1 / 18

AI and Cyber Security Friends or Foes?

AI and Cyber Security Friends or Foes?. incident analysis with artificial intelligence. CEPS Brussels 29 May 2018 Jonathan Sage Government and Regulatory Affairs, Cyber Security Policy lead, Europe. May 2018. Evolution of security technology - three waves.

andrus
Télécharger la présentation

AI and Cyber Security Friends or Foes?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AI and Cyber Security Friends or Foes? incident analysis with artificial intelligence CEPS Brussels 29 May 2018 Jonathan Sage Government and Regulatory Affairs, Cyber Security Policy lead, Europe May 2018

  2. Evolution of security technology - three waves CLOUD, AI and ORCHESTRATION, COLLABORATION INTELLIGENCEandINTEGRATION LAYERED DEFENSES

  3. Goals of a security operations team are core to business and important for compliance – for instance NIS and GDPR in the EU Protect critical systems & data Respond to incidents accurately and quickly Outthink cyber criminals

  4. But the pressures today make them hard to keep up with Data Overload Unaddressed Threats Skills Shortage “ “ “ My workload is overwhelming and repetitive. I don’t know where to focus my time for the quickest response. There is so much information out there, it’s impossible to find what’s useful. “ “ “

  5. Results of the Cognitive Security Study Accuracy gap Intelligence gap Speed gap #2 most challenging area today is optimizing accuracy alerts (too many false positives) #3 most challenging area due to insufficient resources is threat identification, monitoring and escalating potential incidents (61% selecting) #1 most challenging area due to insufficient resources is threat research (65% selecting) #3 highest cybersecurity challenge today is keeping current on new threats and vulnerabilities (40% selecting) The top cybersecurity challenge today and tomorrow is reducing average incident response and resolution time This is despite the fact that 80% said their incident response speed is much faster than two years ago Addressing gaps while managing cost and ROI pressures

  6. A universe of security knowledge Dark to your defenses • Security events and alerts • Logs and configuration data • User and network activity • Threat and vulnerability feeds TraditionalSecurity Data Human Generated Knowledge • Research documents • Industry publications • Forensic information • Threat intelligence commentary • Conference presentations • Analyst reports • Webpages • Wikis • Blogs • News sources • Newsletters • Tweets

  7. What role does Artificial intelligence play? Bridging this gap / new partnership between security analysts and their technology Human Expertise • Common sense • Morals • Compassion • Abstraction • Dilemmas • Generalization AI: Cognitive Security Security Analytics • Unstructured analysis • Natural language • Question and answer • Machine learning • Bias elimination • Tradeoff analytics • Data correlation • Pattern identification • Anomaly detection • Prioritization • Data visualization • Workflow UNDERSTAND | REASON | LEARN

  8. How it works – Building the knowledge with QRadar Watson Advisor 5 Minutes 1 Hour 1-3 Day StructuredSecurity Data Crawl of CriticalUnstructured Security Data Massive Crawl of all SecurityRelated Data on Web 5-10 updates / hour! 100K updates / week! X-Force Exchange Trusted partner data Open source Paid data Blogs Websites News, … Breach replies Attack write-ups Best practices Billions ofData Elements Millions of Documents - New actors - Campaigns - Malware outbreaks - Indicators, … - Course of action - Actors - Trends - Indicators, … - Indicators - Vulnerabilities - Malware names, … Filtering + Machine LearningRemoves Unnecessary Information 3:1 Reduction Machine Learning / Natural Language ProcessingExtracts and Annotates Collected Data Billions of Nodes / Edges Massive Security Knowledge Graph

  9. QRadar Advisor for Watson enables Accelerated Analysis Intelligent Investigation Faster Response • Uses AI to analyze real-time incidents for triage • Gathers external and internal threat indicators from alert • Performs external (threat intelligence research) and internal research on indicators and entities (hash, domain, IP, users, filename etc.) • Highlights the existence and identity of threat or outliers • Offers natural language search • Identifies if communication with threat has occurred or was blocked • Highlights if malware has executed • Identifies criticality of systems impacted in • Gives visibility to higher priority risks and threats from insiders • Connects other threat entities from original offense to show relationship • Provides input for ad-hoc investigation • Provides pertinent information to escalate • Automatic hunting for indicators • Exports threat and indicators to IR process for remediation and/or blocking • Automatically adds additional discovered threat indicators to watch lists to reduce risk of missing threats

  10. Cybercriminals becoming increasingly sophisticated and collaborative • . • Crime rings collaborate in the dark web - sharing techniques, launching attacks through popular social media, email, etc. • Level of organization and productivity that would be the envy of most businesses – offering customer support and money-back guarantees if their tools don't result in successful hack • Stay a step ahead of the attackers, which is why IBM has white hat security researchers trolling the dark web every day to monitor latest on cyberattack strategies

  11. Friend or Foe? • It is an arms race, and some are more advanced than others. • Technology is the battlefield and we have to recognize the well-equipped adversary we are fighting against. • Proof point: IBM's Security Services teams monitor billions of events across the globe and last year, more than 2.9 bn records were reported breached • Protecting citizens, consumers and employees is a proactive/ongoing journey. • Governments and industry can never rest on their laurels.

  12. How it works – Cognitive applied for cybersecurity Ingest mass amounts of data Classify, select, and normalize data Natural language processing for security context Training and learning with feedback Relational analysis visualized through knowledge graphs

  13. Friend or Foe? • Both

  14. How it works – Use cases further defined Utilize locally gathered and Watson external threat intelligence to gain broader context within your investigations Understand and quickly assess threats to know if they bypassedyour layered defenses or if they were stopped dead in their tracks Realize reach of threats and its effects on other users and systemsin your ecosystem Identify users and critical assets when they involved in an incident and quickly pivot to gain details on user behavior activity and asset metadata Understand malware and ransomware sources, delivery methods and related components to help quickly determine your impact and next courses of action

  15. Resources • Knowledge Center – latest with what’s new, support, etc. Upcoming Events – webinars, local events, etc. • Links to Short How-to Videos: • QRadar Watson Advisor Trial Request, Download, and Installation • QRadar Watson Advisor Configuration • QRadar Watson Advisor Incident Overview and Analysis • Links to informational and demo videos: • Taking SIEM Cognitive In 3 minutes (Jose Bravo and Chris Hankins) • Poison Ivy Malware Video • Suspicious Activity (CozyDuke) Video • Link to Self-Help Support Forum • AppExchange • On-demand webinar – Rock your SOC (Security Operations Center) with Watson for Cyber Security • Solution brief

  16. Contacts OFFERING MANAGEMENT SALES & TECHNICAL SALES Jim Gottardi(Jim.Gottardi@us.ibm.com) Worldwide Client Success – Security Intelligence SaaS Lead Uwe Hofmann (uwe.hofmann@de.ibm.com) Worldwide Tech Lead – Security Intelligence Carma Austin (caaustin@us.ibm.com) NA Program Lead – Cognitive Security Adam Lyons (adamlyon@us.ibm.com) NA Sales Leader – Cognitive Security Gerd Rademann(gerd.rademann@de.ibm.com) Europe Program Lead – Cognitive Security Chris Hankins (cmhankins@us.ibm.com) Offering Manager – Cognitive Security

  17. Backup

More Related