Presentation is loading. Please wait.

Presentation is loading. Please wait.

AI/ML Endpoint Protection

Published byKristina Booth Modified over 6 years ago

Similar presentations

Presentation on theme: "AI/ML Endpoint Protection"— Presentation transcript:

1 AI/ML Endpoint Protection
SparkPredict: Builds asset models automatically IDs anomalies and predicts impending failures Incorporates domain expert input for supervised learning (optional) Delivers advanced data cleansing and verification Can integrate with DeepNLP or existing NLP engines, like IBM Watson to provide in context advisory DeepArmor: Analyzes the DNA of files to ID threats Sub-second malware detection Signature-free security Self-learns and retains knowledge Combines structured & unstructured data (including natural language) to research threats Highest Accuracy for Zero Day threat detection on the market today (>99%) DeepNLP: Classifies new documents into categories based on natural language analysis Analyzes unlabeled data, identifies similarities, and groups similar documents together Understands intent and sentiment of written documentation and user queries Indexing large amounts of data (text & images), finding answers to specific user queries Professional Services: Work side by side with your data scientist team Accelerate AI/ML products Improve accuracy and explainability Cybersecurity use cases: Anomalous network behavior, threat prioritization, threat hunting Financial use cases: Fraud detection, predictive financial models Other expertise in healthcare, manufacturing, energy, aerospace, etc. Deploying a cognitive, data-driven analytics platform for the reliability, efficiency and security of enterprise networks and IoT/OT environments Rick Pither Global Director, Security Sales Sparkcognition Introduction 800 AI Companies/Top 10 200/100/70+/$54m Boeing, Verizon, John Chambers ©SparkCognition, Inc All rights reserved.

2 Questions That Will be Discussed
Who is out there, and who should you be protecting yourself against? What should you be expected to stop? How do you embrace artificial intelligence, machine learning, and deep learning? Stay with existing endpoint solution, look at 2nd generation, or something else entirely? Efficacy of market solutions and the need for something different Questions That Will be Discussed

3 SparkCognition’s products and services
AI/ML/NLP PROFESSIONAL SERVICES Cybersecurity Algorithms Network Anomaly Detection Behavioral Analysis Data Exfiltration SIEM and Log Data Prioritization Malware Prediction Support and Help Accelerate AL/ML Project Increase Model Efficacy Automatic Model Building Financial Algorithms Predictive Market Models Fraud and Trade Detection

4 General Opportunistic Terrorist Organizations
Ability to defend Prevalence vs. capability Nation-States Catastrophic Damage Elite Approaching movie and TV fictional levels, almost undetectable Living off the land East-west Dual use applications Stolen credentials Fully in memory Elite Hacker Catastrophic Damage Insider Serious to Catastrophic Damage Targeted web applications Organized Crime Financial Damage Service Interruption Hacktivists Service Interruption Damage to Brand Hacker Capability; Noise Level Vector/ Approach Used Zero-day/ newly formed General Opportunistic General Damage Phishing Mutated Terrorist Organizations Financial Damage Drive By General Damage Common Noisy, copycat, and lazy Using prevalent malware or known exploits High Frequency Happens daily Low Frequency Unknown Prevalence and % of attacks on your environment Prevalence and % of Attacks on Your Environment

5 Formidable skills and capabilities
Russian Cyber Army Testing capabilities on Ukraine Attack against White House in 2015 Affected US election Fake news and influence on social media Serbian Cyber Army Trained and supported by Iran WashPost, Chicago Tribune, Financial Times Dell, MSFT, Ferrari, Forbes Iranian Cyber Army One of the largest cyber armies in the world Pledged loyalty to Supreme Leader of Iran Baidu and Twitter North Korea Cyber Army AKA Bureau 121/Unit 180/Lazarus 6,000 people strong SONY, $81m Bangladesh robbery, WannaCry 300K Chinese Cyber Army AKA UNIT 61398 50, ,000 strong Known attacks against 141 organizations, 115 in the US Hacking across 20+ industries * Data on Cyber armies from General John Allen’s Keynote at NACo Conference 7/22/2017

6 Mutations/Obfuscators
Why are we still being breached? Attack masking techniques Mutations/Obfuscators Alters known malicious code to make it appear new/different Weaponized AI Leveraging machine learning to generate adversarial malware Packers Software that unpacks itself in memory when the “packed file” is executed Weaponized Documents Malicious code embedded in PDFs and Office documents Targeting Allows code to run only on a specific targeted machine or device with a specific configuration Wrappers Designed to turn code into a new binary SparkPredict: Builds asset models automatically IDs anomalies and predicts impending failures Incorporates domain expert input for supervised learning (optional) Delivers advanced data cleansing and verification Can integrate with DeepNLP or existing NLP engines, like IBM Watson to provide in context advisory DeepArmor: Analyzes the DNA of files to ID threats Sub-second malware detection Signature-free security Self-learns and retains knowledge Combines structured & unstructured data (including natural language) to research threats Highest Accuracy for Zero Day threat detection on the market today (>99%) DeepNLP: Classifies new documents into categories based on natural language analysis Analyzes unlabeled data, identifies similarities, and groups similar documents together Understands intent and sentiment of written documentation and user queries Indexing large amounts of data (text & images), finding answers to specific user queries Professional Services: Work side by side with your data scientist team Accelerate AI/ML products Improve accuracy and explainability Cybersecurity use cases: Anomalous network behavior, threat prioritization, threat hunting Financial use cases: Fraud detection, predictive financial models Other expertise in healthcare, manufacturing, energy, aerospace, etc.

