SlideShare a Scribd company logo
1 of 42
Download to read offline
1
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
Peter Elmer | Security Expert, EMEA | Office of the CTO
May 2021
The value of Machine Learning
in Cyber Security
DATA DRIVEN SECURITY
2
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
• Need for Data Driven Security
• Methods used
• Value of Machine Learning powered by human experience
• Effectivness of Data Driven Security
Today we look at …
3
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
Collaboration
Intelligence
Experience
Key Ingredients For Success
Check Point Software Technologies
Founded in 1993, about 5.400 employees
Securing more than 100.000 customers
27 Years
4
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
“Important decision
points are taken by
machines with logic
created from data.”
Check Point, Data Scientists Team
October 2020
5
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
Predicting Results Using Machine Learning
Humans deciding on features and labels
oval round
smooth surface undulating surface
sweet sour
‘for pie’ ‘for vine’
Data remains
Data destroid
Human experience is key when
assigning characteristics (features)
for predicting a result (label)
6
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
Predicting?
7
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
Logic Created From Data
Computer Logic
Data
Program
Deterministic result
Humans deciding for the best logic to achieve a result prior to ‘feeding’ the machine
Context Assumptions Conceptions
Machine Learning Algorithm
Data
Result
Characteristics of data (features) of historic results (labels) are presented to machine
Program / Model
Logic
Program / Model
Logic
New Data Probablistic result
8
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
Probabilistic results?
9
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
Probabilistic
Deterministic
10
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
Vectorising
11
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
Feeding more data
into the machine
increases accuracy
12
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
Limited resources
Increasing
attack surface
13
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
Attacking Is Easier Than Defending
Surface
• Intent
• Idea
• Plan
• Design Logic
• Source Code
• Compile
• Stream of bits
Process
Effort for defending
Effort for
defending
14
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
Understanding
Intent
Optimizing
Resources
15
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
8 : 1
Applying Machine Learning requires
eight times less resources than preparing the data
16
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
Mathematical
Representation
Abstraction
17
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
• An image of 224x224 RGB
is transformed by filters
becoming a number
• Convolutional filters
capture 3x3 pixels to
capture notion of ...
• right/left
• up/down
• center
• Accuracy of 92,7%
Changing Representation
Turning an image into a number – VGG16 Convolutional Network
Source: Neurohive – VGG16 Convolutional Network for Classification and Detection:
18
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
• Training a VGG16 with
fotos from Citiscapes
• Enhancing realismn of
animation
• Eliminating artefacts
Changing Representation
Turning an image into a number – VGG16 Convolutional Network
Source: Intel - Enhancing Photorealism Enhancement, May 2021
19
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
Vectorising Elements – Example: Human Language
Describing meaning / intent to achieve an abstraction level
King
Queen
Man
Woman
Masculinity Femininity
Vectorising words allows ‘word algebra’ - Algebra allows Machine Learning
swimming
swam
walking
walked
Verb tense
Vectors are presenting the abstraction level
20
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
Vectorising Elements – Natural Language Processing (NLP)
Describing meaning / intent to achieve an abstraction level
“NLP is a subfield of computer science and artificial intelligence
concerned with interactions between computers and human (natural) languages.
It is used to apply machine learning algorithms to text and speech.”
Source: towards data science
21
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
Vectorising Elements – Why is NLP useful?
Describing meaning / intent to achieve an abstraction level
Pineapples
We know ‘Pineapples are spikey and yellow’
are
spikey
and
yellow
Input Projection Output
‘Give me the missing word’
Pineapples
are
spikey
and
yellow
Input Projection Output
‘Give me the context’
Reference: Tomas Mikolov et al. : Distributed Representations of Words and Phrases and their Compositionality
22
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
Understanding
what is making
something different
How can we apply this
to Cyber Security?
23
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
Vectorising Elements – Cyber Security
Applying NLP when Sandboxing executables
Observing API calls performed against the operating system
API calls are language and can be vectorised
24
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
Vectorising Elements – Cyber Security
Applying TF-IDF when disassembling OPCODES
Borrowing TF-IDF algorithm from word document analysis
Source: http://filotechnologia.blogspot.com/2014/01/a-simple-java-class-for-tfidf-scoring.html
“TF-IDF is an information retrieval and information extraction subtask which
