iSchool Capstone

intelligentIR

Project tags:

data science & visualization

information assurance & cybersecurity

information behavior & user research

Project poster

Starbucks’ information security team is continually seeking to understand which of its security events to prioritize for response. Although the organization utilizes a security information and event management tool for detecting anomalous activity, the number of alerts being generated by the tool are overwhelming and difficult to manage. This is an issue that security teams at many large organizations face; how do you sift through the noise and find the events that are most likely indicative of a security threat or breach? IntelligentIR helps answer this question through the use of machine learning techniques. Using unsupervised learning to label raw security data along with supervised learning to build decision models, intellingentIR identifies and prioritizes new security alerts in order to make incident response more manageable.

Project participants:

Kyle Estlick

MSIM