Artificial Intelligence – Time Bomb or The Promised Land?

Raffael Marty
Raffael MartyGeneralManager Cybersecurity at ConnectWise
Raffael Marty
VP Research and Intelligence
Head of X-Labs, Forcepoint
Artificial Intelligence –
Time Bomb or The Promised Land?
Cyber Symposium | September 2019 | Colorado Springs
A Brief Summary
We don’t have artificial intelligence (yet)
Algorithms can be dangerous - Understand
your data and your algorithms
We need a paradigm shift in security to escape
the cat and mouse game
Human factors play a key role in detecting and
preventing cyber attacks and insider threat
Build systems that capture “expert knowledge”
and augment human capabilities
Raffael Marty
Sophos
PixlCloud
Loggly
Splunk
ArcSight
IBM Research
Security Visualization
Big Data
ML & AI
SIEM
Corp Strategy
Leadership
Zen
Deep
Learning
Statistics
Unsupervised
Machine
Learning
Natural
Language
Processing
MALWARE
IDENTIFICATION
PHISHING
DETECTION
COMMUNICATION
ANALYSIS
Artificial Intelligence in Security
SECURITY EXAMPLES
Facial Recognition Privacy
Malware Detection Failure
Blacklisting of
Windows Executable
Pentagon AI Fail
Algorithm Bias Data Biases
The Dangers of AI
What Makes Algorithms Dangerous?
Algorithms make assumptions about the data.
Algorithms are too easy to use.
Algorithms do not take domain knowledge into account.
History is not a predictor of the future.
dest port!
Port 70000?
src ports!
http://vis.pku.edu.cn/people/simingchen/docs/vastchallenge13-mc3.pdfUnderstand Your Data
$1 Trillion Has Been Spent Over
The Past 7 Years On Cybersecurity,
With 95% Success …For The Attackers
46% say they can’t prevent attackers
from breaking into internal networks
each time it is attempted.
100% of CIOs believe a breach will
occur through a successful phishing
attack in next 12 months.
Enterprises have seen a 26% increase
in security incidents despite
increasing budgets by 9% YoY.
Source: CyberArk Global Advanced Threat Landscape Report 2018 Sources: Verizon 2018 Data Breach Investigations Report.
Escaping the Security Cat and Mouse Game
Reactive
Detection
Threat Intelligence (IOCs)
Event-based
Paradigm Shift
Proactive
Protection and Automation
Behavior of humans and machines
Risk-based
Rational for The New Paradigm
Recon Weaponization Delivery Exploitation Installation Execution
• Understand the ‘normal’ behavior of humans and devices
• Try to catch attacker as early as possible,
• Move coverage to later stages
• Does not rely on knowing about types of attacks (zero day resistant)
Behavioral Intelligence
• Constantly changing
• Chasing zero days
• Very reactive
• Focuses on external attackers
Threat Intelligence
Does not work if there is no
‘exploitation’ phase.
E.g., with insiders
Where harm is caused: Critical data and IP
being modified, deleted, or exfiltrated
Expanding the Security Framework
1. Understand the
movement of data
Execution
Catch attacks in the
preparation phase
Discover
Explore
Collect
Exfiltrate, Modify, Destroy
Dwell time can be months
2. Understand human
and device behavior:
Monitor human
factors
Monitor for deviations from norm
Recon Weaponize
Assess peer group
membership
89
John
Flag suspicious
entities before
any harm is done
Includes insiders
in the kill chain
Understanding Humans and Data
Discover
Explore
Collect
Exfiltrate, Modify, Destroy
Monitor Entities
• Learn their normal behavior
• Learn how they behave relative to their peers
• Learn how they interact with critical data and IP
• Based on deviations, compute an entity risk
Understand Humans
• Track and assess human factors
Shift to a risk-based approach
• An ‘event’ can both be good or bad, depending on
the context of the entity
89
John
Addiction, Gambling
Performance
Patterns of
Violations
Interpersonal
Issues
Knowledge,
Skills, Ability
Financial
Distress
Detecting and perceiving risk is
shaped by our ability to integrate
expert knowledge about risk
factors and human behavior.
Accesses
sensitive files
Searches for
sensitive files
Without context, behaviors that
may seem “obviously bad” in
retrospect, may not be noticed.
Predisposition
(Vulnerabilities)
Stressors
(Triggering
Factors)
Concerning
Behaviors
A Framework to Understand Humans
• Med/psych conditions
• Personality & Social Skills
• Previous Rule Violations
• Social Network Risks
• Personal (life
changes, health)
• Professional (job
loss, salary, etc.)
• Financial
• Interpersonal
• Policy violations
• Financial
• Mental Health, Addiction
• Social Network, Travel
Note: None of these components alone are indicators of a crime or attack!
RISK
Activities
From Activities to Concerning Behaviors
RISK
”Detection Rules” that normally
generate a lot of false positives are not
weighed by the risk of the entities.
Activities that, out of
context would be benign,
now flag an attack
”Risk Adaptive Protection”
Risk adjusted “Detections”
Am I here to work
for you, or for
someone else?
Regular
Activities
Activities
Predisposition Stressors
Concerning
Behaviors
• Seeking access or
clearance levels
beyond current need
• Testing security
boundaries
• Multiple usernames & identities
• Social and professional network
• Unreported travel
• Low communication, lack of
social connections in office
• None • Communication
with competitors
Research Areas / Where we Need AI
Numerous foundational
problems still unsolved
• Taxonomies
• Entity resolution /
identity attribution
Capturing expert knowledge
• Explicit
• Re-enforcement
• Belief networks
Communication analytics
• NLP
• SNA
• Peer group analytics (CBC)
Risk computation (risk is not linear)
• Belief Networks
Validation and expansion of human
factors framework
The Big AI Challenges
Verifyability and Explainability
Privacy
• Doing the right thing for the ‘consumer’
• Compliance with GDPR and other regulations
Efficacy
• How to provably show what algorithms do?
• How to compare against other solutions / algorithms?
• How to know we are protected?
• Preventing ‘snake oil’
Socio-ethical conversation
• Big brother? Surveillance?
Where are the boundaries?
• Where are boundaries of
what is okay to be
collected and analyzed?
Training data for both
supervised algorithms
and hypothesis testing
The world's first dynamic 'non-factor’ based quantum AI encryption software, utilizing multi-dimensional encryption technology, including time,
music's infinite variability, artificial intelligence, and most notably mathematical constancies to generate entangled key pairs. – Snake Oil
Takeaways
“The way algorithms are used is
often dangerous. Hire experts.”
“We need a paradigm shift to escape
the security cat and mouse game.”
“Understanding human factors can
help getting ahead of attackers”
@raffaelmarty
@ForcepointSec
@ForcepointLabs
ForcepointForcepoint LLCForcepoint
Questions?
http://slideshare.net/zrlram
1 of 20

