This document discusses the dangers of using algorithms in cybersecurity. It makes three key points:
1) Algorithms make assumptions about the data that may not always be valid, and they do not take important domain knowledge into account.
2) Throwing algorithms at security problems without proper understanding of the data and algorithms can be dangerous and lead to failures.
3) A Bayesian belief network approach that incorporates domain expertise may be better suited for security tasks than purely algorithmic approaches. It allows modeling relationships between different factors and computing probabilities.
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't ChangedRaffael Marty
We are writing the year 2017. Cyber security has been a discipline for many years and thousands of security companies are offering solutions to deter and block malicious actors in order to keep our businesses operating and our data confidential. But fundamentally, cyber security has not changed during the last two decades. We are still running Snort and Bro. Firewalls are fundamentally still the same. People get hacked for their poor passwords and we collect logs that we don't know what to do with. In this talk I will paint a slightly provocative and dark picture of security. Fundamentally, nothing has really changed. We'll have a look at machine learning and artificial intelligence and see how those techniques are used today. Do they have the potential to change anything? How will the future look with those technologies? I will show some practical examples of machine learning and motivate that simpler approaches generally win. Maybe we find some hope in visualization? Or maybe Augmented reality? We still have a ways to go.
“AI is the new electricity” proclaims Andrew Ng, co-founder of Google Brain. Just as we need to know how to safely harness electricity, we also need to know how to securely employ AI to power our businesses. In some scenarios, the security of AI systems can impact human safety. On the flip side, AI can also be misused by cyber-adversaries and so we need to understand how to counter them.
This talk will provide food for thought in 3 areas:
Security of AI systems
Use of AI in cybersecurity
Malicious use of AI
"Cyberhunting" actively looks for signs of compromise within an organization and seeks to control and minimize the overall damage. These rare, but essential, breed of enterprise cyber defenders give proactive security a whole new meaning.
Check out the accompanying webinar: http://www.hosting.com/resources/webinars/?commid=228353
How Machine Learning & AI Will Improve Cyber SecurityDevOps.com
Machine Learning (ML) and Artificial Intelligence (AI) have been proclaimed as perhaps the next great leap in human quality of life, as well as a potential reason for our extinction. Somewhere in between lies how ML & AI can potentially improve our Cyber Security efforts. But are ML & AI a true panacea or merely the next shiny trinket for the cyber industry to fixate on? In this webinar we will explore:
How ML & AI are currently being utilized in cyber security efforts.
What is working and what has not worked
What is on the both the short term and near-term horizon for ML &AI
Practical steps you can take now to begin leveraging these technologies to tangibly improve your cyber security posture
Join our panel of industry experts as we explore this brave new frontier in cyber security with a candid look cutting through the hype.
Application Security - Your Success Depends on itWSO2
Traditional information security mainly revolves around network and operating system (OS) level protection. Regardless of the level of security guarding those aspects, the system can be penetrated and the entire deployment can be brought down if your application's security isn't taken into serious consideration. Information security should ideally start at the application level, before network and OS level security is ensured. To achieve this, security needs to be integrated into the application at the software development phase.
In this session, Dulanja will discuss the following:
The importance of application security - why network and OS security is insufficient.
Challenges in securing your application.
Making security part of the development lifecycle.
Threat hunting - Every day is hunting seasonBen Boyd
Breakout Presentation by Ben Boyd during the 2018 Nebraska Cybersecurity Conference.
Introduction to Threat Hunting and helpful steps for building a Threat Hunting Program of any size, from small to massive.
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't ChangedRaffael Marty
We are writing the year 2017. Cyber security has been a discipline for many years and thousands of security companies are offering solutions to deter and block malicious actors in order to keep our businesses operating and our data confidential. But fundamentally, cyber security has not changed during the last two decades. We are still running Snort and Bro. Firewalls are fundamentally still the same. People get hacked for their poor passwords and we collect logs that we don't know what to do with. In this talk I will paint a slightly provocative and dark picture of security. Fundamentally, nothing has really changed. We'll have a look at machine learning and artificial intelligence and see how those techniques are used today. Do they have the potential to change anything? How will the future look with those technologies? I will show some practical examples of machine learning and motivate that simpler approaches generally win. Maybe we find some hope in visualization? Or maybe Augmented reality? We still have a ways to go.
“AI is the new electricity” proclaims Andrew Ng, co-founder of Google Brain. Just as we need to know how to safely harness electricity, we also need to know how to securely employ AI to power our businesses. In some scenarios, the security of AI systems can impact human safety. On the flip side, AI can also be misused by cyber-adversaries and so we need to understand how to counter them.
This talk will provide food for thought in 3 areas:
Security of AI systems
Use of AI in cybersecurity
Malicious use of AI
"Cyberhunting" actively looks for signs of compromise within an organization and seeks to control and minimize the overall damage. These rare, but essential, breed of enterprise cyber defenders give proactive security a whole new meaning.
Check out the accompanying webinar: http://www.hosting.com/resources/webinars/?commid=228353
How Machine Learning & AI Will Improve Cyber SecurityDevOps.com
Machine Learning (ML) and Artificial Intelligence (AI) have been proclaimed as perhaps the next great leap in human quality of life, as well as a potential reason for our extinction. Somewhere in between lies how ML & AI can potentially improve our Cyber Security efforts. But are ML & AI a true panacea or merely the next shiny trinket for the cyber industry to fixate on? In this webinar we will explore:
How ML & AI are currently being utilized in cyber security efforts.
