ARTIFICIAL INTELLIGENCE

to serve

THREAT PREVENTION

CHRISTIAN RAEMY | SENIOR SECURITY EXPERT

PASSION. PERSISTENCE.DRIVE.

Our mission is to protect everyone under the sun.

We’re passionate about securing enterprises from today’s cyberthreats by using

disruptive technologies like artificial intelligence and machine learning to predict

attacks before they cause damage.

Stuart McClure Ryan Permeh

▪ Malware is used in 90% of cyber

incidents

▪ Adversaries create huge

numbers of malware variants to

avoid detection… or they design

one just for you

▪ Unique malware is the norm

rendering traditional AV totally

useless.

▪ ~6 new malware every second!

2016 VERIZON DBIR

Source: http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/

How traditional AV vendors create a single signature

CLOUD

THREAT DB

ALL KNOWN

MALWARE

ZERO-DAY

MALWARE

t3

HUMAN MALWARE

RESEARCHERS

AND AUTOMATION

t2

TRIAGE AND

CLASSIFY

t1

COLLECT

SAMPLES

t0

NEW MALWARE

(LAST 24 HOURS)

t7

DEPLOY

SIGNATURE

t6

TEST

SIGNATURE FILE

t5

SECURITY ADMIN

UPDATES

t4

SIGNATURE

FILE

The Future of

Past Present Future

AV Hips /

Anti-Exploitation

Sandboxing Isolation EDR AI

Specialized Humans NeededPost-Execution

No HumansPre-Execution

Humans Needed

CylancePROTECT

leverages the power of

machines, not humans,

to dissect malware’s DNA.

Artificial intelligence then

determines if the code

is safe to run.

WHAT WE DO NOTWHAT WE DO

Oren Harari

"Edison’s electric light did

not come about from the

continuous improvement of

the candle…"

THE CASE FORARTIFICIAL INTELLIGENCE

AI every day, everywhere

AMAZON – Predictive wish and commercial proposition

NETFLIX – Movies and series proposal

FACEBOOK – Face recognition in pictures

SPOTIFY – Music proposition and radio

GOOGLE – AlphaGo, Best Go game player

APPLE – Siri, voice recognition and speech

Skype – Real time language translation

CYLANCE UNLOCKS THE

DNA OF MALWAREELASTIC CLOUD COMPUTING NOW

MAKES IT POSSIBLE

▪ Algorithmic science

puts machines to work to

separate bad from good

▪ Thousands of cloud nodes

COLLECT

HOW DO WE DO IT? ALGORITHMIC SCIENCE AND MACHINE LEARNING

TRANSFORM,

VECTORIZE AND TRAIN

X = [63796c616e6365]

X = [70726576656e74]

X = [70726f 74656374]

EXTRACT CLASSIFY

AND CLUSTER

Why Machine Learning is Hard

You See Your ML Algorithm Sees

Supervised Machine Learning (in 1 Slide (☺))

hθ(x(i))

Learning is adjusting the wi,j’s suchhat the cost

function J(θ) is minimized (a form of Hebbian learning)

AGENT DETAILS▪ Approved by Microsoft

▪ Agent stands alone or complements

the security stack

▪ <1-2% CPU | 40-60 MB footprint

▪ No cloud, no prior knowledge,

no signatures

▪ Minimal updates

▪ Windows XP SP3 – Windows 10

▪ VDI & Terminal Services compatible

▪ Server 2003 SP2 – Server 2016

▪ Mac OS X 10.9 – 10.12

▪ Linux CentOS-Redhat

Demo

POC AND DEPLOYMENT OVERVIEW

PHASE 1 PHASE 2 PHASE 3POLICY

MONITOR ONLY AUTO-QUARANTINE

MEMORY + SCRIPT

ALERT

THREATS FOUND

HOSTS

AUTO-QUARANTINE

MEMORY + SCRIPT

BLOCK

PHASE 4

OUTBRIEF

Deployment

Console Navigation

Review Detections

Policy Development

Zones

Final Scenario Testing

Full Protective StateReview findings

Outbrief with leadership

SE

Account Manager

SE

POC Threat Researcher

SE

POC Threat Researcher

SE

POC Threat Researcher

Account Manager

CUSTOMER

USE CASE

CUSTOMER PROFILE

Leader Watchmaking industry

With branch offices worldwide (~40 countries)

IT INFRASTRUCTURE

~1’300 Systems Windows Workstations and Servers

~100 Systems MAC

POC SCOPE

CYLANCE Protect Deployed on 200 Windows Workstations

1 Month (Deploy, background scan, triage, protection)

RESULT

~2’500’000 Files analyzed

~200 Unsafe Files detected :

▪ 150 Addware, Spyware and Unwanted Program

▪ 30 PUP (admin tool, specific tool, security scanner)

▪ 10 False-positive (own development, tools)

▪ 7 Malwares (Bank Trojan, Backdor)

▪ 3 Zero Day (Ransomware undetected by AV)

QUESTIONSAND

ANSWERS