SlideShare a Scribd company logo
1 of 29
AI & ML in Cyber Security
Welcome Back To 1999 - Security Hasn’t Changed
Raffael Marty
VP Security Analytics
BSides Vancouver
March 2017
Disclaimer
© Raffael Marty 2
"This presentation was prepared solely by Raffael
Marty in his personal capacity. The material, views,
and opinions expressed in this presentation are the
author's own and do not reflect the views of Sophos
Ltd. or its affiliates."
Raffael Marty
• Sophos
• PixlCloud
• Loggly
• Splunk
• ArcSight
• IBM Research
• SecViz
• Logging
• Big Data
• SIEM
• Leadership
• Zen
My Provocative Premise
• Cyber Defense / Monitoring / Analytics is still at the level of 1999
• We can’t predict the weather and we have done it since 1 August 1861
o “The weather predicted by the BBC for four days time was just 30-40% accurate”
• Predicting election results anyone?
o “80% chance Clinton will win.”
Outline
5
• Nothing Has Changed in Security (Defense)
• Machine Learning & Artificial Intelligence
• Visualization
• Now What?
Nothing Has Changed in Security
Since 1999
Summary of Technologies
• Firewalls – policy management, auditing a challenge
• IDS/IPS – false positives
• Threat Intelligence – really the same as IDS signatures
• DLP – just an IDS engine
• Vulnerability Scanners – what’s up with those old user interfaces?
• SIEM – still the same issues: parsing, context, prioritization
• Security Analytics – can actually mostly be done with your SIEM
Machine
Learning
8http://theconversation.com/your-questions-answered-on-artificial-intelligence-49645
& Artificial
Intelligence
Is this the answer to all of our
security problems? Is ML and AI
what we have been waiting for?
Definitions
•Statistics - quantifies numbers
•Data Mining - explains patterns
•Machine Learning - predicts with models
•Artificial Intelligence - behaves and reasons
Machine Learning / Data Mining
10
• Anomaly detection (outlier detection)
o What’s “normal”?
• Association rule learning (e.g., items purchased together)
• Clustering
• Classification
• Regression (model the data)
• Summarization
Data Mining in Security
The graph shows an abstract
space with colors being machine
identified clusters.
Machine Learning in Security
•Needs a corpus of data to learn from
•Network traffic analysis
still not working
oNo labeled data
o Not sure what the right
features should be
•Works okay for SPAM
and malware
classification
Artificial Intelligence in Security
•Just calling something AI doesn’t make it AI.
”A program that doesn't simply classify or compute model
parameters, but comes up with novel knowledge that a
security analyst finds insightful.”
Artificial Narrow Intelligence (ANI)
• Computer programs we have today that perform a specific, narrow task: Deep Blue, Amazon recommendations
Artificial General Intelligence (AGI)
• A program that could learn to complete any task
• What many of us imagine when we think of AI, but no one has managed to accomplish it yet
Artificial Superintelligence (ASI)
• Any computer program that is all-around smarter than a human (also see the singularity by Ray Kurzweil)
https://www.chemheritage.org/distillations/magazine/thinking-machines-the-search-for-artificial-intelligence
The Law of Accelerating Returns – Ray Kurzweil
http://waitbutwhy.com/2015/01/artificial-intelligence-revolution-1.html
ML Looses
15
• We have tried many thing:
o Social Network Analysis
o Seasonality detection
o Entropy over time
o Frequent pattern mining
o Clustering
• All kinds of challenges
o Characterize normal
o Extract what has been learned
o Statistical vs. domain anomalies
• Simple works!
Simple - Data Abstraction
16
Simple Works - Monitor Password Resets
17
threshold
outliers have different magnitudes
Approximate Curve
18
fitting a curve distance to curve
Data Mining Applied
19
• Some would sell this as AI
better
threshold
2
0
Simple Works –
Visualization
S e c u r i t y . A n a l y t i c s . I n s i g h t .
“How Can We See,
Not To Confirm - But
To Learn”
- Edward Tufte
Why Visualization?
22
dport
time
Areas To Explore
• Environment specific rather than environment agnostic approaches
o Same IDS signatures for everyone? Same SIEM signatures?
o Real-time threat intel sharing
• Context
o Users don’t think in IP addresses, they think about users
o Topology mapping anyone?
o User-based policies, not machine based
o Adaptive security
• Capture expert knowledge
o Collaborative efforts
• Forget about 3D visualization 😊
Promising Approaches That Will “Change” Security
• Continuous authentication
• Dynamic policy decisions – automation – really closing the loop
o But what products do this well? Open APIs, low f/p, etc.
• Micro segmentation (including SDN?)
• Real-time threat intelligence sharing
• Human assisted machine learning systems
• Crowd sourcing
• End-user involved / assisted decision making
• Eradicate phishing, please!
How Will ML / AI Help?
• Machine learning consists of algorithms that need data
o Garbage in - garbage out
o Data formats and semantics
• Deep learning is just another ML algorithm
o Malware classification (it isn’t necessarily better than other ML algorithms)
o Basically eliminates the feature engineering step
• Many inherent challenges (see https://www.youtube.com/watch?v=CEAMF0TaUUU)
o Distance functions
o Context – need input from HR systems and others
o Choice of algorithm
o Etc.
• Where to use ML
o Classification problems (traffic, binaries, activities, etc.)
o There is good work being done on automating the level 1 analyst
o Look for systems that leverage humans in the loop (see topic of knowledge capture)
Security Visualization Community
26
• http://secviz.org
• List: secviz.org/mailinglist
• Twitter: @secviz
Share, discuss, challenge, and learn about security visualization.
27
Visual Analytics -
Delivering Actionable Security
Intelligence
July 22-25 2017, Las Vegas
big data | analytics | visualization
BlackHat Workshop
Sophos – Security Made Simple
28
• Products usable by non experts
delightful for the security analyst
• Consolidating security capabilities
• Data science to SOLVE problems
not to highlight issues
Analytics
UTM/Next-Gen Firewall
Wireless
Web
Email
Disk Encryption
File Encryption
Endpoint /
Next-Gen Endpoint
Mobile
Server
Sophos Central
Questions?
29
http://slideshare.net/zrlram
@raffaelmarty