What is working and what has not worked
What is on the both the short term and near-term horizon for ML &AI
Practical steps you can take now to begin leveraging these technologies to tangibly improve your cyber security posture
Join our panel of industry experts as we explore this brave new frontier in cyber security with a candid look cutting through the hype.
Application Security - Your Success Depends on itWSO2
Traditional information security mainly revolves around network and operating system (OS) level protection. Regardless of the level of security guarding those aspects, the system can be penetrated and the entire deployment can be brought down if your application's security isn't taken into serious consideration. Information security should ideally start at the application level, before network and OS level security is ensured. To achieve this, security needs to be integrated into the application at the software development phase.
In this session, Dulanja will discuss the following:
The importance of application security - why network and OS security is insufficient.
Challenges in securing your application.
Making security part of the development lifecycle.
Threat hunting - Every day is hunting seasonBen Boyd
Breakout Presentation by Ben Boyd during the 2018 Nebraska Cybersecurity Conference.
Introduction to Threat Hunting and helpful steps for building a Threat Hunting Program of any size, from small to massive.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Every single security company is talking about how they are using machine learning—as a security company you have to claim artificial intelligence to be even part of the conversation. However, this approach can be dangerous when we blindly rely on algorithms to do the right thing. Rather than building systems with actual security knowledge, companies are using algorithms that nobody understands and, in turn, discovering wrong insights.
In this session, we will discuss:
• Limitations of machine learning and issues of explainability
• Where deep learning should never be applied
• Examples of how the blind application of algorithms can lead to wrong results
For Reference watch my YouTube Video - https://youtu.be/NqvNFwa0hQc
Hey Everyone!
This is my complete talk in a virtual conference for cybersecurity researchers that has been hosted by Bsides Maharashtra and thanks to them that they provided me an opportunity to share my thoughts and knowledge with passionate and budding cybersecurity researchers, Hackers, Bug Hunters, and geeks. My talk is all about the detailed explanation of AI in Cyber Security and this should be listened to by every Cyber Sec Person who wants to learn about How AI Can Help In Cyber Security. I have explained the most and every basic to advance information. So do give it a look and understand the concepts and share as much as you can. Thank you Bsides Maharashtra for inviting me. I am happy and excited to be a part of your event.
If you want to invite me for a webinar or conference connect
mail: hello@priyanshuratnakar.com or priyanshuratnakar@protonmail.com
vent details
Date - 25th to 27th November 2020
CTF
Workshop
Speaker session
website - https://bsidesmaharashtra.com/
Security BSides is a community-driven framework for building events by and for information security community members. These events are already happening in major cities all over the world! We are responsible for organizing an independent BSides approved event for Delhi, India. We’re a volunteer organized event (we have no paid staff), and we truly strive to keep information accessible for everyone.
The idea behind the Security BSides Delhi is to organize an Information Security gathering where professionals, experts, researchers, and InfoSec enthusiasts come together to discuss. It creates opportunities for individuals to both presents and participates in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.
Feel free to use the slide but give credit somewhere :)
Link to Youtube video: https://youtu.be/OJMqMWnxlT8
You can contact me at abhimanyu.bhogwan@gmail.com
My linkdin id : https://www.linkedin.com/in/abhimanyu-bhogwan-cissp-ctprp-98978437/
Threat Modeling(system+ enterprise)
What is Threat Modeling?
Why do we need Threat Modeling?
6 Most Common Threat Modeling Misconceptions
Threat Modelling Overview
6 important components of a DevSecOps approach
DevSecOps Security Best Practices
Threat Modeling Approaches
Threat Modeling Methodologies for IT Purposes
STRIDE
Threat Modelling Detailed Flow
System Characterization
Create an Architecture Overview
Decomposing your Application
Decomposing DFD’s and Threat-Element Relationship
Identify possible attack scenarios mapped to S.T.R.I.D.E. model
Identifying Security Controls
Identify possible threats
Report to Developers and Security team
DREAD Scoring
My Opinion on implementing Threat Modeling at enterprise level
How to Hunt for Lateral Movement on Your NetworkSqrrl
Once inside your network, most cyber-attacks go sideways. They progressively move deeper into the network, laterally compromising other systems as they search for key assets and data. Would you spot this lateral movement on your enterprise network?
In this training session, we review the various techniques attackers use to spread through a network, which data sets you can use to reliably find them, and how data science techniques can be used to help automate the detection of lateral movement.
“AI techniques in cyber-security applications”. Flammini lnu susec19Francesco Flammini
▪ “AI techniques in cyber-security applications”. Invited speech at “Sunetdagarna våren 2019” (conference of the association of Swedish universities), April 1-4 2019, Växjö, Sweden.
Combating Cyber Security Using Artificial IntelligenceInderjeet Singh
Cyber Security & Data Protection India Summit 2018 aims to convene the best minds in Cybersecurity under one roof to create an interactive milieu for exchange of knowledge and ideas. The event will endeavour to address the emerging and continuing threats to Cybersecurity and its changing landscape, as well as respond to increasing risk of security breaches and security governance, application security, cloud based security, Network, Mobile and endpoint security and other cyber risks in the India and abroad.
I was invited to present a talk on "Artificial Intelligence for Cyber Security" for #GirlsInAIHack2021 by #TeenInAIFiji. It was my honor to be there and share my words with the participants and I wish all the participants the best wishes.
