SlideShare a Scribd company logo

The artificial reality of cyber defense

Download as PPTX, PDF
DATA SECURITY SOLUTIONS
DATA SECURITY SOLUTIONS

Fabio Palloza, EMEA pre sales director, Radware https://dssitsec.eu

Technology
1 of 26
The Artificial Reality of Cyber Defense Fabio Palozza Technical Director, EMEA RADWARE Riga, October 2018 – DSS ITSEC https://blog.radware.com/author/fabiop/
2 Minimizing False Positives & False Negatives Too many events Not enough events Image Source: Effect Size FAQs by Paul Ellis Why minimize False Negatives? S3r1ously !?!? False Positives? How much incidents can your SOC investigate? Give the right incidents the amount of time they deserve?
3 Detection Sensitivity in Positive Security Models Probability Sensitivity False Negative False Positive Allow all Deny all Negative Security Model xx’
4 Anomaly Detection – Game On! • Security threats growing faster than security teams and budgets, huge talent shortage • Paradox: Proliferation of data from dozens of security products makes it harder to detect and investigate threats • Need for automation • Rule based event correlation provides reduction from millions to thousands • A good SOC can investigate maybe a couple of 100 incidents a day • How to leverage previous work from the SOC to improve the future detection by automation? • Need for automation that improves itself over time based on new data and user or researcher feedback
5 Machine Learning
6 MACHINE LEARNING Algorithms whose performance improve as they are exposed to more data over time DEEP LEARNING Multilayered neural networks learn from vast amounts of data ARTIFICIAL INTELLIGENCE A system that can sense, reason, act, and adapt
7 Detection Algorithms & Machine Learning COMPLEXITY Deterministic Transparent Data provides baselines Too complex to code Generalization Opaque ABILITY TO MITIGATE AUTOMATICALLY / TIME TO MITIGATE Degree of Attack (DoA)
8 Deep Learning Challenges
9 Challenges of Deep Learning Reproducibility Transparency Learning in Adversarial Contexts Learning in Changing Environments Training Data
10 Poisoning Attack March 2016 – Microsoft unveiled Tay An innocent chatbot (twitterbot) An experiment in conversational understanding It took less than 24 hours before the community corrupted an innocent AI chatbot https://i.kym-cdn.com/photos/images/original/001/096/674/ef9.jpg
11 Adversarial Attack Example Source: http://blog.ycombinator.com/how-adversarial-attacks-work/
12 Adversarial Attack Example Camouflage graffiti and art stickers cause a neural network to misclassify stop signs as speed limit 45 signs or yield signs Source: https://thenewstack.io/camouflaged-graffiti-road-signs-can-fool-machine-learning-models/
13 Breaking CAPTCHA • 2012: Support Vector Machines (SVM) to break reCAPTCHA • 82% accuracy • Cruz, Uceda, Reyes • 2016: Breaking simple-captcha using Deep Learning • 92% accuracy • How to break a captcha system using Torch • 2016: I’m not Human - breaking the Google reCAPTCHA • 98% accuracy • Black Hat ASIA 2016 – Sivakorn, Polakis, Keromutis
14 SNAP_R – Automated Spear-Phishing on Twitter • Man vs Machine – 2 hour bake off • SNAP_R • 819 tweets • 6.85 simulated spear-phishing tweets/minute • 275 victims • Forbes staff writer Thomas Fox-Brewster • 200 tweets • 1.67 copy/pasted tweets/minute • 49 vitcims https://www.blackhat.com/docs/us-16/materials/us-16-Seymour-Tully-Weaponizing-Data-Science-For-Social-Engineering-Automated-E2E-Spear-Phishing-On-Twitter.pdf
15 DeepHack – DEF CON 25 • Open-source hacking AI: https://github.com/BishopFox/deephack • Bot learns how to break into web applications • Using a neural network + trial-and-error • Learns to exploits multiple kinds of vulnerabilities without prior knowledge of the applications • Opening the door for hacking artificial intelligence systems in the future • Only the beginning • AI-based hacking tools are emerging as a class of technology that pentesters have yet to fully explore. • “We guarantee that you’ll be either writing machine learning hacking tools next year, or desperately attempting to defend against them.” Video: DEF CON 25 (2017) - Weaponizing Machine Learning - Petro, Morris - Stream - 30July2017