Recommended

Understanding the "Intelligence" in AI by
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AIRaffael Marty
942 views12 slides
Security Chat 5.0 by
Security Chat 5.0Security Chat 5.0
Security Chat 5.0Raffael Marty
449 views14 slides
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed by
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't ChangedAI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't ChangedRaffael Marty
4.5K views29 slides
Cyber security and AI by
Cyber security and AICyber security and AI
Cyber security and AIDexterJanPineda
459 views15 slides
Visualization in the Age of Big Data by
Visualization in the Age of Big DataVisualization in the Age of Big Data
Visualization in the Age of Big DataRaffael Marty
6.9K views46 slides
AI & ML in Cyber Security - Why Algorithms are Dangerous by
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousRaffael Marty
7.2K views41 slides

More Related Content

What's hot

AI In Cybersecurity – Challenges and Solutions by
AI In Cybersecurity – Challenges and SolutionsAI In Cybersecurity – Challenges and Solutions
AI In Cybersecurity – Challenges and SolutionsZoneFox
309 views14 slides
Security Insights at Scale by
Security Insights at ScaleSecurity Insights at Scale
Security Insights at ScaleRaffael Marty
2.5K views11 slides
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,... by
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Cybereason
2.9K views24 slides
AI and ML in Cybersecurity by
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in CybersecurityForcepoint LLC
2.7K views40 slides
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data... by
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...Forcepoint LLC
123 views14 slides
Cyber Threat Hunting with Phirelight by
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
1.4K views13 slides

What's hot(20)

