1 / 32

This isn’t your Grandpa’s AI

Learn about the role of artificial intelligence (AI) in cybersecurity, its benefits, and how it can help fill the gap in detecting and responding to advanced threats. Gain insights from Jeff Michael, a seasoned security architect, on the value of AI and its potential in improving security operations.

lindahill
Download Presentation

This isn’t your Grandpa’s AI

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. This isn’t your Grandpa’s AI Jeff Michael CISSP, CCSI, CCSE+, CCSE, CCSA, NSE, NSA, ICESENIOR SECURITY ARCHITECT LASTLINE

  2. Agenda • Who is this guy • Goal of AI in Security • Need for AI • How is AI mis-understood • Why vendors love to say “AI” • Filling the gap with AI • Questions / Comments / Concerns

  3. About the Speaker Jeff Michael Senior Security Architect, Lastline Jeff Michael is a seasoned security professional with nearly 22 years in malware investigations, penetration testing, security assessments, malware reverse-engineering and forensics investigations.   Mr. Michael has written several security courses and has been a presenter at many worldwide conferences and shows.  Classes that he wrote include "Security Open Source", "Hacking Exposed", and "Forensic Analysis 101".  He is considered a Subject Matter Expert in computer forensics and investigations.  As a subject matter expert, he has utilized his knowledge in security to assist in numerous international and criminal investigations. These investigations have included Malware Infections, HTTP code review, Malware analysis, Virus/Trojan analysis, social engineering, and several other techniques.  He is currently working as a Senior Solutions Architect for Lastline.  He has over 20 years of experience helping numerous startup security companies.  These companies include FireEye, NetWitness, NetForensics, ISS, and other security firms.  Mr. Michael graduated from Purdue University obtaining a bachelor's degree in Electrical Engineering.  He holds the following certifications: CISSP, CCSI, CCSE+, CCSE, CCSA, NSA, NCSE, NCSA, ICE

  4. 100% Artificial Intelligence

  5. AI • What’s the real goal for any AI system? • Find thing’s quickly that are impossible or time consuming for humans to find • Replace the simple tasks with AI to free up more hours for Investigations • What’s the value behind AI • Finding unknown threats • Correlation of events • Reduced time to remediation • Increased productivity

  6. Beyond Humans: Artificial Intelligence

  7. AI, ML, Deep Learning, and Anomaly Detection Artificial Intelligence Machine Learning Deep Learning AnomalyDetection

  8. What Is AI? • “Artificial intelligence (AI), sometimes called machine intelligence, is intelligence demonstrated by machines, in contrast to the natural intelligence displayed by humans and other animals.” https://en.wikipedia.org/wiki/Artificial_intelligence

  9. Need for AI

  10. Why You Need AI-Based Network Security • Advanced Threats Evade Detection • Both legacy and “Next-Gen” security controls easily bypassed • Threats engineered to hide within normal network activity Understaffed Security Team Can’t Keep Up • 24/7 threat monitoring is not feasible • Unable to Process Massive Amounts of Data • Flood of information from your infrastructure

  11. AI wasn’t Initially designed for Security • AI and ML techniques were developed to support the analysis of natural language, images, sounds, …. • NOT Security Threats

  12. Expert Systems • Capture the expertise of a human being • Require human labor to create models and rules • Support the scalable application of knowledge

  13. Expert Systems and Security • Capture the knowledge of a security expert/analyst • Support the application of models and rules to large datasets • Perform independently of the data they operate on • Takes the human (mostly) out of the loop

  14. What Is Machine Learning? • “Machine learning explores the study and construction of algorithms that can learn from and perform predictive analysis on data” https://en.wikipedia.org/wiki/Machine_learning

  15. Why Machine Learning? • Supports data analysis • Supports characterization • Supports classification

  16. Machine Learning and Security • Supports the clustering of events and objects • Can identify similarities among data samples • Allows for the handling of groups of events • Allows for the identification of outliers • Supports the classification of events and objects • Can create classifiers based on historical ground truth • Takes the human (mostly) out of the loop

  17. AI Done Right • Learn from the right dataset • Filter data to avoid pollution • Elicit behavior that reveals the actual characteristics of the sample • Use multi-classification and clustering to identify evasive samples • Perform quality control of your learned models • Make sure you learn the right thing…

  18. Misuse vs. Anomaly Detection Model What’s Bad Model What’s Good

  19. Modeling Bad Behavior • Time consuming • Requires expert knowledge • Incomplete • Constantly outdated Model What’s Bad

  20. Learning Good Behavior • Automated • Continued • Comprehensive • Requires East-West traffic Model What’s Good

  21. How AI Fails

  22. AI has to Understand the Risk

  23. AI needs to understand the Risk vs.

  24. Learn What Your Network Does • Input: Netflow data, DNS resolutions, HTTP requests, DHCP logs, Active Directory data • Output: A network baseline model • Ports open • Recurrent name resolutions and repeated connections • HTTP request characteristics (and amount of errors) • Normal destinations of flows (flow fan-in/fan-out) • Normal amount of data sent/received • Time of activity, logins

  25. Identify Anomalies • Once the baseline model has been established, the system identifies outliers • A new service started on a host • An RDP connection has been established to a server that was never contacted before • An unusual amount of data has been uploaded to a never-seen-before host • An unusual amount of HTTP errors has been generated

  26. Pitfalls in Anomaly Detection Bad is anomalous Anomalous is bad

  27. AI-Based Network Security • False Positives • Limited Attack Chain Visibility Artificial Intelligence Network Traffic Anomalous Activity Normal Activity

  28. AI Done Wrong

  29. Why Vendors Love to say “AI” • Makes their product sound smarter • Helps spark interest • Better than saying “a bunch of nested signatures” • Because it’s not cool to say APT anymore

  30. Conclusion • You only have so many brain cycles. Let AI do its job to save you a few. • Work Smarter not Harder • Make sure you are using real genuine AI, not an imitation • Trust but Verify

  31. Introducing LastlineDefender The best AI-powered network security solution to stop advanced threats from entering and operating within your network.

  32. About Lastline Company • Founded in 2011 by 3 of the top 10 threat researchers in the world • HQ in Silicon Valley, California • Santa Barbara | Boston | London | Vienna | Tokyo • Strong financial backing from top venture firms Market Leadership • 8 million users • 600 enterprise customers • 50 OEM, service provider, and technology partners including SecureWorks & IBM Technology • Deterministic approach delivers unmatched visibility into threats operating in your network • Scales to largest enterprise deployments • On-premises or cloud deployment options Awards • Leadership awards by NSS Labs, Forrester, Frost & Sullivan • Winner of multiple industry awards

More Related