aims to express the importance of a word to a document which is part of a
collection of documents which we usually name a corpus. ”
25
©2021 Check Point Software Technologies Ltd.
Vectorising Elements – Cyber Security
Decoded machine language
Machine code has sequence – sequence has meaning
[Protected] Distribution or modification is subject to approval ​
26
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
• An executable file is fed into a neural network
• Each ‘filter‘ performs a mathematical operation
on a sliding patch
Changing Representation
Turning an executable file into vectors – VGG16 Convolutional Network
Source: Check Point, Data Scientists Team, October 2020
Original Convolved
27
©2021 Check Point Software Technologies Ltd.
Machine Learning In Cyber Security
Preventing Unknown Attacks
EXE
Understanding
Entropy & Structure
Disassembling
URL Verification
Finding Similarities
File/Registry
Classification
using provided
Meta Data
Verdict
Meta Data
PDF
PPT
DOC
XLS
PDF Analyzer
URL Verification
Macro Analyzer Classification
using provided
Meta Data
Verdict
Meta Data
[Protected] Distribution or modification is subject to approval ​
28
©2021 Check Point Software Technologies Ltd.
Machine Learning In Cyber Security
Preventing Unknown Attacks
On July 20th 2020 a sample was labeled malicious by our machine learning logic
[Protected] Distribution or modification is subject to approval ​
29
©2021 Check Point Software Technologies Ltd.
Machine Learning In Cyber Security
Preventing Unknown Attacks
On July 24th 2020 only 45 out of 73 engines on Virus Total labeled it malicious
[Protected] Distribution or modification is subject to approval ​
Four days later!
30
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
Machine Learning In Cyber Security
Sharing experience
Source: https://research.checkpoint.com/category/how-to-guides/
31
©2021 Check Point Software Technologies Ltd.
Machine Learning In Cyber Security
‘Malware DNA’ based clustering applying TF-IDF
Two dimensional representation of
the 300 000 dimensional space
representing the ‘world of malware’
in Check Point Threat Intelligence
Colors representing labels of
malware families
[Protected] Distribution or modification is subject to approval ​
32
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
Itay Cohen (Check Point) and Omri Ben Bassat (Intezer) mapped out an ecosystem
Results:
• Classification into 60 families
and 200 modules
• 22 000 connections between
analyzed samples
• Different Actors don’t share code
Access the interactive map
• Published as open source
Download the detector tool
• Defend and contribute
Map based on Fruchterman-Reingold algorithm
Read the full report:
Machine Learning In Cyber Security
‘Malware DNA’ applied to uncover an APT Eco System
33
©2021 Check Point Software Technologies Ltd.
Machine Learning In Cyber Security
Sharing experience
Understand how vulnerable on-premises and
cloud environments are
[Protected] Distribution or modification is subject to approval ​
Source: https://research.checkpoint.com/2021/deep-into-the-sunburst-attack/
Understanding the SolarWinds Orion Platform Security Advisory
16-December 2020, video, https://community.checkpoint.com/
34
©2021 Check Point Software Technologies Ltd.
Machine Learning In Cyber Security
The need for defense
BBC article about Colonial Pipeline attack, May 2021
[Protected] Distribution or modification is subject to approval ​
Source: https://www.bbc.com/news/business-57050690
Source: Check Point, Research Blog, May 2021
Update 17th May 2021: DarkSide is offline - https://krebsonsecurity.com/
35
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
Understanding
the DNA of a
malware allows
attributing ‘family’
characteristics
36
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
Knowing the ‘family’
…allows applying
tools for defense
..allows saving
resources
37
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
What‘s next?
38
©2021 Check Point Software Technologies Ltd.
Machine Learning – General Purpose
Comparing NLP-Trained Models
Over 300 apps are using GPT-3
https://openai.com/blog/gpt-3-apps/
GPT-3 API access is controlled
https://openai.com/blog/openai-api/
28th May 2020
14 Apps using GPT-3
[Protected] Distribution or modification is subject to approval ​
39
©2021 Check Point Software Technologies Ltd.
Machine Learning Empowers Threat Prevention
Every input for Threat Intelligence becomes a Label
More than 27 years of experience …
• Having access to data
• Knowing the labels
• Selecting the right features
• Creating ML algorithms
• ML empowers Threat Prevention
Data
Labels This is
This is
Feature1: form
Feature2: colour
Next
module
[Protected] Distribution or modification is subject to approval ​
40
©2021 Check Point Software Technologies Ltd.
Machine Learning Empowers Threat Prevention
The infinity cycle of learning
Incumbent
New DATA
Labeling
Training
Stand by
evaluation
Decision point
Federated Learning
Using encrypted customer data
Supervised by human expertise
Measuring
Unseen data
Adjusting weights
[Protected] Distribution or modification is subject to approval ​
41
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
The infinity cycle of learning is powered by us
42
©2021 Check Point Software Technologies Ltd.
[Protected] Distribution or modification is subject to approval ​
Peter Elmer | Security Expert, EMEA | Office of the CTO
pelmer@checkpoint.com, May 2021
THANK YOU

