Can Machine Learning help organization improve Data Security? Are there limitations to Machine Learning? What about ML for Advanced Persistent Threats?
Matthew Ancelin, Network Security Specialist, Palo Alto Networks
What has been done in the past worked fine back then, but it doesn’t cut it anymore. What are the problems with the past technology and where are we headed.
Brad Andrews, CEO, RBA Communications
Evaluating DREAD – Applying D.R.E.A.D. to the results of STRIDE.
This session is a continuation of Parts 1 and 2 and will apply the DREAD model to the threats we found in the previous session. We will start by discussing the elements of the DREAD model that is often used to evaluate risks to systems that are identified in threat modeling. These are Damage, Reproducibility, Exploitability, Affected Users, Discoverability. We will then work through the threats found in the previous session. This will continue the focus on Amazon.com and go to other systems if time is available. This session will expect those present to be involved in finding and suggesting values for each of the DREAD elements as they apply to the covered risks.
Brad Andrews, CEO, RBA Communications
Gaining Your STRIDE – Applying S.T.R.I.D.E. to a system
This session is a continuation of Part 1 and will briefly look at the components of the STRIDE model often used as a part of threat modeling. These are Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege. We will then seek to work to find out what threats Amazon.com might face using the diagram we developed in the previous session. This session will expect those present to be involved in raising potential risks. Other systems may also be covered if we have time remaining in the session.
Use of Amazon.com is the only likely experience of most participants, but even that is not required. The goal is to work with something everyone can relate to, not to expose insider information for a specific company.
Acronis Active Protection: A Way To Combat Ransomware AttackAcronis
In the wake of the massive "WannaCry" ransomware attack that took the world by storm on Friday, May 12, businesses are scrambling to improve their IT security. Learn how Acronis Active Protection can help prevent another attack like this one from knocking your business offline.
Five things I learned about information securityMajor Hayden
I delivered this presentation at the University of the Incarnate Word in San Antonio, Texas, to a group of students studying information security. They're learning plenty about the technical aspects of information security, but I wanted to talk to them about the non-technical aspects as well. This presentation is meant to be a low-tech, more social introduction on how to handle security within a large organization.
Matthew Ancelin, Network Security Specialist, Palo Alto Networks
What has been done in the past worked fine back then, but it doesn’t cut it anymore. What are the problems with the past technology and where are we headed.
Brad Andrews, CEO, RBA Communications
Evaluating DREAD – Applying D.R.E.A.D. to the results of STRIDE.
This session is a continuation of Parts 1 and 2 and will apply the DREAD model to the threats we found in the previous session. We will start by discussing the elements of the DREAD model that is often used to evaluate risks to systems that are identified in threat modeling. These are Damage, Reproducibility, Exploitability, Affected Users, Discoverability. We will then work through the threats found in the previous session. This will continue the focus on Amazon.com and go to other systems if time is available. This session will expect those present to be involved in finding and suggesting values for each of the DREAD elements as they apply to the covered risks.
Brad Andrews, CEO, RBA Communications
Gaining Your STRIDE – Applying S.T.R.I.D.E. to a system
This session is a continuation of Part 1 and will briefly look at the components of the STRIDE model often used as a part of threat modeling. These are Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege. We will then seek to work to find out what threats Amazon.com might face using the diagram we developed in the previous session. This session will expect those present to be involved in raising potential risks. Other systems may also be covered if we have time remaining in the session.
Use of Amazon.com is the only likely experience of most participants, but even that is not required. The goal is to work with something everyone can relate to, not to expose insider information for a specific company.
Acronis Active Protection: A Way To Combat Ransomware AttackAcronis
In the wake of the massive "WannaCry" ransomware attack that took the world by storm on Friday, May 12, businesses are scrambling to improve their IT security. Learn how Acronis Active Protection can help prevent another attack like this one from knocking your business offline.
