The document discusses the role of machine learning in enhancing cybersecurity, highlighting its capabilities in automating the analysis process, identifying threats, and reducing false positives. It emphasizes how SparkCognition's technology can combat evolving malware and improve operational efficiency for analysts. The platform leverages natural language processing and machine learning to provide actionable insights and effectively address various cybersecurity challenges.

1. Cognitive Security:
How Artificial Intelligence Is Your New Best Friend

2. TM
The potential for machine learning in the cyber space
KEITH MOORE
DIRECTOR OF PRODUCT MANAGEMENT
SPARKCOGNITION

3. Why Machine Learning Is Needed To Solve These Problems
Automates the analyst
research process
Scales to ingest massive data
streams
Combats constantly evolving
malware variants
Defends networks against hard
to identify APTs
Cross-correlates between data
to find threats

4. SparkCognition A.I. technology can accelerate Decision Making
• Identifies anomalous events
• Aggregates multiple data streams
• Recognizes known and unknown
patterns
• Incorporates analyst feedback so that
underlying models learn from human
response
• Presents actionable evidence behind its
conclusions
A.I software trains on historical events to recognize patterns and provide maximum business awareness
Scan for matches Against DB and
Suspected Patterns
Patterns Stored in
Cognitive DB
Supervisory Input
Confidential

5. TM
What sort of problems can be solved using machine learning?

6. Polymorphic malware is significantly shifting the security landscape
 78% of security analysts no longer trust anti-virus tools
 99% of malware hashes are seen for only 58 seconds or less
 16% of malware samples are “virtual machine aware”

7. Machine Learning Anti-Virus combats obfuscation and
polymorphism
Break down the
DNA of every file
Analyze all of the
components
individually
Determine
likelihood of
malicious nature

8. • 50% of analysts cite too many false
positives as a significant detractor of
SIEM use
SIEM
Big data is leading to a big problem…
10,000 Alerts

9. • Analysts can focus on real threats with
much of their research completely
automated
SIEM
Machine Learning research and prioritization tools ensure
analysts look at relevant threats
10,000 Alerts

10. Identifying terms are
pulled from potential
threat anomalies
Multiple search engines are
automatically queried (e.g.: “Is
Opera/ 12.14 using Port 8888 a
threat?” )
Search engine results
are filtered for
language and
relevance
Threat Term Filter
Threat Confidence
& Evidence
NLP Model
Processing
Summary
Generation
Search engine
results are
aggregated
Proprietary NLP model reads
and understands language,
assigns confidence score
reflecting malicious nature
Extraction
Search
Engine 2
Search
Engine 1
Aggregate
Results
Relevant term text
is extracted from
web pages
Most relevant
term text is
identified and
ranked
Evidence is summarized
using natural language
generation and displayed
with confidence score
Search
Engine 3…
Natural Language Processing builds a bridge between anomalous
behavior and malicious intent

11. SparkSecure is a comprehensive, advanced cyber security platform
Agentless EP
Protection
Bot Detection Find the
Snowden
Personally
Identifiable Info
Web Server
Protection
Research
Automation
• Traditional AV detects
< 5% of new
advanced threats
• 56% of web traffic is bot
generated
• 29% of bot traffic is
malicious
• 11% of employees
access unauthorized
docs and sell for profit
• Companies need to
prevent the leakage of
PII. Out of compliance
can lead to penalties
• Web server breaches,
on average, cost $3.79M
• Analysts are inundated
with alerts, most of
which are false positives
• Forensic costs went up
25% last year
• Ingests network traffic
logs to monitors
network perimeter for
anomalies
• Deploys Machine
Learning AntiVirus to
detect 98% of new
zero-day attacks early
• Proprietary Machine
Learning classification
algorithm powers bot
identification
• Develops Bot signatures
and rules to block
threats
• Uses temporal and
behavioral analysis to
identify deviations and
threats with minimal
false positives
• Automatically examine
user agent and payloads
for PII
• Stop inbound &
outbound leakage
• Reads email traffic and
attachments for
unstructured PII
• Analyzes incoming traffic
for SQL injections, XSS,
DDoS etc.
• Co-relates to multiple
internal & external
sources
• Automated threat
research expedites time
to remediation
• Rapid custom data
querying in HDFS scales
to massive data sets
• IBM Watson powered
automated threat
research and advisor
ProblemSolution

12. TM
Thank You