machine learning & applied ai to uncover unknown … › wp-content › uploads › ... · 1 ©...
TRANSCRIPT
© 2017 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL1
COGNITIVE CYBER DEFENSE
MURALI RAO
GLOBAL HEAD, CYBERSECURITY & RISK CONSULTING
MACHINE LEARNING & APPLIED AI TO
UNCOVER UNKNOWN THREATS
© 2017 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL2
If the “IQ level” of a traditional signature-
based antivirus can be compared to that
of an insect, then the correlation engine
of a modern security analytics solution is
about as “smart” as a frog catching flies.
-Alexei Balaganski, Kuppinger Cole
© 2017 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL3
Security Incident Life Cycle
SECURITY ANALYST
Analysis
Forensics
Resolution
Triage
Remediation
Investigation
Orchestration
© 2017 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL4
Security Incident Analysis
ELIMINATE THE OBVIOUS
UNDERSTAND THE ATTACK
IDENTIFY IMMEDIATE
IMPACT
TRACE THE EVENT BACK TO
SOURCE
RECONSTRUCT THE EVENT
DETERMINE SCALE OF
IMPACT
ATTACK SOURCE & PURPOSE
GATHER THE EVIDENCE
HAND OVER THE EVIDENCE
SECURITY ANALYST
FINDING ANSWERS
LOCKED IN DATA
OBSERVE
INTERPRET
EVALUATE
DECIDE
© 2017 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL5
Security Incident Analysis
SECURITY ANALYST
FINDING ANSWERS
LOCKED IN DATA
OBSERVE
INTERPRET
EVALUATE
DECIDE
TO ANALYSE UNKNOWN THREATS
MOST SECURITY ANALYSTS START HERE…
© 2017 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL6
Lack of data isn’t the problem, there’s TOO MUCH of it.
Visible Structured Data
Visible Unstructured Data
Logs, NetFlow, sFlow, PCAP, IPFIX, JDBC,
SNMP, Structured Threat Intel, STIX, TAXII, etc.
Hidden Unstructured Data
Blogs, Documents, Articles, Research Papers,
Tweets, Forums, News, Analyst Reports, etc.
Unstructured Threat Intel
Exploit Kits, Custom Malware, Zero-Day
vulnerabilities, User Credentials, Target Lists,
Chats, Cyber Criminal Marketplace,
Clandestine networks, Hacking groups,
Pedophiles, etc.
© 2017 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL7
Baseline our understanding of COGNITIVE SECURITY
COGNITIVE SECURITY
UTILIZES NATURAL LANGUAGE PROCESSING AND
MACHINE LEARNING METHODS TO ANALYZE BOTH
STRUCTURED AND UNSTRUCTURED SECURITY
INFORMATION THE WAY HUMANS DO.
Huge data size that transforms user experience with contextual
relevance and active dialogue
VOLUMEHigh-speed acquisition of data and near real-time availability of response.
VELOCITY
Great diversity of data formats & sources that require deep natural language processing
VARIETYNeed for data assurance that
leverages evidence-based insights with weighted confidence
VERACITY
TRAITS OF
CANDIDATE FOR
COGNITIVE
© 2017 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL8
Baseline our understanding of COGNITIVE SECURITY
MAKING COGNITIVE WORK
HISTORICAL EVENTS
Crown Jewels
C-level laptops
Spooked emails
Suspicious Logins
.….