AI In Cybersecurity – Challenges and Solutions by ZoneFox
AI In Cybersecurity – Challenges and SolutionsAI In Cybersecurity – Challenges and Solutions
AI In Cybersecurity – Challenges and Solutions
ZoneFox309 views
Security Insights at Scale by Raffael Marty
Security Insights at ScaleSecurity Insights at Scale
Security Insights at Scale
Raffael Marty2.5K views
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,... by Cybereason
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Cybereason2.9K views
AI and ML in Cybersecurity by Forcepoint LLC
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in Cybersecurity
Forcepoint LLC2.7K views
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data... by Forcepoint LLC
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
Forcepoint LLC123 views
Cyber Threat Hunting with Phirelight by Hostway|HOSTING
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
Hostway|HOSTING1.4K views
From machine learning to deepfakes - how AI is revolutionizing cybersecurity by Infosec
From machine learning to deepfakes - how AI is revolutionizing cybersecurityFrom machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurity
Infosec123 views
AI & ML in Cyber Security - Why Algorithms Are Dangerous by Raffael Marty
AI & ML in Cyber Security - Why Algorithms Are DangerousAI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are Dangerous
Raffael Marty13.9K views
Understanding the "Intelligence" in AI by Forcepoint LLC
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AI
Forcepoint LLC466 views
How To Drive Value with Security Data by Raffael Marty
How To Drive Value with Security DataHow To Drive Value with Security Data
How To Drive Value with Security Data
Raffael Marty3.4K views
Creating Your Own Threat Intel Through Hunting & Visualization by Raffael Marty
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
Raffael Marty25.2K views
CTI ANT: Hunting for Chinese Threat Intelligence by JacklynTsai
CTI ANT: Hunting for Chinese Threat IntelligenceCTI ANT: Hunting for Chinese Threat Intelligence
CTI ANT: Hunting for Chinese Threat Intelligence
JacklynTsai104 views
Practical Applications of Machine Learning in Cybersecurity by scoopnewsgroup
Practical Applications of Machine Learning in CybersecurityPractical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in Cybersecurity
scoopnewsgroup1.1K views
Cloud - Security - Big Data by Raffael Marty
Cloud - Security - Big DataCloud - Security - Big Data
Cloud - Security - Big Data
Raffael Marty2.1K views
Cyber Threat Intelligence: Building and maturing an intelligence program that... by Mark Arena
Cyber Threat Intelligence: Building and maturing an intelligence program that...Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Mark Arena4K views
Threat Hunting 101: Intro to Threat Detection and Incident Response by Infocyte
Threat Hunting 101: Intro to Threat Detection and Incident ResponseThreat Hunting 101: Intro to Threat Detection and Incident Response
Threat Hunting 101: Intro to Threat Detection and Incident Response
Infocyte648 views
Threat Intelligence Workshop by Priyanka Aash
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence Workshop
Priyanka Aash3.3K views
Visualizing Threats: Network Visualization for Cyber Security by Cambridge Intelligence
Visualizing Threats: Network Visualization for Cyber SecurityVisualizing Threats: Network Visualization for Cyber Security
Visualizing Threats: Network Visualization for Cyber Security

Similar to Artificial Intelligence – Time Bomb or The Promised Land?

Technical track chris calvert-1 30 pm-issa conference-calvert by
Technical track chris calvert-1 30 pm-issa conference-calvertTechnical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvertISSA LA
571 views19 slides
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati... by
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...TI Safe
193 views22 slides
Integrated Security, Safety and Surveillance Solution i3S by
Integrated Security, Safety and Surveillance Solution  i3SIntegrated Security, Safety and Surveillance Solution  i3S
Integrated Security, Safety and Surveillance Solution i3SEdgevalue
935 views141 slides
The Future of Advanced Analytics by
The Future of Advanced AnalyticsThe Future of Advanced Analytics
The Future of Advanced AnalyticsHaystax Technology
580 views20 slides
Janitor vs cleaner by
Janitor vs cleanerJanitor vs cleaner
Janitor vs cleanerJohn Stauffacher
770 views44 slides
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm by
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory RealmShawn Tuma
254 views30 slides

Similar to Artificial Intelligence – Time Bomb or The Promised Land?(20)