More Related Content

What's hot

Cloud Native Demystified: Build Once, Run Anywhere!
Cloud Native Demystified: Build Once, Run Anywhere!Cloud Native Demystified: Build Once, Run Anywhere!
Cloud Native Demystified: Build Once, Run Anywhere!Codit
 
Empowering developers and operators through Gitlab and HashiCorp
Empowering developers and operators through Gitlab and HashiCorpEmpowering developers and operators through Gitlab and HashiCorp
Empowering developers and operators through Gitlab and HashiCorpMitchell Pronschinske
 
Migrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
Migrating from VMs to Kubernetes using HashiCorp Consul Service on AzureMigrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
Migrating from VMs to Kubernetes using HashiCorp Consul Service on AzureMitchell Pronschinske
 
Migrating to Cloud Native Solutions
Migrating to Cloud Native SolutionsMigrating to Cloud Native Solutions
Migrating to Cloud Native Solutionsinwin stack
 
Dynamic Azure Credentials for Applications and CI/CD Pipelines
Dynamic Azure Credentials for Applications and CI/CD PipelinesDynamic Azure Credentials for Applications and CI/CD Pipelines
Dynamic Azure Credentials for Applications and CI/CD PipelinesMitchell Pronschinske
 
Tectonic Summit 2016: Betting on Kubernetes
Tectonic Summit 2016: Betting on KubernetesTectonic Summit 2016: Betting on Kubernetes
Tectonic Summit 2016: Betting on KubernetesCoreOS
 
The Cloud Native Journey
The Cloud Native JourneyThe Cloud Native Journey
The Cloud Native JourneyVMware Tanzu
 
The Making of a Cloud Native Application Platform
The Making of a Cloud Native Application PlatformThe Making of a Cloud Native Application Platform
The Making of a Cloud Native Application PlatformCloud Foundry Foundation
 
How to build & run a SaaS with a team of two
How to build & run a SaaS with a team of twoHow to build & run a SaaS with a team of two
How to build & run a SaaS with a team of twoEficode
 
StampedeCon 2015 Keynote
StampedeCon 2015 KeynoteStampedeCon 2015 Keynote
StampedeCon 2015 KeynoteKen Owens
 
Cloud-Native Patterns and the Benefits of MySQL as a Platform Managed Service
Cloud-Native Patterns and the Benefits of MySQL as a Platform Managed ServiceCloud-Native Patterns and the Benefits of MySQL as a Platform Managed Service
Cloud-Native Patterns and the Benefits of MySQL as a Platform Managed ServiceVMware Tanzu
 
cncf overview and building edge computing using kubernetes
cncf overview and building edge computing using kubernetescncf overview and building edge computing using kubernetes
cncf overview and building edge computing using kubernetesKrishna-Kumar
 
stackconf 2021 | How DevOps changed the way we operate software
stackconf 2021 | How DevOps changed the way we operate softwarestackconf 2021 | How DevOps changed the way we operate software
stackconf 2021 | How DevOps changed the way we operate softwareNETWAYS
 
IoT Scale Event-Stream Processing for Connected Fleet at Penske
IoT Scale Event-Stream Processing for Connected Fleet at PenskeIoT Scale Event-Stream Processing for Connected Fleet at Penske
IoT Scale Event-Stream Processing for Connected Fleet at PenskeVMware Tanzu
 
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)VMware Tanzu
 
Enabling Microservices Frameworks to Solve Business Problems
Enabling Microservices Frameworks to Solve  Business ProblemsEnabling Microservices Frameworks to Solve  Business Problems
Enabling Microservices Frameworks to Solve Business ProblemsKen Owens
 
Cloud Native Application Framework
Cloud Native Application FrameworkCloud Native Application Framework
Cloud Native Application FrameworkVMware Tanzu
 
The Future of Energy - Decentral energy distribution in a digital world
The Future of Energy - Decentral energy distribution in a digital worldThe Future of Energy - Decentral energy distribution in a digital world
The Future of Energy - Decentral energy distribution in a digital worldEficode
 
Application Centric Microservices Architecture
Application Centric Microservices ArchitectureApplication Centric Microservices Architecture
Application Centric Microservices ArchitectureKen Owens
 

What's hot (20)

Cloud Native Demystified: Build Once, Run Anywhere!
Cloud Native Demystified: Build Once, Run Anywhere!Cloud Native Demystified: Build Once, Run Anywhere!
Cloud Native Demystified: Build Once, Run Anywhere!
 
Empowering developers and operators through Gitlab and HashiCorp
Empowering developers and operators through Gitlab and HashiCorpEmpowering developers and operators through Gitlab and HashiCorp
Empowering developers and operators through Gitlab and HashiCorp
 
Migrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
Migrating from VMs to Kubernetes using HashiCorp Consul Service on AzureMigrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
Migrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
 
Migrating to Cloud Native Solutions
Migrating to Cloud Native SolutionsMigrating to Cloud Native Solutions
Migrating to Cloud Native Solutions
 
Dynamic Azure Credentials for Applications and CI/CD Pipelines
Dynamic Azure Credentials for Applications and CI/CD PipelinesDynamic Azure Credentials for Applications and CI/CD Pipelines
Dynamic Azure Credentials for Applications and CI/CD Pipelines
 
Cloud Native Machine Learning
Cloud Native Machine Learning Cloud Native Machine Learning
Cloud Native Machine Learning
 
Tectonic Summit 2016: Betting on Kubernetes
Tectonic Summit 2016: Betting on KubernetesTectonic Summit 2016: Betting on Kubernetes
Tectonic Summit 2016: Betting on Kubernetes
 
The Cloud Native Journey
The Cloud Native JourneyThe Cloud Native Journey
The Cloud Native Journey
 
The Making of a Cloud Native Application Platform
The Making of a Cloud Native Application PlatformThe Making of a Cloud Native Application Platform
The Making of a Cloud Native Application Platform
 
How to build & run a SaaS with a team of two
How to build & run a SaaS with a team of twoHow to build & run a SaaS with a team of two
How to build & run a SaaS with a team of two
 