16 Applying Machine Learning for Cyber Security
18 ERT SUS (Subscription) ERT Active Attackers Feed Blocking Unknown Attacks Blocking Known Attacks Blocking Known Attackers Your Protected Network Radware Attack Mitigation System Cloud Malware Protection Blocking APT & 0day Infections COMPLEXITY ABILITY TO MITIGATE AUTOMATICALLY / TIME TO MITIGATE “Traditional” Machine learning Algorithms Big Data, Deep Learning DefensePro
19 Moving away from the Edge • Centralizing protections based on Big Data and Deep Learning models are able to: • Find and detect anomalies • Figure out complex relations that humans have a hard time to find in huge sets of event data • The output of the systems can be leveraged for near real- time mitigation through Threat Intelligence feeds • For automated blacklisting • APIs integrations with protection devices for autonomously adapting security policies • Important in this Cloud-Service is the community or crowd sourcing aspect • It enables larger amounts of diverse ‘good’ training data • While each member can leverage the intelligence for protection (threads detected in any of the members …)
2020 Radware ERT Active Attackers Feed Staying Ahead of Emerging Threats & Attackers 20 PREEMTIVE PROTECTION against known DDoS attackers Preemptively blocking attackers before they enter your network ACTIVE ATTACKERS blocked in real-time Blocks IPs actively involved in DNS & IoT Botnet DDoS attacks in last 24hrs DATA CORRELATION across multiple Radware sources Cloud DDoS intelligence, global deception network & real-life attack data
2121 Radware’s ERT Active Attackers Feed – How It Works #1.a Robust DDoS Attack Data Collected from Radware’s Cloud DDoS Scrubbing Centers ERT Threat Research Center ERT Active DDoS Feed DefensePro #1.b Continuous Correlation with Active Attackers Identified from Radware Detection Network #2 Feed Created #3 Feed Sent to DefensePro Ready to block attackers #1.c Botnet Intelligence Algorithm Identified from Radware automatic botnet detection/ERT
22 Attacker Feed, real customer use cases • Activation of the feed during POC for refreshing old DP1016 • More than 4200 distinct IPs hit • Match ip blacklist from Customer’s SOC at 98,5% (197/200)
Cloud-based Malware Attack Detection & Mitigation Service Visibility Ongoing Detection Audit & Report Early Prevention C&C List Subscription Infection Attempts Reporting New Malware Detection Simulated Malware Attacks 23
24 Radware Traffic Analysis Detects Anomalies IDENTIFIED BY RADWARE AS ZERO-DAY MALWARE 5. Spoofed Host Detection Suspicious traffic directed to young domains less than 1-year old 2. Age of Domain Infected hosts communicated in predictable intervals of ~10 minutes 3. Periodicity Suspicious traffic was communicating to websites with few HTML objects 4. Site Richness Header data did not match IP address of destination host 1. Similarity to Malicious Communication patterns were similar to known malicious behaviors
25 Summary Looking Ahead
26 Looking ahead… • “Traditional” Machine Learning systems have been defending our networks for some time already • Attackers are maturing and attacks are getting more complex • Detecting and stopping future attacks will require innovation • This innovation could be based on Deep Learning • Deep Learning Systems have their challenges to perform autonomously • The theory behind today’s Neural Networks originates from the 60s • Will we overcome these challenges with incremental advancements ? • Or will we need another breakthrough in AI ? • To achieve the ultimate goal of a fully autonomous cyber defense
Thank You