CURATED BODY
OF KNOWLEDGE
HUMAN ANNOTATION &
SME UNDERSTANDING
COGNITIVE SYSTEM
MIMICS HUMAN LEARNING WHAT REALLY
MATTERS TO US
HOW COGNITIVE WORKS
Question &
Topic Analysis
Question
Decomposition
Hypothesis
Generation
Hypothesis &
Evidence ScoringSynthesis
Confidence
merging &
ranking
Hypothesis
GenerationHypothesis & Evidence Scoring
Response &
Confidence
Multiple
interpretations 100s of
possible answers
1000s of pieces
of evidence
100,000s of scores from many
deep analysis algorithms
Question
LEARNING = REPRESENTATION + EVALUATION + OPTIMIZATION
HUMAN
DECISION
ACTIVE
FEEDBACK
© 2017 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL9
Putting Cognitive Cyber Defense to work… some examples
APPLIES TO MAJORITY OF THE SECURITY INCIDENT ANALYSIS
PROCESS
ELIMINATE THE OBVIOUS
UNDERSTAND THE ATTACK
IDENTIFY IMMEDIATE
IMPACT
TRACE THE EVENT BACK TO
SOURCE
RECONSTRUCT THE EVENT
DETERMINE SCALE OF
IMPACT
ATTACK SOURCE & PURPOSE
GATHER THE EVIDENCE
HAND OVER THE EVIDENCE
▪ REDUCE TIME TO BUILD
THREAT CONTEXT
▪ UNCOVER PREVIOUSLY
UNKNOWN CONNECTIONS
▪ REDUCE THE ATTACK
SURFACE WITH NEW
INSIGHTS
▪ DISCOVER ATTACKER
TOOLS, TACTICS,
TECHNIQUES, &
PROCEDURES
© 2017 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL10
COGNITIVE CYBER DEFENSE MATURITY
SPEED
SKILL
RESOURCES
RELEVANCE
SIEM
© 2017 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL11
COGNITIVE CYBER DEFENSE MATURITY
SIEM
STRUCTURED
THREAT INTEL
SPEED
SKILL
RESOURCES
RELEVANCE
© 2017 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL12
COGNITIVE CYBER DEFENSE MATURITY
SIEM EDR
STRUCTURED
THREAT INTEL
NBAD UEBA
SPEED
SKILL
RESOURCES
RELEVANCE
© 2017 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL13
COGNITIVE CYBER DEFENSE MATURITY
SIEM
STRUCTURED
THREAT INTELSECURITY DATA LAKE
SPEED
SKILL
RESOURCES
RELEVANCE
THREAT HUNTING
EDR NBAD UEBA
© 2017 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL14
COGNITIVE CYBER DEFENSE MATURITY
SIEM
STRUCTURED
THREAT INTELSECURITY DATA LAKE
UNSTRUCTURED
THREAT INTEL
SPEED
SKILL
RESOURCES
RELEVANCE
BUSINESS
CONTEXT
THREAT HUNTING
EDR NBAD UEBA
© 2017 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL15
THREAT HUNTING
COGNITIVE CYBER DEFENSE MATURITY
SIEMEDR
STRUCTURED
THREAT INTELSECURITY DATA LAKE
NBAD UEBA
UNSTRUCTURED
THREAT INTELANALYTICS, INVESTIGATION & FORENSICS
SPEED
SKILL
RESOURCES
RELEVANCE
BUSINESS
CONTEXT
© 2017 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL16
COGNITIVE CYBER DEFENSE MATURITY
SIEM
STRUCTURED
THREAT INTELSECURITY DATA LAKE
UNSTRUCTURED
THREAT INTELANALYTICS, INVESTIGATION & FORENSICS
COGNITIVE
SECURITY
PLATFORM
SPEED
SKILL
RESOURCES
RELEVANCE
BUSINESS
CONTEXT
THREAT HUNTING
EDR NBAD UEBA
© 2017 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL17
COGNITIVE CYBER DEFENSE MATURITY
SIEM
STRUCTURED
THREAT INTELSECURITY DATA LAKE
UNSTRUCTURED
THREAT INTELANALYTICS, INVESTIGATION & FORENSICS
COGNITIVE
SECURITY
PLATFORM
SECURITY
ORCHESTRATION
& AUTOMATION
SPEED
SKILL
RESOURCES
RELEVANCE
BUSINESS
CONTEXT
THREAT HUNTING
EDR NBAD UEBA
© 2017 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL18
Things to ponder on
Security of Cognitive
Security
Re-engineering Skills
(Hunt, Data Science, etc.)
What happens in a Cloud
scenario?
Will Data Lake truly
deliver?
© 2017 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL19
WIPRO’S COGNITIVE CYBER DEFENSE ECOSYSTEM
SecureEye
586+ CUSTOMERS FORTUNE 1000 ENTERPRISES
7500+ PRACTITIONERSCYBER SEC. & RISK EXPERTISE
PLATFORMSFOR CYBER DEFENCE 10
VENTURE INVESTMENTSAND STRATEGIC PARTNERSHIPS
WIPRO
CYBERSECURITY &
RISK SERVICES
© 2017 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL20
Thank You
MURALI RAO
Global Head, Cybersecurity & Risk Consulting
[email protected] | +1 (650) 224-4571