Five things I learned about information securityMajor Hayden
I delivered this presentation at the University of the Incarnate Word in San Antonio, Texas, to a group of students studying information security. They're learning plenty about the technical aspects of information security, but I wanted to talk to them about the non-technical aspects as well. This presentation is meant to be a low-tech, more social introduction on how to handle security within a large organization.
This month, Community IT presents basic IT security training for end users. Learn about common threats and the best techniques for dealing with them. This webinar is intended for a broad audience of both technical and non-technical staff.
This is a presentation template if someone is interested in making a case for a web-based security awareness and training program within your company. It is free for all to use and change accordingly.
Information security awareness is an essential part of your information security program (ISMS - Information Security Management System). You can find a comprehensive set of security policies and frameworks at https://templatesit.com.
How To Learn The Network Security
Slide berikut merupakan slide yang berisikan dasar-dasar bagi kita dalam memahami konsep keamanan jaringan komputer, baik dari sisi inftrastruktur, teknologi dan paradigma bagi pengguna.
Materi yang diberikan sudah disusun oleh Pakar yang merupakan Trainer CEH dan memang berkompeten dibidang keamanan jaringan.
Slide ini saya dapatkan dari beliau saat mengikut training Certified Computer Security Officer (CCSO) dan Certified Computer Security Analyst (CCSA) dari beliau.
Semoga bermanfaat sebagai acuan bagi kita untuk belajar tentang keamanan jaringan komputer.
Terimakasih
A section of security breaches are caused by employees, whether accidentally or deliberately. To prevent security breaches of any kind, organizations should strengthen and solidify all their security systems and technologies. Here listed are a few simple ways to make employees understand and feel responsible for security of the Company's assets.
High time to add machine learning to your information security stackMinhaz A V
Machine learning might never be the silver bullet for cybersecurity compared to areas where it is thriving. There will always be a person who tries to find issues in our systems and bypass them. They may even use it to assist the attacks.
But adding it to our general information security stack can surely help us be more prepared while defending. Different categories like regression, classification, clustering, recommendations & reinforcement learning can be leveraged to build efficient & faster monitoring, threat response, network traffic analysis and more.
Along with introduction to different aspects and how it can be leveraged - I'd like to present a case study on how ML/AI can be used in distinguishing between benign and Malicious traffic data by means of anomaly detection techniques with 100% True Positive Rate with live demo.
Security testing tools are only as good as the humans who use them. Learn how to turn an automated security effort into an effective security assessment.
This month, Community IT presents basic IT security training for end users. Learn about common threats and the best techniques for dealing with them. This webinar is intended for a broad audience of both technical and non-technical staff.
This is a presentation template if someone is interested in making a case for a web-based security awareness and training program within your company. It is free for all to use and change accordingly.
Information security awareness is an essential part of your information security program (ISMS - Information Security Management System). You can find a comprehensive set of security policies and frameworks at https://templatesit.com.
How To Learn The Network Security
Slide berikut merupakan slide yang berisikan dasar-dasar bagi kita dalam memahami konsep keamanan jaringan komputer, baik dari sisi inftrastruktur, teknologi dan paradigma bagi pengguna.
Materi yang diberikan sudah disusun oleh Pakar yang merupakan Trainer CEH dan memang berkompeten dibidang keamanan jaringan.
Slide ini saya dapatkan dari beliau saat mengikut training Certified Computer Security Officer (CCSO) dan Certified Computer Security Analyst (CCSA) dari beliau.
Semoga bermanfaat sebagai acuan bagi kita untuk belajar tentang keamanan jaringan komputer.
Terimakasih
A section of security breaches are caused by employees, whether accidentally or deliberately. To prevent security breaches of any kind, organizations should strengthen and solidify all their security systems and technologies. Here listed are a few simple ways to make employees understand and feel responsible for security of the Company's assets.