StampedeCon 2015 Keynote
StampedeCon 2015 KeynoteStampedeCon 2015 Keynote
StampedeCon 2015 Keynote
 
Cloud-Native Patterns and the Benefits of MySQL as a Platform Managed Service
Cloud-Native Patterns and the Benefits of MySQL as a Platform Managed ServiceCloud-Native Patterns and the Benefits of MySQL as a Platform Managed Service
Cloud-Native Patterns and the Benefits of MySQL as a Platform Managed Service
 
cncf overview and building edge computing using kubernetes
cncf overview and building edge computing using kubernetescncf overview and building edge computing using kubernetes
cncf overview and building edge computing using kubernetes
 
stackconf 2021 | How DevOps changed the way we operate software
stackconf 2021 | How DevOps changed the way we operate softwarestackconf 2021 | How DevOps changed the way we operate software
stackconf 2021 | How DevOps changed the way we operate software
 
IoT Scale Event-Stream Processing for Connected Fleet at Penske
IoT Scale Event-Stream Processing for Connected Fleet at PenskeIoT Scale Event-Stream Processing for Connected Fleet at Penske
IoT Scale Event-Stream Processing for Connected Fleet at Penske
 
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)
 
Enabling Microservices Frameworks to Solve Business Problems
Enabling Microservices Frameworks to Solve  Business ProblemsEnabling Microservices Frameworks to Solve  Business Problems
Enabling Microservices Frameworks to Solve Business Problems
 
Cloud Native Application Framework
Cloud Native Application FrameworkCloud Native Application Framework
Cloud Native Application Framework
 
The Future of Energy - Decentral energy distribution in a digital world
The Future of Energy - Decentral energy distribution in a digital worldThe Future of Energy - Decentral energy distribution in a digital world
The Future of Energy - Decentral energy distribution in a digital world
 
Application Centric Microservices Architecture
Application Centric Microservices ArchitectureApplication Centric Microservices Architecture
Application Centric Microservices Architecture
 

Similar to stackconf 2021 | Data Driven Security

Bhagvan Kommadi [Value Momentum] | TeleHealth Platform: DevOps-Based Progress...
Bhagvan Kommadi [Value Momentum] | TeleHealth Platform: DevOps-Based Progress...Bhagvan Kommadi [Value Momentum] | TeleHealth Platform: DevOps-Based Progress...
Bhagvan Kommadi [Value Momentum] | TeleHealth Platform: DevOps-Based Progress...InfluxData
 
The Next Normal: CTEK's New Services to Support Adapting in 2020 & Beyond
The Next Normal: CTEK's New Services to Support Adapting in 2020 & BeyondThe Next Normal: CTEK's New Services to Support Adapting in 2020 & Beyond
The Next Normal: CTEK's New Services to Support Adapting in 2020 & BeyondSophiaPalmira
 
Scaling AppSec through Education
Scaling AppSec through EducationScaling AppSec through Education
Scaling AppSec through EducationGrant Ongers
 
Data governance and discoverability at AO.com | Jon Vines, AO.com and Christo...
Data governance and discoverability at AO.com | Jon Vines, AO.com and Christo...Data governance and discoverability at AO.com | Jon Vines, AO.com and Christo...
Data governance and discoverability at AO.com | Jon Vines, AO.com and Christo...HostedbyConfluent
 
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)Samy Fodil
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsThousandEyes
 
Didiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - EnglishDidiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - EnglishDidiet Kusumadihardja
 
Become a cloud security expert
Become a cloud security expertBecome a cloud security expert
Become a cloud security expertbillysmit3
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleDenim Group
 
Getting Demo & POV Ready
Getting Demo & POV ReadyGetting Demo & POV Ready
Getting Demo & POV ReadyThousandEyes
 
Building a Foundation for NetSecOps Partnerships with Network Automation
Building a Foundation for NetSecOps Partnerships with Network AutomationBuilding a Foundation for NetSecOps Partnerships with Network Automation
Building a Foundation for NetSecOps Partnerships with Network AutomationEnterprise Management Associates
 
Quality engineering in the digital age... Why? How? (ASQF Keynote by Rik Mars...
Quality engineering in the digital age... Why? How? (ASQF Keynote by Rik Mars...Quality engineering in the digital age... Why? How? (ASQF Keynote by Rik Mars...
Quality engineering in the digital age... Why? How? (ASQF Keynote by Rik Mars...Rik Marselis
 
Modern Architectures
Modern ArchitecturesModern Architectures
Modern ArchitecturesSecureAuth
 
Slides: Accelerate and Assure the Adoption of Cloud Data Platforms Using Inte...
Slides: Accelerate and Assure the Adoption of Cloud Data Platforms Using Inte...Slides: Accelerate and Assure the Adoption of Cloud Data Platforms Using Inte...
Slides: Accelerate and Assure the Adoption of Cloud Data Platforms Using Inte...DATAVERSITY
 
Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
Optimizing and Troubleshooting Digital Experience for a Hybrid WorkforceOptimizing and Troubleshooting Digital Experience for a Hybrid Workforce
Optimizing and Troubleshooting Digital Experience for a Hybrid WorkforceThousandEyes
 
EMEA Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
EMEA Optimizing and Troubleshooting Digital Experience for a Hybrid WorkforceEMEA Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
EMEA Optimizing and Troubleshooting Digital Experience for a Hybrid WorkforceThousandEyes
 

Similar to stackconf 2021 | Data Driven Security (20)

Bhagvan Kommadi [Value Momentum] | TeleHealth Platform: DevOps-Based Progress...
Bhagvan Kommadi [Value Momentum] | TeleHealth Platform: DevOps-Based Progress...Bhagvan Kommadi [Value Momentum] | TeleHealth Platform: DevOps-Based Progress...
Bhagvan Kommadi [Value Momentum] | TeleHealth Platform: DevOps-Based Progress...
 