Recommended

A tale story of building and maturing threat hunting program
A tale story of building and maturing threat hunting programA tale story of building and maturing threat hunting program
A tale story of building and maturing threat hunting programidsecconf
 
Penetration and hacking training brief
Penetration and hacking training briefPenetration and hacking training brief
Penetration and hacking training briefBill Nelson
 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchMITRE - ATT&CKcon
 
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMITRE - ATT&CKcon
 
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting Program
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting ProgramIDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting Program
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting ProgramDigit Oktavianto
 
Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq OWASP-Qatar Chapter
 
Zero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisZero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisAhmed Banafa
 
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thCYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thUnited Technology Group (UTG)
 

Recommended

A tale story of building and maturing threat hunting program
A tale story of building and maturing threat hunting programA tale story of building and maturing threat hunting program
A tale story of building and maturing threat hunting programidsecconf
 
Penetration and hacking training brief
Penetration and hacking training briefPenetration and hacking training brief
Penetration and hacking training briefBill Nelson
 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchMITRE - ATT&CKcon
 
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMITRE - ATT&CKcon
 
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting Program
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting ProgramIDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting Program
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting ProgramDigit Oktavianto
 
Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq OWASP-Qatar Chapter
 
Zero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisZero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisAhmed Banafa
 
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thCYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thUnited Technology Group (UTG)
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesNCCOMMS
 
MITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE - ATT&CKcon
 
Case Study of RSA Data Breach
Case Study of RSA Data BreachCase Study of RSA Data Breach
Case Study of RSA Data BreachKunal Sharma
 
10 things you should know about cybersecurity
10 things you should know about cybersecurity10 things you should know about cybersecurity
10 things you should know about cybersecurityUnited Technology Group (UTG)
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Yuval Sinay, CISSP, C|CISO
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testingecmee
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersOllie Whitehouse
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
RSA Anatomy of an Attack
RSA Anatomy of an AttackRSA Anatomy of an Attack
RSA Anatomy of an Attackintegritysolutions
 
Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Christopher Korban
 
CSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziCSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziNCCOMMS
 
Hacking ble smartwatch
Hacking ble smartwatch Hacking ble smartwatch
Hacking ble smartwatch idsecconf
 
Analysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin AttackAnalysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin AttackGavin Davey
 
Crack the Code
Crack the CodeCrack the Code
Crack the CodeInnoTech
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceTom K
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskBeyondTrust
 
How I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKWHow I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKWSounil Yu
 
DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0Shah Sheikh
 
Data Sheet_What Darktrace Finds
Data Sheet_What Darktrace FindsData Sheet_What Darktrace Finds
Data Sheet_What Darktrace FindsMelissa Lim
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session Splunk
 
Global Technologies and Risks Trends
Global Technologies and Risks TrendsGlobal Technologies and Risks Trends
Global Technologies and Risks TrendsCharles Mok
 

More Related Content

What's hot

CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesNCCOMMS
 
MITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE - ATT&CKcon
 
Case Study of RSA Data Breach
Case Study of RSA Data BreachCase Study of RSA Data Breach
Case Study of RSA Data BreachKunal Sharma
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Yuval Sinay, CISSP, C|CISO
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testingecmee
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersOllie Whitehouse
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Christopher Korban
 
CSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziCSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziNCCOMMS
 
Hacking ble smartwatch
Hacking ble smartwatch Hacking ble smartwatch
Hacking ble smartwatch idsecconf
 
Analysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin AttackAnalysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin AttackGavin Davey
 
Crack the Code
Crack the CodeCrack the Code
Crack the CodeInnoTech
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceTom K
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskBeyondTrust
 
How I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKWHow I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKWSounil Yu
 
DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0Shah Sheikh
 
Data Sheet_What Darktrace Finds
Data Sheet_What Darktrace FindsData Sheet_What Darktrace Finds
Data Sheet_What Darktrace FindsMelissa Lim
 

What's hot (20)

CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri Diogenes
 
MITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - November
 
Case Study of RSA Data Breach
Case Study of RSA Data BreachCase Study of RSA Data Breach
Case Study of RSA Data Breach
 
10 things you should know about cybersecurity
10 things you should know about cybersecurity10 things you should know about cybersecurity
10 things you should know about cybersecurity
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
RSA Anatomy of an Attack
RSA Anatomy of an AttackRSA Anatomy of an Attack
RSA Anatomy of an Attack
 
Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018
 
CSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziCSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael Narezzi
 
Hacking ble smartwatch
Hacking ble smartwatch Hacking ble smartwatch
Hacking ble smartwatch
 
Analysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin AttackAnalysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin Attack
 
Crack the Code
Crack the CodeCrack the Code
Crack the Code
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
 
How I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKWHow I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKW
 
DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0
 
Data Sheet_What Darktrace Finds
Data Sheet_What Darktrace FindsData Sheet_What Darktrace Finds
Data Sheet_What Darktrace Finds
 

Similar to The artificial reality of cyber defense

Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session Splunk
 
Global Technologies and Risks Trends
Global Technologies and Risks TrendsGlobal Technologies and Risks Trends
Global Technologies and Risks TrendsCharles Mok
 
Why do women love chasing down bad guys?
Why do women love chasing down bad guys? Why do women love chasing down bad guys?
Why do women love chasing down bad guys? SITA
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with aiBurhan Ahmed
 
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurityAI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurityTasnim Alasali
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityOlivier Busolini
 
Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv
 
Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv
 
LIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewLIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewRobert Herjavec
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfShivamSharma909
 
Ciberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IACiberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IACristian Garcia G.
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)Shivam Sahu
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
 
Stopping zero day threats
Stopping zero day threatsStopping zero day threats
Stopping zero day threatsZscaler
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
Ten security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard ofTen security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard ofAdrian Sanabria
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionBitglass
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
 

Similar to The artificial reality of cyber defense (20)

Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session
 
Global Technologies and Risks Trends
Global Technologies and Risks TrendsGlobal Technologies and Risks Trends
Global Technologies and Risks Trends
 
Why do women love chasing down bad guys?
Why do women love chasing down bad guys? Why do women love chasing down bad guys?
Why do women love chasing down bad guys?
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with ai
 
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurityAI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
 
Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017
 
Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017
 
LIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewLIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR Overview
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
 
Ciberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IACiberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IA
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
Stopping zero day threats
Stopping zero day threatsStopping zero day threats
Stopping zero day threats
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
Malware
MalwareMalware
Malware
 
Ten security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard ofTen security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard of
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat Protection
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
 

More from DATA SECURITY SOLUTIONS

The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...DATA SECURITY SOLUTIONS
 
MLM or how to look at company users with new eyes
MLM or how to look at company users with new eyesMLM or how to look at company users with new eyes
MLM or how to look at company users with new eyesDATA SECURITY SOLUTIONS
 
How to maintain business equality secured in network and cloud
How to maintain business equality secured in network and cloudHow to maintain business equality secured in network and cloud
How to maintain business equality secured in network and cloudDATA SECURITY SOLUTIONS
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapDATA SECURITY SOLUTIONS
 
Transform your enterprise branch with secure sd-wan
Transform your enterprise branch with secure sd-wanTransform your enterprise branch with secure sd-wan
Transform your enterprise branch with secure sd-wanDATA SECURITY SOLUTIONS
 
How to discover vulnerabilities in business and mission critical systems
How to discover vulnerabilities in business and mission critical systemsHow to discover vulnerabilities in business and mission critical systems
How to discover vulnerabilities in business and mission critical systemsDATA SECURITY SOLUTIONS
 
Protecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabricProtecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabricDATA SECURITY SOLUTIONS
 
Patching: answers to questions you probably were afraid to ask about oracle s...
Patching: answers to questions you probably were afraid to ask about oracle s...Patching: answers to questions you probably were afraid to ask about oracle s...
Patching: answers to questions you probably were afraid to ask about oracle s...DATA SECURITY SOLUTIONS
 
Practical approach to NIS Directive's incident management
Practical approach to NIS Directive's incident managementPractical approach to NIS Directive's incident management
Practical approach to NIS Directive's incident managementDATA SECURITY SOLUTIONS
 
New security solutions for next generation of IT
New security solutions for next generation of ITNew security solutions for next generation of IT
New security solutions for next generation of ITDATA SECURITY SOLUTIONS
 
Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data DATA SECURITY SOLUTIONS
 
Let's hack your mobile device. Yes we can. And many other do.
Let's hack your mobile device. Yes we can. And many other do.Let's hack your mobile device. Yes we can. And many other do.
Let's hack your mobile device. Yes we can. And many other do.DATA SECURITY SOLUTIONS
 
North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...DATA SECURITY SOLUTIONS
 
IoT Technologies for Context-Aware Security
IoT Technologies for Context-Aware SecurityIoT Technologies for Context-Aware Security
IoT Technologies for Context-Aware SecurityDATA SECURITY SOLUTIONS
 
Services evolution in cybercrime economics
Services evolution in cybercrime economicsServices evolution in cybercrime economics
Services evolution in cybercrime economicsDATA SECURITY SOLUTIONS
 

More from DATA SECURITY SOLUTIONS (20)

The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
 
MLM or how to look at company users with new eyes
MLM or how to look at company users with new eyesMLM or how to look at company users with new eyes
MLM or how to look at company users with new eyes
 
How to maintain business equality secured in network and cloud
How to maintain business equality secured in network and cloudHow to maintain business equality secured in network and cloud
How to maintain business equality secured in network and cloud
 
Forensic tool development with rust
Forensic tool development with rustForensic tool development with rust
Forensic tool development with rust
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmap
 
Transform your enterprise branch with secure sd-wan
Transform your enterprise branch with secure sd-wanTransform your enterprise branch with secure sd-wan
Transform your enterprise branch with secure sd-wan
 
How to discover vulnerabilities in business and mission critical systems
How to discover vulnerabilities in business and mission critical systemsHow to discover vulnerabilities in business and mission critical systems
How to discover vulnerabilities in business and mission critical systems
 
Protecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabricProtecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabric
 
Patching: answers to questions you probably were afraid to ask about oracle s...
Patching: answers to questions you probably were afraid to ask about oracle s...Patching: answers to questions you probably were afraid to ask about oracle s...
Patching: answers to questions you probably were afraid to ask about oracle s...
 
