Cognitive Security - Corporate Introduction ('12)1. Gabriel Dusil
VP, Global Sales & Marketing
www.facebook.com/gdusil
cz.linkedin.com/in/gabrieldusil
gdusil.wordpress.com
dusilg@gmail.com
2. Origins
Research began in 2006
Company established in 2009
Funded by U.S. Army, Navy & Air Force
Experts in Network Behavior Analysis
Mission
Providing detailed intelligence to detect
modern sophisticated network attacks
Headquarters Security
Prague, Czech Republic & Silicon Valley, CA Innovation
Experts in Network Behavior Analysis
Page 2, www.cognitive-security.com
© 2012, gdusil.wordpress.com
3. Point of Entry Compromise Compromise Discovery
50% attacks take days to 70% of victims allow a breach to
months of reconnaissance for a persist for weeks to months before
successful breach detecting a compromise
Experts in Network Behavior Analysis
Page 3, www.cognitive-security.com
Verizon – ‘11 Data Breach Investigations Report © 2012, gdusil.wordpress.com
4. • Managed Security Services
• Security Monitoring & Management
• Network Behavior Analysis
• Anomaly Detection
• Web Security, Content Filtering • SIEM
• Web-Application Firewalls • IDS & IPS
• Vulnerability Management • IAM
• Firewalls • Email Security
• Anti-Virus • VPN (SSL & IPsec)
SIEM = Security Information & Event Management)
IDS & IPS = Intrusion Detection & Prevention System
AAA = Authentication, Authorization, & Accounting Experts in Network Behavior Analysis
IAM = Identity & Access Management Page 4, www.cognitive-security.com
VPN = Virtual Private Network, SSL = Secure Sockets Layer © 2012, gdusil.wordpress.com
5. Security as a Service
Network APT, Zero-Day, Exploit Kits
Behavior & Polymorphic malware…
Analysis
Attack Patterns
IDS & IPS malware, etc.
Web Security
email Security Filtering, XXS
SQL Inj., etc.
Firewall
Virus,
Trojans,
Network Behavior Analysis Span, etc.
Cost effective Expert Security for Footprint
enterprises, telcos & governments reduction,
Important security layer & a higher scripts, etc.
wall for modern-day protection
Experts in Network Behavior Analysis
Page 5, www.cognitive-security.com
© 2012, gdusil.wordpress.com
6. Experts in Network Behavior Analysis
Page 6, www.cognitive-security.com
© 2012, gdusil.wordpress.com
7. Cost Effective & Robust
Network Behavior Analysis for
Cognitive Analyst
Enterprise
High Throughput Traffic
Volumes
- Telco, Mobile, ISP & NSP
High Resolution & Attack
sensitivity
- custom for Governments
Experts in Network Behavior Analysis
Page 7, www.cognitive-security.com
© 2012, gdusil.wordpress.com
8. Monitoring Awareness,
Employees,
Corporate Governance 4% Patching,
7%
Device or Network Misconfig 21% IAM, 11%
Restricted Apps, Policy Violations Log Anal., 8%
Audits, 8%
Irregular Behavior & Misuse Vulnerability
Analysis, 10%
Malware
Analysis, 14%
Diagnostics Support Incident
Response,
Vulnerability & Pen-testing 12%
Threat
Research,
Forensics Analysis 8%
Incident & Response
Responsibilities of a
Security Administrator
Advanced Cyber-Attacks
Trojans, Botnets, C2 & Exploit Kits Modern Sophisticated Attacks
Spyware & Info leaks Advanced Persistent Threats
Brute Force & Insider Attacks
Reconnaissance & Sabotage
Denial of Service (DoS)
Polymorphic Malware Zero-Day Attacks
Experts in Network Behavior Analysis
Page 8, www.cognitive-security.com
Information Week - Strategic Security Survey '11 © 2012, gdusil.wordpress.com
9. Experts in Network Behavior Analysis
Page 9, www.cognitive-security.com
© 2012, gdusil.wordpress.com
10. Experts in Network Behavior Analysis
Page 10, www.cognitive-security.com
© 2012, gdusil.wordpress.com
11. Experts in Network Behavior Analysis
Page 11, www.cognitive-security.com
© 2012, gdusil.wordpress.com
12. Heavy DNS
Use &
Sophisticated
Unclassified Scans Periodic
Behavior - Polling
Unexpected - Command
Anomaly & Control
Peer 2 Peer Unexpected
Network new service
Behavior or Outlier
Outbound Client
Encrypted
sessions
(eg. SSH)
Experts in Network Behavior Analysis
Page 12, www.cognitive-security.com
© 2012, gdusil.wordpress.com
13. No Signatures! Artificial Intelligence
No Signature limitations Strength of 8 Detection Algorithms
Attackers will exploit: • Highly Accurate Attack detection
• Delays in writing signatures Peer-Reviewed Algorithms
• Delay to install new signatures • Tested by the scientific community
• Clients ignoring updates due to
resource constraints Long-Duration Trust Modeling
• Analyzing current behavior against
past assessments
Unique Self-configuration
• Challenge Agents ensures system
is operational
Hacker Circumvention Resistance
• Game Theory optimization ensures
system behavior is not predicable
State-of-the-art Auto-Tuning
Cost Competitive • Minimal deployment resources
Cost effective Expert Security needed
Experts in Network Behavior Analysis
Page 13, www.cognitive-security.com
© 2012, gdusil.wordpress.com
14. Experts in Network Behavior Analysis
Page 14, www.cognitive-security.com
© 2012, gdusil.wordpress.com
15. Experts in Network Behavior Analysis
Page 15, www.cognitive-security.com
© 2012, gdusil.wordpress.com
16. Cognitive Analyst classifies
trustfulness of data,
then
is separated
from
Then further separated into…
assessed
into over event
categories,
& into severity levels
which can not be
immediately classified
Experts in Network Behavior Analysis
Page 16, www.cognitive-security.com
© 2012, gdusil.wordpress.com
17. Comparing Near real-time data
to the past
Severity 8 Historical threat data is
incorporated to detect
sophisticated attacks
Unclassified
Using the most sophisticated
Normal self-learning techniques in the
Security Industry today
Using 8 independent
Anomaly Detection Algorithms
Aggregating multiple threat
sources into clusters
Experts in Network Behavior Analysis
Page 17, www.cognitive-security.com
© 2012, gdusil.wordpress.com
18. Al1 → 0.7
TM1 → 0.5
Al2 → 0.2
Al3 → 0.9
Network Traffic
TM2 → 0.7
Al4 → 0.4
CTS→ 0.7
Al5→ 0.3
TM3 → 0.4 Cognitive
Al6 → 0.2 Trust
Score
Al7 → 0.4
TM4 → 0.6 .