High time to add machine learning to your information security stackMinhaz A V
Machine learning might never be the silver bullet for cybersecurity compared to areas where it is thriving. There will always be a person who tries to find issues in our systems and bypass them. They may even use it to assist the attacks.
But adding it to our general information security stack can surely help us be more prepared while defending. Different categories like regression, classification, clustering, recommendations & reinforcement learning can be leveraged to build efficient & faster monitoring, threat response, network traffic analysis and more.
Along with introduction to different aspects and how it can be leveraged - I'd like to present a case study on how ML/AI can be used in distinguishing between benign and Malicious traffic data by means of anomaly detection techniques with 100% True Positive Rate with live demo.
Security testing tools are only as good as the humans who use them. Learn how to turn an automated security effort into an effective security assessment.
Evolving technologies and business models have led to advanced network security threats that never existed a few years back. Moreover, enterprises are also relying on outdated security solutions to shut out such threats and this is leading to bigger and frequent data breaches. So if your company recognizes the need for a reliable IT security solution, then you should join our webinar to learn the following:
- An overview of the prevalent enterprise security threats
- The evolving security landscape and the obsolete security mechanisms
- What Seqrite does to ensure enterprise security and network compliance
Optimizing Security Operations: 5 Keys to SuccessSirius
Organizations are suffering from cyber fatigue, with too many alerts, too many technologies, and not enough people. Many security operations center (SOC) teams are underskilled and overworked, making it extremely difficult to streamline operations and decrease the time it takes to detect and remediate security incidents.
Addressing these challenges requires a shift in the tactics and strategies deployed in SOCs. But building an effective SOC is hard; many companies struggle first with implementation and then with figuring out how to take their security operations to the next level.
Read to learn:
--Advantages and disadvantages of different SOC models
--Tips for leveraging advanced analytics tools
--Best practices for incorporating automation and orchestration
--How to boost incident response capabilities, and measure your efforts
--How the NIST Cybersecurity Framework and CIS Controls can help you establish a strong foundation
Start building your roadmap to a next-generation SOC.
Much attention has been given to the need for increased automation in security, given the sheer volume of attackers and attacks, the overload of information security pros must wrangle, and the continued high demand for security expertise. But can automation solve all of security’s most serious problems? If not, why not? Will there always be a need for human involvement?
These slides were used in a live webcast featuring, 451 Research Information Security Research Director Scott Crawford and Cigital Managing Principal Nabil Hannan. You can watch this and other webcasts by visiting https://www.cigital.com/resources/.
As delusions of effective risk management for application environments continue to spread, companies continue to bleed large amounts of security spending without truly knowing if the amount is warranted, effective, or even elevating security at all. In parallel, hybrid, thought-provoking security strategies are moving beyond conceptual ideas to practical applications within ripe environments. Application Threat Modeling is one of those areas that, beyond the hype, provides practical and sensible security strategy that leverages already existing security efforts for an improved threat model of what is lurking in the shadows.
Tony UcedaVelez, Managing Director
An experienced security management professional, Tony has more than 10 years of hands-on security and technology experience and is a vocal advocate of security process engineering – a term that describes the design and development of secure processes and controls working symbiotically to create a unique business workflow. Tony currently serves as Managing Director for an Atlanta based risk advisory firm that focuses on security strategy and delivering effective means for risk mitigation and security process engineering. He has worked and consulted for the Fortune 500, as well as federal agencies in the U.S. on the topic of application security and security process engineering.
First line of defense for cybersecurity : AIAhmed Banafa
The year 2017 wasn't a great year for cyber-security; we saw a large number of high-profile cyber attacks; including Uber, Deloitte, Equifax and the now infamous WannaCry ransomware attack, and 2018 started with a bang too with the hacking of Winter Olympics.
The frightening truth about increasingly cyber-attacks is that most businesses and the cybersecurity industry itself are not prepared. Despite the constant flow of security updates and patches, the number of attacks continues to rise.