The Next Normal: CTEK's New Services to Support Adapting in 2020 & Beyond
The Next Normal: CTEK's New Services to Support Adapting in 2020 & BeyondThe Next Normal: CTEK's New Services to Support Adapting in 2020 & Beyond
The Next Normal: CTEK's New Services to Support Adapting in 2020 & Beyond
 
Scaling AppSec through Education
Scaling AppSec through EducationScaling AppSec through Education
Scaling AppSec through Education
 
Data governance and discoverability at AO.com | Jon Vines, AO.com and Christo...
Data governance and discoverability at AO.com | Jon Vines, AO.com and Christo...Data governance and discoverability at AO.com | Jon Vines, AO.com and Christo...
Data governance and discoverability at AO.com | Jon Vines, AO.com and Christo...
 
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of Concepts
 
Redington Value Journal - May 2018
Redington Value Journal - May 2018Redington Value Journal - May 2018
Redington Value Journal - May 2018
 
Check Point Consolidation
Check Point ConsolidationCheck Point Consolidation
Check Point Consolidation
 
Muthu_Karthick_Sudhan
Muthu_Karthick_SudhanMuthu_Karthick_Sudhan
Muthu_Karthick_Sudhan
 
Didiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - EnglishDidiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - English
 
Become a cloud security expert
Become a cloud security expertBecome a cloud security expert
Become a cloud security expert
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
 
Getting Demo & POV Ready
Getting Demo & POV ReadyGetting Demo & POV Ready
Getting Demo & POV Ready
 
Building a Foundation for NetSecOps Partnerships with Network Automation
Building a Foundation for NetSecOps Partnerships with Network AutomationBuilding a Foundation for NetSecOps Partnerships with Network Automation
Building a Foundation for NetSecOps Partnerships with Network Automation
 
Quality engineering in the digital age... Why? How? (ASQF Keynote by Rik Mars...
Quality engineering in the digital age... Why? How? (ASQF Keynote by Rik Mars...Quality engineering in the digital age... Why? How? (ASQF Keynote by Rik Mars...
Quality engineering in the digital age... Why? How? (ASQF Keynote by Rik Mars...
 
Modern Architectures
Modern ArchitecturesModern Architectures
Modern Architectures
 
Resume
ResumeResume
Resume
 
Slides: Accelerate and Assure the Adoption of Cloud Data Platforms Using Inte...
Slides: Accelerate and Assure the Adoption of Cloud Data Platforms Using Inte...Slides: Accelerate and Assure the Adoption of Cloud Data Platforms Using Inte...
Slides: Accelerate and Assure the Adoption of Cloud Data Platforms Using Inte...
 
Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
Optimizing and Troubleshooting Digital Experience for a Hybrid WorkforceOptimizing and Troubleshooting Digital Experience for a Hybrid Workforce
Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
 
EMEA Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
EMEA Optimizing and Troubleshooting Digital Experience for a Hybrid WorkforceEMEA Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
EMEA Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
 

Recently uploaded

A Deep Dive into Secure Product Development Frameworks.pdf
A Deep Dive into Secure Product Development Frameworks.pdfA Deep Dive into Secure Product Development Frameworks.pdf
A Deep Dive into Secure Product Development Frameworks.pdfICS
 
Lessons Learned from Building a Serverless Notifications System.pdf
Lessons Learned from Building a Serverless Notifications System.pdfLessons Learned from Building a Serverless Notifications System.pdf
Lessons Learned from Building a Serverless Notifications System.pdfSrushith Repakula
 
UNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale Ibrida
UNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale IbridaUNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale Ibrida
UNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale IbridaNeo4j
 
From Theory to Practice: Utilizing SpiraPlan's REST API
From Theory to Practice: Utilizing SpiraPlan's REST APIFrom Theory to Practice: Utilizing SpiraPlan's REST API
From Theory to Practice: Utilizing SpiraPlan's REST APIInflectra
 
Workshop - Architecting Innovative Graph Applications- GraphSummit Milan
Workshop -  Architecting Innovative Graph Applications- GraphSummit MilanWorkshop -  Architecting Innovative Graph Applications- GraphSummit Milan
Workshop - Architecting Innovative Graph Applications- GraphSummit MilanNeo4j
 
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCAOpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCAShane Coughlan
 
Effective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeConEffective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeConNatan Silnitsky
 
The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)Roberto Bettazzoni
 
Your Ultimate Web Studio for Streaming Anywhere | Evmux
Your Ultimate Web Studio for Streaming Anywhere | EvmuxYour Ultimate Web Studio for Streaming Anywhere | Evmux
Your Ultimate Web Studio for Streaming Anywhere | Evmuxevmux96
 
