SlideShare a Scribd company logo

Exploration Draft Document- CEM Machine Learning & AI Project 2018

L
Leslie McFarlin

Draft document to present findings of exploratory work on the incorporation of machine learning and AI into an existing data security product. The project was abandoned due to conflicting work done by product management.

Technology
1 of 43
Download to read offline
ML/AI Exploration: Compliance Event Manager Leslie A. McFarlin, Sr. UX Designer, EDP Value Stream
Table of Contents Introduction Cognitive Security Basics Supporting the Cybersecurity Operations Center Powering ML/AI with CEM Incorporating DCD Research Activities
Introduction Data security’s ever-changing nature requires security measures to evolve quickly in ways that reduce the workload of security specialists, but ensure their judgments remain reliable. Cognitive security systems are the latest evolutionary step, pairing self-learning systems with security specialists. Cybersecurity Operations Centers could benefit greatly from a cognitive security solution due to their need to remain flexible, operate proactively, and respond quickly when security breaches occur.
Introduction By 2020, the worldwide market of ML- and AI-based security solutions will be $10B. Within the next 5 years, ML/AI will shift from focusing on algorithms to focusing on high-value data. Early adopters of AI-based products will see a boost in their profits that could translate to a 10% revenue gain for providers of those products. Per multiple market reports, analysts project CA to remain a key player in the cognitive security market until at least 2025.
Introduction CA possesses all of the major ingredients for developing a cognitive security solution across the Access Control, Enterprise Data Protection, and Mainframe Operations value streams. Access Control provides raw data to supplement data collected via Enterprise Data Protection products. Enterprise Data Protection products, especially CEM, offer a strong backbone upon which to construct a prediction and analytics solution to support cognitive security goals. Mainframe Operations offers a model for surfacing intelligent system recommendations, and potentially providing feedback to such systems.
Introduction Special thanks from the author goes out to the following Mainframe Security Team members: Mitch Rozonkiewiecz, Senior Principal Architect, for his assistance in identifying opportunities for bringing ML/AI to CEM, and understanding the features of security data collected by CEM. Jim Broadhurst, CEM Product Owner, for his encouragement and support of the partnership between UX and engineering teams.
Cognitive Security Basics Understanding a Rising Trend What Is Cognitive Security? Structure of a Cognitive Security Solution Benefits of Cognitive Security Drawbacks of Cognitive Security Use Cases
What Is Cognitive Security? Cognitive security solutions rely upon the pairing of a human expert with an intelligent, self-learning system. Self-learning systems use machine learning, natural language processing, and data mining to analyze large volumes of data to synthesize knowledge that supports continuous improvement. Analyzing across a variety of data sources and interacting with human specialists ensures that cognitive security solutions operate as accurately as possible within a relevant context.
Structure of a Cognitive Security Solution Perimeter Security Analysis & Prediction Interactive Self-Learning Layer Awareness of an organization’s security landscape, and the measures taken to secure access points, such as: ● Passwords ● Masking ● Encryption ● Access Permissions Across security data from multiple sources, the system performs analyses to uncover trends it surfaces to human partners to support their decision-making and task completion. Understand unstructured data sources for a particular set of knowledge, reason through the contents of the data, and learn continuously via training from a human partner and from a constant stream of data.
Benefits of Cognitive Security Proposes a human-machine partnership that offloads very simple and repetitive tasks, and very complex tasks, to a self-learning system to empower security specialists to perform other mission critical activities. Enables a shift from reactivity to proactivity. Analyzes data and synthesizes knowledge faster than a human. Allows for a multi-dimensional view on security that enables analysis of subtle trends beyond the obvious ones due to anomalies, malicious insiders, and malware.
Drawbacks of Cognitive Security As an analytical system reliant on data and human interaction to learn and become effective, these two points also stand as potential weaknesses for cognitive security. Data quality affects the quality of the knowledge a cognitive system synthesizes, with lower quality requiring more training interactions to compensate. During training interactions, users can transmit their own biases (due to a lack of knowledge, misunderstandings, or particular focus) to cognitive systems.
Use Cases Cognitive Security to date has 5 clear use cases, all of which rely heavily on raw and processed data. Four of the use cases, though important in their own right, roll up into supporting a primary use case: Support the Cybersecurity Operations Center (CSOC). CEM’s access to data and reporting capabilities present it as a solid candidate to address the needs associated with each use case.
Use Cases: Support the CSOC Cybersecurity Operations Center is a multi-tiered collection of security specialists responsible for an organization’s security. Cognitive systems process large volumes of data very quickly, empowering CSOC specialists with knowledge faster than they could on their own: Builds the knowledge bases of lower-level security analysts quickly to improve their performance.
Use Cases: Leveraging External Knowledge Cognitive systems can tap into external expert knowledge sources to supplement the organization’s security data. External insights can provide better context for how to address security incidents. Combined with the speed at which cognitive systems process data and synthesize knowledge from them, effective resolutions to security incidents can be found sooner rather than later.
Use Cases: Threat Identification via Advanced Analytics Data analysis in cognitive systems proceeds via a combination of machine learning algorithms and data mining.
Use Cases: Improve Application Security Advanced analytics can also provide deeper insights and better context into security events.
Use Cases: Improve Enterprise Risk Levels Combining internal data analytics with external expert data sources can help organizations understand how far they have to go to comply with data security regulations.
Supporting the Cybersecurity Operations Center Pinpointing a Major User Group Cybersecurity Operations Center Overview CSOC Structure CSOC Models Supporting the CSOC
Cybersecurity Operations Center Overview Cybersecurity Operations Center is a multi-tiered collection of security specialists who monitor a data environment’s activities and seek to keep it secure, protected, and in compliance with regulations. Blends people, process, and technology to enable a security strategy created in response to the ever-changing security landscape. CSOC is designed to operate quickly, flexibly, and proactively in response to security threats.
CSOC Structure The CSOC organizes security specialists in a way that enables them to detect and neutralize threats as early as possible. As threats becomes more serious, they escalate to another tier to maximize response effectiveness.