7 Zero-Day Malware False Positives
Prevalent Malware 1st Generation Average 2nd Generation Average 85.05% 93.08% Is AI/ML better? Zero-Day Malware 1st Generation Average 2nd Generation Average 54.46% 78.12% Zero-Day Malware False Positives 1st 2nd 12.86% 17.17%

8 Testing AI/ML engines and algorithms
Needs to demonstrate it scans all and classifies correctly files never seen before New/Zero Day (Less than 24 hours old) 232,942 windows executable files Dates: March 2017 to March 2018 DeepArmor % 96.78% -3% 2nd Generation A 98.45% 88.41% -10% 1st Generation A 98.43% 76.61% -22% 1st Generation B 98.02% 76.49% -22% 2nd Generation B 97.73% 87.13% -11% Consumer A 96.56% 78.19% -18% 1st Generation C 96.49% 79.27% -17% 1st Generation D 96.11% 53.46% -43% 2nd Generation C 94.08% 72.36% -22% 2nd Generation D 93.67% 66.51% -27% 1st Generation E 92.03% 56.80% -35% 1st Generation F 89.14% 38.78% -50% Prevalent (known; 2 weeks or older) 114,714 windows executable files Dates: March 2017 to March 2018 DeepArmor % 2nd Generation A 98.45% 1st Generation A 98.43% 1st Generation B 98.02% 2nd Generation B 97.73% Consumer A 96.56% 1st Generation C 96.49% 1st Generation D 96.11% 2nd Generation C 94.08% 2nd Generation D 93.67% 1st Generation E 92.03% 1st Generation F 89.14% False Positives 234,358 files New malware only CHALLENGERS 88%/21% LEADERS 73% 3% 13% 9% 19% 11% 10% 15% 24% ABILITY TO EXECUTE NICHE PLAYERS 56% VISIONARIES 86% COMPLETENESS OF VISION As of January 2017 CONSUMER 84%

9 In a Mid Sized Environment:
Look at it a different way Data from IR engagements on major breaches* 70% known/prevalent 99.75% effective WannaCry Petya Non Petya Bad Rabbit 2nd generation 86% effective That’s good enough, yes? In a Mid Sized Environment: 6,000 files missed a day 30% unknown/new 250,000 files missed a month Signatures YARA rules File reputation Behavioral Basic AI/Machine Learning 46% malware 2,000,000 files missed a year Main Breach Causes: Phishing Web Exploits Credentials 99.5% are files executed on disk Threat Hunting w/various tools utilize experts SparkPredict: Builds asset models automatically IDs anomalies and predicts impending failures Incorporates domain expert input for supervised learning (optional) Delivers advanced data cleansing and verification Can integrate with DeepNLP or existing NLP engines, like IBM Watson to provide in context advisory DeepArmor: Analyzes the DNA of files to ID threats Sub-second malware detection Signature-free security Self-learns and retains knowledge Combines structured & unstructured data (including natural language) to research threats Highest Accuracy for Zero Day threat detection on the market today (>99%) DeepNLP: Classifies new documents into categories based on natural language analysis Analyzes unlabeled data, identifies similarities, and groups similar documents together Understands intent and sentiment of written documentation and user queries Indexing large amounts of data (text & images), finding answers to specific user queries Professional Services: Work side by side with your data scientist team Accelerate AI/ML products Improve accuracy and explainability Cybersecurity use cases: Anomalous network behavior, threat prioritization, threat hunting Financial use cases: Fraud detection, predictive financial models Other expertise in healthcare, manufacturing, energy, aerospace, etc. Patching Privilege Escalation Management Multi-Factor Authentication Network Segmentation 54% Non-malware Credential Theft/Insider “Living Off The Land” SQLi, Web Application Via Approved Applications *Source: SecureWorks

10 Our approach Built from AI, not with AI Break down the
DNA of every file Analyze all of the components individually Determine likelihood of malicious nature