Girls from 25 counties aged 12-18 had participated in this Hackathon. They were using Hot Technologies like AI and ML to fight world problems to make good. The event was started on #InternationalWomensDay2021. Total of 1000 participations
500+ Mentors & Organizers
120+ International Speakers were part of it
You can watch it here - https://youtu.be/rhWyt68yuI0
If you want to invite me for a webinar or conference connect
mail: hello@priyanshuratnakar.com or priyanshuratnakar@protonmail.com
You can use the slides but give credit somewhere
Building a Next-Generation Security Operations Center (SOC)Sqrrl
So, you need to build a Security Operations Center (SOC)? What does that mean? What does the modern SOC need to do? Learn from Dr. Terry Brugger, who has been doing information security work for over 15 years, including building out a SOC for a large Federal agency and consulting for numerous large enterprises on their security operations.
Watch the presentation with audio here: http://info.sqrrl.com/sqrrl-october-webinar-next-generation-soc
Threat hunting foundations: People, process and technology.pptxInfosec
Ever wonder what threat hunting is all about? Join Infosec Principal Security Researcher Keatron Evans as he breaks down the basics of what it’s like to have a career hunting down potential cyber threats.
Join us on for an inside look at a day in the life of a threat hunter, including:
Why threat hunters are more critical today than ever before
Knowledge and skills needed to drive threat hunting success
Live demos of essential threat hunting skills and tools used to detect and mitigate adversarial behavior
One lucky attendee will win a free year of Infosec Skills. Complete the form to save your seat!
P.S. Want to go even deeper into threat hunting? Don’t miss our advanced threat hunting session on June 28, Join the hunt: Threat hunting for proactive cyber defense.
A technical seminar delivered on Machine learning in cybersecurity. Machine learning is trending and desired subject this presentation demonstrates how machine learning can be used to protect IT infrastructure
DataWorks 2018: How Big Data and AI Saved the DayInterset
In this presentation titled "How Big Data and AI Saved the Day: Critical IP Almost Walked Out the Door," Interset Field Data Scientist Roy Wilds discussed real-world examples of how businesses can expand their threat analysis using security analytics powered by artificial intelligence in a big data environment. This was presented at DataWorks Summit 2018.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Every single security company is talking about how they are using machine learning—as a security company you have to claim artificial intelligence to be even part of the conversation. However, this approach can be dangerous when we blindly rely on algorithms to do the right thing. Rather than building systems with actual security knowledge, companies are using algorithms that nobody understands and, in turn, discovering wrong insights.
In this session, we will discuss:
• Limitations of machine learning and issues of explainability
• Where deep learning should never be applied
• Examples of how the blind application of algorithms can lead to wrong results
For Reference watch my YouTube Video - https://youtu.be/NqvNFwa0hQc
Hey Everyone!
This is my complete talk in a virtual conference for cybersecurity researchers that has been hosted by Bsides Maharashtra and thanks to them that they provided me an opportunity to share my thoughts and knowledge with passionate and budding cybersecurity researchers, Hackers, Bug Hunters, and geeks. My talk is all about the detailed explanation of AI in Cyber Security and this should be listened to by every Cyber Sec Person who wants to learn about How AI Can Help In Cyber Security. I have explained the most and every basic to advance information. So do give it a look and understand the concepts and share as much as you can. Thank you Bsides Maharashtra for inviting me. I am happy and excited to be a part of your event.
If you want to invite me for a webinar or conference connect
mail: hello@priyanshuratnakar.com or priyanshuratnakar@protonmail.com
vent details
Date - 25th to 27th November 2020
CTF
Workshop
Speaker session
website - https://bsidesmaharashtra.com/
Security BSides is a community-driven framework for building events by and for information security community members. These events are already happening in major cities all over the world! We are responsible for organizing an independent BSides approved event for Delhi, India. We’re a volunteer organized event (we have no paid staff), and we truly strive to keep information accessible for everyone.
The idea behind the Security BSides Delhi is to organize an Information Security gathering where professionals, experts, researchers, and InfoSec enthusiasts come together to discuss. It creates opportunities for individuals to both presents and participates in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.
Feel free to use the slide but give credit somewhere :)
Link to Youtube video: https://youtu.be/OJMqMWnxlT8
You can contact me at abhimanyu.bhogwan@gmail.com
My linkdin id : https://www.linkedin.com/in/abhimanyu-bhogwan-cissp-ctprp-98978437/
Threat Modeling(system+ enterprise)
What is Threat Modeling?
Why do we need Threat Modeling?
6 Most Common Threat Modeling Misconceptions
Threat Modelling Overview
6 important components of a DevSecOps approach
DevSecOps Security Best Practices
Threat Modeling Approaches
Threat Modeling Methodologies for IT Purposes
STRIDE
Threat Modelling Detailed Flow
System Characterization
Create an Architecture Overview
Decomposing your Application
Decomposing DFD’s and Threat-Element Relationship
Identify possible attack scenarios mapped to S.T.R.I.D.E. model
Identifying Security Controls
Identify possible threats
Report to Developers and Security team
DREAD Scoring
My Opinion on implementing Threat Modeling at enterprise level
How to Hunt for Lateral Movement on Your NetworkSqrrl
Once inside your network, most cyber-attacks go sideways. They progressively move deeper into the network, laterally compromising other systems as they search for key assets and data. Would you spot this lateral movement on your enterprise network?
In this training session, we review the various techniques attackers use to spread through a network, which data sets you can use to reliably find them, and how data science techniques can be used to help automate the detection of lateral movement.
“AI techniques in cyber-security applications”. Flammini lnu susec19Francesco Flammini
▪ “AI techniques in cyber-security applications”. Invited speech at “Sunetdagarna våren 2019” (conference of the association of Swedish universities), April 1-4 2019, Växjö, Sweden.
