For decades, the security profession has relied on the best technology we had at the time to deflect the onslaught of what we faced daily in the way of virus and malware attacks. Now, as predicted by Thomas Kuhn in his book “The Structure of Scientific Revolutions, we’re seeing the dawn of a new day where AI’s machine learning and advanced mathematical algorithms now offer validated deflection rates, pre-execution, in the realm of 99%. This session will explore this new paradigm and how it will impact our future. Main points covered: • How did our profession change in the world of reactive detection? • How to escape the inertia that held us, prisoners? • What is the power of AI and machine learning? • What are the risks of this new technology? Presenter: Our presenter for this webinar, John McClurg serves as Vice President and Ambassador-At-Large of Cylance, where he is responsible for building Security and Trust programs & operational excellence efforts. Prior to Cylance, he served as the CSO of Dell, Honeywell, and Lucent and in the U.S. Intelligence Community, as a twice-decorated member of the Federal Bureau of Investigation (FBI). He also served as a Deputy Branch Chief of CIA where he helped to establish the new Counterespionage Group and was responsible for the management of complex counterespionage investigations. McClurg was voted one of America’s 25 most influential security professionals. Organizer: Ardian Berisha Date: October 25th, 2018 Recorded webinar link:

1. The Future of Security
How Artificial Intelligence Will Impact Us
JOHN E McCLURG | VP & AMBASSADOR-AT-LARGE

2. May you Live in
Interesting Times
“
”

3. The World is Flat
• Cyber / Physical
• Domestic / International
• Public / Private
• Church / State
• Business / Security
Traditional boundaries of interest
grow ever more porous

4. With increasing connectivity comes an increase in the number
of Threat Vectors, Avenues of Attack, open to an adversary.
Internet of Things
Household appliances
Driverless cars
Cameras
Human organs (Brains)
SCADA Systems
Supervisory Control And
Data Acquisition
Monitors and controls critical processes

5. VS
Reactive Detection
“The fence at the top of the cliff or the ambulance at the bottom.”
Proactive Prevention

6. -George Santayana
Those who cannot
remember the past are
condemned to repeat it.
“
”

7. V1 V2
Proactive
Prevention
Reactive Detection
Operation Crossbow
Lesson from the Past –
WWII V-Weapons Defense Strategies

8. Counterterrorism – Lockerbie, Oklahoma City, Unabomber
Pheakers & Hackers – Dark Dante
Counterespionage – Harold “Jim” Nicholson
Corporate Life – “Not If But When”
Elaborate “Defense In Depth” Structures –
Complex, Costly, Reactive: Post-execution
Reaping the Reactive Life
A call for new paradigms

9. Emergence of the Proactively Predictive:
Snowden
US Government Requirement – Viable Trusted Insider Program
Big Data Analytics – AI’s Machine Learning & Mathematical Algorithms
We Had To Do Better

10. “Their Spies!”

11. Reactive Detection
Reactive Detection Versus Prevention
• “Big Data” problem: Early indicators
too numerous and distributed,
across too many repositories
Algorithms
• Software that allows us to pull
data into algorithms that could
be fed from numerous
repositories across diverse
environment
Prevention

12. Security
No longer just the guns, gates,
guards, and geeks of yesterday;
Now a duty owned by all.
No longer a distasteful cost of doing
business; Now an indispensable and
inextricable aspect of advancing it.