More Related Content

What's hot

From machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurityFrom machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurityInfosec
 
AI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikAI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikSergey Gordeychik
 
HOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYHOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYPriyanshu Ratnakar
 
Security in the age of Artificial Intelligence
Security in the age of Artificial IntelligenceSecurity in the age of Artificial Intelligence
Security in the age of Artificial IntelligenceFaction XYZ
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityOlivier Busolini
 
AI in Defence.pptx
AI in Defence.pptxAI in Defence.pptx
AI in Defence.pptxKavya990096
 
AI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtAI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtNUS-ISS
 
Application of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityApplication of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityPratap Dangeti
 
Artificial Intelligence in cybersecurity
Artificial Intelligence in cybersecurityArtificial Intelligence in cybersecurity
Artificial Intelligence in cybersecuritySmartlearningUK
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber SecurityRajathV2
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?PECB
 
When Cyber Security Meets Machine Learning
When Cyber Security Meets Machine LearningWhen Cyber Security Meets Machine Learning
When Cyber Security Meets Machine LearningLior Rokach
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in CybersecurityForcepoint LLC
 
AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)Takeshi Takahashi
 
Machine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the HaystackMachine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the HaystackAlistair Gillespie
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?JamRivera1
 
Practical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in CybersecurityPractical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in Cybersecurityscoopnewsgroup
 
Generative AI Risks & Concerns
Generative AI Risks & ConcernsGenerative AI Risks & Concerns
Generative AI Risks & ConcernsAjitesh Kumar
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themRadouane Mrabet
 

What's hot (20)

From machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurityFrom machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurity
 
AI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikAI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey Gordeychik
 
HOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYHOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITY
 
Security in the age of Artificial Intelligence
Security in the age of Artificial IntelligenceSecurity in the age of Artificial Intelligence
Security in the age of Artificial Intelligence
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
 