CSOC Models Fully Outsourced Hybrid: Internal+External Specialists Fully Internal Managed Security Service Provider (MSSP) fills all CSOC roles. Communication to client is limited to: ● Incident Response. ● Queries about CSOC standards & procedures. Model 1: 8x5 Business Hour Coverage Employees fill CSOC roles during regular business hours. MSSP fills all CSOC roles for non-business hours. Model 2: Support In-House CSOC Employees fill key CSOC roles. MSSP fulfills roles dedicated to vigilance activities (monitoring & detecting). Model 1: 8x5 Business Hour Coverage Employees fill CSOC roles during regular business hours. Leverages technology to automate escalation and notifications per Security Architect recommendations. Model 2: 24 x 7 Coverage Employees fill CSOC roles on a schedule. Automates features to reduce operations cost.
Supporting the CSOC CSOC teams face an ever-growing and ever-changing mountain of security threats, and they rely upon processes and technologies to help them address those threats. Key challenges CSOC teams face include: Faster responsiveness. Rising security infrastructure costs. Better security analytics. Inconsistent skills, or lack of skills, within security teams.
Supporting the CSOC Addressing security challenges brings to light 3 gaps that must also be addressed in order for a CSOC to remain effective: Intelligence, focused on threat research and keeping current on threats and vulnerabilities. Speed, referring to faster threat response and resolution. Accuracy, optimizing security alerts and improving threat recommendation. These gaps can be closed by a cognitive security solution.
Supporting the CSOC: Intelligence Gap Cognitive security solutions provide less knowledgeable CSOC members with insights typically requiring years of experience. Improved presentation of analytics to assist with judgments, decision-making, and escalations. Leverage external intelligence from expert sources to understand trends and how to respond to them.
Supporting the CSOC: Speed Gap Advanced analysis methods provide insights faster, allowing for faster detection and identification of threats, and resulting in faster resolutions. Cognitive security solutions scan and analyze data, and synthesize knowledge faster than humans. Automation of mundane and repetitive tasks allows security specialists to focus on mission critical security tasks, but also provides more time to address threats.
Supporting the CSOC: Accuracy Gap Automation of data gathering across multiple sources and reasoning through the findings provides greater context around security incidents. Cognitive security solutions blend external expert knowledge sources with internal security data to provide the most relevant and accurate interpretations of observed security events to specialists. Good cognitive security solutions act as teammates, performing low-level work that frees up security specialists’ time for things like training to keep skillsets current or to expand them.
Building a Cognitive Security Solution
Powering ML/AI with CEM Evaluating the landscape for a CEM + ML/AI Strategy Why Choose CEM for ML/AI? Product Features Applying ML/AI to CEM
Why Choose CEM for ML/AI? CEM has the potential to fit into a cognitive security strategy based upon product features and how they can be leveraged to support changes in : Core functionality Data collected Security team structure Security technology trends
Product Features: Core Functionality CEM provides a valuable combination of data collection and descriptive data analysis: Real-time data collection on security events from the policies set up in the application. Reporting allows CEM users to combine multiple data points to describe compliance with policies. Connections with SIEM applications enables more detailed analysis of security data points.
Product Features: Data Collected Security is a data-rich domain, and between the ESM in use at an organization and CEM, a machine learning and AI-based solution would not face a shortage of training data. ESMs feed data constantly to the SMF on z/OS that includes I/O activity, network activity, and errors. Per engineering input, SMF data could be pulled for use via an utility. CEM interacts with all 3 ESMs to capture security event data in real time.
Applying ML/AI to CEM Machine learning combines well with CEM’s real-time data to provide a clear way to baseline security events and detect anomalies. As pointed out by a CA architect from Team Woz, SMF contains a record of all security events on a mainframe, meaning baselines could be setup in a relatively short time. Preprocessed data from CEM & CIA reports could also be analyzed via machine learning. Report analysis could enable more effective proactive measures to security concerns, such as recommendations for policy changes or creation.
Cognitive Security & CEM Cognitive security refers to continuously-learning systems that rely upon a combination of machine learning, natural language processing, data mining, and human interaction to develop hypotheses about what is happening on system. It combines two concepts: Deploying cognitive systems for the analysis of structured and unstructured security data to uncover insights and provide actionable recommendations for proactive security and business activities. Supporting cognitive systems with technologies, techniques, people, and processes to provide relevant context for data and ensure accuracy of analyses and recommendations.
Incorporating DCD Leveraging Existing ML/AI & Options for Growth Machine Learning in DCD Benefits of Current ML Implementation
ML/AI in DCD DCD employs machine learning as part of scanning (soon to be renamed policies). Machine learning produces the following information: Form of data source (structured vs. unstructured) Data source metadata (column header, column data type, comments) Breakdown of sensitive data matches (location, combinations)
Benefits of Current ML Implementation Currently, ML in DCD provides insight into features of scanned data, such as its structure and surrounding data points. Elucidating data features like DCD does helps build data literacy among users. Gartner, Forbes, InfoWorld, and other major research firms and publications have listed data literacy as a top challenge for companies within the next few years. Improved data literacy enables companies to maximize the value of their analytics and reporting.
Research Activities Creating Smarter Security Solutions with Direct Insight Data Literacy Problem Definition Idea Validation
Data Literacy Data literacy refers to knowing what data are, and having an awareness of their collection, analysis, visualization, and use with respect to data security and data privacy (Crusoe, 2016). Two personas to consider within the concept of data literacy: Subjects, the people data is about, and who may have varying levels of data literacy. Stewards, the people responsible for the security and privacy of collected data, and who may also have varying levels of data literacy.
Data Literacy Within the context of CEM, the Steward persona will be of primary interest, as they are the end users who enact the policy on mainframe data. Data is meaningless until it is analyzed, highlighting the importance of knowing what data are available, how it is being analyzed and presented, and how users intend to use it. Data quality affects the analysis and presentation of the resulting output.
Data Literacy Research on data literacy of CEM users should focus on the following topics: What data does CEM collect? What is the value of the collected CEM data? What are the features of the CEM data that enable you to use it?
Problem Definition
Idea Validation
Thank You! For questions or comments about this exploration document, please contact: Leslie A. McFarlin, Senior UX Designer leslie.mcfarlin@ca.com