Practical approach to NIS Directive's incident management
Practical approach to NIS Directive's incident managementPractical approach to NIS Directive's incident management
Practical approach to NIS Directive's incident management
 
When network security is not enough
When network security is not enoughWhen network security is not enough
When network security is not enough
 
New security solutions for next generation of IT
New security solutions for next generation of ITNew security solutions for next generation of IT
New security solutions for next generation of IT
 
Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data
 
Network is the Firewall
Network is the FirewallNetwork is the Firewall
Network is the Firewall
 
Let's hack your mobile device. Yes we can. And many other do.
Let's hack your mobile device. Yes we can. And many other do.Let's hack your mobile device. Yes we can. And many other do.
Let's hack your mobile device. Yes we can. And many other do.
 
Secure enterprise mobility
Secure enterprise mobilitySecure enterprise mobility
Secure enterprise mobility
 
North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...
 
IoT Technologies for Context-Aware Security
IoT Technologies for Context-Aware SecurityIoT Technologies for Context-Aware Security
IoT Technologies for Context-Aware Security
 
Cyber crime as a startup
Cyber crime as a startupCyber crime as a startup
Cyber crime as a startup
 
Services evolution in cybercrime economics
Services evolution in cybercrime economicsServices evolution in cybercrime economics
Services evolution in cybercrime economics
 

Recently uploaded

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Recently uploaded (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