Technical track chris calvert-1 30 pm-issa conference-calvert by ISSA LA
Technical track chris calvert-1 30 pm-issa conference-calvertTechnical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvert
ISSA LA571 views
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati... by TI Safe
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
TI Safe193 views
Integrated Security, Safety and Surveillance Solution i3S by Edgevalue
Integrated Security, Safety and Surveillance Solution  i3SIntegrated Security, Safety and Surveillance Solution  i3S
Integrated Security, Safety and Surveillance Solution i3S
Edgevalue935 views
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm by Shawn Tuma
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
Shawn Tuma254 views
Insider Threat - How Do You Find a Wolf in Sheep's Clothing? by dianadvo
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
dianadvo238 views
Cyber Threat Hunting: Identify and Hunt Down Intruders by Infosec
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down Intruders
Infosec737 views
How to Catch a Wolf in Sheep's Clothing by ThinAir
How to Catch a Wolf in Sheep's ClothingHow to Catch a Wolf in Sheep's Clothing
How to Catch a Wolf in Sheep's Clothing
ThinAir166 views
Digital Forensics for Artificial Intelligence (AI ) Systems.pdf by Mahdi_Fahmideh
Digital Forensics for Artificial Intelligence (AI ) Systems.pdfDigital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdf
Mahdi_Fahmideh117 views
Cognitive automation with machine learning in cyber security by Rishi Kant
Cognitive automation with machine learning in cyber securityCognitive automation with machine learning in cyber security
Cognitive automation with machine learning in cyber security
Rishi Kant322 views
knowthyself : Internal IT Security in SA by SensePost
knowthyself : Internal IT Security in SA knowthyself : Internal IT Security in SA
knowthyself : Internal IT Security in SA
SensePost510 views
How To Turbo-Charge Incident Response With Threat Intelligence by Resilient Systems
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
Resilient Systems967 views
BUSCAS UNA SEGURIDAD INTEGRADA Y DINÁMICA? ; INTELIGENCIA Y COLABORACIÓN LA ... by Cristian Garcia G.
BUSCAS UNA SEGURIDAD INTEGRADA Y DINÁMICA?  ; INTELIGENCIA Y COLABORACIÓN LA ...BUSCAS UNA SEGURIDAD INTEGRADA Y DINÁMICA?  ; INTELIGENCIA Y COLABORACIÓN LA ...
BUSCAS UNA SEGURIDAD INTEGRADA Y DINÁMICA? ; INTELIGENCIA Y COLABORACIÓN LA ...
Cristian Garcia G.396 views
Artificial Intelligence and Cybersecurity by Olivier Busolini
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
Olivier Busolini17.1K views
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk by SurfWatch Labs
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party RiskUsing SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
SurfWatch Labs137 views
SplunkLive! Splunk for Insider Threats and Fraud Detection by Splunk
SplunkLive! Splunk for Insider Threats and Fraud DetectionSplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud Detection
Splunk6.2K views
Insider Threat: How Does Your Security Stack Measure Up? by ThinAir
Insider Threat: How Does Your Security Stack Measure Up?Insider Threat: How Does Your Security Stack Measure Up?
Insider Threat: How Does Your Security Stack Measure Up?
ThinAir566 views
Cyber security with ai by Burhan Ahmed
Cyber security with aiCyber security with ai
Cyber security with ai
Burhan Ahmed14.3K views

More from Raffael Marty

Exploring the Defender's Advantage by
Exploring the Defender's AdvantageExploring the Defender's Advantage
Exploring the Defender's AdvantageRaffael Marty
137 views36 slides
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti... by
Extended Detection and Response (XDR)An Overhyped Product Category With Ulti...Extended Detection and Response (XDR)An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Raffael Marty
965 views19 slides
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes? by
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Raffael Marty
6.4K views30 slides
Creating Your Own Threat Intel Through Hunting & Visualization by
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationRaffael Marty
2.7K views25 slides
Big Data Visualization by
Big Data VisualizationBig Data Visualization
Big Data VisualizationRaffael Marty
41.5K views43 slides
The Heatmap
 - Why is Security Visualization so Hard? by
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?Raffael Marty
2.5K views74 slides

More from Raffael Marty(19)

Exploring the Defender's Advantage by Raffael Marty
Exploring the Defender's AdvantageExploring the Defender's Advantage
Exploring the Defender's Advantage
Raffael Marty137 views
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti... by Raffael Marty
Extended Detection and Response (XDR)An Overhyped Product Category With Ulti...Extended Detection and Response (XDR)An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Raffael Marty965 views
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes? by Raffael Marty
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Raffael Marty6.4K views
Creating Your Own Threat Intel Through Hunting & Visualization by Raffael Marty
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
Raffael Marty2.7K views
Big Data Visualization by Raffael Marty
Big Data VisualizationBig Data Visualization
Big Data Visualization
Raffael Marty41.5K views
The Heatmap
 - Why is Security Visualization so Hard? by Raffael Marty
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?
Raffael Marty2.5K views
Workshop: Big Data Visualization for Security by Raffael Marty
Workshop: Big Data Visualization for SecurityWorkshop: Big Data Visualization for Security
Workshop: Big Data Visualization for Security
Raffael Marty22.1K views
Visualization for Security by Raffael Marty
Visualization for SecurityVisualization for Security
Visualization for Security
Raffael Marty7.7K views
The Heatmap
 - Why is Security Visualization so Hard? by Raffael Marty
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?
Raffael Marty8K views
DAVIX - Data Analysis and Visualization Linux by Raffael Marty
DAVIX - Data Analysis and Visualization LinuxDAVIX - Data Analysis and Visualization Linux
DAVIX - Data Analysis and Visualization Linux
Raffael Marty4.2K views
Cyber Security – How Visual Analytics Unlock Insight by Raffael Marty
Cyber Security – How Visual Analytics Unlock InsightCyber Security – How Visual Analytics Unlock Insight
Cyber Security – How Visual Analytics Unlock Insight
Raffael Marty33K views
Supercharging Visualization with Data Mining by Raffael Marty
Supercharging Visualization with Data MiningSupercharging Visualization with Data Mining
Supercharging Visualization with Data Mining
Raffael Marty5K views
Security Visualization - Let's Take A Step Back by Raffael Marty
Security Visualization - Let's Take A Step BackSecurity Visualization - Let's Take A Step Back
Security Visualization - Let's Take A Step Back
Raffael Marty3K views
Visual Analytics and Security Intelligence by Raffael Marty
Visual Analytics and Security IntelligenceVisual Analytics and Security Intelligence
Visual Analytics and Security Intelligence
Raffael Marty2.6K views
RSA 2006 - Visual Security Event Analysis by Raffael Marty
RSA 2006 - Visual Security Event AnalysisRSA 2006 - Visual Security Event Analysis
RSA 2006 - Visual Security Event Analysis
Raffael Marty1.8K views
Log Visualization - Bellua BCS 2006 by Raffael Marty
Log Visualization - Bellua BCS 2006Log Visualization - Bellua BCS 2006
Log Visualization - Bellua BCS 2006
Raffael Marty1.6K views
Event Graphs - EUSecWest 2006 by Raffael Marty
Event Graphs - EUSecWest 2006Event Graphs - EUSecWest 2006
Event Graphs - EUSecWest 2006
Raffael Marty951 views
Insider Threat Visualization - HackInTheBox 2007 by Raffael Marty
Insider Threat Visualization - HackInTheBox 2007Insider Threat Visualization - HackInTheBox 2007
Insider Threat Visualization - HackInTheBox 2007
Raffael Marty2.1K views

Recently uploaded

We see everywhere that many people are talking about technology.docx by
We see everywhere that many people are talking about technology.docxWe see everywhere that many people are talking about technology.docx
We see everywhere that many people are talking about technology.docxssuserc5935b
6 views2 slides
UiPath Document Understanding_Day 3.pptx by
UiPath Document Understanding_Day 3.pptxUiPath Document Understanding_Day 3.pptx
UiPath Document Understanding_Day 3.pptxUiPathCommunity
101 views25 slides
IETF 118: Starlink Protocol Performance by
IETF 118: Starlink Protocol PerformanceIETF 118: Starlink Protocol Performance
IETF 118: Starlink Protocol PerformanceAPNIC
186 views22 slides
Building trust in our information ecosystem: who do we trust in an emergency by
Building trust in our information ecosystem: who do we trust in an emergencyBuilding trust in our information ecosystem: who do we trust in an emergency
Building trust in our information ecosystem: who do we trust in an emergencyTina Purnat
92 views18 slides
information by
informationinformation
informationkhelgishekhar
8 views4 slides
DU Series - Day 4.pptx by
DU Series - Day 4.pptxDU Series - Day 4.pptx
DU Series - Day 4.pptxUiPathCommunity
100 views28 slides

Recently uploaded(12)