AI in Defence.pptx
AI in Defence.pptxAI in Defence.pptx
AI in Defence.pptx
 
AI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtAI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for Thought
 
Application of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityApplication of Machine Learning in Cybersecurity
Application of Machine Learning in Cybersecurity
 
Artificial Intelligence in cybersecurity
Artificial Intelligence in cybersecurityArtificial Intelligence in cybersecurity
Artificial Intelligence in cybersecurity
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber Security
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
When Cyber Security Meets Machine Learning
When Cyber Security Meets Machine LearningWhen Cyber Security Meets Machine Learning
When Cyber Security Meets Machine Learning
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in Cybersecurity
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)
 
Machine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the HaystackMachine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
 
Practical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in CybersecurityPractical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in Cybersecurity
 
Generative AI Risks & Concerns
Generative AI Risks & ConcernsGenerative AI Risks & Concerns
Generative AI Risks & Concerns
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
 

Viewers also liked

Security Insights at Scale
Security Insights at ScaleSecurity Insights at Scale
Security Insights at ScaleRaffael Marty
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationRaffael Marty
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationRaffael Marty
 
Visualization in the Age of Big Data
Visualization in the Age of Big DataVisualization in the Age of Big Data
Visualization in the Age of Big DataRaffael Marty
 
Workshop: Big Data Visualization for Security
Workshop: Big Data Visualization for SecurityWorkshop: Big Data Visualization for Security
Workshop: Big Data Visualization for SecurityRaffael Marty
 
Cyber Security – How Visual Analytics Unlock Insight
Cyber Security – How Visual Analytics Unlock InsightCyber Security – How Visual Analytics Unlock Insight
Cyber Security – How Visual Analytics Unlock InsightRaffael Marty
 
3Com 023-11705-0001
3Com 023-11705-00013Com 023-11705-0001
3Com 023-11705-0001savomir
 
RSA 2006 - Visual Security Event Analysis
RSA 2006 - Visual Security Event AnalysisRSA 2006 - Visual Security Event Analysis
RSA 2006 - Visual Security Event AnalysisRaffael Marty
 
Sisu - 2º remanejamento UPE
Sisu - 2º remanejamento UPESisu - 2º remanejamento UPE
Sisu - 2º remanejamento UPEPortal NE10
 
WSO2Con USA 2015: Keynote - The Future of Real-Time Analytics and IoT
WSO2Con USA 2015: Keynote - The Future of Real-Time Analytics and IoTWSO2Con USA 2015: Keynote - The Future of Real-Time Analytics and IoT
WSO2Con USA 2015: Keynote - The Future of Real-Time Analytics and IoTWSO2
 
Ніна Матвієнко
Ніна МатвієнкоНіна Матвієнко
Ніна Матвієнкоaliusia77
 
Незалежність
НезалежністьНезалежність
Незалежністьaliusia77
 
In-Memory Computing Webcast. Market Predictions 2017
In-Memory Computing Webcast. Market Predictions 2017In-Memory Computing Webcast. Market Predictions 2017
In-Memory Computing Webcast. Market Predictions 2017SingleStore
 
Real-Time Analytics with Confluent and MemSQL
Real-Time Analytics with Confluent and MemSQLReal-Time Analytics with Confluent and MemSQL
Real-Time Analytics with Confluent and MemSQLSingleStore
 
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...Amazon Web Services
 
Big Data Visualization
Big Data VisualizationBig Data Visualization
Big Data VisualizationRaffael Marty
 

Viewers also liked (20)

Security Insights at Scale
Security Insights at ScaleSecurity Insights at Scale
Security Insights at Scale
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
 
AfterGlow
AfterGlowAfterGlow
AfterGlow
 
Visualization in the Age of Big Data
Visualization in the Age of Big DataVisualization in the Age of Big Data
Visualization in the Age of Big Data
 
Workshop: Big Data Visualization for Security
Workshop: Big Data Visualization for SecurityWorkshop: Big Data Visualization for Security
Workshop: Big Data Visualization for Security
 