GraphSummit Milan - Neo4j: The Art of the Possible with Graph
GraphSummit Milan - Neo4j: The Art of the Possible with GraphGraphSummit Milan - Neo4j: The Art of the Possible with Graph
GraphSummit Milan - Neo4j: The Art of the Possible with GraphNeo4j
 
Rapidoform for Modern Form Building and Insights
Rapidoform for Modern Form Building and InsightsRapidoform for Modern Form Building and Insights
Rapidoform for Modern Form Building and Insightsrapidoform
 
Software Engineering - Introduction + Process Models + Requirements Engineering
Software Engineering - Introduction + Process Models + Requirements EngineeringSoftware Engineering - Introduction + Process Models + Requirements Engineering
Software Engineering - Introduction + Process Models + Requirements EngineeringPrakhyath Rai
 
CERVED e Neo4j su una nuvola, migrazione ed evoluzione di un grafo mission cr...
CERVED e Neo4j su una nuvola, migrazione ed evoluzione di un grafo mission cr...CERVED e Neo4j su una nuvola, migrazione ed evoluzione di un grafo mission cr...
CERVED e Neo4j su una nuvola, migrazione ed evoluzione di un grafo mission cr...Neo4j
 
Prompt Engineering - an Art, a Science, or your next Job Title?
Prompt Engineering - an Art, a Science, or your next Job Title?Prompt Engineering - an Art, a Science, or your next Job Title?
Prompt Engineering - an Art, a Science, or your next Job Title?Maxim Salnikov
 
Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024
Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024
Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024MulesoftMunichMeetup
 
Incident handling is a clearly defined set of procedures to manage and respon...
Incident handling is a clearly defined set of procedures to manage and respon...Incident handling is a clearly defined set of procedures to manage and respon...
Incident handling is a clearly defined set of procedures to manage and respon...Varun Mithran
 
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...naitiksharma1124
 
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...Lisi Hocke
 

Recently uploaded (20)

A Deep Dive into Secure Product Development Frameworks.pdf
A Deep Dive into Secure Product Development Frameworks.pdfA Deep Dive into Secure Product Development Frameworks.pdf
A Deep Dive into Secure Product Development Frameworks.pdf
 
Lessons Learned from Building a Serverless Notifications System.pdf
Lessons Learned from Building a Serverless Notifications System.pdfLessons Learned from Building a Serverless Notifications System.pdf
Lessons Learned from Building a Serverless Notifications System.pdf
 
UNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale Ibrida
UNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale IbridaUNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale Ibrida
UNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale Ibrida
 
From Theory to Practice: Utilizing SpiraPlan's REST API
From Theory to Practice: Utilizing SpiraPlan's REST APIFrom Theory to Practice: Utilizing SpiraPlan's REST API
From Theory to Practice: Utilizing SpiraPlan's REST API
 
Workshop - Architecting Innovative Graph Applications- GraphSummit Milan
Workshop -  Architecting Innovative Graph Applications- GraphSummit MilanWorkshop -  Architecting Innovative Graph Applications- GraphSummit Milan
Workshop - Architecting Innovative Graph Applications- GraphSummit Milan
 
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCAOpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
 
Effective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeConEffective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeCon
 
The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)
 
Abortion Clinic In Pretoria ](+27832195400*)[ 🏥 Safe Abortion Pills in Pretor...
Abortion Clinic In Pretoria ](+27832195400*)[ 🏥 Safe Abortion Pills in Pretor...Abortion Clinic In Pretoria ](+27832195400*)[ 🏥 Safe Abortion Pills in Pretor...
Abortion Clinic In Pretoria ](+27832195400*)[ 🏥 Safe Abortion Pills in Pretor...
 
Your Ultimate Web Studio for Streaming Anywhere | Evmux
Your Ultimate Web Studio for Streaming Anywhere | EvmuxYour Ultimate Web Studio for Streaming Anywhere | Evmux
Your Ultimate Web Studio for Streaming Anywhere | Evmux
 
GraphSummit Milan - Neo4j: The Art of the Possible with Graph
GraphSummit Milan - Neo4j: The Art of the Possible with GraphGraphSummit Milan - Neo4j: The Art of the Possible with Graph
GraphSummit Milan - Neo4j: The Art of the Possible with Graph
 
Rapidoform for Modern Form Building and Insights
Rapidoform for Modern Form Building and InsightsRapidoform for Modern Form Building and Insights
Rapidoform for Modern Form Building and Insights
 
Software Engineering - Introduction + Process Models + Requirements Engineering
Software Engineering - Introduction + Process Models + Requirements EngineeringSoftware Engineering - Introduction + Process Models + Requirements Engineering
Software Engineering - Introduction + Process Models + Requirements Engineering
 
CERVED e Neo4j su una nuvola, migrazione ed evoluzione di un grafo mission cr...
CERVED e Neo4j su una nuvola, migrazione ed evoluzione di un grafo mission cr...CERVED e Neo4j su una nuvola, migrazione ed evoluzione di un grafo mission cr...
CERVED e Neo4j su una nuvola, migrazione ed evoluzione di un grafo mission cr...
 
