Enterprises routinely collect billions of security events from their networks for real time security monitoring, regulatory compliance, and forensic investigation. The volume of data has surpassed human ability to detect and respond to threats in a timely manner. Most of my recent work has focussed on designing algorithms and building systems to analyze the data in order to (a) identify threats in a scalable, reliable, and timely manner, and (b) respond to the threats in an automated manner.


  • 9 granted and 18 pending