Cyber Security – How Visual Analytics Unlock Insight
Cyber Security – How Visual Analytics Unlock InsightCyber Security – How Visual Analytics Unlock Insight
Cyber Security – How Visual Analytics Unlock Insight
 
3Com 023-11705-0001
3Com 023-11705-00013Com 023-11705-0001
3Com 023-11705-0001
 
RSA 2006 - Visual Security Event Analysis
RSA 2006 - Visual Security Event AnalysisRSA 2006 - Visual Security Event Analysis
RSA 2006 - Visual Security Event Analysis
 
Sisu - 2º remanejamento UPE
Sisu - 2º remanejamento UPESisu - 2º remanejamento UPE
Sisu - 2º remanejamento UPE
 
Arquitectura
ArquitecturaArquitectura
Arquitectura
 
Suomi nyt
Suomi nytSuomi nyt
Suomi nyt
 
WSO2Con USA 2015: Keynote - The Future of Real-Time Analytics and IoT
WSO2Con USA 2015: Keynote - The Future of Real-Time Analytics and IoTWSO2Con USA 2015: Keynote - The Future of Real-Time Analytics and IoT
WSO2Con USA 2015: Keynote - The Future of Real-Time Analytics and IoT
 
Ніна Матвієнко
Ніна МатвієнкоНіна Матвієнко
Ніна Матвієнко
 
Незалежність
НезалежністьНезалежність
Незалежність
 
In-Memory Computing Webcast. Market Predictions 2017
In-Memory Computing Webcast. Market Predictions 2017In-Memory Computing Webcast. Market Predictions 2017
In-Memory Computing Webcast. Market Predictions 2017
 
Real-Time Analytics with Confluent and MemSQL
Real-Time Analytics with Confluent and MemSQLReal-Time Analytics with Confluent and MemSQL
Real-Time Analytics with Confluent and MemSQL
 
Azure iot
Azure iotAzure iot
Azure iot
 
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
 
Big Data Visualization
Big Data VisualizationBig Data Visualization
Big Data Visualization
 

Similar to AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed

influence of AI in IS
influence of AI in ISinfluence of AI in IS
influence of AI in ISISACA Riyadh
 
Présentation de Bruno Schroder au 20e #mforum (07/12/2016)
Présentation de Bruno Schroder au 20e #mforum (07/12/2016)Présentation de Bruno Schroder au 20e #mforum (07/12/2016)
Présentation de Bruno Schroder au 20e #mforum (07/12/2016)Agence du Numérique (AdN)
 
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurityAI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurityTasnim Alasali
 
[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actorsOWASP EEE
 
Defcon 21-pinto-defending-networks-machine-learning by pseudor00t
Defcon 21-pinto-defending-networks-machine-learning by pseudor00tDefcon 21-pinto-defending-networks-machine-learning by pseudor00t
Defcon 21-pinto-defending-networks-machine-learning by pseudor00tpseudor00t overflow
 
The cyber security hype cycle is upon us
The cyber security hype cycle is upon usThe cyber security hype cycle is upon us
The cyber security hype cycle is upon usJonathan Sinclair
 
Tru_Shiralkar_Gen AI Sec_ ISACA 2024.pdf
Tru_Shiralkar_Gen AI Sec_ ISACA 2024.pdfTru_Shiralkar_Gen AI Sec_ ISACA 2024.pdf
Tru_Shiralkar_Gen AI Sec_ ISACA 2024.pdfTrupti Shiralkar, CISSP
 
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Interset
 
Emerging trends in Artificial intelligence - A deeper review
Emerging trends in Artificial intelligence - A deeper reviewEmerging trends in Artificial intelligence - A deeper review
Emerging trends in Artificial intelligence - A deeper reviewGopi Krishna Nuti
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
Artificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceArtificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceTrustArc
 
Artificial Intelligence in testing - A STeP-IN Evening Talk Session Speech by...
Artificial Intelligence in testing - A STeP-IN Evening Talk Session Speech by...Artificial Intelligence in testing - A STeP-IN Evening Talk Session Speech by...
Artificial Intelligence in testing - A STeP-IN Evening Talk Session Speech by...Kalilur Rahman
 
Visualization for Security
Visualization for SecurityVisualization for Security
Visualization for SecurityRaffael Marty
 
IT security for all. Bootcamp slides
IT security for all. Bootcamp slidesIT security for all. Bootcamp slides
IT security for all. Bootcamp slidesWallarm
 
SkillsFuture Festival at NUS 2019- Artificial Intelligence for Everyone - A P...
SkillsFuture Festival at NUS 2019- Artificial Intelligence for Everyone - A P...SkillsFuture Festival at NUS 2019- Artificial Intelligence for Everyone - A P...
SkillsFuture Festival at NUS 2019- Artificial Intelligence for Everyone - A P...NUS-ISS
 
20170613 iasa architecture - Tim Willoughby presentation
20170613   iasa architecture  - Tim Willoughby presentation20170613   iasa architecture  - Tim Willoughby presentation
20170613 iasa architecture - Tim Willoughby presentationTim Willoughby
 
Towards a Threat Hunting Automation Maturity Model
Towards a Threat Hunting Automation Maturity ModelTowards a Threat Hunting Automation Maturity Model
Towards a Threat Hunting Automation Maturity ModelAlex Pinto
 
2019 CDM CIO Summit AI Driven Development
2019 CDM CIO Summit AI Driven Development2019 CDM CIO Summit AI Driven Development
2019 CDM CIO Summit AI Driven DevelopmentChandra Gundlapalli
 
Biting into the Jawbreaker: Pushing the Boundaries of Threat Hunting Automation
Biting into the Jawbreaker: Pushing the Boundaries of Threat Hunting AutomationBiting into the Jawbreaker: Pushing the Boundaries of Threat Hunting Automation
Biting into the Jawbreaker: Pushing the Boundaries of Threat Hunting AutomationAlex Pinto
 

Similar to AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed (20)

influence of AI in IS
influence of AI in ISinfluence of AI in IS
influence of AI in IS
 
Présentation de Bruno Schroder au 20e #mforum (07/12/2016)
Présentation de Bruno Schroder au 20e #mforum (07/12/2016)Présentation de Bruno Schroder au 20e #mforum (07/12/2016)
Présentation de Bruno Schroder au 20e #mforum (07/12/2016)
 
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurityAI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
 
[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors
 
Defcon 21-pinto-defending-networks-machine-learning by pseudor00t
Defcon 21-pinto-defending-networks-machine-learning by pseudor00tDefcon 21-pinto-defending-networks-machine-learning by pseudor00t
Defcon 21-pinto-defending-networks-machine-learning by pseudor00t
 
The cyber security hype cycle is upon us
The cyber security hype cycle is upon usThe cyber security hype cycle is upon us
The cyber security hype cycle is upon us
 
Tru_Shiralkar_Gen AI Sec_ ISACA 2024.pdf
Tru_Shiralkar_Gen AI Sec_ ISACA 2024.pdfTru_Shiralkar_Gen AI Sec_ ISACA 2024.pdf
Tru_Shiralkar_Gen AI Sec_ ISACA 2024.pdf
 
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
 
Emerging trends in Artificial intelligence - A deeper review
Emerging trends in Artificial intelligence - A deeper reviewEmerging trends in Artificial intelligence - A deeper review
Emerging trends in Artificial intelligence - A deeper review
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
 
Artificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceArtificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI Governance
 
Artificial Intelligence in testing - A STeP-IN Evening Talk Session Speech by...
Artificial Intelligence in testing - A STeP-IN Evening Talk Session Speech by...Artificial Intelligence in testing - A STeP-IN Evening Talk Session Speech by...
Artificial Intelligence in testing - A STeP-IN Evening Talk Session Speech by...
 
Visualization for Security
Visualization for SecurityVisualization for Security
Visualization for Security
 
IT security for all. Bootcamp slides
IT security for all. Bootcamp slidesIT security for all. Bootcamp slides
IT security for all. Bootcamp slides
 
SkillsFuture Festival at NUS 2019- Artificial Intelligence for Everyone - A P...
SkillsFuture Festival at NUS 2019- Artificial Intelligence for Everyone - A P...SkillsFuture Festival at NUS 2019- Artificial Intelligence for Everyone - A P...
SkillsFuture Festival at NUS 2019- Artificial Intelligence for Everyone - A P...
 
20170613 iasa architecture - Tim Willoughby presentation
20170613   iasa architecture  - Tim Willoughby presentation20170613   iasa architecture  - Tim Willoughby presentation
20170613 iasa architecture - Tim Willoughby presentation
 
Towards a Threat Hunting Automation Maturity Model
Towards a Threat Hunting Automation Maturity ModelTowards a Threat Hunting Automation Maturity Model
Towards a Threat Hunting Automation Maturity Model
 
Introduction to AI
Introduction to AIIntroduction to AI
Introduction to AI
 
2019 CDM CIO Summit AI Driven Development
2019 CDM CIO Summit AI Driven Development2019 CDM CIO Summit AI Driven Development
2019 CDM CIO Summit AI Driven Development
 
Biting into the Jawbreaker: Pushing the Boundaries of Threat Hunting Automation
Biting into the Jawbreaker: Pushing the Boundaries of Threat Hunting AutomationBiting into the Jawbreaker: Pushing the Boundaries of Threat Hunting Automation
Biting into the Jawbreaker: Pushing the Boundaries of Threat Hunting Automation
 

More from Raffael Marty

Exploring the Defender's Advantage
Exploring the Defender's AdvantageExploring the Defender's Advantage
Exploring the Defender's AdvantageRaffael Marty
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR)An Overhyped Product Category With Ulti...Extended Detection and Response (XDR)An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Raffael Marty
 
How To Drive Value with Security Data
How To Drive Value with Security DataHow To Drive Value with Security Data
How To Drive Value with Security DataRaffael Marty
 
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Raffael Marty
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Raffael Marty
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AIRaffael Marty
 
AI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are DangerousAI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are DangerousRaffael Marty
 
Delivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and VisualizationDelivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and VisualizationRaffael Marty
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?Raffael Marty
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?Raffael Marty
 
DAVIX - Data Analysis and Visualization Linux
DAVIX - Data Analysis and Visualization LinuxDAVIX - Data Analysis and Visualization Linux
DAVIX - Data Analysis and Visualization LinuxRaffael Marty
 
Cloud - Security - Big Data
Cloud - Security - Big DataCloud - Security - Big Data
Cloud - Security - Big DataRaffael Marty
 
Supercharging Visualization with Data Mining
Supercharging Visualization with Data MiningSupercharging Visualization with Data Mining
Supercharging Visualization with Data MiningRaffael Marty
 
Security Visualization - Let's Take A Step Back
Security Visualization - Let's Take A Step BackSecurity Visualization - Let's Take A Step Back
Security Visualization - Let's Take A Step BackRaffael Marty
 
Visual Analytics and Security Intelligence
Visual Analytics and Security IntelligenceVisual Analytics and Security Intelligence
Visual Analytics and Security IntelligenceRaffael Marty
 
Log Visualization - Bellua BCS 2006
Log Visualization - Bellua BCS 2006Log Visualization - Bellua BCS 2006
Log Visualization - Bellua BCS 2006Raffael Marty
 
Event Graphs - EUSecWest 2006
Event Graphs - EUSecWest 2006Event Graphs - EUSecWest 2006
Event Graphs - EUSecWest 2006Raffael Marty
 
Insider Threat Visualization - HackInTheBox 2007
Insider Threat Visualization - HackInTheBox 2007Insider Threat Visualization - HackInTheBox 2007
Insider Threat Visualization - HackInTheBox 2007Raffael Marty
 

More from Raffael Marty (19)

Exploring the Defender's Advantage
Exploring the Defender's AdvantageExploring the Defender's Advantage
Exploring the Defender's Advantage
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR)An Overhyped Product Category With Ulti...Extended Detection and Response (XDR)An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
 
How To Drive Value with Security Data
How To Drive Value with Security DataHow To Drive Value with Security Data
How To Drive Value with Security Data
 
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AI
 
Security Chat 5.0
Security Chat 5.0Security Chat 5.0
Security Chat 5.0
 
AI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are DangerousAI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are Dangerous
 
Delivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and VisualizationDelivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and Visualization
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?
 