Combating Cyber Security Using Artificial IntelligenceInderjeet Singh
Cyber Security & Data Protection India Summit 2018 aims to convene the best minds in Cybersecurity under one roof to create an interactive milieu for exchange of knowledge and ideas. The event will endeavour to address the emerging and continuing threats to Cybersecurity and its changing landscape, as well as respond to increasing risk of security breaches and security governance, application security, cloud based security, Network, Mobile and endpoint security and other cyber risks in the India and abroad.
I was invited to present a talk on "Artificial Intelligence for Cyber Security" for #GirlsInAIHack2021 by #TeenInAIFiji. It was my honor to be there and share my words with the participants and I wish all the participants the best wishes.
Girls from 25 counties aged 12-18 had participated in this Hackathon. They were using Hot Technologies like AI and ML to fight world problems to make good. The event was started on #InternationalWomensDay2021. Total of 1000 participations
500+ Mentors & Organizers
120+ International Speakers were part of it
You can watch it here - https://youtu.be/rhWyt68yuI0
If you want to invite me for a webinar or conference connect
mail: hello@priyanshuratnakar.com or priyanshuratnakar@protonmail.com
You can use the slides but give credit somewhere
Building a Next-Generation Security Operations Center (SOC)Sqrrl
So, you need to build a Security Operations Center (SOC)? What does that mean? What does the modern SOC need to do? Learn from Dr. Terry Brugger, who has been doing information security work for over 15 years, including building out a SOC for a large Federal agency and consulting for numerous large enterprises on their security operations.
Watch the presentation with audio here: http://info.sqrrl.com/sqrrl-october-webinar-next-generation-soc
Threat hunting foundations: People, process and technology.pptxInfosec
Ever wonder what threat hunting is all about? Join Infosec Principal Security Researcher Keatron Evans as he breaks down the basics of what it’s like to have a career hunting down potential cyber threats.
Join us on for an inside look at a day in the life of a threat hunter, including:
Why threat hunters are more critical today than ever before
Knowledge and skills needed to drive threat hunting success
Live demos of essential threat hunting skills and tools used to detect and mitigate adversarial behavior
One lucky attendee will win a free year of Infosec Skills. Complete the form to save your seat!
P.S. Want to go even deeper into threat hunting? Don’t miss our advanced threat hunting session on June 28, Join the hunt: Threat hunting for proactive cyber defense.
A technical seminar delivered on Machine learning in cybersecurity. Machine learning is trending and desired subject this presentation demonstrates how machine learning can be used to protect IT infrastructure
DataWorks 2018: How Big Data and AI Saved the DayInterset
In this presentation titled "How Big Data and AI Saved the Day: Critical IP Almost Walked Out the Door," Interset Field Data Scientist Roy Wilds discussed real-world examples of how businesses can expand their threat analysis using security analytics powered by artificial intelligence in a big data environment. This was presented at DataWorks Summit 2018.
[Webinar] Supercharging Security with Behavioral AnalyticsInterset
In this presentation, special guest Joseph Blankenship, principal analyst at Forrester, joined Interset CTO Stephan Jou and Security Strategist Paul Reid for a discussion on how to practically and effectively boost the IQ of your security arsenal with behavioral analytics so you can find threats faster than ever.
Learn more at Interset.AI
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...Interset
At IANS Forum Seattle, Interset Director of Field Ops, Jay Lillie, took a close look at how user and entity behavioral analytics (UEBA) can help to identify insider threats before data is stolen. To learn more, contact Interset at securityai@interset.com.
90 % av alla dataintrång fokuserar på data i databaser. Det är där ditt företags känsliga och åtråvärda information finns. I 38 % av dessa intrång tar det minuter att få ut känsligt data, samtidigt som det för hälften av intrången tar månader eller mer innan de upptäcks. Dave Valovcin, från IBM WW Guardium Sales, berättar om hur du kan skydda din känsliga data.
Privacy preserving computing and secure multi-party computation ISACA AtlantaUlf Mattsson
A major challenge that many organizations faces, is how to address data privacy regulations such as CCPA, GDPR and other emerging regulations around the world, including data residency controls as well as enable data sharing in a secure and private fashion. We will present solutions that can reduce and remove the legal, risk and compliance processes normally associated with data sharing projects by allowing organizations to collaborate across divisions, with other organizations and across jurisdictions where data cannot be relocated or shared.
We will discuss secure multi-party computation where organizations want to securely share sensitive data without revealing their private inputs. We will review solutions that are driving faster time to insight by the use of different techniques for privacy-preserving computing including homomorphic encryption, k-anonymity and differential privacy. We will present best practices and how to control privacy and security throughout the data life cycle. We will also review industry standards, implementations, policy management and case studies for hybrid cloud and on-premises.
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftOSIsoft, LLC
As the need for facility equipment and asset data grows, serious cybersecurity risk are revealed, including inadequate security architecture, lack of process and controls the use of contractors and vendors. We need to be able to to identify risks and develop mitigation strategy. This presentation will provide insights, answers and tips. It will identify the value of IT/OT integration in solving facilities cybersecurity threats.
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
A presentation given in April 2019 in London during ICS Cyber Security Conference. I discuss an anonymized investigation conducted by our team to identify a real malware infection on a production network, the tools and techniques used to contain this threat and how to use threat intelligence and visibility to stay ahead of cyber adversaries.
Asset visibility and network baselining
Continuous network monitoring
Threat intelligence ingestion
Thorough incident response plans
Protecting data privacy in analytics and machine learning ISACA London UKUlf Mattsson
ISACA London Chapter webinar, Feb 16th 2021
Topic: “Protecting Data Privacy in Analytics and Machine Learning”
Abstract:
In this session, we will discuss a range of new emerging technologies for privacy and confidentiality in machine learning and data analytics. We will discuss how to put these technologies to work for databases and other data sources.
