Transcription
Battle between hackers and machinelearningAlexey LukatskyCybersecurity Business ConsultantApril 03, 2019
Google: facts and numbers
Real Cisco Big Data for Security Training Set
Why is Machine Learning so useful in Security?StaticEvolving SecurityWith limited variability or iswell-understoodThe security domain is always evolving,has a large amount of variability,and is not well-understood 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Finding Malicious Activity in Encrypted TrafficCognitiveAnalyticsNetFlowTelemetry forencrypted malware detectionandcryptographic complianceLeveraged networkFaster investigationEnhanced NetFlow fromCisco’s newest switches androutersEnhanced analyticsand machine learning* Future support coming soon for ISR and ASR systemsMalwaredetection andcryptographiccomplianceEnhancedNetFlowHigher precisionGlobal-to-localknowledge correlationStronger protectionContinuous enterprisewide compliance
Malicious Use of Legitimate ResourcesCybercriminals are adopting command-and-control channels that rely on legitimate Internetservices, making malware traffic almost impossible to shut downEasy SetupIP AddressLeverageEncryption for C2Reduce Burning InfrastructureWhitelistedSubverts Domain andCertificate IntelligenceAdaptability
Internet anomalies typically detectedSample report demonstrating an advanced threat visibility gap: http://cognitive.cisco.com/preview
Insider ThreatMachine learning algorithms can greatly help detect internal malicious actors5200“Data”PDFs62%High*docs per userwas the most popularkeyword in doc titleswere the most commonfile typeoccur outside ofnormal work hoursaccuracy of malicious activitydetection since June 2017
Compromised Cloud Account Detection
How Malicious Actors Leverage DomainsType of AttackRLD RegisteredTimes20%OtherNew or ReusedDomains60%Spam20%Malvertising20%Less than1 week80%More than1 weekOrganizations need to minimize access to malicious domains42%58%NewReused
DNS predictivemodels2M live events per second11B historical eventsGuilt by inference Co-occurrence model Sender rank model Secure rank modelGuilt by association Predictive IP Space Modeling Passive DNS and WHOIS CorrelationPatterns of guilt Spike rank model Natural Language Processingrank model Live DGA prediction
Suspicious events in internal networkSource or target ofmalicious behaviorScanning, excessivenetwork activity suchas file copying ortransfer, policyviolation, etc.ReconnaissancePort scanning forvulnerabilities orrunning servicesCommandand ControlDDoSActivityInsiderthreatsCommunication backto an external remotecontrolling serverthrough malwareSending or receivingSYN flood and othertypes of data floodsData hoarding anddata exfiltration
Market Expectations: Modern WorkplaceThe modern workplace will continue to createconditions that favor the attackers The footprint security executives must secure continuesto expand Employees increasingly carry their work (and thecompany’s data) with them wherever they go—a welldocumented source of exposure Clients, partners and suppliers all need secure access tocorporate resources With the increasing deployment of IoT sensors, etc.,companies’ interfaces to the internet will multiplydramatically
Market Expectations: AI and Machine LearningMore spending on AI/ML capabilities AI, ML and automation increasingly desired and expected 83%: Reliant on automation to reduce level of effort to securethe organization 74%: Reliant on AI to reduce level of effort to secure theorganization CISOs expect to take increasing advantage of AI and robotics 92% of security professionals say behavior analytics tools workwell in identifying bad actors
What about Russia?How are you using AI/ML in your cybersecurity? (%)I understand ML incybersecurity and haveactive pilots for thistechnologyI think it’s marketingbull sheetI used integrated ML inmy products but I don’tunderstand how itworksI’m only thinking aboutit0102030405060Source: Лукацкий А.В., IDC Security Roadshow
AI in cyber security isn’t panacea but futureSignatures and IoCRulesStatistical modelsIDS, AV, NGIPS, EDR, TIPNGFW, WSA, SIEM, ESANetflow 2018 Cisco and/or its affiliates. All rights reserved. Cisco PublicAI algorithms
References for Cisco Cyber Security & Machine g/machine-learninghttp://www.cisco-ai.comYou can test all of our Cisco Security Solutions 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
NERD ALERTThank you!
Battle between hackers and machine learning Alexey Lukatsky Cybersecurity Business Consultant April 03, 2019. Google: facts and numbers. . Machine learning algorithms can greatly help detect internal malicious actors 62% occur outside of normal work hours 5200 docs per user PDFs
