Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Providing real time decision support to Prevent coordinators


Published on

A presentation by Bill Orme, central government and defence lead, SonicWall UKI at the Jisc security conference 2019.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Providing real time decision support to Prevent coordinators

  1. 1. JISC Conference Technical decision support for PREVENT November 2019
  2. 2. What’s this session about? What is OSINT? How can technology like this be leveraged to provide early indication of safeguarding issues A few simple steps to become more effective and efficient I’m just (X), how can NCSC help me? !
  3. 3. OSINT = Open Source Intelligence = our “Digital Exhaust” We all leave it behind us everywhere we go Cookies Social Media WhatsApp Groups ‘Free’ WiFi ‘Loyalty’/Cashback Schemes ‘Free’ ANYTHING Digital Economy now extant, that horse has bolted Security vs Privacy? Data is the new currency “Online Life” & “Real Life” are merging, as are the norms expected in both A new form of Social Contract is emerging
  4. 4. The Need: Automated Real-Time Anomaly Detection & Prevention Ransomware Fileless Malware Cyber-Bullying X-ism Organised Crime Phishing Any Vehicle Email, Browser, Apps, Files Any Traffic Encrypted, Unencrypted Any Network Wired, Wireless, Mobile, Cloud Any Device PC, Tablet, Phone, IoT Inspect all SSL/encrypted traffic Machine learning Multi-engine, CPU-tracking cloud sandbox Block files until a verdict is rendered Integrated security platform (firewall, endpoint, wireless, email, CASB, Wi-Fi) Security center (SOC)
  5. 5. 1.0M+ Sensors 50+ Industry research organizations in which intelligence is shared 24x7x365 Monitoring <4 Hr. Response to never-before-seen vulnerabilities 140K+ Malware samples collected daily 28M+ Malware attacks blocked daily
  6. 6. SonicWall Capture Labs Analyzed 7.2 billion malware attacks January to September 2019 Identified 113K+ never-before-seen threats in 2019 Credited Discovery of hundreds of unique variants every day Established in Mid-’90s Dedicated World-class threat and machine learning engineering team Extensive Malware Library Thousands of terabytes of data/artifacts
  7. 7. My problem isn’t with malware it’s with behaviour Large and diverse young population No control over devices Security vs Privacy is in a different realm: oOften need to secure one from another oSafeguarding is not the same as Cyber oPastoral care & Intervention often more important than “policing” o Early detection of issues thus becomes the desired outcome of technology introduction
  8. 8. OSINT Analytics Automated Internet-Mediated Research Module OSINT Analytics combines a dedicated search engine, context- adjusted normalized social media analytics, and AI-powered sentiment analysis into a powerful package. OSINT Analytics provides snapshot insights of social media ecosystems – revealing popular posts, opinion leaders, and topic initiators with text and visualization. CONNECTING THE DOTS INTO THE DEEP WEB SHORTER TIME TO INTELLIGENCE INFLUENCER IDENTIFICATION
  9. 9. P.O.I. Automated Trend Forecasting P.O.I. generates a dynamic activity view built around keyword searches and topic selection to reveal inflection points and conversation drivers. P.O.I. uses Machine Learning algorithms to aid in pattern identification and false profile detection. INFLUENCER IDENTIFICATION Since social networks are not just text and keywords, OSINT Analytics contextually analyzes organic connections and content – more accurately identifying, flagging, and ranking inflection points.. EARLY WARNING Activity timelines and other graphical data displays within P.O.I. allow you to stay ahead of changes in trends within any domain. Know when things are heating up, before they boil over. SUGGEST AND IDENTIFY View activity patterns and post history – identify fake profiles and botnets at a glance. Then, pass the information on to other operators, using integrated in-system notification AUTOMATED AND DYNAMIC TOPCIS OF INTEREST Create cross-platform social media monitors on any topic in seconds, and let P.O.I. continuously float inflection points to your attention, based on preset queries of popularity, sentiment, platform, activity, influence etc. or custom queries in real time.
  10. 10. What can I do in the meantime? Talk to us: Bill Orme/David Peace:   Use the NCSC’s Protective DNS Talk to people like the Cyber Foundry in Manchester Tell your student populations up front about what is OK/!OK on your networks (short policies in big letters)
  11. 11. Product Architecture CAPTURE Security Center (Management, Analytics, Threat Visibility) CAPTURE Advanced Threat Protection Cloud App Security Email Security NSv and WAF CAPTURE Client Network Security Platforms Cloud & SaaS IoTEmailMobile & EndpointsWi-Fi
  12. 12. AutomatedReal-TimeBreachDetectionand PreventionTechnology DEEP LEARNING ALGORITHM Machine Learning Artifact 1 Artifact 2 Artifact 3 Artifact 4 Data File MS Office PDF Streaming Data Classified Malware RANSOMWARE Locky RANSOMWARE WannaCry TROJAN Spartan UNKNOWN CLOUD CAPTURE SANDBOX Hypervisor GoodBad BLOCK until VERDICT SENT Emulation Virtualization BLOCK Analyzed 7.2 billion malware attack attempts from Jan. 19 to Sept. 19 Memory/RTDMI Protecting PDFs, MS Office and Chip-based Processor / Memory Network Security Appliances Wi-Fi Cloud & SaaS Email IoT Endpoints
  13. 13. Thank You |