When we think about developing AI responsibly, there’s many different activities that we need to think about.
This session also discusses international standards and emerging privacy-enhanced computation techniques, secure multiparty computation, zero trust, cloud and trusted execution environments. We will discuss the “why, what, and how” of techniques for privacy preserving computing.
We will review how different industries are taking opportunity of these privacy preserving techniques. A retail company used secure multi-party computation to be able to respect user privacy and specific regulations and allow the retailer to gain insights while protecting the organization’s IP. Secure data-sharing is used by a healthcare organization to protect the privacy of individuals and they also store and search on encrypted medical data in cloud.
We will also review the benefits of secure data-sharing for financial institutions including a large bank that wanted to broaden access to its data lake without compromising data privacy but preserving the data’s analytical quality for machine learning purposes.
Saama Presents Is your Big Data Solution Ready for StreamingSaama
Amit Gulwadi and Karim Damji presented at Panagora's IoT in Clinical Trials Summit in Boston in November 2018. Using the right analytic solution that can incorporate your unstructured IoT data provides tremendous benefits including faster time to commercialization and better business and patient outcomes.
Smart Data Webinar: Machine Learning UpdateDATAVERSITY
Machine Learning (ML) approaches and their supporting technologies can generally be classified as Supervised vs Unsupervised, and within those categories as General or Deep Learning (with Reinforcement Learning as a special case within Supervised Learning). The approaches may be based on biological models or statistical models, or hybrids. As demand for machine learning functionality in consumer and enterprise applications increases, it becomes important to have a framework for comparing ML products and services.
This webinar will present an overview of the machine learning landscape, from platform providers to point solutions in each major ML category, and help participants understand their options for experimentation and deployment of ML-based applications.
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...Mark Underwood
What happens when the (Observe) Plan-Do-Check-Adjust cycle is undermined by lapses in data integrity? Observations are questioned. Plans may be ill-conceived. Actions may be undertaken that undermine rather than enhance. “Checks” can fail. Adjustments may be guesswork. In cybersecurity, the results of poor data integrity can be expensive outages, ransom requests, breaches, fines -- even bankruptcy (think Cambridge Analytica). But data integrity issues take many forms, ranging from benign to malicious. The full range of these issues is surveyed from a cybersecurity perspective, where logs and alerts are critical for defenders -- as well as quality engineers . Techniques borrowed from model-based systems engineering and ontology AI to are identified that can mitigate these deleterious effects on PDCA.
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...Interset
At IANS Forum NYC 2018, Interset Technology Architect Bob Patten discussed how companies can operationalize security analytics with Interset's threat detection platform, which distills billions of events into a handful of prioritized threat leads through unsupervised machine learning and an open source, big data architecture.
Who is the next target proactive approaches to data securityUlf Mattsson
The landscape of threats to sensitive data is changing. New technologies bring with them new vulnerabilities, and organizations like Target are failing to react properly to the shifts around them. What's needed is an approach equal to the persistent, advanced attacks companies face every day. The sooner we start adopting the same proactive thinking hackers are using to get at our data, the better we will be able to protect it.
Similar to AI & ML in Cyber Security - Why Algorithms are Dangerous (20)
How to protect, detect, and respond to your threats.
This is an MSP centric talk exploring how to detect, protect, and respond to cyber security threats. We first walk through the cyber defense matrix, explore what security intelligence needs to be and emphasize the concepts with two case studies of BlackCat.
Extended Detection and Response (XDR)An Overhyped Product Category With Ulti...Raffael Marty
Extended Detection and Response, or XDR for short, is one of the acronyms that are increasingly used by cybersecurity vendors to explain their approach to solving the cyber security problem. We have been spending trillions of dollars on approaches to secure our systems and data, with what success? Cybersecurity is still one of the biggest and most challenging areas that companies, small and large, are dealing with. XDR is another approach driven by security vendors to solve this problem. The challenge is that every vendor defines XDR slightly differently and makes it fit their own “challenge du jour” for marketing and selling their products.
In this presentation we will demystify the XDR acronym and put a working model behind it. Together, we will explore why XDR is a fabulous concept, but also discover that it’s nothing revolutionarily new. With an MSP lens, we will explore what the XDR benefits are for small and medium businesses and what it means to the security strategy of both MSPs and their clients. The audience will leave with a clear understanding of what XDR is, how the technology matters to them, and how XDR will ultimately help them secure their customers and enable trusted commerce.
Blog Post: http://raffy.ch/blog. - Video: https://youtu.be/nk5uz0VZrxM
In this video we talk about the world of security data or log data. In the first section, we dive into a bit of a history lesson around log management, SIEM, and big data in security. We then shift to the present to discuss some of the challenges that we face today with managing all of that data and also discuss some of the trends in the security analytics space. In the third section, we focus on the future. What does tomorrow hold in the SIEM / security data space? What are some of the key features we will see and how does this matter to the user of these approaches.
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Raffael Marty
The cyber security industry has spent trillions of dollars to keep external attackers at bay. To what effect? We still don't see an end to the cat and mouse game between attackers and the security industry; zero day attacks, new vulnerabilities, ever increasingly sophisticated attacks, etc. We need a paradigm shift in security. A shift away from traditional threat intelligence and indicators of compromise (IOCs). We need to look at understanding behaviors. Those of devices and those of humans.
