Battle between hackers and machine learning. Alexey Lukatsky Cybersecurity Business Consultant April 03, 2019

Similar documents
Battle between hackers and machine learning Current status and trends

Annual Cybersecurity Report

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Predicting and Preventing Cyber Threats. Paolo Passeri, Consulting Systems Engineer

Innovative Cisco Security- Lösungen für den Endpoint Das Alpha und Omega unsere Next Gen Security

How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Hidden Figures: Securing what you cannot see

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

The Internet of Everything is changing Everything

Encrypted Traffic Analytics

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Automated Threat Management - in Real Time. Vectra Networks

Office 365 Buyers Guide: Best Practices for Securing Office 365

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

Compare Security Analytics Solutions

Enhanced Threat Detection, Investigation, and Response

5 Steps to Government IT Modernization

WHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale

Incident Response Agility: Leverage the Past and Present into the Future

RSA NetWitness Suite Respond in Minutes, Not Months

Threat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN)

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Imperva Incapsula Website Security

Cisco Advanced Malware Protection against WannaCry

Security in India: Enabling a New Connected Era

21ST CENTURY CYBER SECURITY FOR MEDIA AND BROADCASTING

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

From Managed Security Services to the next evolution of CyberSoc Services

BUILDING AND MAINTAINING SOC

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Building Resilience in a Digital Enterprise

Venusense UTM Introduction

8 Must Have. Features for Risk-Based Vulnerability Management and More

Cisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017

Best Practices in Securing a Multicloud World

Cisco Firepower NGFW. Anticipate, block, and respond to threats

An Aflac Case Study: Moving a Security Program from Defense to Offense

MCAFEE INTEGRATED THREAT DEFENSE SOLUTION

Segment Your Network for Stronger Security

Cognito Detect is the most powerful way to find and stop cyberattackers in real time

ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Enhancing Threat Intelligence Data. 05/24/2017 DC416

Machine-Powered Learning for People-Centered Security

Phishing in the Age of SaaS

How to build a multi-layer Security Architecture to detect and remediate threats in real time

Cognitive Threat Analytics Tech update

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

Cisco Ransomware Defense The Ransomware Threat Is Real

SECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE

CloudSOC and Security.cloud for Microsoft Office 365

Supercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness

AMP-Based Flow Collection. Greg Virgin - RedJack

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

Building a Threat-Based Cyber Team

RSA Security Analytics

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

Intelligent and Secure Network

Cisco ASA 5500-X NGFW

Managed Endpoint Defense

Threat Intel for All: There s More to Your Data than Meets the Eye

Automated Context and Incident Response

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

Service Provider Security Architecture

with Advanced Protection

Cybowall Solution Overview

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS

2018 Cyber Security Predictions

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

AT&T Endpoint Security

The Future of Threat Prevention

Teradata and Protegrity High-Value Protection for High-Value Data

Cyber Threat Landscape April 2013

Cisco Security Enterprise License Agreement

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

Global vision. Local knowledge. Cisco Forum Kyiv Country Day Month Year

User and Entity Behavior Analytics

How Enterprise Tackles Phishing. Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong

Modern attacks and malware

Encrypted Traffic Security (ETS) White Paper

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

Noam Ikar R&DVP. Complex Event Processing and Situational Awareness in the Digital Age

SIEM (Security Information Event Management)

Reducing the Cost of Incident Response

Forensic Network Analysis in the Time of APTs

Are we breached? Deloitte's Cyber Threat Hunting

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

Comprehensive datacenter protection

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

Cyber-Threats and Countermeasures in Financial Sector

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

Vectra Cognito. Brochure HIGHLIGHTS. Security analyst in software

Security analytics: From data to action Visual and analytical approaches to detecting modern adversaries

Transcription:

Battle between hackers and machine learning Alexey Lukatsky Cybersecurity Business Consultant April 03, 2019

Google: facts and numbers

Real Cisco Big Data for Security Training Set

Why is Machine Learning so useful in Security? Static With limited variability or is well-understood Evolving Security The security domain is always evolving, has a large amount of variability, and is not well-understood 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Finding Malicious Activity in Encrypted Traffic NetFlow Telemetry for encrypted malware detection and cryptographic compliance Enhanced NetFlow Cognitive Analytics Malware detection and cryptographic compliance Leveraged network Faster investigation Higher precision Stronger protection Enhanced NetFlow from Cisco s newest switches and routers Enhanced analytics and machine learning Global-to-local knowledge correlation Continuous enterprisewide compliance * Future support coming soon for ISR and ASR systems

Malicious Use of Legitimate Resources Cybercriminals are adopting command-and-control channels that rely on legitimate Internet services, making malware traffic almost impossible to shut down Easy Setup IP Address Leverage Encryption for C2 Reduce Burning Infrastructure Whitelisted Subverts Domain and Certificate Intelligence Adaptability

Internet anomalies typically detected Sample report demonstrating an advanced threat visibility gap: http://cognitive.cisco.com/preview

Insider Threat Machine learning algorithms can greatly help detect internal malicious actors 5200 Data PDFs 62% High* docs per user was the most popular keyword in doc titles were the most common file type occur outside of normal work hours accuracy of malicious activity detection since June 2017

Compromised Cloud Account Detection

How Malicious Actors Leverage Domains 20% Other Type of Attack 60% Spam RLD Registered Times New or Reused Domains 20% Malvertising 20% Less than 1 week 80% More than 1 week 42% New 58% Reused Organizations need to minimize access to malicious domains

DNS predictive models 2M+ live events per second 11B+ historical events Guilt by inference Co-occurrence model Sender rank model Secure rank model Guilt by association Predictive IP Space Modeling Passive DNS and WHOIS Correlation Patterns of guilt Spike rank model Natural Language Processing rank model Live DGA prediction

Suspicious events in internal network Source or target of malicious behavior Reconnaissance Command and Control DDoS Activity Insider threats Scanning, excessive network activity such as file copying or transfer, policy violation, etc. Port scanning for vulnerabilities or running services Communication back to an external remote controlling server through malware Sending or receiving SYN flood and other types of data floods Data hoarding and data exfiltration

Market Expectations: Modern Workplace The modern workplace will continue to create conditions that favor the attackers The footprint security executives must secure continues to expand Employees increasingly carry their work (and the company s data) with them wherever they go a welldocumented source of exposure Clients, partners and suppliers all need secure access to corporate resources With the increasing deployment of IoT sensors, etc., companies interfaces to the internet will multiply dramatically

Market Expectations: AI and Machine Learning More spending on AI/ML capabilities AI, ML and automation increasingly desired and expected 83%: Reliant on automation to reduce level of effort to secure the organization 74%: Reliant on AI to reduce level of effort to secure the organization CISOs expect to take increasing advantage of AI and robotics 92% of security professionals say behavior analytics tools work well in identifying bad actors

What about Russia? How are you using AI/ML in your cybersecurity? (%) I understand ML in cybersecurity and have active pilots for this technology I think it s marketing bull sheet I used integrated ML in my products but I don t understand how it works I m only thinking about it 0 10 20 30 40 50 60 Source: Лукацкий А.В., IDC Security Roadshow

AI in cyber security isn t panacea but future Signatures and IoC Rules Statistical models AI algorithms IDS, AV, NGIPS, EDR, TIP NGFW, WSA, SIEM, ESA Netflow 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

References for Cisco Cyber Security & Machine Learning https://www.cisco.com/go/security https://www.talosintelligence.com https://blogs.cisco.com/tag/machine-learning http://www.cisco-ai.com You can test all of our Cisco Security Solutions 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

N E R D A L E R T Thank you!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback