Webinar: Will the Real AI Please Stand Up?

Will the Real AI
Please Stand Up?
Stephan Jou, CTO
Mario Daigle, VP Prod. Mgmt

AI has emerged from
the realm of science
ﬁction and become
part of our everyday
lives.

Buy
me!
I’m
smart
!
Super
ML!
The best
Bayesian!
I
do it
all!
AI
4ever
!!!
Machine learning is everywhere…

Buy
me!
Super
ML!
The best
Bayesian!
I
do it
all!
Classification
Support Vector Machines
Discriminant Analysis
Naive Bayes
Nearest Neighbor
Regression
Linear Regression | GLM
SVR | GPR
Ensemble Methods
Decision Trees
Neural Networks
Clustering
K-means | Fuzzy C-means
Hidden Markov Model
Neural Networks
Hierarchical
Guassian Mixture
Supervised Unsupervised
2 Categories of Machine Learning

Supervised: Learning by example
Parrot v. Guacamole
Kitten v. Ice cream
Chihuahua v. Muﬃn
Labradoodle v. Fried chickenDog v. Bagel
Sloth v. Pain au chocolat
Source: Karen Zack
@teenybiscuit Animal vs. Food
“Find speciﬁc things and give them
a predetermined name.”
• Algorithm is provided training
data (“labeled”) until it can
learn to make distinctions on its
own.
• Algorithm is deployed in every
environment knowing only what
it learned from training data.

What emotion is he displaying?
Happy Sad Angry
Supervised machine learning is by example. It depends on large collections of
training data (e.g., faces labeled as “happy,” “sad,” or “angry”) to learn; therefore
you must know and have specimens of exactly what it is you’re seeking to ﬁnd.

Unsupervised: Learning by observation
a. a. a.
b. b. b.
a. Wearing bright clothing?
or…
b. Messing around with props?
a. Cleaning the kitchen?
or…
b. Cooking a meal?
a. Coffee from a shop?
or…
b. A cup of coffee at home?
When is happy “normal” for him?
“Discern commonalities and detect
outliers without naming them.”
• Algorithm is built to watch for
predetermined variance out-of-
the-box.
• Algorithm learns which things in
a speciﬁc environment (context)
do or do not belong as data
moves through it.

What emotion is expected?
a. a. a.
b. b. b.
a. Wearing bright clothing?
or…
b. Messing around with props?
a. Cleaning the kitchen?
or…
b. Cooking a meal?
a. Coffee from a shop?
or…
b. A cup of coffee at home?
When is happy “normal” for him?

Don’t tell us what to look for…
… this should be handled by
supervised machine learning
algorithms.
Tell us what we’re looking at…
…it’s about identifying similarities and differences without needing to name
them. Unsupervised machine learning doesn’t need speciﬁc training data but
does need time in situ to “observe” enough examples.
socializing
drinking coffee
cleaning
It is rare that he wears
brightly colored clothing
while with his friends.
It is unusual for him to
drink store-bought
coffee; he has only ever
been seen with coffee he
brewed himself.
He has never cleaned the
kitchen on a Monday, he
has only ever done it on a
Saturday or Sunday.
happy
angry
sad
It is not about identifying
happy, sad, or angry.
Instead, do we expect
what we’re seeing from
the person?
Do we expect him to be
happy when…
“Classroom” vs. “Real world” education

Find similarities… but no names

Ideal for ﬁnding malware
 Decades of data to study
 Always looks the same no
matter where it manifests
Cybersecurity:
Supervised machine
learning
“Tell me what I’m looking for…”

Cybersecurity: Unsupervised machine learning
When searching for insider threats, how do you determine what is productive or malicious
activity within the enterprise?
 Working at midnight?
 Attaching 500MB to an email?
 Looking at corporate strategy data?
 Checking out software code from Project
X?
 A machine communicating on port 465?
 Machine A & B connecting via HTTP?
 Printer “P015” printing 50 pages at
noon?
 cmd.exe launched on a workstation?
The activities related to insider threats are masked by behavior that, when removed from context,
present as benign. This means we can not simply match a pattern or look for a signature – we
must take a different approach that separates abnormal from normal.

Knowing just this little bit about how ML works can now help you
ask better questions when evaluating vendors.
Find the right tool for the job…

We Uncover the
Threats that
Matter
Mario Daigle, VP Product Management

17 | © 2018 Interset Software17 | © 2018 Interset Software
Log
Mgmt
UEBA Big
Data
Next-Gen
Threat
Hunting
Insider
Threat
Progra
m
Data
Breach
Risk
Log
Analysis
Complicated Landscape
Security is a Fragmented, Noisy Landscape of Disparate Tools and Systems
 Fragmented security industry
 Disparate tools, data and programs
 Predicated on protect & defend
Too Many Alerts
 Flood of Rules/Thresholds based alerts
 Manual maintenance of “intelligence”
 Alerts in isolation with no context
Talent Shortage
 Inefficient SOC
 Manual processes and analysis
 Challenge at scale
Millions
of Alerts
Rules and
Thresholds
Hidden Lurking Threats
Manual Analysis Leads to Detection
of SOME Threats
Low risk visibility and alert fatigue skews threat response misaligned to magnitude of risk
Threat
Intelligenc
e
Endpoin
t
Advanced
Fraud
Identit
y &
Access
Cloud
SIEMMobile
Data &
Apps
Networ
k
Product A
Product
G
Product B
Product C
Product
D
Product F
Product
H
Product I
Product E
Product V
Product
Q
Product W
Product Z
Product P
Product R
Product V
Product K
Product
GProduct
M
Product
N
Product J
Product L
Product I
Product BB
Product EE
Product JJ
Product CC
Product AA
Product GG
Product FF
Product T
Product
O
Product S
Product Y
Product DD
Product
HH
Product X

Holistic View of Risks
Interset’s Unsupervised Machine Learning Surfaces Inside(r) Threats
 Contextual data ecosystem
 Integrate hundreds of data sources
 Transform to detect and respond
AI & ML Enabled Analytics
 Auto Pattern Discovery
 Contextual Analysis
 Signal from the Noise
Efficient SOC
 Faster Threat Detection
 Automated Processes
 Guided Threat Hunting
Improved ROI on Existing Tools
Existing Resources See MORE Threats
Machine learning and intuitive UI delivers prioritized threat leads and automated processes
Threat
Intelligence
Endpoint
Advanced
Fraud
Identity
&
Access
Cloud
SIEMMobile
Data &
Apps
Network
Security
Analytics
Security
Analytics
Security
Analytics

Interset’s Mathematically Proven Security Analytics (UEBA) Solution
Faster threat detection; SOC teams can rapidly respond to measured risk with complete context
APISIEM
Endpoint
Network
DLP
IAM
Security
Data Lake
Biz Apps
Custom
Data
Acquire Data
From any system
Interset AI & Machine Learning
Interset Data Lake
Create Baselines
Personalized ‘Unique
Normal”
Detect Anomalies
ML models using big
data storage & compute
Threat Leads
Prioritized, high fidelity,
measured risk scores
SOC APPS
Q&A
SIEM
Case
Management

What We Do: AI Security Analytics, Unique Normal of Every Single Entity
Interset detects, measures, and scores risk with scalable “unique normal” and anomaly detection
Many Data Sources Detect Anomalies Produce Risk Score
Authentication
Logs
Endpoint Logs
Operating
System Logs
Proxy Logs
VPN Logs Printer Logs
Network Logs File/Network
Share Logs
Volumetric Models
Neural Networks
Probability Distribution
Estimation
Other
Detection of Threats like:
 Compromised Account
 Data Breach
 Fraud
 Infected Host
Based on Anomalies like:
 Multiple failed logins
 Unusual locations
 Unusual successful attempt
From Individually Measured
Statistics for Every Entity Like:
 Ann moves a significant volume of data
 Ann accesses and takes from file folders
 Printer had multiple failed logins
 Server accesses unusual locations
 Server shows unusual successful login
 Ann’s peer has different expense report for the same event
 Ann sends email to personal account
Entities:
 Account
 Machine
 File
 IP Addresses
 Servers
 Websites
 Printers
 Projects
96

A Prioritized List of Actionable Threat Leads
Accelerate SOC efficiency with high quality threat leads delivered via an intuitive UI with instant drill-down
Here, Interset distills
more than 5.1 billion
events into 1 million
anomalies, for 29
validated threat leads

Intelligent, Instant Drill-Down for Guided Threat Hunting & Investigation
Faster risk assessment, threat hunting and triage with click through to: who, what, why, when, where, how
What used to
take days,
now only
takes a few
clicks
Prioritized Entity Views
 Leaderboard of mathematically
measured risk scores
Instant Drill Down
 Contextual analysis with click
through to details
Raw Event Search
 Direct access raw events, assisted
by intuitive, dynamic UI

Interset Threat Detection Use Cases
•At-Risk employee
•High-Risk Employees
•Account Misuse
•Privilege Account Misuse
•Terminated Employee
Activity
•Data Staging
•Data Exfiltration
•Email Exfiltration
•Print Exfiltration
•USB Exfiltration
•Unusual data access
•Unusual uploads
•Compromised Account
•C2 Activity Detection
•Impossible Journeys
•Internal Recon
•Dormant Account Usage
•Unusual Login Patterns
•Audit Log Tampering
•Unusual Traffic
•Password Manipulation
•Abnormal Processes
•Unusual Applications
•Infected Host
•Malicious Tunneling
•Bot Detection
•Mooching
•Snooping
•Interactions with dormant
resources/files
•High Risk IP/Data Access
•Lateral Movement
•Transaction Abuse
•Expense Fraud
Insider Threat
Advanced
Threat
IP TheftData Breach Fraud

Thank you!
For more information, contact us at securityai@interset.com

Webinar: Will the Real AI Please Stand Up?

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Webinar: Will the Real AI Please Stand Up?

Similar to Webinar: Will the Real AI Please Stand Up? (20)

More from Interset

More from Interset (6)

Recently uploaded

Recently uploaded (20)

Webinar: Will the Real AI Please Stand Up?