Abortion Clinic In Johannesburg ](+27832195400*)[ 🏥 Safe Abortion Pills in Jo...
Abortion Clinic In Johannesburg ](+27832195400*)[ 🏥 Safe Abortion Pills in Jo...Abortion Clinic In Johannesburg ](+27832195400*)[ 🏥 Safe Abortion Pills in Jo...
Abortion Clinic In Johannesburg ](+27832195400*)[ 🏥 Safe Abortion Pills in Jo...
 
Prompt Engineering - an Art, a Science, or your next Job Title?
Prompt Engineering - an Art, a Science, or your next Job Title?Prompt Engineering - an Art, a Science, or your next Job Title?
Prompt Engineering - an Art, a Science, or your next Job Title?
 
Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024
Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024
Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024
 
Incident handling is a clearly defined set of procedures to manage and respon...
Incident handling is a clearly defined set of procedures to manage and respon...Incident handling is a clearly defined set of procedures to manage and respon...
Incident handling is a clearly defined set of procedures to manage and respon...
 
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
 
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
 

stackconf 2021 | Data Driven Security

  • 1. 1 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Peter Elmer | Security Expert, EMEA | Office of the CTO May 2021 The value of Machine Learning in Cyber Security DATA DRIVEN SECURITY
  • 2. 2 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ • Need for Data Driven Security • Methods used • Value of Machine Learning powered by human experience • Effectivness of Data Driven Security Today we look at …
  • 3. 3 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Collaboration Intelligence Experience Key Ingredients For Success Check Point Software Technologies Founded in 1993, about 5.400 employees Securing more than 100.000 customers 27 Years
  • 4. 4 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ “Important decision points are taken by machines with logic created from data.” Check Point, Data Scientists Team October 2020
  • 5. 5 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Predicting Results Using Machine Learning Humans deciding on features and labels oval round smooth surface undulating surface sweet sour ‘for pie’ ‘for vine’ Data remains Data destroid Human experience is key when assigning characteristics (features) for predicting a result (label)
  • 6. 6 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Predicting?
  • 7. 7 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Logic Created From Data Computer Logic Data Program Deterministic result Humans deciding for the best logic to achieve a result prior to ‘feeding’ the machine Context Assumptions Conceptions Machine Learning Algorithm Data Result Characteristics of data (features) of historic results (labels) are presented to machine Program / Model Logic Program / Model Logic New Data Probablistic result
  • 8. 8 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Probabilistic results?
  • 9. 9 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Probabilistic Deterministic
  • 10. 10 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Vectorising
  • 11. 11 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Feeding more data into the machine increases accuracy
  • 12. 12 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Limited resources Increasing attack surface
  • 13. 13 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Attacking Is Easier Than Defending Surface • Intent • Idea • Plan • Design Logic • Source Code • Compile • Stream of bits Process Effort for defending Effort for defending
  • 14. 14 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Understanding Intent Optimizing Resources
  • 15. 15 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ 8 : 1 Applying Machine Learning requires eight times less resources than preparing the data
  • 16. 16 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Mathematical Representation Abstraction
  • 17. 17 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ • An image of 224x224 RGB is transformed by filters becoming a number • Convolutional filters capture 3x3 pixels to capture notion of ... • right/left • up/down • center • Accuracy of 92,7% Changing Representation Turning an image into a number – VGG16 Convolutional Network Source: Neurohive – VGG16 Convolutional Network for Classification and Detection:
  • 18. 18 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ • Training a VGG16 with fotos from Citiscapes • Enhancing realismn of animation • Eliminating artefacts Changing Representation Turning an image into a number – VGG16 Convolutional Network Source: Intel - Enhancing Photorealism Enhancement, May 2021
  • 19. 19 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Vectorising Elements – Example: Human Language Describing meaning / intent to achieve an abstraction level King Queen Man Woman Masculinity Femininity Vectorising words allows ‘word algebra’ - Algebra allows Machine Learning swimming swam walking walked Verb tense Vectors are presenting the abstraction level
  • 20. 20 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Vectorising Elements – Natural Language Processing (NLP) Describing meaning / intent to achieve an abstraction level “NLP is a subfield of computer science and artificial intelligence concerned with interactions between computers and human (natural) languages. It is used to apply machine learning algorithms to text and speech.” Source: towards data science
  • 21. 21 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Vectorising Elements – Why is NLP useful? Describing meaning / intent to achieve an abstraction level Pineapples We know ‘Pineapples are spikey and yellow’ are spikey and yellow Input Projection Output ‘Give me the missing word’ Pineapples are spikey and yellow Input Projection Output ‘Give me the context’ Reference: Tomas Mikolov et al. : Distributed Representations of Words and Phrases and their Compositionality
  • 22. 22 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Understanding what is making something different How can we apply this to Cyber Security?
