Problem 1: Optimal anomaly detection is crucial for improving the security posture of an organization's operational security environment. ML systems can be deployed to improve the detection and mitigation of malicious events but there are some challenges in deploying these systems. Discuss four objectives of using machine learning for optimal anomaly detection.
Problem 2: Packet filtering at a firewall may be implemented through State Packet Inspection (SPI) or Deep Packet Inspection.
- Explain the difference between them.
- What challenges do we face when using DPI for network intrusion detection and prevention?
Problem 3: This question relates to false positives and false negatives (FN).
- Explain the difference between false positives (FP) and false negatives (FN).
- Optimal anomaly detection is challenging in much security operational environments and these can result large percentages of false negatives and false positives. You work as a security analyst at the Security Operations Centers (SOC) and you have recently experienced an uptick in the number of FP and FN. Discuss how would you go about investigating and resolving the cause of this change.