Presentation is loading. Please wait.

Presentation is loading. Please wait.

AI and Cyber Security Friends or Foes?

Published byΚαλλίστη Γερμανού Modified over 6 years ago

Similar presentations

Presentation on theme: "AI and Cyber Security Friends or Foes?"— Presentation transcript:

1 AI and Cyber Security Friends or Foes?
11/6/2018 AI and Cyber Security Friends or Foes? incident analysis with artificial intelligence CEPS Brussels 29 May 2018 Jonathan Sage Government and Regulatory Affairs, Cyber Security Policy lead, Europe May 2018

2 Evolution of security technology - three waves
INTELLIGENCE and INTEGRATION LAYERED DEFENSES CLOUD, AI and ORCHESTRATION, COLLABORATION Since the age of the first networks and the hackers who soon followed, we’ve evolved security technology from perimeter controls of moats and castles to… <Mouse click> Intelligence and Integration capabilities that leverage analytics to collect and make sense of massive amounts of real-time data flow, prioritizing events and detecting high-risk threats in real-time; and now to the next era of security… CLOUD security to help organizations plan, deploy, and manage security -- as workloads and data are moved across hybrid cloud environments; and AI and Orchestration capabilities baked in so that the solutions we use can understand, reason, and learn; and the orchestration needed to help drive the analytics and insights needed across people, processes, and technologies for more actionable results. COLLABORATION in real-time with threat intelligence crowdsourced from X-Force and a community of 14K+ users, as well as a security app marketplace to help analysts stay ahead of the threat.

3 accurately and quickly
11/6/2018 Goals of a security operations team are core to business and important for compliance – for instance NIS and GDPR in the EU Whether you have a security team of 2 or 100, your goals are to ensure the business thrives. And that means, protecting systems and data to stay compliant, stopping threats, and staying ahead of cyber crime. Protect critical systems & data Respond to incidents accurately and quickly Outthink cyber criminals

4 But the pressures today make them hard to keep up with
11/6/2018 But the pressures today make them hard to keep up with Data Overload Unaddressed Threats Skills Shortage However, today’s reality andpres My workload is overwhelming and repetitive. I don’t know where to focus my time for the quickest response. There is so much information out there, it’s impossible to find what’s useful.

5 Addressing gaps while managing cost and ROI pressures
Results of the Cognitive Security Study Intelligence gap Speed gap Accuracy gap #1 most challenging area due to insufficient resources is threat research (65% selecting) #3 highest cybersecurity challenge today is keeping current on new threats and vulnerabilities (40% selecting) The top cybersecurity challenge today and tomorrow is reducing average incident response and resolution time This is despite the fact that 80% said their incident response speed is much faster than two years ago #2 most challenging area today is optimizing accuracy alerts (too many false positives) #3 most challenging area due to insufficient resources is threat identification, monitoring and escalating potential incidents (61% selecting) Addressing gaps while managing cost and ROI pressures

6 A universe of security knowledge Dark to your defenses
Security events and alerts Logs and configuration data User and network activity Threat and vulnerability feeds Traditional Security Data Human Generated Knowledge Research documents Analyst reports Industry publications Webpages Forensic information Wikis Threat intelligence commentary Blogs News sources Conference presentations Newsletters Tweets

7 UNDERSTAND | REASON | LEARN
What role does Artificial intelligence play? Bridging this gap / new partnership between security analysts and their technology UNDERSTAND | REASON | LEARN Human Expertise Common sense Morals Compassion Abstraction Dilemmas Generalization AI: Cognitive Security Unstructured analysis Natural language Question and answer Machine learning Bias elimination Tradeoff analytics Security Analytics Data correlation Pattern identification Anomaly detection Prioritization Data visualization Workflow

