Can Machine Learning help organization improve Data Security? Are there limitations to Machine Learning? What about ML for Advanced Persistent Threats?
4. YES. BUT HOW SO?
Models based on Machine Learning are more robust.
• Machine Learning has become more proactive defense against
malware
• Most threats are file-based. Machine Learning Models are designed
for static analysis. ML integrated into protection layer of file
scanning is a proactive solution.
• In the past Signature based Threat Detection was to bypass with
some minor changes
• It gives bad guy’s headaches.
7. LIMITATION #1 – TECHNOLOGY
ITSELF
Balance of three dimensions: Detection Rate, Number of False
Positives, Performance Impact
1. NUMBER OF FALSE POSITIVES
• If you make algorithms too generic, they will be prone to False Positives
• IF you restrict them, they will cause False Negatives
2. DETECTION RATE
• Tuning becomes important
• This technology has to be backed up by other technologies such as
Whitelisting or other detection methods
3. PERFORMANCE IMPACT
• If you have to be proactive, then you have to use complex models
• Complex models will have lead for performance impact
8. LIMITATION #2 – TYPE OF ATTACKS
THAT A PROTECION LAYER CAN
HANDLE
• Some bypass the protection layer of file scanning
• You need models for example that scan memory pages, ones
that can intercept the vulnerabilities that are being exploited
10. USE OF ML IN APT
• Advanced Persistent Threats are more discrete
• Guy’s in such an attack have more knowledge about their
victims
• Know what security solution is in the enterprise’s network
• They will never send a file that can be detected by security solution
• If a security solution has multiple layers of protection, ex. One
based on Dynamic Behavior, Correlating Events from Company’s
network
12. PURPOSE OF MACHINE LEARNING
• Machine Learning is a
Detection Tool
• Machine Learning
cannot be a protection
layer by itself
• Machine Learning can
augment the value of
protection layer
13. CRITERIA TO EVALUATE SECURITY
SOLUTIONS
1. What are the protection layers?
2. Are there Spam Filters, and Anti-
Phishing Filters?
3. Is there a Protection layer designed
for File Scanning or Memory Page
Scanning?
4. Are there techniques in the solution
built on Dynamic Behaviors, and
Network Anomalies?
5. Is Machine Learning being used in
any of the layers?
All of these have to work together to
protect against different types of threats
14. ATTACKS ARE GETTING MORE
SOPHISTICATED
• Distributed Denial of Service (DDoS)
• Ransomware Attacks
• Insiders
• Somebody pretending to be insiders
• BYOD leads you to new challenges
• Outsource Tier-1 and Tier-2 Engagements??
• Information Assurance
20. SORTING A KICK OFF
SORTING B STARTS
40 HOURS A WEEK
EXTENDED A+B TOGETHER ALL
THE WAY UNTIL THE END OF A
A FINISHED, B
CONTINUES
UNTIL THE END
09/25/17 10/30/17 11/06/17 01/24/17
21. FUNDING OPTIONS
• Skills.fund - https://divergence.skills.fund. 36 or 60 month
loans. Living Expenses of $1500/month for three months also
available for out-of-state students.
• Workforce Innovation Opportunity Act (WIOA) funds
• Divergence Academy Tuition Installment (TADS) - 9 month
installment – 50% in the first 4 months, rest in 5 months.