Recommended

AI and Security
AI and SecurityAI and Security
AI and SecurityAnurag Sahay
 
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...Agile Testing Alliance
 
How Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber SecurityHow Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber SecurityDevOps.com
 
Application security
Application securityApplication security
Application securityHagar Alaa el-din
 
AI and cyber security: new directions, old fears
AI and cyber security: new directions, old fearsAI and cyber security: new directions, old fears
AI and cyber security: new directions, old fearsDavid Strom
 
Application Security Guide for Beginners
Application Security Guide for Beginners Application Security Guide for Beginners
Application Security Guide for Beginners Checkmarx
 
Application Security
Application SecurityApplication Security
Application SecurityReggie Niccolo Santos
 
A successful application security program - Envision build and scale
A successful application security program - Envision build and scaleA successful application security program - Envision build and scale
A successful application security program - Envision build and scalePriyanka Aash
 

Recommended

AI and Security
AI and SecurityAI and Security
AI and SecurityAnurag Sahay
 
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...Agile Testing Alliance
 
How Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber SecurityHow Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber SecurityDevOps.com
 
Application security
Application securityApplication security
Application securityHagar Alaa el-din
 
AI and cyber security: new directions, old fears
AI and cyber security: new directions, old fearsAI and cyber security: new directions, old fears
AI and cyber security: new directions, old fearsDavid Strom
 
Application Security Guide for Beginners
Application Security Guide for Beginners Application Security Guide for Beginners
Application Security Guide for Beginners Checkmarx
 
Application Security
Application SecurityApplication Security
Application SecurityReggie Niccolo Santos
 
A successful application security program - Envision build and scale
A successful application security program - Envision build and scaleA successful application security program - Envision build and scale
A successful application security program - Envision build and scalePriyanka Aash
 
Hacker vs AI
Hacker vs AI Hacker vs AI
Hacker vs AI Nordic APIs
 
Cyber security series Application Security
Cyber security series Application SecurityCyber security series Application Security
Cyber security series Application SecurityJim Kaplan CIA CFE
 
Intelligent Application Security
Intelligent Application SecurityIntelligent Application Security
Intelligent Application SecurityPriyanka Aash
 
A Career in Cybersecurity
A Career in CybersecurityA Career in Cybersecurity
A Career in Cybersecuritylfh663
 
Generic threats to mobile application
Generic threats to mobile applicationGeneric threats to mobile application
Generic threats to mobile applicationVikrant Kansal
 
SRE[in]con 2019
SRE[in]con 2019SRE[in]con 2019
SRE[in]con 2019Anamitra Dutta Majumdar
 
Introduction and a Look at Security Trends
Introduction and a Look at Security TrendsIntroduction and a Look at Security Trends
Introduction and a Look at Security TrendsPriyanka Aash
 
Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?centralohioissa
 
CyberSecurity Portfolio Management
CyberSecurity Portfolio ManagementCyberSecurity Portfolio Management
CyberSecurity Portfolio ManagementPriyanka Aash
 
Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Kyle Lai
 
Threat Modeling for IoT Systems
Threat Modeling for IoT SystemsThreat Modeling for IoT Systems
Threat Modeling for IoT SystemsDenim Group
 
Cyber Security for Digital-Era
Cyber Security for Digital-EraCyber Security for Digital-Era
Cyber Security for Digital-EraJK Tech
 