  • 23. 23 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Vectorising Elements – Cyber Security Applying NLP when Sandboxing executables Observing API calls performed against the operating system API calls are language and can be vectorised
  • 24. 24 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Vectorising Elements – Cyber Security Applying TF-IDF when disassembling OPCODES Borrowing TF-IDF algorithm from word document analysis Source: http://filotechnologia.blogspot.com/2014/01/a-simple-java-class-for-tfidf-scoring.html “TF-IDF is an information retrieval and information extraction subtask which aims to express the importance of a word to a document which is part of a collection of documents which we usually name a corpus. ”
  • 25. 25 ©2021 Check Point Software Technologies Ltd. Vectorising Elements – Cyber Security Decoded machine language Machine code has sequence – sequence has meaning [Protected] Distribution or modification is subject to approval ​
  • 26. 26 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ • An executable file is fed into a neural network • Each ‘filter‘ performs a mathematical operation on a sliding patch Changing Representation Turning an executable file into vectors – VGG16 Convolutional Network Source: Check Point, Data Scientists Team, October 2020 Original Convolved
  • 27. 27 ©2021 Check Point Software Technologies Ltd. Machine Learning In Cyber Security Preventing Unknown Attacks EXE Understanding Entropy & Structure Disassembling URL Verification Finding Similarities File/Registry Classification using provided Meta Data Verdict Meta Data PDF PPT DOC XLS PDF Analyzer URL Verification Macro Analyzer Classification using provided Meta Data Verdict Meta Data [Protected] Distribution or modification is subject to approval ​
  • 28. 28 ©2021 Check Point Software Technologies Ltd. Machine Learning In Cyber Security Preventing Unknown Attacks On July 20th 2020 a sample was labeled malicious by our machine learning logic [Protected] Distribution or modification is subject to approval ​
  • 29. 29 ©2021 Check Point Software Technologies Ltd. Machine Learning In Cyber Security Preventing Unknown Attacks On July 24th 2020 only 45 out of 73 engines on Virus Total labeled it malicious [Protected] Distribution or modification is subject to approval ​ Four days later!
  • 30. 30 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Machine Learning In Cyber Security Sharing experience Source: https://research.checkpoint.com/category/how-to-guides/
  • 31. 31 ©2021 Check Point Software Technologies Ltd. Machine Learning In Cyber Security ‘Malware DNA’ based clustering applying TF-IDF Two dimensional representation of the 300 000 dimensional space representing the ‘world of malware’ in Check Point Threat Intelligence Colors representing labels of malware families [Protected] Distribution or modification is subject to approval ​
  • 32. 32 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Itay Cohen (Check Point) and Omri Ben Bassat (Intezer) mapped out an ecosystem Results: • Classification into 60 families and 200 modules • 22 000 connections between analyzed samples • Different Actors don’t share code Access the interactive map • Published as open source Download the detector tool • Defend and contribute Map based on Fruchterman-Reingold algorithm Read the full report: Machine Learning In Cyber Security ‘Malware DNA’ applied to uncover an APT Eco System
  • 33. 33 ©2021 Check Point Software Technologies Ltd. Machine Learning In Cyber Security Sharing experience Understand how vulnerable on-premises and cloud environments are [Protected] Distribution or modification is subject to approval ​ Source: https://research.checkpoint.com/2021/deep-into-the-sunburst-attack/ Understanding the SolarWinds Orion Platform Security Advisory 16-December 2020, video, https://community.checkpoint.com/
  • 34. 34 ©2021 Check Point Software Technologies Ltd. Machine Learning In Cyber Security The need for defense BBC article about Colonial Pipeline attack, May 2021 [Protected] Distribution or modification is subject to approval ​ Source: https://www.bbc.com/news/business-57050690 Source: Check Point, Research Blog, May 2021 Update 17th May 2021: DarkSide is offline - https://krebsonsecurity.com/
  • 35. 35 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Understanding the DNA of a malware allows attributing ‘family’ characteristics
  • 36. 36 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Knowing the ‘family’ …allows applying tools for defense ..allows saving resources
  • 37. 37 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ What‘s next?
  • 38. 38 ©2021 Check Point Software Technologies Ltd. Machine Learning – General Purpose Comparing NLP-Trained Models Over 300 apps are using GPT-3 https://openai.com/blog/gpt-3-apps/ GPT-3 API access is controlled https://openai.com/blog/openai-api/ 28th May 2020 14 Apps using GPT-3 [Protected] Distribution or modification is subject to approval ​
  • 39. 39 ©2021 Check Point Software Technologies Ltd. Machine Learning Empowers Threat Prevention Every input for Threat Intelligence becomes a Label More than 27 years of experience … • Having access to data • Knowing the labels • Selecting the right features • Creating ML algorithms • ML empowers Threat Prevention Data Labels This is This is Feature1: form Feature2: colour Next module [Protected] Distribution or modification is subject to approval ​
  • 40. 40 ©2021 Check Point Software Technologies Ltd. Machine Learning Empowers Threat Prevention The infinity cycle of learning Incumbent New DATA Labeling Training Stand by evaluation Decision point Federated Learning Using encrypted customer data Supervised by human expertise Measuring Unseen data Adjusting weights [Protected] Distribution or modification is subject to approval ​
  • 41. 41 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ The infinity cycle of learning is powered by us
  • 42. 42 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Peter Elmer | Security Expert, EMEA | Office of the CTO pelmer@checkpoint.com, May 2021 THANK YOU