We see everywhere that many people are talking about technology.docx by ssuserc5935b
We see everywhere that many people are talking about technology.docxWe see everywhere that many people are talking about technology.docx
We see everywhere that many people are talking about technology.docx
ssuserc5935b6 views
UiPath Document Understanding_Day 3.pptx by UiPathCommunity
UiPath Document Understanding_Day 3.pptxUiPath Document Understanding_Day 3.pptx
UiPath Document Understanding_Day 3.pptx
UiPathCommunity101 views
IETF 118: Starlink Protocol Performance by APNIC
IETF 118: Starlink Protocol PerformanceIETF 118: Starlink Protocol Performance
IETF 118: Starlink Protocol Performance
APNIC186 views
Building trust in our information ecosystem: who do we trust in an emergency by Tina Purnat
Building trust in our information ecosystem: who do we trust in an emergencyBuilding trust in our information ecosystem: who do we trust in an emergency
Building trust in our information ecosystem: who do we trust in an emergency
Tina Purnat92 views
How to think like a threat actor for Kubernetes.pptx by LibbySchulze1
How to think like a threat actor for Kubernetes.pptxHow to think like a threat actor for Kubernetes.pptx
How to think like a threat actor for Kubernetes.pptx
LibbySchulze15 views
Marketing and Community Building in Web3 by Federico Ast
Marketing and Community Building in Web3Marketing and Community Building in Web3
Marketing and Community Building in Web3
Federico Ast12 views
𝐒𝐨𝐥𝐚𝐫𝐖𝐢𝐧𝐝𝐬 𝐂𝐚𝐬𝐞 𝐒𝐭𝐮𝐝𝐲 by Infosec train
𝐒𝐨𝐥𝐚𝐫𝐖𝐢𝐧𝐝𝐬 𝐂𝐚𝐬𝐞 𝐒𝐭𝐮𝐝𝐲𝐒𝐨𝐥𝐚𝐫𝐖𝐢𝐧𝐝𝐬 𝐂𝐚𝐬𝐞 𝐒𝐭𝐮𝐝𝐲
𝐒𝐨𝐥𝐚𝐫𝐖𝐢𝐧𝐝𝐬 𝐂𝐚𝐬𝐞 𝐒𝐭𝐮𝐝𝐲
Infosec train9 views
PORTFOLIO 1 (Bret Michael Pepito).pdf by brejess0410
PORTFOLIO 1 (Bret Michael Pepito).pdfPORTFOLIO 1 (Bret Michael Pepito).pdf
PORTFOLIO 1 (Bret Michael Pepito).pdf
brejess04107 views

Artificial Intelligence – Time Bomb or The Promised Land?