13. Wetware: Individual Users
• Spear-phishing draped in “Beguiling Specificity”
“Here’s a picture of your
daughter kicking the winning
goal at last Saturday’s soccer
game!”
CLICK
Malware embedded

14. How well are critical assets identified
Enclaved those assets
Detected the compromise
Contained it
Expelled it
Leverage new insights gained
Only
19%
Detected
Preventing Compromise
Not if, but when…
1
2
3
4
5
6

15. Preventing Compromise
Not if, but when…
90% of All breaches tied to Malware
Detection, Incident Response, Triage,
Damage Mitigation and Remediation

16. -Thomas Kuhn
American Physicist, Historian
and Philosopher of Science
Structure of Scientific Revolutions
Periods of normal science are
interrupted by revolutionary science.
New paradigms to change
the rules of the game, our
standards and our best practices.
“ ”
“
”

17. No more sacrificing at least one
endpoint or employee’s computer
for the greater good—for the
creation of a signature---
NO MORE SACRIFICIAL LAMBS.
NO MORE
Sacrificial Lamb

18. March 2015

19. Res Ipsa Loquitor

20. How it Works
Determine if a file is good or bad
purely on the information contained
in the file replicated on a sustainable
massive scale.
Prediction based on properties
learned from earlier data to
differentiate malicious files
from safe ones.
Patterns have emerged of how specific
files are constructed.
Humans are simply incapable
99.7% Effective

21. Proactively Predictive: AI’s Machine Learning
ML is a type of artificial intelligence (AI)
that provides computers with the
ability to learn–without being explicitly
programmed, without the assistance
or intervention of humans.
AI provides the opportunity to develop
pre-execution, malware prevention—
more disruptive than anything I’ve
seen in the last two decades.
ACCELERATION

22. Industries such as healthcare, insurance, and
high-frequency trading have applied the principals
of AI and machine learning to analyze enormous quantities
of business data and drive autonomous decision making.
Core of the AI-based security approach is capable
of applying highly-tuned algorithmic models to
enormous amounts of data.
An AI or machine learning approach to security will
fundamentally change the way we understand and
control risks not only posed by malicious code but other
challenges such as passwords, access, and authentication.
Security
as a
Science
The Future of Malware Prevention

23. Having mapped the genomic
structure of the files making up the
internet, We make software that
predicts, then blocks
Cyberattacks, on the endpoint,
in real time, using pre-execution
artificial intelligence algorithms.
PROACTIVELY PREDICTIVE

24. https://www.cylance.com/congressional-report-concludes-cylanceprotect-played-a-pivotal-role-in-discovering-
stopping-and-remediating-malware-that-caused-opm-data-breach

25. How Traditional AV Vendors
Crete a single Signature
Cloud
Threat DB
t3
Human Malware
Researchers
and Automation
t2
Triage
and Classify
t1
Collect
Samples
t0
t7
Deploy
Signature
t6
Test
Signature File
t5
Security
Admin Updates
t4
Signature File
All Known
Malware
New Malware
(Last 24 Hours)
Zero-Day
Malware

26. Well…It’s Groundhog Day again?!

27. THE Groundhog
is Dead!
Battling the entrenched security paradigm of the last two decades

28. Infused new life into
the profession
Artificial intelligence redefines
and strengthens the cyber
security community
Machine learning will not lose
efficacy over time even as
attackers alter strategies
Proactively Predictive:
AI’s Machine Learning

29. • Test threw the worst of 2016, 2017, & 2018 malware
at a 2015 Version of the Cylance Math Model.
• Result: An End-user would have been protected
even if they hadn’t updated their math model
for over two years.
• As much as 33 months, but on average a
predictive advantage (PA) of 25 months.
Minority Report: From Fiction To Reality

30. The dawn of a new age!
A Paradigm Shift…Galileo Lives Again!
“Prove for one’s self.”

31. Elon MuskStephen HawkingBill Gates

32. May you Live in Interesting Times
- A New Paradigm Benediction
“ ”

33. ISO/IEC 27032
Training Courses
• ISO/IEC 27001 Introduction
1 Day Course
• ISO/IEC 27001 Foundation
2 Days Course
• ISO/IEC 27001 Lead Implementer
5 Days Course
• ISO/IEC 27001 Lead Auditor
5 Days Course
Exam and certification fees are included in the training price.
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
www.pecb.com/events

34. THANK YOU
?
jmcclurg@cylance.com
www.cylance.com
https://www.linkedin.com/in/john-mcclurg-9697a52b/