Click to edit Master title style - CEPS

Click to edit Master title style - CEPS

AI and Cyber Security Friends or Foes? INCIDENT ANALYSIS WITH ARTIFICIAL INTELLIGENCE CEPS Brussels 29 May 2018 Jonathan Sage Government and Regulatory Affairs, Cyber Security Policy lead, Europe May 2018 Evolution of security technology - three waves LAYERED DEFENSES 2 IBM Security INTELLIGENCE and INTEGRATION CLOUD, AI and ORCHESTRATION, COLLABORATION Goals of a security operations team are core to business and important for compliance for instance NIS and GDPR in the EU

Protect critical systems & data 3 IBM Security Respond to incidents accurately and quickly Outthink cyber criminals But the pressures today make them hard to keep up with My workload is overwhelming and repetitive. IBM Security 4

I dont know where to focus my time for the quickest response. Unaddressed Threats Skills Shortage There is so much information out there, its impossible to find whats useful. Data Overload Results of the Cognitive Security Study Intelligence gap

Speed gap #1 most challenging area due to insufficient resources is threat research (65% selecting) #3 highest cybersecurity challenge today is keeping current on new threats and vulnerabilities (40% selecting) The top cybersecurity challenge today and tomorrow is reducing average incident response and resolution time This is despite the fact that 80% said their incident response speed is much faster than two years ago Accuracy gap #2 most challenging area today is optimizing accuracy alerts (too many false positives)

#3 most challenging area due to insufficient resources is threat identification, monitoring and escalating potential incidents (61% selecting) Addressing gaps while managing cost and ROI pressures 2015 IBM Corporation 5 IBM Security Page 5 A universe of security knowledge Dark to your defenses Traditional Security Data Human Generated Knowledge Security events and alerts Logs and configuration data Research documents

Webpages Industry publications Wikis Forensic information Blogs Threat intelligence commentary News sources Newsletters

Tweets Conference presentations 2015 IBM Corporation 6 IBM Security Page 6 User and network activity Threat and vulnerability feeds Analyst reports What role does Artificial intelligence play? Bridging this gap / new partnership between security analysts and their technology Human Expertise Morals Dilemmas

Compassion Generalization Security Analytics Data correlation Pattern identification Anomaly detection Prioritization Data visualization Workflow 7 IBM Security UNDERSTAND | REASON | LEARN Common sense Abstraction AI: Cognitive Security Unstructured analysis Natural language Question and answer Machine learning Bias elimination Tradeoff analytics

How it works Building the knowledge with QRadar Watson Advisor 5 Minutes Structured Security Data 1 Hour 1-3 Day Crawl of Critical Unstructured Security Data Massive Crawl of all Security Related Data on Web 5-10 updates / hour! X-Force Exchange Trusted partner data Open source Billions of Paid data Data Elements Blogs Websites News,

- Indicators - Vulnerabilities - Malware names, - New actors - Campaigns - Malware outbreaks - Indicators, Filtering + Machine Learning Removes Unnecessary Information 100K updates / week! Breach replies Attack write-ups Best practices Millions of - Course of action Documents - Actors - Trends - Indicators, 3:1 Reduction Machine Learning / Natural Language Processing

Extracts and Annotates Collected Data Billions of Nodes / Edges 8 IBM Security Massive Security Knowledge Graph QRadar Advisor for Watson enables Accelerated Analysis Uses AI to analyze real-time incidents for triage Gathers external and internal threat indicators from alert Performs external (threat intelligence research) and internal research on indicators and entities (hash, domain, IP, users, filename etc.) Highlights the existence and identity of threat or outliers Offers natural language

search 9 IBM Security Intelligent Investigation Identifies if communication with threat has occurred or was blocked Highlights if malware has executed Identifies criticality of systems impacted in Gives visibility to higher priority risks and threats from insiders Connects other threat entities from original offense to show relationship Provides input for ad-hoc investigation Faster Response Provides pertinent information to escalate Automatic hunting for

indicators Exports threat and indicators to IR process for remediation and/or blocking Automatically adds additional discovered threat indicators to watch lists to reduce risk of missing threats Cybercriminals becoming increasingly sophisticated and collaborative Crime rings collaborate in the dark web sharing techniques, launching attacks through popular social media, email, etc. Level of organization and productivity that would be the envy of most businesses offering customer support and money-back guarantees if their tools don't result in successful hack Stay a step ahead of the attackers, which is why IBM has white hat security researchers trolling the dark web every day to monitor latest on cyberattack strategies 10 IBM Security Friend or Foe?