How to protect your company’s computer systems against penetration and attack; the dangers of security lapses in corporate computer
systems and Internet architecture, and specific methodologies for evaluating your company’s security, detecting intrusions and responding effectively.
A journey into application security will cover the relation and evolution of application security with the different approaches to development from Waterfall to Devops.
Link to Youtube video: https://youtu.be/OJMqMWnxlT8
You can contact me at abhimanyu.bhogwan@gmail.com
My linkdin id : https://www.linkedin.com/in/abhimanyu-bhogwan-cissp-ctprp-98978437/
Threat Modeling(system+ enterprise)
What is Threat Modeling?
Why do we need Threat Modeling?
6 Most Common Threat Modeling Misconceptions
Threat Modelling Overview
6 important components of a DevSecOps approach
DevSecOps Security Best Practices
Threat Modeling Approaches
Threat Modeling Methodologies for IT Purposes
STRIDE
Threat Modelling Detailed Flow
System Characterization
Create an Architecture Overview
Decomposing your Application
Decomposing DFD’s and Threat-Element Relationship
Identify possible attack scenarios mapped to S.T.R.I.D.E. model
Identifying Security Controls
Identify possible threats
Report to Developers and Security team
DREAD Scoring
My Opinion on implementing Threat Modeling at enterprise level
What Every Developer And Tester Should Know About Software SecurityAnne Oikarinen
Software security is best built in. This presentation introduces three essential things to help you design more secure software. In order to have a secure foundation, you can create and select security requirements for your applications using evil user stories and utilizing existing material for example from OWASP.
Another useful skill is threat modeling which helps you to assess security already in the design phase. Threat modeling helps you deliver better software, prioritize your preventive security measures, and focus penetration testing to the most risky parts of the system. The presentation covers various methods, such as the STRIDE model, for finding security and privacy threats.
You will also learn what kind of security related testing you can do without having any infosec background.
Automating Critical Security Controls for Threat Remediation and ComplianceQualys
Trends like the increased use of cloud computing by businesses and their vendors introduce new complexities in reducing risk and assessing security across the supply chain. Demonstrating continuous risk reduction and compliance with internal policies and external regulations, fixing violations and configuration drift, centrally managing exceptions, and documenting progress are all common challenges.
The Center for Internet Security’s (CIS) Critical Security Controls (CSCs) were selected and prioritized by leading security experts to stop today’s most common and serious cyber threats. By implementing these controls, organizations can improve their security posture and reduce the risk of threats to critical assets, data, and network infrastructure.
In this webcast SANS Senior Analyst John Pescatore and Tim White, Director of Product Management for Qualys Policy Compliance (PC), discuss how you can achieve continuous security and compliance, and leverage Qualys solutions to address all 20 CSCs.
The presentation encompasses:
• An overview of the CIS Critical Security Controls, including ongoing updates
• Success patterns organizations have demonstrated for using the controls to their advantage
• How an automation can reduce the staffing load to determine whether controls are in place and effective
• How to prioritize remediation efforts
• Real-world examples of recent attacks that leveraged misconfigured systems
Watch the on-demand webcast: https://goo.gl/j6Posx
Did you lock the door before leaving your house this morning? If you did, you threat modeled without even realizing it. Threat modeling is identifying potential threats (house robbery) and implementing measures to mitigate the risk (locking your door).
Protecting valuable assets, no matter if personal assets or business-related assets such as the software you are developing, threat modeling should become an instinctual and necessary part of your process.
Our talk highlights how nearly 50% of security flaws can be mitigated through threat modeling. We help you prevent and mitigate risks by utilizing a reliable and hard-hitting analysis technique that can be applied to individual applications or across an entire portfolio. We show you how to effectively apply these techniques at the start of the design phase and throughout every phase of the development lifecycle so you can maximize the ROI of your security efforts.