What are the security approaches and trends that will make an actual difference in protecting our critical data and intellectual property; not just from external attackers, but also from malicious insiders? We will explore topics from the 'all solving' artificial intelligence to risk-based security. We will look at what is happening within the security industry itself, where startups are putting placing their bets, and how human factors will play an increasingly important role in security, along with all of the potential challenges that will create.
Artificial Intelligence – Time Bomb or The Promised Land?Raffael Marty
Companies have AI projects. Security products use AI to keep attackers out and insiders at bay. But what is this "AI" that everyone talks about? In this talk we will explore what artificial intelligence in cyber security is, where the limitations and dangers are, and in what areas we should invest more in AI. We will talk about some of the recent failures of AI in security and invite a conversation about how we verify artificially intelligent systems to understand how much trust we can place in them.
Alongside the AI conversation, we will discover that we need to make a shift in our traditional approach to cyber security. We need to augment our reactive approaches of studying adversary behaviors to understanding behaviors of users and machines to inform a risk-driven approach to security that prevents even zero day attacks.
In this presentation I explore the topic of artificial intelligence in cyber security. What is AI and how do we get to real intelligence in a cyber context. I outline some of the dangers of the way we are using algorithms (AI, ML) today and what that leads to. We then explore how we can add real intelligence through export knowledge to the problem of finding attackers and anomalies in our applications and networks.
Presented at AI 4 Cyber in NYC on April 30, 2019
AI & ML in Cyber Security - Why Algorithms Are DangerousRaffael Marty
Every single security company is talking in some way or another about how they are applying machine learning. Companies go out of their way to make sure they mention machine learning and not statistics when they explain how they work. Recently, that's not enough anymore either. As a security company you have to claim artificial intelligence to be even part of the conversation.
Guess what. It's all baloney. We have entered a state in cyber security that is, in fact, dangerous. We are blindly relying on algorithms to do the right thing. We are letting deep learning algorithms detect anomalies in our data without having a clue what that algorithm just did. In academia, they call this the lack of explainability and verifiability. But rather than building systems with actual security knowledge, companies are using algorithms that nobody understands and in turn discover wrong insights.
In this talk I will show the limitations of machine learning, outline the issues of explainability, and show where deep learning should never be applied. I will show examples of how the blind application of algorithms (including deep learning) actually leads to wrong results. Algorithms are dangerous. We need to revert back to experts and invest in systems that learn from, and absorb the knowledge, of experts.
Delivering Security Insights with Data Analytics and VisualizationRaffael Marty
It's an interesting exercise to look back to the year 2000 to see how we approached cyber security. We just started to realize that data might be a useful currency, but for the most part, security pursued preventative avenues, such as firewalls, intrusion prevention systems, and anti-virus. With the advent of log management and security incident and event management (SIEM) solutions we started to gather gigabytes of sensor data and correlate data from different sensors to improve on their weaknesses and accelerate their strengths. But fundamentally, such solutions didn't scale that well and struggled to deliver real security insight.
Today, cybersecurity wouldn't work anymore without large scale data analytics and machine learning approaches, especially in the realm of malware classification and threat intelligence. Nonetheless, we are still just scratching the surface and learning where the real challenges are in data analytics for security.
This talk will go on a journey of big data in cybersecurity, exploring where big data has been and where it must go to make a true difference. We will look at the potential of data mining, machine learning, and artificial intelligence, as well as the boundaries of these approaches. We will also look at both the shortcomings and potential of data visualization and the human computer interface. It is critical that today's systems take into account the human expert and, most importantly, provide the right data.
Ensuring security of a company’s data and infrastructure has largely become a data analytics challenge. It is about finding and understanding patterns and behaviors that are indicative of malicious activities or deviations from the norm. Data, Analytics, and Visualization are used to gain insights and discover those malicious activities. These three components play off of each other, but also have their inherent challenges. A few examples will be given to explore and illustrate some of these challenges,
Creating Your Own Threat Intel Through Hunting & VisualizationRaffael Marty
The security industry is talking a lot about threat intelligence; external information that a company can leverage to understand where potential threats are knocking on the door and might have already perpetrated the network boundaries. Conversations with many CERTs have shown that we have to stop relying on knowledge about how attacks have been conducted in the past and start ‘hunting’ for signs of compromises and anomalies in our own environments.
In this presentation we explore how the decade old field of security visualization has emerged. We show how we have applied advanced analytics and visualization to create our own threat intelligence and investigated lateral movement in a Fortune 50 company.
Visualization. Data science. No machine learning. But pretty pictures.What is internal threat intelligence? Check out http://www.darkreading.com/analytics/creating-your-own-threat-intel-through-hunting-and-visualization/a/d-id/1321225
Creating Your Own Threat Intel Through Hunting & VisualizationRaffael Marty
The security industry is talking a lot about threat intelligence; external information that a company can leverage to understand where potential threats are knocking on the door and might have already perpetrated the network boundaries. Conversations with many CERTs have shown that we have to stop relying on knowledge about how attacks have been conducted in the past and start 'hunting' for signs of compromises and anomalies in our own environments.
In this presentation we explore how the decade old field of security visualization has emerged. We show how we have applied advanced analytics and visualization to create our own threat intelligence and investigated lateral movement in a Fortune 50 company.
Visualization. Data science. No machine learning. But pretty pictures.
Here is a blog post I wrote a bit ago about the general theme of internal threat intelligence:
http://www.darkreading.com/analytics/creating-your-own-threat-intel-through-hunting-and-visualization/a/d-id/1321225?