How I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKWHow I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKWSounil Yu
 
Cybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already KnowCybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already Knowjxyz
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
Using Language Modeling to Verify User Identities
Using Language Modeling to Verify User IdentitiesUsing Language Modeling to Verify User Identities
Using Language Modeling to Verify User IdentitiesForcepoint LLC
 
BISS - 11nov2011
BISS - 11nov2011BISS - 11nov2011
BISS - 11nov2011Agora Group
 
Security engineering 101 when good design & security work together
Security engineering 101 when good design & security work togetherSecurity engineering 101 when good design & security work together
Security engineering 101 when good design & security work togetherWendy Knox Everette
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecuritySai Chandra Chittuluri
 
Best Practices for Scoping Infections and Disrupting Breaches
Best Practices for Scoping Infections and Disrupting BreachesBest Practices for Scoping Infections and Disrupting Breaches
Best Practices for Scoping Infections and Disrupting BreachesSplunk
 
Ibm cognitive security_white_paper_04_2016
Ibm cognitive security_white_paper_04_2016Ibm cognitive security_white_paper_04_2016
Ibm cognitive security_white_paper_04_2016Janghyuck Choi
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 

More Related Content

What's hot

Cyber security series Application Security
Cyber security series Application SecurityCyber security series Application Security
Cyber security series Application SecurityJim Kaplan CIA CFE
 
Intelligent Application Security
Intelligent Application SecurityIntelligent Application Security
Intelligent Application SecurityPriyanka Aash
 
A Career in Cybersecurity
A Career in CybersecurityA Career in Cybersecurity
A Career in Cybersecuritylfh663
 
Generic threats to mobile application
Generic threats to mobile applicationGeneric threats to mobile application
Generic threats to mobile applicationVikrant Kansal
 
Introduction and a Look at Security Trends
Introduction and a Look at Security TrendsIntroduction and a Look at Security Trends
Introduction and a Look at Security TrendsPriyanka Aash
 
Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?centralohioissa
 
CyberSecurity Portfolio Management
CyberSecurity Portfolio ManagementCyberSecurity Portfolio Management
CyberSecurity Portfolio ManagementPriyanka Aash
 
Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Kyle Lai
 
Threat Modeling for IoT Systems
Threat Modeling for IoT SystemsThreat Modeling for IoT Systems
Threat Modeling for IoT SystemsDenim Group
 
Cyber Security for Digital-Era
Cyber Security for Digital-EraCyber Security for Digital-Era
Cyber Security for Digital-EraJK Tech
 
How I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKWHow I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKWSounil Yu
 
Cybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already KnowCybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already Knowjxyz
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
Using Language Modeling to Verify User Identities
Using Language Modeling to Verify User IdentitiesUsing Language Modeling to Verify User Identities
Using Language Modeling to Verify User IdentitiesForcepoint LLC
 
BISS - 11nov2011
BISS - 11nov2011BISS - 11nov2011
BISS - 11nov2011Agora Group
 
Security engineering 101 when good design & security work together
Security engineering 101 when good design & security work togetherSecurity engineering 101 when good design & security work together
Security engineering 101 when good design & security work togetherWendy Knox Everette
 
Best Practices for Scoping Infections and Disrupting Breaches
Best Practices for Scoping Infections and Disrupting BreachesBest Practices for Scoping Infections and Disrupting Breaches
Best Practices for Scoping Infections and Disrupting BreachesSplunk
 

What's hot (20)

Hacker vs AI
Hacker vs AI Hacker vs AI
Hacker vs AI
 
Cyber security series Application Security
Cyber security series Application SecurityCyber security series Application Security
Cyber security series Application Security
 
Intelligent Application Security
Intelligent Application SecurityIntelligent Application Security
Intelligent Application Security
 
A Career in Cybersecurity
A Career in CybersecurityA Career in Cybersecurity
A Career in Cybersecurity
 
Generic threats to mobile application
Generic threats to mobile applicationGeneric threats to mobile application
Generic threats to mobile application
 
SRE[in]con 2019
SRE[in]con 2019SRE[in]con 2019
SRE[in]con 2019
 
Introduction and a Look at Security Trends
Introduction and a Look at Security TrendsIntroduction and a Look at Security Trends
Introduction and a Look at Security Trends
 
Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?
 
CyberSecurity Portfolio Management
CyberSecurity Portfolio ManagementCyberSecurity Portfolio Management
CyberSecurity Portfolio Management
 
Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016
 
Threat Modeling for IoT Systems
Threat Modeling for IoT SystemsThreat Modeling for IoT Systems
Threat Modeling for IoT Systems
 
Cyber Security for Digital-Era
Cyber Security for Digital-EraCyber Security for Digital-Era
Cyber Security for Digital-Era
 
How I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKWHow I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKW
 
Cybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already KnowCybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already Know
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
 
Using Language Modeling to Verify User Identities
Using Language Modeling to Verify User IdentitiesUsing Language Modeling to Verify User Identities
Using Language Modeling to Verify User Identities
 
BISS - 11nov2011
BISS - 11nov2011BISS - 11nov2011
BISS - 11nov2011
 
Security engineering 101 when good design & security work together
Security engineering 101 when good design & security work togetherSecurity engineering 101 when good design & security work together
Security engineering 101 when good design & security work together
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Best Practices for Scoping Infections and Disrupting Breaches
Best Practices for Scoping Infections and Disrupting BreachesBest Practices for Scoping Infections and Disrupting Breaches
Best Practices for Scoping Infections and Disrupting Breaches
 

Similar to Exploration Draft Document- CEM Machine Learning & AI Project 2018

Ibm cognitive security_white_paper_04_2016
Ibm cognitive security_white_paper_04_2016Ibm cognitive security_white_paper_04_2016
Ibm cognitive security_white_paper_04_2016Janghyuck Choi
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
The future of cyber security
The future of cyber securityThe future of cyber security
The future of cyber securitySandip Juthani
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultSOCVault
 
Building an Intelligence-Driven Security Operations Center
Building an Intelligence-Driven Security Operations CenterBuilding an Intelligence-Driven Security Operations Center
Building an Intelligence-Driven Security Operations CenterEMC
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructureAnton Chuvakin
 
CROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martinCROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martinDavid X Martin
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019Ulf Mattsson
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...Kaspersky
 
Threat Intelligence in Cybersecurity.pdf
Threat Intelligence in Cybersecurity.pdfThreat Intelligence in Cybersecurity.pdf
Threat Intelligence in Cybersecurity.pdfCiente
 
Technology for Cyber Security - Cyberroot Risk Advisory
Technology for Cyber Security - Cyberroot Risk AdvisoryTechnology for Cyber Security - Cyberroot Risk Advisory
Technology for Cyber Security - Cyberroot Risk AdvisoryCR Group
 
Security_by_Design.pdf
Security_by_Design.pdfSecurity_by_Design.pdf
Security_by_Design.pdfAshuPatel64
 
Security_by_Design.pptx
Security_by_Design.pptxSecurity_by_Design.pptx
Security_by_Design.pptxAshuPatel64
 
Harnessing the Power of Machine Learning in Cybersecurity.pdf
Harnessing the Power of Machine Learning in Cybersecurity.pdfHarnessing the Power of Machine Learning in Cybersecurity.pdf
Harnessing the Power of Machine Learning in Cybersecurity.pdfCIOWomenMagazine
 
IT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligenceIT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligencethinkASG
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trendsChristopher Bennett
 
Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting InformationLaura Martin
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraLuke Farrell
 

Similar to Exploration Draft Document- CEM Machine Learning & AI Project 2018 (20)

Ibm cognitive security_white_paper_04_2016
Ibm cognitive security_white_paper_04_2016Ibm cognitive security_white_paper_04_2016
Ibm cognitive security_white_paper_04_2016
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
The future of cyber security
The future of cyber securityThe future of cyber security
The future of cyber security
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVault
 
Security operations center inhouse vs outsource
Security operations center inhouse vs outsourceSecurity operations center inhouse vs outsource
Security operations center inhouse vs outsource
 
Security operations center inhouse vs outsource
Security operations center inhouse vs outsourceSecurity operations center inhouse vs outsource
Security operations center inhouse vs outsource
 
Building an Intelligence-Driven Security Operations Center
Building an Intelligence-Driven Security Operations CenterBuilding an Intelligence-Driven Security Operations Center
Building an Intelligence-Driven Security Operations Center
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructure
 
CROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martinCROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martin
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
 
Threat Intelligence in Cybersecurity.pdf
Threat Intelligence in Cybersecurity.pdfThreat Intelligence in Cybersecurity.pdf
Threat Intelligence in Cybersecurity.pdf
 
Technology for Cyber Security - Cyberroot Risk Advisory
Technology for Cyber Security - Cyberroot Risk AdvisoryTechnology for Cyber Security - Cyberroot Risk Advisory
Technology for Cyber Security - Cyberroot Risk Advisory
 
Security_by_Design.pdf
Security_by_Design.pdfSecurity_by_Design.pdf
Security_by_Design.pdf
 
Security_by_Design.pptx
Security_by_Design.pptxSecurity_by_Design.pptx
Security_by_Design.pptx
 
Harnessing the Power of Machine Learning in Cybersecurity.pdf
Harnessing the Power of Machine Learning in Cybersecurity.pdfHarnessing the Power of Machine Learning in Cybersecurity.pdf
Harnessing the Power of Machine Learning in Cybersecurity.pdf
 
IT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligenceIT Executive Guide to Security Intelligence
IT Executive Guide to Security Intelligence
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trends
 
Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting Information
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive era
 

More from Leslie McFarlin

UX Heuristics for Large Environments [DRAFT]
UX Heuristics for Large Environments [DRAFT]UX Heuristics for Large Environments [DRAFT]
UX Heuristics for Large Environments [DRAFT]Leslie McFarlin
 
Field Observation Study- Sample Study Outline
Field Observation Study- Sample Study OutlineField Observation Study- Sample Study Outline
Field Observation Study- Sample Study OutlineLeslie McFarlin
 
Draft Strategy- DCD UX Strategy FY19
Draft Strategy- DCD UX Strategy FY19Draft Strategy- DCD UX Strategy FY19
Draft Strategy- DCD UX Strategy FY19Leslie McFarlin
 
Research Proposal- Integrating Need for Cognition
Research Proposal- Integrating Need for CognitionResearch Proposal- Integrating Need for Cognition
Research Proposal- Integrating Need for CognitionLeslie McFarlin
 
Amerigroup User Survey Project
Amerigroup User Survey ProjectAmerigroup User Survey Project
Amerigroup User Survey ProjectLeslie McFarlin
 
ML Times: Mainframe Machine Learning Initiative- June newsletter (2018)
ML Times: Mainframe Machine Learning Initiative- June newsletter (2018)ML Times: Mainframe Machine Learning Initiative- June newsletter (2018)
ML Times: Mainframe Machine Learning Initiative- June newsletter (2018)Leslie McFarlin
 
Machine Learning/Artificial Intelligence Strategy: Developing a Trust-Focused...
Machine Learning/Artificial Intelligence Strategy: Developing a Trust-Focused...Machine Learning/Artificial Intelligence Strategy: Developing a Trust-Focused...
Machine Learning/Artificial Intelligence Strategy: Developing a Trust-Focused...Leslie McFarlin
 
User Experience of Machine Learning
User Experience of Machine LearningUser Experience of Machine Learning
User Experience of Machine LearningLeslie McFarlin
 

More from Leslie McFarlin (8)

UX Heuristics for Large Environments [DRAFT]
UX Heuristics for Large Environments [DRAFT]UX Heuristics for Large Environments [DRAFT]
UX Heuristics for Large Environments [DRAFT]
 
Field Observation Study- Sample Study Outline
Field Observation Study- Sample Study OutlineField Observation Study- Sample Study Outline
Field Observation Study- Sample Study Outline
 
Draft Strategy- DCD UX Strategy FY19
Draft Strategy- DCD UX Strategy FY19Draft Strategy- DCD UX Strategy FY19
Draft Strategy- DCD UX Strategy FY19
 
Research Proposal- Integrating Need for Cognition
Research Proposal- Integrating Need for CognitionResearch Proposal- Integrating Need for Cognition
Research Proposal- Integrating Need for Cognition
 
Amerigroup User Survey Project
Amerigroup User Survey ProjectAmerigroup User Survey Project
Amerigroup User Survey Project
 
ML Times: Mainframe Machine Learning Initiative- June newsletter (2018)
ML Times: Mainframe Machine Learning Initiative- June newsletter (2018)ML Times: Mainframe Machine Learning Initiative- June newsletter (2018)
ML Times: Mainframe Machine Learning Initiative- June newsletter (2018)
 
Machine Learning/Artificial Intelligence Strategy: Developing a Trust-Focused...
Machine Learning/Artificial Intelligence Strategy: Developing a Trust-Focused...Machine Learning/Artificial Intelligence Strategy: Developing a Trust-Focused...
Machine Learning/Artificial Intelligence Strategy: Developing a Trust-Focused...
 
User Experience of Machine Learning
User Experience of Machine LearningUser Experience of Machine Learning
User Experience of Machine Learning
 

Recently uploaded

Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 

Recently uploaded (20)

Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 

Exploration Draft Document- CEM Machine Learning & AI Project 2018

  • 1. ML/AI Exploration: Compliance Event Manager Leslie A. McFarlin, Sr. UX Designer, EDP Value Stream
  • 2. Table of Contents Introduction Cognitive Security Basics Supporting the Cybersecurity Operations Center Powering ML/AI with CEM Incorporating DCD Research Activities
  • 3. Introduction Data security’s ever-changing nature requires security measures to evolve quickly in ways that reduce the workload of security specialists, but ensure their judgments remain reliable. Cognitive security systems are the latest evolutionary step, pairing self-learning systems with security specialists. Cybersecurity Operations Centers could benefit greatly from a cognitive security solution due to their need to remain flexible, operate proactively, and respond quickly when security breaches occur.
  • 4. Introduction By 2020, the worldwide market of ML- and AI-based security solutions will be $10B. Within the next 5 years, ML/AI will shift from focusing on algorithms to focusing on high-value data. Early adopters of AI-based products will see a boost in their profits that could translate to a 10% revenue gain for providers of those products. Per multiple market reports, analysts project CA to remain a key player in the cognitive security market until at least 2025.
  • 5. Introduction CA possesses all of the major ingredients for developing a cognitive security solution across the Access Control, Enterprise Data Protection, and Mainframe Operations value streams. Access Control provides raw data to supplement data collected via Enterprise Data Protection products. Enterprise Data Protection products, especially CEM, offer a strong backbone upon which to construct a prediction and analytics solution to support cognitive security goals. Mainframe Operations offers a model for surfacing intelligent system recommendations, and potentially providing feedback to such systems.
  • 6. Introduction Special thanks from the author goes out to the following Mainframe Security Team members: Mitch Rozonkiewiecz, Senior Principal Architect, for his assistance in identifying opportunities for bringing ML/AI to CEM, and understanding the features of security data collected by CEM. Jim Broadhurst, CEM Product Owner, for his encouragement and support of the partnership between UX and engineering teams.
  • 7. Cognitive Security Basics Understanding a Rising Trend What Is Cognitive Security? Structure of a Cognitive Security Solution Benefits of Cognitive Security Drawbacks of Cognitive Security Use Cases
  • 8. What Is Cognitive Security? Cognitive security solutions rely upon the pairing of a human expert with an intelligent, self-learning system. Self-learning systems use machine learning, natural language processing, and data mining to analyze large volumes of data to synthesize knowledge that supports continuous improvement. Analyzing across a variety of data sources and interacting with human specialists ensures that cognitive security solutions operate as accurately as possible within a relevant context.
  • 9. Structure of a Cognitive Security Solution Perimeter Security Analysis & Prediction Interactive Self-Learning Layer Awareness of an organization’s security landscape, and the measures taken to secure access points, such as: ● Passwords ● Masking ● Encryption ● Access Permissions Across security data from multiple sources, the system performs analyses to uncover trends it surfaces to human partners to support their decision-making and task completion. Understand unstructured data sources for a particular set of knowledge, reason through the contents of the data, and learn continuously via training from a human partner and from a constant stream of data.
  • 10. Benefits of Cognitive Security Proposes a human-machine partnership that offloads very simple and repetitive tasks, and very complex tasks, to a self-learning system to empower security specialists to perform other mission critical activities. Enables a shift from reactivity to proactivity. Analyzes data and synthesizes knowledge faster than a human. Allows for a multi-dimensional view on security that enables analysis of subtle trends beyond the obvious ones due to anomalies, malicious insiders, and malware.
  • 11. Drawbacks of Cognitive Security As an analytical system reliant on data and human interaction to learn and become effective, these two points also stand as potential weaknesses for cognitive security. Data quality affects the quality of the knowledge a cognitive system synthesizes, with lower quality requiring more training interactions to compensate. During training interactions, users can transmit their own biases (due to a lack of knowledge, misunderstandings, or particular focus) to cognitive systems.
  • 12. Use Cases Cognitive Security to date has 5 clear use cases, all of which rely heavily on raw and processed data. Four of the use cases, though important in their own right, roll up into supporting a primary use case: Support the Cybersecurity Operations Center (CSOC). CEM’s access to data and reporting capabilities present it as a solid candidate to address the needs associated with each use case.
  • 13. Use Cases: Support the CSOC Cybersecurity Operations Center is a multi-tiered collection of security specialists responsible for an organization’s security. Cognitive systems process large volumes of data very quickly, empowering CSOC specialists with knowledge faster than they could on their own: Builds the knowledge bases of lower-level security analysts quickly to improve their performance.
  • 14. Use Cases: Leveraging External Knowledge Cognitive systems can tap into external expert knowledge sources to supplement the organization’s security data. External insights can provide better context for how to address security incidents. Combined with the speed at which cognitive systems process data and synthesize knowledge from them, effective resolutions to security incidents can be found sooner rather than later.
  • 15. Use Cases: Threat Identification via Advanced Analytics Data analysis in cognitive systems proceeds via a combination of machine learning algorithms and data mining.
  • 16. Use Cases: Improve Application Security Advanced analytics can also provide deeper insights and better context into security events.
  • 17. Use Cases: Improve Enterprise Risk Levels Combining internal data analytics with external expert data sources can help organizations understand how far they have to go to comply with data security regulations.
  • 18. Supporting the Cybersecurity Operations Center Pinpointing a Major User Group Cybersecurity Operations Center Overview CSOC Structure CSOC Models Supporting the CSOC
  • 19. Cybersecurity Operations Center Overview Cybersecurity Operations Center is a multi-tiered collection of security specialists who monitor a data environment’s activities and seek to keep it secure, protected, and in compliance with regulations. Blends people, process, and technology to enable a security strategy created in response to the ever-changing security landscape. CSOC is designed to operate quickly, flexibly, and proactively in response to security threats.
  • 20. CSOC Structure The CSOC organizes security specialists in a way that enables them to detect and neutralize threats as early as possible. As threats becomes more serious, they escalate to another tier to maximize response effectiveness.