DAVIX - Data Analysis and Visualization Linux
DAVIX - Data Analysis and Visualization LinuxDAVIX - Data Analysis and Visualization Linux
DAVIX - Data Analysis and Visualization Linux
 
Cloud - Security - Big Data
Cloud - Security - Big DataCloud - Security - Big Data
Cloud - Security - Big Data
 
Supercharging Visualization with Data Mining
Supercharging Visualization with Data MiningSupercharging Visualization with Data Mining
Supercharging Visualization with Data Mining
 
Security Visualization - Let's Take A Step Back
Security Visualization - Let's Take A Step BackSecurity Visualization - Let's Take A Step Back
Security Visualization - Let's Take A Step Back
 
Visual Analytics and Security Intelligence
Visual Analytics and Security IntelligenceVisual Analytics and Security Intelligence
Visual Analytics and Security Intelligence
 
Log Visualization - Bellua BCS 2006
Log Visualization - Bellua BCS 2006Log Visualization - Bellua BCS 2006
Log Visualization - Bellua BCS 2006
 
Event Graphs - EUSecWest 2006
Event Graphs - EUSecWest 2006Event Graphs - EUSecWest 2006
Event Graphs - EUSecWest 2006
 
Insider Threat Visualization - HackInTheBox 2007
Insider Threat Visualization - HackInTheBox 2007Insider Threat Visualization - HackInTheBox 2007
Insider Threat Visualization - HackInTheBox 2007
 

Recently uploaded

Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxmibuzondetrabajo
 
TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxAndrieCagasanAkio
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxMario
 

Recently uploaded (11)

Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptx
 
TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptx
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptx
 

AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed

  • 1. AI & ML in Cyber Security Welcome Back To 1999 - Security Hasn’t Changed Raffael Marty VP Security Analytics BSides Vancouver March 2017
  • 2. Disclaimer © Raffael Marty 2 "This presentation was prepared solely by Raffael Marty in his personal capacity. The material, views, and opinions expressed in this presentation are the author's own and do not reflect the views of Sophos Ltd. or its affiliates."
  • 3. Raffael Marty • Sophos • PixlCloud • Loggly • Splunk • ArcSight • IBM Research • SecViz • Logging • Big Data • SIEM • Leadership • Zen
  • 4. My Provocative Premise • Cyber Defense / Monitoring / Analytics is still at the level of 1999 • We can’t predict the weather and we have done it since 1 August 1861 o “The weather predicted by the BBC for four days time was just 30-40% accurate” • Predicting election results anyone? o “80% chance Clinton will win.”
  • 5. Outline 5 • Nothing Has Changed in Security (Defense) • Machine Learning & Artificial Intelligence • Visualization • Now What?
  • 6. Nothing Has Changed in Security Since 1999
  • 7. Summary of Technologies • Firewalls – policy management, auditing a challenge • IDS/IPS – false positives • Threat Intelligence – really the same as IDS signatures • DLP – just an IDS engine • Vulnerability Scanners – what’s up with those old user interfaces? • SIEM – still the same issues: parsing, context, prioritization • Security Analytics – can actually mostly be done with your SIEM
  • 8. Machine Learning 8http://theconversation.com/your-questions-answered-on-artificial-intelligence-49645 & Artificial Intelligence Is this the answer to all of our security problems? Is ML and AI what we have been waiting for?
  • 9. Definitions •Statistics - quantifies numbers •Data Mining - explains patterns •Machine Learning - predicts with models •Artificial Intelligence - behaves and reasons
  • 10. Machine Learning / Data Mining 10 • Anomaly detection (outlier detection) o What’s “normal”? • Association rule learning (e.g., items purchased together) • Clustering • Classification • Regression (model the data) • Summarization
  • 11. Data Mining in Security The graph shows an abstract space with colors being machine identified clusters.
  • 12. Machine Learning in Security •Needs a corpus of data to learn from •Network traffic analysis still not working oNo labeled data o Not sure what the right features should be •Works okay for SPAM and malware classification
  • 13. Artificial Intelligence in Security •Just calling something AI doesn’t make it AI. ”A program that doesn't simply classify or compute model parameters, but comes up with novel knowledge that a security analyst finds insightful.” Artificial Narrow Intelligence (ANI) • Computer programs we have today that perform a specific, narrow task: Deep Blue, Amazon recommendations Artificial General Intelligence (AGI) • A program that could learn to complete any task • What many of us imagine when we think of AI, but no one has managed to accomplish it yet Artificial Superintelligence (ASI) • Any computer program that is all-around smarter than a human (also see the singularity by Ray Kurzweil) https://www.chemheritage.org/distillations/magazine/thinking-machines-the-search-for-artificial-intelligence
  • 14. The Law of Accelerating Returns – Ray Kurzweil http://waitbutwhy.com/2015/01/artificial-intelligence-revolution-1.html
  • 15. ML Looses 15 • We have tried many thing: o Social Network Analysis o Seasonality detection o Entropy over time o Frequent pattern mining o Clustering • All kinds of challenges o Characterize normal o Extract what has been learned o Statistical vs. domain anomalies • Simple works!
  • 16. Simple - Data Abstraction 16
  • 17. Simple Works - Monitor Password Resets 17 threshold outliers have different magnitudes
  • 18. Approximate Curve 18 fitting a curve distance to curve
  • 19. Data Mining Applied 19 • Some would sell this as AI better threshold
  • 21. S e c u r i t y . A n a l y t i c s . I n s i g h t . “How Can We See, Not To Confirm - But To Learn” - Edward Tufte
  • 23. Areas To Explore • Environment specific rather than environment agnostic approaches o Same IDS signatures for everyone? Same SIEM signatures? o Real-time threat intel sharing • Context o Users don’t think in IP addresses, they think about users o Topology mapping anyone? o User-based policies, not machine based o Adaptive security • Capture expert knowledge o Collaborative efforts • Forget about 3D visualization 😊
  • 24. Promising Approaches That Will “Change” Security • Continuous authentication • Dynamic policy decisions – automation – really closing the loop o But what products do this well? Open APIs, low f/p, etc. • Micro segmentation (including SDN?) • Real-time threat intelligence sharing • Human assisted machine learning systems • Crowd sourcing • End-user involved / assisted decision making • Eradicate phishing, please!
  • 25. How Will ML / AI Help? • Machine learning consists of algorithms that need data o Garbage in - garbage out o Data formats and semantics • Deep learning is just another ML algorithm o Malware classification (it isn’t necessarily better than other ML algorithms) o Basically eliminates the feature engineering step • Many inherent challenges (see https://www.youtube.com/watch?v=CEAMF0TaUUU) o Distance functions o Context – need input from HR systems and others o Choice of algorithm o Etc. • Where to use ML o Classification problems (traffic, binaries, activities, etc.) o There is good work being done on automating the level 1 analyst o Look for systems that leverage humans in the loop (see topic of knowledge capture)
  • 26. Security Visualization Community 26 • http://secviz.org • List: secviz.org/mailinglist • Twitter: @secviz Share, discuss, challenge, and learn about security visualization.
  • 27. 27 Visual Analytics - Delivering Actionable Security Intelligence July 22-25 2017, Las Vegas big data | analytics | visualization BlackHat Workshop
  • 28. Sophos – Security Made Simple 28 • Products usable by non experts delightful for the security analyst • Consolidating security capabilities • Data science to SOLVE problems not to highlight issues Analytics UTM/Next-Gen Firewall Wireless Web Email Disk Encryption File Encryption Endpoint / Next-Gen Endpoint Mobile Server Sophos Central

Editor's Notes

  1. Have a story ready as an intro! Link that to point B (investment)
  2. What is Data Mining?
  3. `