Topics covered include:
• Threat Modeling 101
• The propagating effect of poor design
• Tabletop exercise – a world with and without threat modeling
• Best practices and metrics for every stakeholder
Security engineering 101 when good design & security work togetherWendy Knox Everette
Security concerns are often dealt with as an afterthought—the focus is on building a product, and then security features or compensating controls are thrown in after the product is nearly ready to launch. Why do so many development teams take this approach? For one, they may not have an application security team to advise them. Or the security team may be seen as a roadblock, insisting on things that make the product less user friendly, or in tension with performance goals or other business demands. But security doesn’t need to be a bolt-on in your software process; good design principles should go hand in hand with a strong security stance. What does your engineering team need to know to begin designing safer, more robust software from the get-go?
Drawing on experience working in application security with companies of various sizes and maturity levels, Wendy Knox Everette focuses on several core principles and provides some resources for you to do more of a deep dive into various topics. Wendy begins by walking you through the design phase, covering the concerns you should pay attention to when you’re beginning work on a new feature or system: encapsulation, access control, building for observability, and preventing LangSec-style parsing issues. This is also the best place to perform an initial threat model, which sounds like a big scary undertaking but is really just looking at the moving pieces of this application and thinking about who might use them in unexpected ways, and why.
She then turns to security during the development phase. At this point, the focus is on enforcing secure defaults, using standard encryption libraries, protecting from malicious injection, insecure deserialization, and other common security issues. You’ll learn what secure configurations to enable, what monitoring and alerting to put in place, how to test your code, and how to update your application, especially any third-party dependencies.
Now that the software is being used by customers, are you done? Not really. It’s important to incorporate information about how customers interact as well as any security incidents back into your design considerations for the next version. This is the time to dust off the initial threat model and update it, incorporating everything you learned along the way.
Nothing strikes fear into the heart of an engineer more than the installation of a firewall to achieve the laudable goal of defense-in-depth through network segmentation. Security teams demand the implementation of firewalls telling everyone, “It’s for compliance!” But the addition of firewalls and other security appliances (aka chokepoints) into an infrastructure infuriates network engineers who design to optimize speed and minimize latency. Sysadmins and DBAs are equally frustrated, because of the increased complexity in building and troubleshooting applications. So it’s down the rabbit hole we go trying to achieve the unachievable with everyone waxing rhapsodic for those bygone days when the end-to-end principle ruled the Internet. Is it really possible to have security coexist with operational efficiency? Organizations seem happy to throw money at technology and operations, but when it comes to policies and procedures, they fail miserably. This is the biggest problem with building a layered design. As engineers, if we don’t have clear policies as a set of requirements, how will we determine the appropriate network segmentation and protections to put in place? The answer lies in aligning network segmentation with an organizational data classification matrix and understanding that while compliance and security often overlap, they’re not the same.
Similar to Machine learning and Cybersecurity (20)
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...Subhajit Sahu
Abstract — Levelwise PageRank is an alternative method of PageRank computation which decomposes the input graph into a directed acyclic block-graph of strongly connected components, and processes them in topological order, one level at a time. This enables calculation for ranks in a distributed fashion without per-iteration communication, unlike the standard method where all vertices are processed in each iteration. It however comes with a precondition of the absence of dead ends in the input graph. Here, the native non-distributed performance of Levelwise PageRank was compared against Monolithic PageRank on a CPU as well as a GPU. To ensure a fair comparison, Monolithic PageRank was also performed on a graph where vertices were split by components. Results indicate that Levelwise PageRank is about as fast as Monolithic PageRank on the CPU, but quite a bit slower on the GPU. Slowdown on the GPU is likely caused by a large submission of small workloads, and expected to be non-issue when the computation is performed on massive graphs.
