At Scale Anomaly Detection for Enterprise Security - Joshua Neil, Microsoft

Explore a modular, scalable system for streaming anomaly detection in enterprise cybersecurity through this comprehensive talk by Joshua Neil from Microsoft. Delve into the workings of Microsoft Defender Advanced Threat Protection and learn how the Endpoint Detection and Response research team utilizes near real-time telemetry from networked computers to design detection methods. Discover the importance of data-driven techniques, including supervised and unsupervised learning, in post-breach scenarios where attackers have already penetrated enterprise perimeters. Gain insights into the challenges of scale when monitoring millions of endpoints and hear real user stories of successful detections. Understand the critical role of unsupervised approaches in situations with limited labels and numerous attacker options.

At Scale Anomaly Detection for Enterprise Security: Joshua Neil, Microsoft