  • 21. CSOC Models Fully Outsourced Hybrid: Internal+External Specialists Fully Internal Managed Security Service Provider (MSSP) fills all CSOC roles. Communication to client is limited to: ● Incident Response. ● Queries about CSOC standards & procedures. Model 1: 8x5 Business Hour Coverage Employees fill CSOC roles during regular business hours. MSSP fills all CSOC roles for non-business hours. Model 2: Support In-House CSOC Employees fill key CSOC roles. MSSP fulfills roles dedicated to vigilance activities (monitoring & detecting). Model 1: 8x5 Business Hour Coverage Employees fill CSOC roles during regular business hours. Leverages technology to automate escalation and notifications per Security Architect recommendations. Model 2: 24 x 7 Coverage Employees fill CSOC roles on a schedule. Automates features to reduce operations cost.
  • 22. Supporting the CSOC CSOC teams face an ever-growing and ever-changing mountain of security threats, and they rely upon processes and technologies to help them address those threats. Key challenges CSOC teams face include: Faster responsiveness. Rising security infrastructure costs. Better security analytics. Inconsistent skills, or lack of skills, within security teams.
  • 23. Supporting the CSOC Addressing security challenges brings to light 3 gaps that must also be addressed in order for a CSOC to remain effective: Intelligence, focused on threat research and keeping current on threats and vulnerabilities. Speed, referring to faster threat response and resolution. Accuracy, optimizing security alerts and improving threat recommendation. These gaps can be closed by a cognitive security solution.
  • 24. Supporting the CSOC: Intelligence Gap Cognitive security solutions provide less knowledgeable CSOC members with insights typically requiring years of experience. Improved presentation of analytics to assist with judgments, decision-making, and escalations. Leverage external intelligence from expert sources to understand trends and how to respond to them.
  • 25. Supporting the CSOC: Speed Gap Advanced analysis methods provide insights faster, allowing for faster detection and identification of threats, and resulting in faster resolutions. Cognitive security solutions scan and analyze data, and synthesize knowledge faster than humans. Automation of mundane and repetitive tasks allows security specialists to focus on mission critical security tasks, but also provides more time to address threats.
  • 26. Supporting the CSOC: Accuracy Gap Automation of data gathering across multiple sources and reasoning through the findings provides greater context around security incidents. Cognitive security solutions blend external expert knowledge sources with internal security data to provide the most relevant and accurate interpretations of observed security events to specialists. Good cognitive security solutions act as teammates, performing low-level work that frees up security specialists’ time for things like training to keep skillsets current or to expand them.
  • 28. Powering ML/AI with CEM Evaluating the landscape for a CEM + ML/AI Strategy Why Choose CEM for ML/AI? Product Features Applying ML/AI to CEM
  • 29. Why Choose CEM for ML/AI? CEM has the potential to fit into a cognitive security strategy based upon product features and how they can be leveraged to support changes in : Core functionality Data collected Security team structure Security technology trends
  • 30. Product Features: Core Functionality CEM provides a valuable combination of data collection and descriptive data analysis: Real-time data collection on security events from the policies set up in the application. Reporting allows CEM users to combine multiple data points to describe compliance with policies. Connections with SIEM applications enables more detailed analysis of security data points.
  • 31. Product Features: Data Collected Security is a data-rich domain, and between the ESM in use at an organization and CEM, a machine learning and AI-based solution would not face a shortage of training data. ESMs feed data constantly to the SMF on z/OS that includes I/O activity, network activity, and errors. Per engineering input, SMF data could be pulled for use via an utility. CEM interacts with all 3 ESMs to capture security event data in real time.
  • 32. Applying ML/AI to CEM Machine learning combines well with CEM’s real-time data to provide a clear way to baseline security events and detect anomalies. As pointed out by a CA architect from Team Woz, SMF contains a record of all security events on a mainframe, meaning baselines could be setup in a relatively short time. Preprocessed data from CEM & CIA reports could also be analyzed via machine learning. Report analysis could enable more effective proactive measures to security concerns, such as recommendations for policy changes or creation.
  • 33. Cognitive Security & CEM Cognitive security refers to continuously-learning systems that rely upon a combination of machine learning, natural language processing, data mining, and human interaction to develop hypotheses about what is happening on system. It combines two concepts: Deploying cognitive systems for the analysis of structured and unstructured security data to uncover insights and provide actionable recommendations for proactive security and business activities. Supporting cognitive systems with technologies, techniques, people, and processes to provide relevant context for data and ensure accuracy of analyses and recommendations.
  • 34. Incorporating DCD Leveraging Existing ML/AI & Options for Growth Machine Learning in DCD Benefits of Current ML Implementation
  • 35. ML/AI in DCD DCD employs machine learning as part of scanning (soon to be renamed policies). Machine learning produces the following information: Form of data source (structured vs. unstructured) Data source metadata (column header, column data type, comments) Breakdown of sensitive data matches (location, combinations)
  • 36. Benefits of Current ML Implementation Currently, ML in DCD provides insight into features of scanned data, such as its structure and surrounding data points. Elucidating data features like DCD does helps build data literacy among users. Gartner, Forbes, InfoWorld, and other major research firms and publications have listed data literacy as a top challenge for companies within the next few years. Improved data literacy enables companies to maximize the value of their analytics and reporting.
  • 37. Research Activities Creating Smarter Security Solutions with Direct Insight Data Literacy Problem Definition Idea Validation
  • 38. Data Literacy Data literacy refers to knowing what data are, and having an awareness of their collection, analysis, visualization, and use with respect to data security and data privacy (Crusoe, 2016). Two personas to consider within the concept of data literacy: Subjects, the people data is about, and who may have varying levels of data literacy. Stewards, the people responsible for the security and privacy of collected data, and who may also have varying levels of data literacy.
  • 39. Data Literacy Within the context of CEM, the Steward persona will be of primary interest, as they are the end users who enact the policy on mainframe data. Data is meaningless until it is analyzed, highlighting the importance of knowing what data are available, how it is being analyzed and presented, and how users intend to use it. Data quality affects the analysis and presentation of the resulting output.
  • 40. Data Literacy Research on data literacy of CEM users should focus on the following topics: What data does CEM collect? What is the value of the collected CEM data? What are the features of the CEM data that enable you to use it?
  • 43. Thank You! For questions or comments about this exploration document, please contact: Leslie A. McFarlin, Senior UX Designer leslie.mcfarlin@ca.com