Adjusting primitives for graph : SHORT REPORT / NOTESSubhajit Sahu
Graph algorithms, like PageRank Compressed Sparse Row (CSR) is an adjacency-list based graph representation that is
Multiply with different modes (map)
1. Performance of sequential execution based vs OpenMP based vector multiply.
2. Comparing various launch configs for CUDA based vector multiply.
Sum with different storage types (reduce)
1. Performance of vector element sum using float vs bfloat16 as the storage type.
Sum with different modes (reduce)
1. Performance of sequential execution based vs OpenMP based vector element sum.
2. Performance of memcpy vs in-place based CUDA based vector element sum.
3. Comparing various launch configs for CUDA based vector element sum (memcpy).
4. Comparing various launch configs for CUDA based vector element sum (in-place).
Sum with in-place strategies of CUDA mode (reduce)
1. Comparing various launch configs for CUDA based vector element sum (in-place).
4. YES. BUT HOW SO?
Models based on Machine Learning are more robust.
• Machine Learning has become more proactive defense against
malware
• Most threats are file-based. Machine Learning Models are designed
for static analysis. ML integrated into protection layer of file
scanning is a proactive solution.
• In the past Signature based Threat Detection was to bypass with
some minor changes
• It gives bad guy’s headaches.
7. LIMITATION #1 – TECHNOLOGY
ITSELF
Balance of three dimensions: Detection Rate, Number of False
Positives, Performance Impact
1. NUMBER OF FALSE POSITIVES
• If you make algorithms too generic, they will be prone to False Positives
• IF you restrict them, they will cause False Negatives
2. DETECTION RATE
• Tuning becomes important
• This technology has to be backed up by other technologies such as
Whitelisting or other detection methods
3. PERFORMANCE IMPACT
• If you have to be proactive, then you have to use complex models
• Complex models will have lead for performance impact
8. LIMITATION #2 – TYPE OF ATTACKS
THAT A PROTECION LAYER CAN
HANDLE
• Some bypass the protection layer of file scanning
• You need models for example that scan memory pages, ones
that can intercept the vulnerabilities that are being exploited
10. USE OF ML IN APT
• Advanced Persistent Threats are more discrete
• Guy’s in such an attack have more knowledge about their
victims
• Know what security solution is in the enterprise’s network
• They will never send a file that can be detected by security solution
• If a security solution has multiple layers of protection, ex. One
based on Dynamic Behavior, Correlating Events from Company’s
network
12. PURPOSE OF MACHINE LEARNING
• Machine Learning is a
Detection Tool
• Machine Learning
cannot be a protection
layer by itself
• Machine Learning can
augment the value of
protection layer
13. CRITERIA TO EVALUATE SECURITY
SOLUTIONS
1. What are the protection layers?
2. Are there Spam Filters, and Anti-
Phishing Filters?
3. Is there a Protection layer designed
for File Scanning or Memory Page
Scanning?
4. Are there techniques in the solution
built on Dynamic Behaviors, and
Network Anomalies?
5. Is Machine Learning being used in
any of the layers?
All of these have to work together to
protect against different types of threats
14. ATTACKS ARE GETTING MORE
SOPHISTICATED
• Distributed Denial of Service (DDoS)
• Ransomware Attacks
• Insiders
• Somebody pretending to be insiders
• BYOD leads you to new challenges
• Outsource Tier-1 and Tier-2 Engagements??
• Information Assurance
20. SORTING A KICK OFF
SORTING B STARTS
40 HOURS A WEEK
EXTENDED A+B TOGETHER ALL
THE WAY UNTIL THE END OF A
A FINISHED, B
CONTINUES
UNTIL THE END
09/25/17 10/30/17 11/06/17 01/24/17
21. FUNDING OPTIONS
• Skills.fund - https://divergence.skills.fund. 36 or 60 month
loans. Living Expenses of $1500/month for three months also
available for out-of-state students.
• Workforce Innovation Opportunity Act (WIOA) funds
• Divergence Academy Tuition Installment (TADS) - 9 month
installment – 50% in the first 4 months, rest in 5 months.