Upload
others
View
6
Download
0
Embed Size (px)
Citation preview
A New Era of Cyber Threats: The Shift to Self-Learning, Self-Defending Networks
Jeff Cornelius, Ph.D., EVP
Trust Attacks
‘Trust attacks’ seek to undermine data integrity
Characterized by stealth and sophistication
Seek to manipulate rather than exfiltrate
Threat to reputation and stability of target organization
Artificial Intelligence Attacks
Observe a network in order to blend into the background
Emergence of polymorphic malware
Algorithms fighting algorithms
Battle is now taking place inside the network
Machine Learning is Hard to Get Right
No two networks are alike – needs to work in every network
On-premise, virtualized, Cloud, SaaS, segmented
Needs to work without customer configuration or tuning of models
Needs to support teams with varying security & math skills
Must deliver value immediately, but keep learning and adapting as it goes
Must have linear scalability
Cannot rely on training sets of data
Questions for Evaluating Machine Learning Technologies
What does the machine learning do?
Is the technology proven? Who uses?
Do you need mathematicians to support it?
Is machine learning at the technology’s core or used as a feature?
Does it require model tuning?
Can it be used on premise and in the cloud?
Next Step in Automation: Self-Defending Network
Automatically produces real-time active responses to potential threats
Does not rely on predefined signatures or prior knowledge
Slows down or stops the progress of novel threats within the network
Gives security team critical time to catch up
Automating the Analyst
Continued research and development into automation and assisting the human analyst
Classify unusual activity into benign or potential threat
Perform greater analysis of multiple weak indicators to raise awareness of increasing subtle attack above the threshold
Introducing supervised machine learning into detection
100% Visibility
Cloud and Virtual Deployments SaaS Connectors
Monitor critical data being accessed entirely over untrusted networks or in the cloud
vSensors – lightweight virtual appliances that capture traffic between VMs
OS-Sensors – host-based server agents for third-party clouds
Connectors available for SaaS applications
Cover rich datasets to monitor: User logins File changes Data transfers Data downloads
Interfacing to Other Systems
Add Enterprise Immune System visibility to existing systems
SIEMs and legacy reporting tools SOCs Email/pager/alert systems Out of the box integration Fully customizable API
Video Conferencing Camera Hack
Video conferencing camera was transmitting data outside the network
Camera had been compromised by a remote attacker
Attacker was aiming to either: Steal corporate information Take remote control of the device to launch a DDoS attack on another network
Would not have been detected through signature-based defenses – the activity was not inherently malicious
Industry: Retail
Point of Entry: Video conference camera
Apparent Objective: New attack vector, information theft
GLOBAL THREAT CASE STUDY
Bitcoin Mining Industry: Finance
Point of Entry: Machine
Apparent Objective: Personal gain in electronic currency
Machine sharing computing power with third party
Machine had been integrated into a network of compromised devices
Observed regularly mining for Bitcoins
Contacted locations that no other internal computers were talking to
GLOBAL THREAT CASE STUDY
Data Exfiltration from the Cloud
Company reliant on Amazon Drive for storage
Employee with system admin privileges altered access rules
Downloaded large volumes of data
Would not have been detected by traditional defenses – cloud environments are a blind spot
Industry: Finance
Point of Entry: Amazon Drive
Apparent Objective: Transmit mass amounts of data by altering admin credentials
GLOBAL THREAT CASE STUDY
Insider Threat
Malicious and non-malicious
Employee knowledge is advanced
Privileged users are aware of technical mistakes and blind spots
Best practices only go so far
IoT
Fridges, coffee machines, traffic lights – it’s all the same internet
Challenge is securing new class of internet-connected devices
Embedded system, difficult to upgrade or replace
20% of devices on typical corporate network are IoT
So many devices and protocols mean an ability to learn is vital – legacy and endpoint solutions don’t even try
ICS/SCADA Systems
Sharp increase in attacks in ICS environments
Convergence of IT and OT networks
Perimeter defenses and airgapping not enough
Traditional solutions don’t work in ICS/SCADA environments
Digital Supply Chains introduce new risks
Many ICS environments don’t have a dedicated security team
Cyber Risk Insurance
Many firms would not meet a general ‘reasonableness’ standard for preparedness Companies often start security at the bottom As a results, boards and officers could be made to look negligent in a court of law If a company doesn’t have enough cyber insurance, the C-suite and board could lose their personal assets
Start at the top instead of the bottom
Supply Chain & Third Party Systems
Hundreds of vendors and contractors have access to an organization’s network
More stringent review of security in business relationships, including long security questionnaires
Vendor management, procurement and chief risk officers are trying to manually assess supply chain cyber risk
Cyber risk score would highlight those vendors who pose a high risk
Mergers & Acquisitions
M&A toolkit is useful before, during, and after M&A transactions
Used to identify whether there is evidence that another entity has likely copied intellectual property
Best practices suggest that networks be immediately connected upon deal closure
But what if the parent or child network has been infiltrated? Then both networks would be at risk
Conclusion
Stealth and sophistication of threats are increasing
Machine learning technologies will be fundamental
Ask the right questions when evaluating
Try technology before buying
Over 2,000 Deployments – From SMEs to Global Banks
Q & A Questions
Proof of Value
No-Cost, 4 week trial, no obligation Appliance deployed in your environment Installed in 1 hour Analysis of what we find and how we find it Weekly, custom-made Threat Intelligence Reports from world-leading analysts Joint commitment