8 How it works – Building the knowledge with QRadar Watson Advisor
11/6/2018 How it works – Building the knowledge with QRadar Watson Advisor 1-3 Day 1 Hour 5 Minutes Structured Security Data X-Force Exchange Trusted partner data Open source Paid data - Indicators - Vulnerabilities - Malware names, … - New actors - Campaigns - Malware outbreaks - Indicators, … - Course of action - Actors - Trends Crawl of Critical Unstructured Security Data Massive Crawl of all Security Related Data on Web Breach replies Attack write-ups Best practices Blogs Websites News, … Filtering + Machine Learning Removes Unnecessary Information Machine Learning / Natural Language Processing Extracts and Annotates Collected Data 5-10 updates / hour! 100K updates / week! Billions of Data Elements Millions of Documents QRadar Watson Advisor unlocks a tremendous amount of security knowledge enabling rapid and comprehensive investigation insights 3:1 Reduction Billions of Nodes / Edges Massive Security Knowledge Graph

9 QRadar Advisor for Watson enables
11/6/2018 QRadar Advisor for Watson enables Accelerated Analysis Intelligent Investigation Faster Response Uses AI to analyze real-time incidents for triage Gathers external and internal threat indicators from alert Performs external (threat intelligence research) and internal research on indicators and entities (hash, domain, IP, users, filename etc.) Highlights the existence and identity of threat or outliers Offers natural language search Identifies if communication with threat has occurred or was blocked Highlights if malware has executed Identifies criticality of systems impacted in Gives visibility to higher priority risks and threats from insiders Connects other threat entities from original offense to show relationship Provides input for ad-hoc investigation Provides pertinent information to escalate Automatic hunting for indicators Exports threat and indicators to IR process for remediation and/or blocking Automatically adds additional discovered threat indicators to watch lists to reduce risk of missing threats

10 Cybercriminals becoming increasingly sophisticated and collaborative
11/6/2018 Cybercriminals becoming increasingly sophisticated and collaborative . Crime rings collaborate in the dark web - sharing techniques, launching attacks through popular social media, , etc. Level of organization and productivity that would be the envy of most businesses – offering customer support and money-back guarantees if their tools don't result in successful hack Stay a step ahead of the attackers, which is why IBM has white hat security researchers trolling the dark web every day to monitor latest on cyberattack strategies The efficiencies gained in the initial assessment process is where QRadar for Advisor adds value. Addresses skills gaps and shortages, alert overload, increasing costs, security information currency and process risks with cognitive analytics

11 11/6/2018 Friend or Foe? It is an arms race, and some are more advanced than others. Technology is the battlefield and we have to recognize the well-equipped adversary we are fighting against. Proof point: IBM's Security Services teams monitor billions of events across the globe and last year, more than 2.9 bn records were reported breached Protecting citizens, consumers and employees is a proactive/ongoing journey. Governments and industry can never rest on their laurels. The efficiencies gained in the initial assessment process is where QRadar for Advisor adds value. Addresses skills gaps and shortages, alert overload, increasing costs, security information currency and process risks with cognitive analytics

12 11/6/2018

13 How it works – Cognitive applied for cybersecurity
11/6/2018 How it works – Cognitive applied for cybersecurity Ingest mass amounts of data Classify, select, and normalize data Natural language processing for security context In addition to ingesting the mass amounts of data, Watson for Cyber Security is able to classify, select, extract and normalize data. Then it applies it to a security context with natural language processing (understands malware for example). With training and constant feedback loop, Watson is able to learn spit out connected information through the knowledge graphs with relational analysis. What makes Cognitive different from other aspects of artificial intelligence is the ability to think and interact like a human. It is designed to build hypotheses, test them, and approach problems with multiple answers to build higher confidence in those answers. It is more advanced than the rest of what the market offers today, which mostly consist of machine learning. Training and learning with feedback Relational analysis visualized through knowledge graphs