The extent and impact of recent security breaches is showing that current security approaches are just not working. But what can we do to protect our business? We have been advocating monitoring for a long time as a way to detect subtle, advanced attacks that are still making it through our defenses. However, products have failed to deliver on this promise.
Current solutions don't scale in both data volume and analytical insights. In this presentation we will explore what security monitoring is. Specifically, we are going to explore the question of how to visualize a billion log records. A number of security visualization examples will illustrate some of the challenges with big data visualization. They will also help illustrate how data mining and user experience design help us get a handle on the security visualization challenges - enabling us to gain deep insight for a number of security use-cases.
An overview of some methods and principles for big data visualization. The presentation quickly hits on the topic of dashboards and some cyber security uses. The topic of a big data lake is also briefly discussed in the context of a cyber security big data setup.
The Heatmap - Why is Security Visualization so Hard?Raffael Marty
The extent and impact of recent security breaches is showing that current approaches are just not working. But what can we do to protect our business? We have been advocating monitoring for a long time as a way to detect subtle, advanced attacks. However, products have failed to deliver on this promise. Current solutions don't scale in both data volume and analytical insights. In this presentation we will explore why it is so hard to come up with a security monitoring (or shall we call it security intelligence) approach that helps find sophisticated attackers in all the data collected. We are going to explore the question of how to visualize a billion events. We are going to look at a number of security visualization examples to illustrate the problem and some possible solutions. These examples will also help illustrate how data mining and user experience design help us get a handle of the security visualization challenges - enabling us to gain deep insight for a number of security use-cases.
Workshop: Big Data Visualization for SecurityRaffael Marty
Big Data is the latest hype in the security industry. We will have a closer look at what big data is comprised of: Hadoop, Spark, ElasticSearch, Hive, MongoDB, etc. We will learn how to best manage security data in a small Hadoop cluster for different types of use-cases. Doing so, we will encounter a number of big-data open source tools, such as LogStash and Moloch that help with managing log files and packet captures.
As a second topic we will look at visualization and how we can leverage visualization to learn more about our data. In the hands-on part, we will use some of the big data tools, as well as a number of visualization tools to actively investigate a sample data set.
Vision is a human’s dominant sense. It is the communication channel with the highest bandwidth into the human brain. Security tools and applications need to make better use of information visualization to enhance human computer interactions and information exchange.
In this talk we will explore a few basic principles of information visualization to see how they apply to cyber security. We will explore both visualization as a data presentation, as well as a data discovery tool. We will address questions like: What makes for effective visualizations? What are some core principles to follow when designing a dashboard? How do you go about visually exploring a terabyte of data? And what role do big data and data mining play in security visualization?
The presentation is filled with visualizations of security data to help translate the theoretical concepts into tangible applications.
The Heatmap - Why is Security Visualization so Hard?Raffael Marty
This presentation explores why it is so hard to come up with a security monitoring (or shall we call it security intelligence) approach that helps find sophisticated attackers in all the data collected. It explores the question of how to visualize a billion events. To do so, the presentation dives deeply into heatmaps - matrices - as an example of a simple type of visualization. While these heatmaps are very simple, they are incredibly versatile and help us think about the problem of security visualization. They help illustrate how data mining and user experience design help get a handle of the security visualization challenges - enabling us to gain deep insight for a number of security use-cases.
DAVIX - Data Analysis and Visualization LinuxRaffael Marty
DAVIX, a live CD for data analysis and visualization, brings the most important free tools for data processing and visualization to your desk. There is no hassle with installing an operating system or struggle to build the necessary tools to get started with visualization. You can completely dedicate your time to data analysis.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
ER(Entity Relationship) Diagram for online shopping - TAEHimani415946
https://bit.ly/3KACoyV
The ER diagram for the project is the foundation for the building of the database of the project. The properties, datatypes, and attributes are defined by the ER diagram.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
7. ML AND AI – WHAT IS IT?
MACHINE LEARNING
Algorithmic ways to “describe” data
Supervised
We are giving the system a lot of
training data and it learns from that
Unsupervised
We give the system some kind of
optimization to solve (clustering,
dim reduction)
DEEP LEARNING
A “newer” machine learning algorithm
Eliminates the feature engineering step
Explainability / verifiability issues
DATA MINING
Methods to explore data – automatically
ARTIFICIAL INTELLIGENCE
“Just calling something AI doesn’t make it AI.”
“A program that doesn't simply classify
or compute model parameters, but
comes up with novel knowledge that a
security analyst finds insightful.”
We don’t have artificial intelligence (yet)
15. COGNITIVE BIASES
How biased is your data set? How do you know?
Only a single customer’s data
Learning from an ‘infected’ data set
Collection errors
Missing data (e.g., due to misconfiguration)
What’s the context the data operates in?
FTP although generally considered old and
insecure, isn’t always problematic
Don’t trust your IDS (e.g. “UDP bomb”)
29. BAYESIAN BELIEF NETWORK 1ST STEP – BUILD THE GRAPH
Device is
Compromised
New protocol seen
Is using port 23?
Connecting from suspicious IP
Mistake in IP classification
Connecting to suspicious IP
Connection to newly registered domain
Has known vulnerabilities
Open port 53
Shows up with new OS
Machine got update to new OS
Device is in maintenance mode
Not seen for a week
Sent huge amount of data in short period of time
Protocol mismatch
Seen encrypted traffic on port 23
1. What’s our objective?
2. What behaviors can we observe?
4 What are observable factors that reduce
uncertainty of the central inference
(of device compromised)
4 Observations should not be locally
dependent – they should be true
across all customers / environments
4 Do we have that data?
4 Do we need context for it?
30. BAYESIAN BELIEF NETWORK 2ND STEP – GROUP NODES
Device is
Compromised
Suspicious
Host State
Anomalous
Network
Behavior
Host is
Tunneling
Data
Threat Intelligence
Hinting at
Compromise
Suspicious
Protocol
Usage
New protocol seen
Is using port 23?
