain how the metrics used to evaluate threat detection products often paint a deeply misleading picture of organizations' security readiness. I will conclude by discussing how our ongoing work seeks to resolve industry shortcomings by providing more principled foundations for threat detection and assessment.
Bio
Adam Bates is an Associate Professor at the University of Illinois at Urbana-Champaign, where he studies a broad range of topics in computer security. He is best known for his work on data provenance, the practice of examining suspicious activities on computing systems based on their historical context. Fittingly, Adam also appreciates the historical context of computer security research, regularly forcing students in his courses to read James Anderson's 1972 Computer Security Technology and Planning Study… both volumes. Adam is the recipient of two distinguished paper awards (S&P'23, ESORICS'22) and was the runner-up for the ACM SIGSAC Dissertation Award. His research has been recognized and supported by an NSF SaTC FRONTIER, NSF CISE Research Initiation Initiative (CRII), and NSF CAREER Awards, as well as a gift from the VMWare University Research Fund.
Host