Of Robots and Response Times: Automating Cybersecurity Analysis
•Download as PPTX, PDF•
3 likes•335 views
Big, public, embarrassing data breaches seem to hit the news daily; despite years of investment, the security products we have today can't seem to keep up. Machine learning, big data, and artificial intelligence are essential to automating and improving the cybersecurity market. In this presentation, originally delivered at the ReWork Deep Learning Summit, we look at why and how the security industry can be disrupted through sophisticated neural network technology.
Recommended
Recommended
More Related Content
Similar to Of Robots and Response Times: Automating Cybersecurity Analysis
Similar to Of Robots and Response Times: Automating Cybersecurity Analysis (20)
Recently uploaded
Recently uploaded (20)
Of Robots and Response Times: Automating Cybersecurity Analysis
- 1. GreatHorn Of Robots and Response Times: Automating Cybersecurity Analysis #REWORKDL
- 2. Why Are We Talking About Security? 1. Affects all of us 2. Well suited to machine learning 3. Huge market, huge opportunity to do good, not a lot of traction (yet)
- 3. A Snippet of History
- 4. Three Fundamental Unsolved Problems Problem One: IT complexity is outpacing our expertise
- 5. Three Fundamental Unsolved Problems Problem Two: Years of technical debt, data overload
- 6. Three Fundamental Unsolved Problems Problem Three: Manual labor is not a solution
- 7. Multiple attack methodologies and vectors Establishment of Command and Control (“hands on keyboard”) access “Low and Slow” East-west movement, migration, attacks Constant, coordinated, human effort Specific objective and attack Ubiquitous Hoodie-Clad Hacker Buzzword Time: APT
- 8. Multilayer Analytics For APTs Attack Anatomy Reconnaissance Weaponization Command and Control Data Loss (Breach)
- 9. “Events {a, b, c, ...} are indicative of a breach; do you agree?” Analyst-Based (Supervised) Unsupervised Result-Driven “On a time-series model N, IOCs {x, y, z...} are being seen across industries like yours.” “Across a data lake of N incidents, weight incident and correlate it to known breach indicator; treat the result as an input to the learning algorithm” Training the InfoSec Analyst Robots
- 10. Where Does This All Lead? Multi-Dimensional (Organization) Security Input Predictive Security Output
- 11. Recap and Questions ● Security needs to evolve from manual to (semi-?) automated analysis ● Core technical challenges are: ○ Data normalization ○ Incident-to-narrative connection ○ Behavioral analytics ○ Prescriptive / automated response ● From a CISO/CSO perspective, the outcome needs to demonstrably reduce risk of breach, without increasing analyst workload/cost GreatHorn www.greathorn.com kobrien@greathorn.com
- 12. founders@greathorn.com (800) 605-2566 116 Beech St Belmont, MA 02478 thank you
Editor's Notes
- Security is a complex, important, and growing problem Traditional methods (trained experts manually analyzing the space) can’t keep up Attacks and breaches harm all of us Machine learning (deep learning?) offers a possible out
- So, we spend the next 15-20 years building out an industry around expert systems -- the idea being that we can patch together IDS, IPS, firewalls (then software firewalls, then web application firewalls, etc.) to defend against threats. It’s a great idea, it’s an essential idea, and it’s also a completely inadequate idea -- because what have we really done except to create more and more and more alerts, alarms, and data feeds for security practicioners?
- And just to compound that problem, the combination of increasingly complicated infrastructure and tidal waves of data crashing upon the shores has been met with...a 1.5 MILLION person shortfall in the infosec industry (according to Frost and Sullivan’s latest research)
- If you’re not depressed yet, let me make things worse: attacks are getting harder and harder to detect and respond to. The last few years have seen the rise of APT, or advanced persistent threats