Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Threat Detection using artificial intelligence

870 views

Published on

Threat detection solution on AWS democratizes cyber security tools that were previously cost and skill prohibitive, so they can counter the rapidly advancing threat landscape. The result will not only assist in improving the customer's security posture, but also provide a security architecture that can scale as business workloads scale.

This solution will provide AWS customers with the capability to detect security threats, prioritize identified threats, and provide recommendations using threat intelligence. The scope is not limited to AWS, but also includes hybrid deployments, traditional data centers, enterprise/satellite offices, and other cloud service providers. Join this session to learn how you can leverage this solution to gain visibility in your environment and detect indicators of attack.

Published in: Technology
  • Be the first to comment

Threat Detection using artificial intelligence

  1. 1. P U B L I C S E C T O R S U M M I T SINGAPORE
  2. 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Threat Detection using artificial intelligence Ankush Chowdhary Principal Security Advisor, Asia Pacific & Japan Worldwide Public Sector Amazon Web Services
  3. 3. 3© 2019 Amazon Web Services, Inc. or its affiliates. All rights reserved |P U B L I C S E C T O R S U M M I T What problem are we solving?
  4. 4. 4 © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Security and compliance are complex and complexity drives cost ADVANCED THREATS COMPLIANCE COMPLEXITY EVOLVING TECHNOLOGIES LACK OF VISIBILITY LIMITED AUTOMATION
  5. 5. 5 © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Running a Security Operations Center is complex for both enterprises and managed security service providers Traditional SIEM based systems are complex and have antiquated licensing model driving costs up High touch solution requires extensive consulting. Rules are created, deployed, managed and optimized driving more complexity and cost. No two customers have same footprint and MSSP have to tailor the solution for each customer. (drives cost) Shortages and high turnover of personnel add to the challenges of managing a 24/7 operation
  6. 6. 6 © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Technology innovations provide the opportunity to get it right Use the cloud to build the solution that is AUTOMATED ANALYTICS ARTIFICIALLY INTELLIGENTROBUSTSCALABLEMULTI-TENANT
  7. 7. 7 © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Threat Detection using AI on AWS Threat detection using AI solution on AWS Cloud provides AWS customers with advance threat analytics to identify indicators of compromise (IoCs) and deep learning capability to identify indicators of attack (IoA) AI based detections No rules No licensing Works anywhere Scalable cloud
  8. 8. 8 © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AI based advance threat detection providing insight into attack patterns Understand attack patterns using deep learning. The platform adapts to different attack patterns over time as it gets more and more data. Security analysts label new attack patterns and train the neural network. Reduce costs through access to real time intelligence providing contextual security. Leverage the power of cloud by using advance analytics and automation.
  9. 9. 9 © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark High Level Architecture Available Integration Options Deep Learning to Identify Indicators of Attack DEEP LEARNING ARTIFICIAL INTELLIGENCE SUPERVISED LEARNING UN-SUPERVISED LEARNING REINFORCEMENT LEARNING DATA LAKE/PROCESSING DATA LAKE (Raw) Data Lake of Raw logs, categorized per Agency DATA LAKE (Processed) Data Lake for Processed Data ETL FUNCTION ETL Function to Process Logs, Identify each log from originating agency for Normalization of Logs Datacenter Internet IoT Cloud DATACOLLECTIONMODULE Agent less Data/ Log Collection Dashboard at Global View and Agency specific login to view up to 30 Days (default) History and configurable up to 180 days DASHBOARD Trouble Ticket Workflow APIs Alerts Analysts/Developers can query the data direction using Amazon Athena service
  10. 10. 10© 2019 Amazon Web Services, Inc. or its affiliates. All rights reserved |P U B L I C S E C T O R S U M M I T Driving innovation in security operations
  11. 11. 11 © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Core Modules ARTIFICIAL INTELLIGENCE DATA LAKE/ AutoETL DASHBOARDDATA COLLECTION Collect event data from any Source, on premises, or cloud Process, tag, rationalize, parse, and enrich Detect indicators of attack patterns Bring your own dashboard and customisation
  12. 12. 12 © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Key Functions Agentless and agent based data collection Automated ETL to create Secure Data Lake Enrich data lake Real-time data correlation Deep learning based detection Open API for Integration Multi-tenant Integrated and customizable ticketing platforms
  13. 13. 13 © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Managing security operations Enterprises can easily use their existing pool and operate threat detection with in house resources. Enterprises have the option to use a AWS Partner MSSP who can provide the 24x7x365 operations. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark
  14. 14. 14 © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Key Benefits for Enterprises Fully orchestrate security operations Meet Service Level Agreements and compliance requirements. Reduce the time on consulting hours on configuring and optimizing. Visibility into the security operation provided via dashboards and customizable reporting Save costs and heavy lifting associated with traditional SIEM based solutions. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark
  15. 15. 15 © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Key Benefits for MSSP For customers using SIEM based SOC/Log Management tools Dramatically shorten the customer onboarding Meet customer specific service level agreements and compliance requirements Increase the number of customers with same team size Lower the analyst training time Identify attack patterns over several customers Provide reports on investigations and incidents Offer individual dashboards to customers
  16. 16. 16 © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Deployment – it’s all about customer experience Deploy the solution using AWS CloudFormation Template. Add/remove accounts, view dashboard(s), select threat intelligence feeds, and user management from admin portal Customers or MSSPs to push logs from AWS Cloud (auto setup) or on-premises data center (manual setup)17
  17. 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T
  18. 18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T
  19. 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Summit Day: Session Feedback Take a quick survey – let us know how we can improve. Three ways to take the survey: • Access the Summit app - session survey tab • Scan the QR code • Visit https://amzn.to/threat-detection-session Hall 406 CXD
  20. 20. Thank you! © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Ankush Chowdhary Principal Security Advisor, Asia Pacific & Japan Worldwide Public Sector Amazon Web Services

×