The artificial reality of cyber defense

  • 1. The Artificial Reality of Cyber Defense Fabio Palozza Technical Director, EMEA RADWARE Riga, October 2018 – DSS ITSEC https://blog.radware.com/author/fabiop/
  • 2. 2 Minimizing False Positives & False Negatives Too many events Not enough events Image Source: Effect Size FAQs by Paul Ellis Why minimize False Negatives? S3r1ously !?!? False Positives? How much incidents can your SOC investigate? Give the right incidents the amount of time they deserve?
  • 3. 3 Detection Sensitivity in Positive Security Models Probability Sensitivity False Negative False Positive Allow all Deny all Negative Security Model xx’
  • 4. 4 Anomaly Detection – Game On! • Security threats growing faster than security teams and budgets, huge talent shortage • Paradox: Proliferation of data from dozens of security products makes it harder to detect and investigate threats • Need for automation • Rule based event correlation provides reduction from millions to thousands • A good SOC can investigate maybe a couple of 100 incidents a day • How to leverage previous work from the SOC to improve the future detection by automation? • Need for automation that improves itself over time based on new data and user or researcher feedback
  • 6. 6 MACHINE LEARNING Algorithms whose performance improve as they are exposed to more data over time DEEP LEARNING Multilayered neural networks learn from vast amounts of data ARTIFICIAL INTELLIGENCE A system that can sense, reason, act, and adapt
  • 7. 7 Detection Algorithms & Machine Learning COMPLEXITY Deterministic Transparent Data provides baselines Too complex to code Generalization Opaque ABILITY TO MITIGATE AUTOMATICALLY / TIME TO MITIGATE Degree of Attack (DoA)
  • 9. 9 Challenges of Deep Learning Reproducibility Transparency Learning in Adversarial Contexts Learning in Changing Environments Training Data
  • 10. 10 Poisoning Attack March 2016 – Microsoft unveiled Tay An innocent chatbot (twitterbot) An experiment in conversational understanding It took less than 24 hours before the community corrupted an innocent AI chatbot https://i.kym-cdn.com/photos/images/original/001/096/674/ef9.jpg
  • 11. 11 Adversarial Attack Example Source: http://blog.ycombinator.com/how-adversarial-attacks-work/
  • 12. 12 Adversarial Attack Example Camouflage graffiti and art stickers cause a neural network to misclassify stop signs as speed limit 45 signs or yield signs Source: https://thenewstack.io/camouflaged-graffiti-road-signs-can-fool-machine-learning-models/
  • 13. 13 Breaking CAPTCHA • 2012: Support Vector Machines (SVM) to break reCAPTCHA • 82% accuracy • Cruz, Uceda, Reyes • 2016: Breaking simple-captcha using Deep Learning • 92% accuracy • How to break a captcha system using Torch • 2016: I’m not Human - breaking the Google reCAPTCHA • 98% accuracy • Black Hat ASIA 2016 – Sivakorn, Polakis, Keromutis
  • 14. 14 SNAP_R – Automated Spear-Phishing on Twitter • Man vs Machine – 2 hour bake off • SNAP_R • 819 tweets • 6.85 simulated spear-phishing tweets/minute • 275 victims • Forbes staff writer Thomas Fox-Brewster • 200 tweets • 1.67 copy/pasted tweets/minute • 49 vitcims https://www.blackhat.com/docs/us-16/materials/us-16-Seymour-Tully-Weaponizing-Data-Science-For-Social-Engineering-Automated-E2E-Spear-Phishing-On-Twitter.pdf
  • 15. 15 DeepHack – DEF CON 25 • Open-source hacking AI: https://github.com/BishopFox/deephack • Bot learns how to break into web applications • Using a neural network + trial-and-error • Learns to exploits multiple kinds of vulnerabilities without prior knowledge of the applications • Opening the door for hacking artificial intelligence systems in the future • Only the beginning • AI-based hacking tools are emerging as a class of technology that pentesters have yet to fully explore. • “We guarantee that you’ll be either writing machine learning hacking tools next year, or desperately attempting to defend against them.” Video: DEF CON 25 (2017) - Weaponizing Machine Learning - Petro, Morris - Stream - 30July2017
  • 17. 18 ERT SUS (Subscription) ERT Active Attackers Feed Blocking Unknown Attacks Blocking Known Attacks Blocking Known Attackers Your Protected Network Radware Attack Mitigation System Cloud Malware Protection Blocking APT & 0day Infections COMPLEXITY ABILITY TO MITIGATE AUTOMATICALLY / TIME TO MITIGATE “Traditional” Machine learning Algorithms Big Data, Deep Learning DefensePro
  • 18. 19 Moving away from the Edge • Centralizing protections based on Big Data and Deep Learning models are able to: • Find and detect anomalies • Figure out complex relations that humans have a hard time to find in huge sets of event data • The output of the systems can be leveraged for near real- time mitigation through Threat Intelligence feeds • For automated blacklisting • APIs integrations with protection devices for autonomously adapting security policies • Important in this Cloud-Service is the community or crowd sourcing aspect • It enables larger amounts of diverse ‘good’ training data • While each member can leverage the intelligence for protection (threads detected in any of the members …)
  • 19. 2020 Radware ERT Active Attackers Feed Staying Ahead of Emerging Threats & Attackers 20 PREEMTIVE PROTECTION against known DDoS attackers Preemptively blocking attackers before they enter your network ACTIVE ATTACKERS blocked in real-time Blocks IPs actively involved in DNS & IoT Botnet DDoS attacks in last 24hrs DATA CORRELATION across multiple Radware sources Cloud DDoS intelligence, global deception network & real-life attack data
  • 20. 2121 Radware’s ERT Active Attackers Feed – How It Works #1.a Robust DDoS Attack Data Collected from Radware’s Cloud DDoS Scrubbing Centers ERT Threat Research Center ERT Active DDoS Feed DefensePro #1.b Continuous Correlation with Active Attackers Identified from Radware Detection Network #2 Feed Created #3 Feed Sent to DefensePro Ready to block attackers #1.c Botnet Intelligence Algorithm Identified from Radware automatic botnet detection/ERT
  • 21. 22 Attacker Feed, real customer use cases • Activation of the feed during POC for refreshing old DP1016 • More than 4200 distinct IPs hit • Match ip blacklist from Customer’s SOC at 98,5% (197/200)
  • 22. Cloud-based Malware Attack Detection & Mitigation Service Visibility Ongoing Detection Audit & Report Early Prevention C&C List Subscription Infection Attempts Reporting New Malware Detection Simulated Malware Attacks 23
  • 23. 24 Radware Traffic Analysis Detects Anomalies IDENTIFIED BY RADWARE AS ZERO-DAY MALWARE 5. Spoofed Host Detection Suspicious traffic directed to young domains less than 1-year old 2. Age of Domain Infected hosts communicated in predictable intervals of ~10 minutes 3. Periodicity Suspicious traffic was communicating to websites with few HTML objects 4. Site Richness Header data did not match IP address of destination host 1. Similarity to Malicious Communication patterns were similar to known malicious behaviors
  • 25. 26 Looking ahead… • “Traditional” Machine Learning systems have been defending our networks for some time already • Attackers are maturing and attacks are getting more complex • Detecting and stopping future attacks will require innovation • This innovation could be based on Deep Learning • Deep Learning Systems have their challenges to perform autonomously • The theory behind today’s Neural Networks originates from the 60s • Will we overcome these challenges with incremental advancements ? • Or will we need another breakthrough in AI ? • To achieve the ultimate goal of a fully autonomous cyber defense