14 Friend or Foe? Both

15 How it works – Use cases further defined
11/6/2018 How it works – Use cases further defined Utilize locally gathered and Watson external threat intelligence to gain broader context within your investigations Understand and quickly assess threats to know if they bypassed your layered defenses or if they were stopped dead in their tracks Realize reach of threats and its effects on other users and systems in your ecosystem QRadar Advisor with Watson automates the investigation of security incidents; Watson for Cybersecurity empowers them to be more confident in identifying and understanding threats in their environment Local and External contextual threat intelligence Rapid triage assessment of events and ecosystem impact UBA and Asset identification Identify users and critical assets when they involved in an incident and quickly pivot to gain details on user behavior activity and asset metadata Understand malware and ransomware sources, delivery methods and related components to help quickly determine your impact and next courses of action

16 11/6/2018 Resources Knowledge Center – latest with what’s new, support, etc. Upcoming Events – webinars, local events, etc. Links to Short How-to Videos: QRadar Watson Advisor Trial Request, Download, and Installation QRadar Watson Advisor Configuration QRadar Watson Advisor Incident Overview and Analysis Links to informational and demo videos: Taking SIEM Cognitive In 3 minutes (Jose Bravo and Chris Hankins) Poison Ivy Malware Video Suspicious Activity (CozyDuke) Video Link to Self-Help Support Forum AppExchange On-demand webinar – Rock your SOC (Security Operations Center) with Watson for Cyber Security Solution brief

17 Contacts Chris Hankins (cmhankins@us.ibm.com)
11/6/2018 Contacts OFFERING MANAGEMENT SALES & TECHNICAL SALES Chris Hankins Offering Manager – Cognitive Security Jim Gottardi Worldwide Client Success – Security Intelligence SaaS Lead Uwe Hofmann Worldwide Tech Lead – Security Intelligence Carma Austin NA Program Lead – Cognitive Security Adam Lyons NA Sales Leader – Cognitive Security Gerd Rademann Europe Program Lead – Cognitive Security

18 11/6/2018 Backup

Download ppt "AI and Cyber Security Friends or Foes?"

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.

Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.
© 2009 IBM Corporation Delivering Quality Service with IBM Service Management April 13 th, 2009.

© 2009 IBM Corporation Delivering Quality Service with IBM Service Management April 13 th, 2009.
1© Copyright 2012 EMC Corporation. All rights reserved. Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil – Territory.

1© Copyright 2012 EMC Corporation. All rights reserved. Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil – Territory.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.

Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.
BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.
2© Copyright 2013 EMC Corporation. All rights reserved. Cyber Intelligence Fighting Cyber Crime Insert Event Date LEADERS EDGE.

2© Copyright 2013 EMC Corporation. All rights reserved. Cyber Intelligence Fighting Cyber Crime Insert Event Date LEADERS EDGE.
Get Full Protection on Microsoft Azure with Symantec™ Endpoint Protection 12.1 MICROSOFT AZURE ISV PROFILE: SYMANTEC Symantec™ Endpoint Protection is an.

Get Full Protection on Microsoft Azure with Symantec™ Endpoint Protection 12.1 MICROSOFT AZURE ISV PROFILE: SYMANTEC Symantec™ Endpoint Protection is an.
Visual Analytics for Cyber Defense Decision-Making Anita D’Amico, Ph.D. Secure Decisions division of Applied Visions, Inc.

Visual Analytics for Cyber Defense Decision-Making Anita D’Amico, Ph.D. Secure Decisions division of Applied Visions, Inc.
Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.

Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.
Proactive Incident Response

Proactive Incident Response
Protect your Digital Enterprise

Protect your Digital Enterprise
Advanced Endpoint Security Data Connectors-Charlotte January 2016

Advanced Endpoint Security Data Connectors-Charlotte January 2016
Deck Customization Checklist

Deck Customization Checklist
AuraPortal Cloud Helps Empower Organizations to Organize and Control Their Business Processes via Applications on the Microsoft Azure Cloud Platform MICROSOFT.

AuraPortal Cloud Helps Empower Organizations to Organize and Control Their Business Processes via Applications on the Microsoft Azure Cloud Platform MICROSOFT.

Similar presentations

Ads by Google