.
Al8 → 0.5 .
Detection Trust Knowledge
Algorithms Modeling Fusion Unclassified
Behavior
Trustfulness Event Severity
Assessment Generation Assignment
Layer Layer Layer
Experts in Network Behavior Analysis
Page 18, www.cognitive-security.com
CTS = Cognitive Trust Score © 2012, gdusil.wordpress.com
19. (hh:mm) Start
System
connected to Self-Initialization
network data
source 2 Algorithms
3 Algorithms all Algorithms Knowledge
Online Fusion - active
Self-Configuration
Self-Optimization
Artificial Intelligence
• Continually tunes to the client’s
environment
• Highly accurate by combining Scalable Architecture
several advanced algorithms • Decentralized & Distributed
Auto-Learning Engine • Parallel Processing for attack
• Self-Optimizing detection in high speed networks
Experts in Network Behavior Analysis
Page 19, www.cognitive-security.com
© 2012, gdusil.wordpress.com
20. Experts in Network Behavior Analysis
Page 20, www.cognitive-security.com
© 2012, gdusil.wordpress.com
21. Pharma Chemical Mobile Defence
Defence Energy, Oil&Gas ISP & NSP Intelligence
Finance Manufacturing Hosting Utilities
Downtime Sabotage Tarnished Image Lost Productivity Terrorism
Theft of Corporate Secrets Fraud Government Sponsored Attacks
Detecting Modern Sophisticated Attacks Attack Forensics
Advanced Threat Diagnostics Security Monitoring Services
Behavior Monitoring Bronze Silver Gold Platinum
Expert Services Consulting Training Forensics
R&D Software Development Research
Cognitive1 Cognitive10 CognitiveExpert
Distribution Appliance VM or ISO Image Software
Experts in Network Behavior Analysis
Page 21, www.cognitive-security.com
© 2012, gdusil.wordpress.com
22. Experts in Network Behavior Analysis
Page 22, www.cognitive-security.com
© 2012, gdusil.wordpress.com
23. Security Innovation Product Reliability
Delivering Forward-thinking 5th Generation Network Behavior
Security Solutions Analysis platform
Thought Leadership
Privacy Concerns
R&D Expertise Data anonymity is maintained
Cost-effective Research &
Development resources
Quick development turn-around
Flexible integration with OEMs,
MSSPs, & device manufacturers
Intuitive Management Interface
Easy-to-Use Dashboard
Granular attack detection analysis
Experts in Network Behavior Analysis
Page 23, www.cognitive-security.com
© 2012, gdusil.wordpress.com
25. Experts in Network Behavior Analysis
Page 25, www.cognitive-security.com
© 2012, gdusil.wordpress.com
26. • Corporate leaders face complex challenges in balancing security
spending against the evolving risks that internet commerce
presents. This has resulted in new and advanced levels of
protection needed to facilitate these strategic objectives. Expert
Security addresses the need to implement more robust and cost
effective levels of expertise, and also helps to bridge the gap to
higher, and more expensive - and often culturally adverse -
outsourced solutions. As companies expand, their need for
additional layers of protection it is paramount to ensure asset
protection. Network Behavior Analysis are the building blocks of
Expert Security, and offers a viable solution to modern
sophisticated cyber-attacks. This presentation was prepared to
outline our corporate overview and market positioning of
Cognitive Security.
Experts in Network Behavior Analysis
Page 26, www.cognitive-security.com
© 2012, gdusil.wordpress.com
27. Network Behavior Analysis, NBA, Cyber Attacks, Forensics Analysis,
Normal vs. Abnormal Behavior, Anomaly Detection, NetFlow, Incident
Response, Security as a Service, SaaS, Managed Security Services,
MSS, Monitoring & Management, Advanced Persistent Threats, APT,
Zero-Day attacks, Zero Day attacks, polymorphic malware, Modern
Sophisticated Attacks, MSA, Non-Signature Detection, Artificial
Intelligence, A.I., AI, Security Innovation, Mobile security, Cognitive
Security, Cognitive Analyst, Forensics analysis
Experts in Network Behavior Analysis
Page 27, www.cognitive-security.com
© 2012, gdusil.wordpress.com