Editor's Notes

  1. Attackers are maturing and attacks are getting more complex, especially on the cyberwar side, where government sponsored attacks have research investments that approach military proportions. To detect and stop attacks, innovation is required. Anomaly Detection based on traditional correlation rules may result in too many false positives and way too many events to be manually inspected and correlation rules to be updated continually. Can happen that Tay, the Microsoft AI Twitter bot that was supposed to be a teenage girl but was turned into a sex-crazed, nazi-loving, Trump supporter within 24h by a bunch of guys (4CHAN).
  2. http://searchsecurity.techtarget.com/tip/Evaluating-and-tuning-an-intrusion-detection-system The False Negative/False Positive curves are inter-related. Of course to minimize false negative just “deny all” … It’s possible to lower the risks of false negative increasing the sensitivity, basically with signature-based services for known vulnerabilities. Anyway it’s needed a balancing, what is the optimum between the two risks …
  3. Security threats are growing faster than security teams and budgets can keep up, and there’s already a huge talent shortage. The proliferation of data from the dozens of security products that a typical large organization deploys is paradoxically making it harder, not easier, for teams to detect and investigate threats.     Thousands of potential clues about hacking activity are overlooked or thrown away each day. At large companies, it’s not uncommon for IT systems to generate tens of thousands of security alerts a day. Security teams can usually filter these down to about a few thousand they think are worth investigating?—?but in a day’s work, they’re lucky if they can review a few hundred of them. Conversely, many investigations are hampered by the gaps in available information, simply because the cost of storing all the relevant data is increasing far faster than a typical organization’s budget. As a result, it’s pretty common for hackers to go undetected for months, or for it to take a team months to fully understand what’s going on once they’ve detected an issue. All this adds up to more data breaches, more damage, and higher security costs.
  4. Source: https://towardsdatascience.com/cousins-of-artificial-intelligence-dda4edc27b55 There is an urgent need for better and more automation when it comes to anomaly detection. DeepLearning is the innovative technology that should bring us back in the game. While Machine Learning and DeepLearning neural networks are not new, are around since 30 years, still the base fo current neural networks. THE REDUCTION IN COST OF STORAGE AND COMPUTE RESOURCES HELPED IN THE RE-BIRTH OF THE TECHNOLOGY, but the Most Important Factor for enabling it is the availability of HUGE AMOUNT OF DATA (crowd sourced by the hyper-cloud giants who pushed the research forward. Deep Learning is to be considered a black-box, can produce good or bad results. The 2 most important aspects are 1. massive amounts of Good data and 2. sizing the Deep Neural Network according to the problem, finding the right balance for fitting data with generalization (over- and under-fitting problem of regression) It requires massive amount of Good data. Bad or poisoned data will lead to false negatives. Need to “train” the model in clean environments, synthetic data would create a lot of correlation and consequently adverse effect.
  5. The traditional machine learning systems are evolving with the technology and problem-specific. It’s DETERMINISTIC. Machine learning algorithms can be decomposed and problems exploded in smaller domains so that every component feeds the machine learning baseline. Examples are Radware algorithm for degree-of-attack, based on input of the TCP, UDP, DNS, .. And many other machine learning. (Behavioral-detection method, like rate-invariant SYN attack detection). Also, ‘good user’ vs ‘bad user’ classification on Appwall/WAF, Bot vs Human on Appwall/WAF, … The code, the program, describe the expected behavior. Data is used for baselining and ultimately used for detection anomalies. With deep-learning, the model is generic. In theory, can use the same deep learning network to baseline and detect anomalies in TCP as well as UDP or any new Protocol. But would be needed to re-train (recalibrate) the model. So need a lot of good data to train it. Traditional machine learning are more task specific, but can work with little to no data and do it with less false positives because they are more deterministic. NN/DeepLearning, the data describes the expected behavior. Same model applied for different applications (face recognition, spam detection, …). It’s like programming with data (needs a lot of Good data). Example in Radware: Cloud Malware Protection