Has never used SSH before
Connecting from suspicious IP
Mistake in IP classification
Connecting to suspicious IP
Connection to newly
registered domain
Has known vulnerabilities Open port 53Shows up with new OS
Machine got
update to new OS
Device is in
maintenance mode
Not seen for a week
Sent huge amount of data
in short period of time
Protocol mismatch
Seen encrypted
traffic on port 23
Complexity of this network is too high. We cannot computer all the conditional probabilities.
Therefore we need to introduce “grouping nodes”.
31. BAYESIAN BELIEF NETWORK 3RD STEP – INTRODUCE DEPENDENCIES
Device is
Compromised
Suspicious
Host State
Anomalous
Network
Behavior
Host is
Tunneling
Data
Threat Intelligence
Hinting at
Compromise
Suspicious
Protocol
Usage
New protocol seen
Is using port 23?
Has never used SSH before
Connecting from suspicious IP
Mistake in IP classification
Connecting to suspicious IP
Connection to newly
registered domain
Machine got
update to new OS
Device is in
maintenance mode
Not seen for a week
Sent huge amount of data
in short period of time
Protocol mismatch
Seen encrypted
traffic on port 23
Has known vulnerabilities Open port 53Shows up with new OS Relationships between
observations
Conditional dependencies
34. Machine got
update to new OS
Open port 53Shows up with new OS
Anomalous
Network
Behavior
BAYESIAN BELIEF NETWORK 6TH STEP – OBSERVE ACTIVITIES
Device is
Compromised
Host is
Tunneling
Data
Threat Intelligence
Hinting at
Compromise
Suspicious
Protocol
Usage
New protocol seen
Is using port 23?
Has never used SSH before
Connecting from suspicious IP
Mistake in IP classification
Connecting to suspicious IP
Connection to newly
registered domain
Device is in
maintenance mode
Not seen for a week
Sent huge amount of data
in short period of time
Protocol mismatch
Seen encrypted
traffic on port 23
Suspicious
Host State
Has known vulnerabilities
0.4
0.3
0.2
35. Open port 53
Anomalous
Network
Behavior
BAYESIAN BELIEF NETWORK 6TH STEP – OBSERVE ACTIVITIES
Device is
Compromised
Host is
Tunneling
Data
Threat Intelligence
Hinting at
Compromise
Suspicious
Protocol
Usage
New protocol seen
Is using port 23?
Has never used SSH before
Connecting from suspicious IP
Mistake in IP classification
Connecting to suspicious IP
Connection to newly
registered domain
Device is in
maintenance mode
Not seen for a week
Sent huge amount of data
in short period of time
Protocol mismatch
Seen encrypted
traffic on port 23
1. Update the ‘observation nodes’ in the network with observation (what we find in the logs)
2. Re-compute probabilities on the connected nodes
✓✓
✗
Suspicious
Host State
Machine got
update to new OS
Has known vulnerabilitiesShows up with new OS
0.5
0.1
0.7
36. BAYESIAN BELIEF NETWORK 7TH STEP – EXPERT INPUT
Strengthen the network by introducing expert knowledge
Pose any combinations of ‘observations’ and ‘group’ nodes as questions to experts
Asking meaningful questions is an art and requires expert knowledge
You will find that it matters how you named your nodes to define good questions
Question Expert Answer
What’s the probability that device is compromised and I have highly suspicious network behavior and
nothing on threat intelligence
0.3
Probability that host is in suspicious state, given that port 53 is open, brand new OS 0.1
How likely is it that we see a connection to a newly registered domain and we see port 23 traffic? 0.01
Etc.
Note how this is not a full joint probability
over only a subset of the group nodes.
We can have questions across observational
nodes of different groups as well
37. BELIEF NETWORKS – SOME OBSERVATIONS
Iterative process of adding more nodes, grouping, adding expert input, etc.
Graph allows for answering many questions – e.g., sensitivity analysis
Do not determine the probabilities on the observation nodes with historic data. It is only
accurate for scenarios that were included in data – how do you know your data covered all
scenarios?
Each problem requires the definition of a graphs based on expert input
A generic “Network Traffic” graph is hard to build and train
Not every FTP is bad
Poor network practice -> e.g., using unencrypted protocols like FTP
Thanks Chris @
respond-software.com
for all your help!
Biggest benefit of belief networks is that the
learned knowledge can be verified and extracted!
39. RECOMMENDATIONS
Start with defining your use-cases, not choosing an algorithm
ML is barely ever the solution to your problem
Use ensembles of algorithms
Teach the algos to ask for input – if it’s unsure, have it ask an expert rather than making a
decision on its own
Make sure models keep up with change and forget old facts that are not relevant anymore
Do you need white lists / black lists for your algos to not go haywire?
Verify your models - use visualization to help with that
Share your insights with your peers – security is not your competitive advantage
GDPR – transparency on what data is collected and used for decisions
“The data subject shall have the right not to be subject to a decision based
solely on automated processing, including profiling, which produces legal
effects concerning him or her or similarly significantly affects him or her.”
40. BLACK HAT SOUNDBITES
“Algorithms are getting ‘smarter’,
but experts are more important”
“Understand your data, your algorithms,
and your data science process”
“History is not a predictor
– but knowledge is”