Big, public, embarrassing data breaches seem to hit the news daily; despite years of investment, the security products we have today can't seem to keep up.
Machine learning, big data, and artificial intelligence are essential to automating and improving the cybersecurity market. In this presentation, originally delivered at the ReWork Deep Learning Summit, we look at why and how the security industry can be disrupted through sophisticated neural network technology.
2. Why Are We Talking About Security?
1. Affects all of us
2. Well suited to machine learning
3. Huge market, huge opportunity to do good, not a lot of
traction (yet)
7. Multiple attack methodologies and vectors
Establishment of Command and Control
(“hands on keyboard”) access
“Low and Slow”
East-west movement, migration, attacks
Constant, coordinated, human effort
Specific objective and attack
Ubiquitous
Hoodie-Clad
Hacker
Buzzword Time: APT
8. Multilayer Analytics For APTs
Attack Anatomy
Reconnaissance
Weaponization
Command and Control
Data Loss (Breach)
9. “Events {a, b, c, ...} are indicative of a breach; do you
agree?”
Analyst-Based
(Supervised)
Unsupervised
Result-Driven
“On a time-series model N, IOCs {x, y, z...} are being
seen across industries like yours.”
“Across a data lake of N incidents, weight incident
and correlate it to known breach indicator; treat the
result as an input to the learning algorithm”
Training the InfoSec Analyst Robots
10. Where Does This All Lead?
Multi-Dimensional
(Organization) Security Input
Predictive Security Output
11. Recap and Questions
● Security needs to evolve from manual to
(semi-?) automated analysis
● Core technical challenges are:
○ Data normalization
○ Incident-to-narrative connection
○ Behavioral analytics
○ Prescriptive / automated response
● From a CISO/CSO perspective, the
outcome needs to demonstrably reduce
risk of breach, without increasing analyst
workload/cost
GreatHorn
www.greathorn.com
kobrien@greathorn.com
Security is a complex, important, and growing problem
Traditional methods (trained experts manually analyzing the space) can’t keep up
Attacks and breaches harm all of us
Machine learning (deep learning?) offers a possible out
So, we spend the next 15-20 years building out an industry around expert systems -- the idea being that we can patch together IDS, IPS, firewalls (then software firewalls, then web application firewalls, etc.) to defend against threats. It’s a great idea, it’s an essential idea, and it’s also a completely inadequate idea -- because what have we really done except to create more and more and more alerts, alarms, and data feeds for security practicioners?
And just to compound that problem, the combination of increasingly complicated infrastructure and tidal waves of data crashing upon the shores has been met with...a 1.5 MILLION person shortfall in the infosec industry (according to Frost and Sullivan’s latest research)
If you’re not depressed yet, let me make things worse: attacks are getting harder and harder to detect and respond to. The last few years have seen the rise of APT, or advanced persistent threats