  6. Amount of Good data Deep Learning systems are not good at handling changing and dynamic environments. As network grows, the system may need to be resized to prevent under-fitting. As protocol change and device type are added/removed to the enviroments, models need to be re-trained to be effective. Studies in Adversarial Machine Learning are ongoing, goal to find better ways to learn in the presence of adversaries and create models that are more resistant against noise and wrong labeled data. Only way it to have amount of GOOD data >>>>>>>> amount of BAD data
  7. Can happen that Tay, the Microsoft AI Twitter bot that was supposed to be a teenage girl but was turned into a sex-crazed, nazi-loving, Trump supporter within 24h by a bunch of guys (4CHAN).
  8. Adversarial examples are hard to defend against because it is hard to construct a theoretical model of the adversarial example crafting process. Adversarial examples are solutions to an optimization problem that is non-linear and non-convex for many ML models, including neural networks. Because we don’t have good theoretical tools for describing the solutions to these complicated optimization problems, it is very hard to make any kind of theoretical argument that a defense will rule out a set of adversarial examples. From another point of view, adversarial examples are hard to defend against because they require machine learning models to produce good outputs for every possible input. Most of the time, machine learning models work very well but only work on a very small amount of all the many possible inputs they might encounter. Because of the massive amount of possible inputs, it is very hard to design a defense that is truly adaptive. References: http://www.cleverhans.io/security/privacy/ml/2017/02/15/why-attacking-machine-learning-is-easier-than-defending-it.html http://blog.ycombinator.com/how-adversarial-attacks-work/
  9. http://spectrum.ieee.org/cars-that-think/transportation/sensors/slight-street-sign-modifications-can-fool-machine-learning-algorithms
  10. In the area of bot detection and the problem for distinguishing between good humans, bad humans, good bots and bad bots, Captcha has been an annoying but effective way to differentiate humans from bots/scripts, right until 2016 where researchers designed deep learning systems that can solve Google reCAPTCHA with 98% accuracy, better than most of us humans can solve these things. Breaking reCAPTCHA with SVM - https://dl.acm.org/citation.cfm?id=2367894 Breaking Simple-Captcha: https://deepmlblog.wordpress.com/2016/01/03/how-to-break-a-captcha-system/
  11. Big opportunities for hackers lay in automating social engineering and turning spear-phishing in massive, automated campaigns - systems automatically scrubbing the internet for personal data and learning from all the information to produce the ultimate message to trick a person to open an attachment or click a malicious link – see for example SNAP_R
  12. New innovative technologies for automating cyber defense also means hackers will find ways to leverage them and abuse them for attacks. There has always been an imbalance between success rate for attacks vs defense: the defense has to continuously plug all holes and vulnerabilities while the offense only has to find a single vulnerability or hole to be successful. No CISO ever got decorated for stopping 100s of attack attempts but immediately gets blamed if a single attempt got through its defenses. The same goes for applications of AI. For defense, the is 0 toleration for error while the offense can work with an AI that spits out faulty results most of the time but by luck generates a single good output that results in a breach - see for example DeepHack.
  13. Be Proactive - Preemptive blocking of Active Attackers Radware uses its ongoing Attack knowledge to fine tune the threat intelligence and catch the IPs that have been involved in actual DDoS attacks in the past 24 hours The idea is to stop the attackers from reconnaissance and attack preparation – look up open ports, what to attack If you are difficult to crack in the reconnaissance stage, it is less likely that you will become a target – the difficulty is not worth it.  Diversion upon attack is avoided Data Correation Since we are taking drastic measures and blocking the IPs we want to verify and correlate the data with all available sources Especially Known IoT devices IoT devices once identified are less likely to change and in most cases should not be accessing the network in any case
  14. The question remains if the incremental advancements in deep learning combined with adversarial studies will ultimately lead to the next generation of fully automated cyber defensive solutions. Or if we need another breakthrough in machine learning and neural networks to achieve the ultimate goal of fully autonomous cyber defense.