11 Android; Android embedded Built to work with Microsoft
Architecture Predict and prevent disk-based malicious executable files before execution (Includes executable malware hidden in weaponized DLL’s, PDF, MS Office) File Reputation Application Control (Whitelist, Blacklist) Multi-Layer Cognitive Approach Machine Learning Malware Prevention Block known and zero-day unknown malware NLP scrape internet threat intelligence and provide transparent AI Cloud On-Device Hybrid Windows 7, 8, 10 Windows 2008, 2012, 2016 Windows embedded Android; Android embedded MacOS Legacy Windows Q2 Linux/RTOS Q2Q3 Built to work with Microsoft Windows endpoint

12 Existing hole in protection Microsoft Windows 10 Defense Stack
Recommended solution: Augmentation MSFT and legacy AV vendors excel at managing endpoints and bundling other capabilities Microsoft Windows 10 Defense Stack File reputation Anti-virus/malware Memory protection Personal firewall Browser protection Application reputation Device guard Kernel protection Credential guard Certificate and font protection Secure boot Remote desktop attestation Existing hole in protection left of boom Microsoft Windows Defense Stack File Reputation Anti-Virus/Malware Memory Protection Personal Firewall Browser Protection Application Reputation Device Guard Kernal Protection Credential Guard Certificate and Font Protection Secure Boot Remote Desktop Attestation Existing Hole in Protection Known Unknown 99% 31% effective effecti Left of Boom

13 SparkCognition and DeepArmor differences
Explainable AI Leaders have been reverse engineered 97% efficacy on new and polymorphic malware vs % Built entirely from AI Prediction before execution of weaponized documents Augmentation solution for 1st generation or Windows 10 Cloud and/or on-device model Efficacy on new and polymorphic malware (97% vs 50-88%) Only vendor focused on new never seen before Not ‘bolting-on’ AI/ML functionality Build from AI, Explainable/Transparent ‘Leaders’ have been reversed engineered Cloud and/or on device model Prediction, before execution of weaponized documents (including embedded malicious macro and scripts) Augmentation solution for 1st generation or Windows 10 SparkPredict: Builds asset models automatically IDs anomalies and predicts impending failures Incorporates domain expert input for supervised learning (optional) Delivers advanced data cleansing and verification Can integrate with DeepNLP or existing NLP engines, like IBM Watson to provide in context advisory DeepArmor: Analyzes the DNA of files to ID threats Sub-second malware detection Signature-free security Self-learns and retains knowledge Combines structured & unstructured data (including natural language) to research threats Highest Accuracy for Zero Day threat detection on the market today (>99%) DeepNLP: Classifies new documents into categories based on natural language analysis Analyzes unlabeled data, identifies similarities, and groups similar documents together Understands intent and sentiment of written documentation and user queries Indexing large amounts of data (text & images), finding answers to specific user queries Professional Services: Work side by side with your data scientist team Accelerate AI/ML products Improve accuracy and explainability Cybersecurity use cases: Anomalous network behavior, threat prioritization, threat hunting Financial use cases: Fraud detection, predictive financial models Other expertise in healthcare, manufacturing, energy, aerospace, etc.

14 Rick Pither Global Director, Security Sales rpither@sparkcognition.com
©SparkCognition, Inc All rights reserved.

Download ppt "AI/ML Endpoint Protection"

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
Security for Today’s Threat Landscape Kat Pelak 1.

Security for Today’s Threat Landscape Kat Pelak 1.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
David Flournoy Bit9 Mid-Atlantic Regional Manager

David Flournoy Bit9 Mid-Atlantic Regional Manager
Kaspersky Lab: The Best of Both Worlds Alexey Denisyuk, pre-sales engineer Kaspersky Lab Eastern Europe 5 th April 2012 / 2 nd InfoCom Security Conference.

Kaspersky Lab: The Best of Both Worlds Alexey Denisyuk, pre-sales engineer Kaspersky Lab Eastern Europe 5 th April 2012 / 2 nd InfoCom Security Conference.
Norman Endpoint Protection Advanced security made easy.

Norman Endpoint Protection Advanced security made easy.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz

Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
The Changing World of Endpoint Protection

The Changing World of Endpoint Protection
Sky Advanced Threat Prevention

Sky Advanced Threat Prevention
BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.
Rapid Detection & Incident Response What, Why and How March 2016 Ft Gordon.

Rapid Detection & Incident Response What, Why and How March 2016 Ft Gordon.
ECAT 4.1 – Rule Your Endpoints What’s New Customer Overview.

ECAT 4.1 – Rule Your Endpoints What’s New Customer Overview.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.

Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.
Artificial Intelligence. Real Threat Prevention.

Artificial Intelligence. Real Threat Prevention.
Get Full Protection on Microsoft Azure with Symantec™ Endpoint Protection 12.1 MICROSOFT AZURE ISV PROFILE: SYMANTEC Symantec™ Endpoint Protection is an.

Get Full Protection on Microsoft Azure with Symantec™ Endpoint Protection 12.1 MICROSOFT AZURE ISV PROFILE: SYMANTEC Symantec™ Endpoint Protection is an.
PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.

PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle.

Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle.

Similar presentations

Ads by Google