  • 1. Raffael Marty VP Research and Intelligence Head of X-Labs, Forcepoint Artificial Intelligence – Time Bomb or The Promised Land? Cyber Symposium | September 2019 | Colorado Springs
  • 2. A Brief Summary We don’t have artificial intelligence (yet) Algorithms can be dangerous - Understand your data and your algorithms We need a paradigm shift in security to escape the cat and mouse game Human factors play a key role in detecting and preventing cyber attacks and insider threat Build systems that capture “expert knowledge” and augment human capabilities
  • 3. Raffael Marty Sophos PixlCloud Loggly Splunk ArcSight IBM Research Security Visualization Big Data ML & AI SIEM Corp Strategy Leadership Zen
  • 5. SECURITY EXAMPLES Facial Recognition Privacy Malware Detection Failure Blacklisting of Windows Executable Pentagon AI Fail Algorithm Bias Data Biases The Dangers of AI
  • 6. What Makes Algorithms Dangerous? Algorithms make assumptions about the data. Algorithms are too easy to use. Algorithms do not take domain knowledge into account. History is not a predictor of the future.
  • 7. dest port! Port 70000? src ports! http://vis.pku.edu.cn/people/simingchen/docs/vastchallenge13-mc3.pdfUnderstand Your Data
  • 8. $1 Trillion Has Been Spent Over The Past 7 Years On Cybersecurity, With 95% Success …For The Attackers 46% say they can’t prevent attackers from breaking into internal networks each time it is attempted. 100% of CIOs believe a breach will occur through a successful phishing attack in next 12 months. Enterprises have seen a 26% increase in security incidents despite increasing budgets by 9% YoY. Source: CyberArk Global Advanced Threat Landscape Report 2018 Sources: Verizon 2018 Data Breach Investigations Report.
  • 9. Escaping the Security Cat and Mouse Game Reactive Detection Threat Intelligence (IOCs) Event-based Paradigm Shift Proactive Protection and Automation Behavior of humans and machines Risk-based
  • 10. Rational for The New Paradigm Recon Weaponization Delivery Exploitation Installation Execution • Understand the ‘normal’ behavior of humans and devices • Try to catch attacker as early as possible, • Move coverage to later stages • Does not rely on knowing about types of attacks (zero day resistant) Behavioral Intelligence • Constantly changing • Chasing zero days • Very reactive • Focuses on external attackers Threat Intelligence Does not work if there is no ‘exploitation’ phase. E.g., with insiders Where harm is caused: Critical data and IP being modified, deleted, or exfiltrated
  • 11. Expanding the Security Framework 1. Understand the movement of data Execution Catch attacks in the preparation phase Discover Explore Collect Exfiltrate, Modify, Destroy Dwell time can be months 2. Understand human and device behavior: Monitor human factors Monitor for deviations from norm Recon Weaponize Assess peer group membership 89 John Flag suspicious entities before any harm is done Includes insiders in the kill chain
  • 12. Understanding Humans and Data Discover Explore Collect Exfiltrate, Modify, Destroy Monitor Entities • Learn their normal behavior • Learn how they behave relative to their peers • Learn how they interact with critical data and IP • Based on deviations, compute an entity risk Understand Humans • Track and assess human factors Shift to a risk-based approach • An ‘event’ can both be good or bad, depending on the context of the entity 89 John
  • 13. Addiction, Gambling Performance Patterns of Violations Interpersonal Issues Knowledge, Skills, Ability Financial Distress Detecting and perceiving risk is shaped by our ability to integrate expert knowledge about risk factors and human behavior. Accesses sensitive files Searches for sensitive files Without context, behaviors that may seem “obviously bad” in retrospect, may not be noticed.
  • 14. Predisposition (Vulnerabilities) Stressors (Triggering Factors) Concerning Behaviors A Framework to Understand Humans • Med/psych conditions • Personality & Social Skills • Previous Rule Violations • Social Network Risks • Personal (life changes, health) • Professional (job loss, salary, etc.) • Financial • Interpersonal • Policy violations • Financial • Mental Health, Addiction • Social Network, Travel Note: None of these components alone are indicators of a crime or attack! RISK
  • 15. Activities From Activities to Concerning Behaviors RISK ”Detection Rules” that normally generate a lot of false positives are not weighed by the risk of the entities. Activities that, out of context would be benign, now flag an attack ”Risk Adaptive Protection” Risk adjusted “Detections”
  • 16. Am I here to work for you, or for someone else? Regular Activities Activities Predisposition Stressors Concerning Behaviors • Seeking access or clearance levels beyond current need • Testing security boundaries • Multiple usernames & identities • Social and professional network • Unreported travel • Low communication, lack of social connections in office • None • Communication with competitors
  • 17. Research Areas / Where we Need AI Numerous foundational problems still unsolved • Taxonomies • Entity resolution / identity attribution Capturing expert knowledge • Explicit • Re-enforcement • Belief networks Communication analytics • NLP • SNA • Peer group analytics (CBC) Risk computation (risk is not linear) • Belief Networks Validation and expansion of human factors framework
  • 18. The Big AI Challenges Verifyability and Explainability Privacy • Doing the right thing for the ‘consumer’ • Compliance with GDPR and other regulations Efficacy • How to provably show what algorithms do? • How to compare against other solutions / algorithms? • How to know we are protected? • Preventing ‘snake oil’ Socio-ethical conversation • Big brother? Surveillance? Where are the boundaries? • Where are boundaries of what is okay to be collected and analyzed? Training data for both supervised algorithms and hypothesis testing The world's first dynamic 'non-factor’ based quantum AI encryption software, utilizing multi-dimensional encryption technology, including time, music's infinite variability, artificial intelligence, and most notably mathematical constancies to generate entangled key pairs. – Snake Oil
  • 19. Takeaways “The way algorithms are used is often dangerous. Hire experts.” “We need a paradigm shift to escape the security cat and mouse game.” “Understanding human factors can help getting ahead of attackers”