May 2017

Advanced Machine Learning Cyber Security Analytics

© 2017 Unisys Corporation. All rights reserved. 22

Unisys Builds Large Advanced Data Analytics Mission Critical Knowledge Environments

We process more than 1.3 Billion transactions a day and 700,000 queries a day predicting threats against the US.

Unisys has been supporting DHS for more than 15 years.

On a Typical Day, Department of Homeland Security-

Customs and Border Protection (DHS-CBP)

• Processes 932,456 passengers and pedestrians

• Processes 64,483 truck, rail, and sea containers

• Seizes 13,717 pounds of drugs

© 2017 Unisys Corporation. All rights reserved. 33

Unisys Advanced Cyber Intelligence Platform

• Behavioral Anomaly Detection Models

– Models for the prediction of malicious network activity across the enterprise

– Works with your current Security information and event management (SIEM)

• Threat Intelligence Engine

– Models providing increased visibility into known threats

– Improved context and intelligence through the correlation of multiple threat feeds

– Unique partnership with Team Cymru, Recorded Future, Farsight and Unisys Intelligence Feeds

• Advanced Dynamic Microsegmentation Model

– Utilizes network data to provide near real time microsegmentation

– Integrates with most Software Designed Security (SDS) Solutions including Unisys Stealth

Our Cyber Intelligence

Platform can easily be

integrated with your

current Security

Operations Center

(SOC) operations for

increased security

capabilities leveraging

machine learning and

predictive models

© 2017 Unisys Corporation. All rights reserved. 44

Cyber Intelligence Platform

© 2017 Unisys Corporation. All rights reserved. 55

Reconnaissance

Lateral movement

Command and control

Exfiltration

Threat behavior use cases

IP address

Host name

URL

UserID

Hash

Registry entryand file

Discrete indicators of compromiseVulnerabilities

Compliance

Malware analysis

Open source intel

Industry licensed intel

Unisys-specific intel

Advanced Predictive Model API

MSS Cyber Threat Intelligence

• Normalization

• Threat actor tracking

• Attacker use cases

Managed Security Services (MSS) Cyber Threat

Intelligence Team

Unisys Cyber Threat Intelligence Platform

UnisysSOC Network

© 2017 Unisys Corporation. All rights reserved. 66

Retail Bank Social and Dark Web Threat IntelligenceBusiness Problem • Need for additional threat intelligence and context

for risks to the enterprise

Business Benefits• Physical threat to locations and executives

• Intelligence on dark web chatter specifically focused on the brand and banking threats in general

• Exposed network credentials, phishing attempts, CC numbers and advanced intelligence prior to events

• Integration with current SIM and security tools for easy implementation into existing processes

Our Solution• Our unified social and dark web listening solution

eliminates noise and provides a level of intelligence that has not been available before

© 2017 Unisys Corporation. All rights reserved. 77

Large Utility ClientAdvanced ML and Predictive Threat DetectionBusiness Problem • Ingest network data from existing SIEM tool and

SOC environment to identify cyber threats before they occur

Business Benefits• Identifying network anomalies for both external and

internal threats near-real time

• Expanding the overall capabilities and time to action for the SOC and Security personnel

• Reduced false positives

• Identification of unknown malicious activities through advanced anomaly detection

Our Solution• Our unified cyber security-risk platform —

implementing machine-learning to provide a comprehensive cyber-threat defense capability

© 2017 Unisys Corporation. All rights reserved. 88

University Network Application Optimization

Business Problem • Extreme network peaks and degradation in

availability; unidentified issues causing network failure

Business Benefits• Network behavioral models identify high demand

peaks and application utilization

• Machine Learning helps to provide insights to predict potential network issues before they happen

• Optimization of hardware and cloud infrastructure investment to maintain network performance

Our Solution• Our network anomaly detection models for

applications and machine learning provide real time insights and predict patterns of usage through actionable intelligence

Thank you!

Learn more at: Unisys.com/CybersecurityAnalyticsLearn more at: Unisys.com/CybersecurityAnalytics