It is an arms race, and some are more advanced than others. Technology is the battlefield and we have to recognize the well-equipped adversary we are fighting against. Proof point: IBM's Security Services teams monitor billions of events across the globe and last year, more than 2.9 bn records were reported breached Protecting citizens, consumers and employees is a proactive/ongoing journey. Governments and industry can never rest on their laurels. 11 IBM Security THANK YOU FOLLOW US ON: ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or

service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. How it works Cognitive applied for cybersecurity Ingest mass amounts of data Classify, select, and normalize data Natural language processing for security context Training and learning with feedback Relational analysis visualized through knowledge graphs 13 IBM Security Friend or Foe? Both 14 IBM Security

How it works Use cases further defined Utilize locally gathered and Watson external threat intelligence to gain broader context within your investigations Understand and quickly assess threats to know if they bypassed your layered defenses or if they were stopped dead in their tracks Realize reach of threats and its effects on other users and systems in your ecosystem Identify users and critical assets when they involved in an incident and quickly pivot to gain details on user behavior activity and asset metadata Understand malware and ransomware sources, delivery methods and related components to help quickly determine your impact and next courses of action 15 IBM Security Resources Knowledge Center latest with whats new, support, etc. Upcoming Events webinars, local events, etc. Links to Short How-to Videos: QRadar Watson Advisor Trial Request, Download, and Installa tion QRadar Watson Advisor Configuration QRadar Watson Advisor Incident Overview and Analysis Links to informational and demo videos:

Taking SIEM Cognitive In 3 minutes (Jose Bravo and Chris Hankins) Poison Ivy Malware Video Suspicious Activity (CozyDuke) Video Link to Self-Help Support Forum AppExchange On-demand webinar Rock your SOC (Security Operations Center) with Watson for Cyber Security Solution brief 16 IBM Security Contacts OFFERING MANAGEMENT SALES & TECHNICAL SALES Chris Hankins ( [email protected]) Offering Manager Cognitive Security Jim Gottardi ([email protected]) Worldwide Client Success Security Intelligence SaaS Lead Uwe Hofmann (

[email protected]) Worldwide Tech Lead Security Intelligence Carma Austin ([email protected]) NA Program Lead Cognitive Security Adam Lyons ([email protected]) NA Sales Leader Cognitive Security Gerd Rademann ( [email protected]) Europe Program Lead Cognitive Security 17 IBM Security Backup

Recently Viewed Presentations

  • Communicate via Drawing

    Communicate via Drawing

    Using Drawings to Communicate . Lecture 2 - How to create front, top, & right side views of a part. communicate design intent. How can you sketch this angle bracket to convey its shape effectively? communicate design intent. communicate design...
  • Microsoft Teams - School District of Bonduel

    Microsoft Teams - School District of Bonduel

    Microsoft Teams. Microsoft Classroom has been replaced by Microsoft Teams. Similar with a few improvements. Your classes should already be loaded. You can add a teacher. If you co-teach or would like SWD teachers to have access to class materials....
  • ACEs Essentials of Exercise Science for Fitness Professionals

    ACEs Essentials of Exercise Science for Fitness Professionals

    Cardiac output (Q) = Stroke volume (SV) x Heart rate (HR) (in beats per minute) Stroke volume is the amount of blood pumped during each heartbeat. Cardiac output increases due to increases in both SV and HR. HR typically increases...
  • VII. Fungal Diseases

    VII. Fungal Diseases

    VII. Fungal Diseases A. Basic Properties of the Fungi B. Candidiasis C. Dermatomycoses D. Respiratory Fungal Infections VII. A. Basic Properties of the Fungi Cellular Structure Eukaryotic Cells Fungal Cell Wall Structure Chitin Cellulose Heterotrophic Metabolism Decomposers Some parasitic species...
  • 2010-2011 Special Education Paraprofessional Training Series Supporting Young

    2010-2011 Special Education Paraprofessional Training Series Supporting Young

    Provide feedback for the effort, thinking, and problem solving (e.g., What a great idea! Brilliant thinking in figuring that out!) versus emphasizing quality of work (e.g., You did a dynamite job in coloring that entire picture!). Balance positive feedback and...
  • Y9 science revision

    Y9 science revision

    Pressure & moments. Gravity & space project. resources. There are links to useful revision resources on VLE. Log onto mypershore and select science folder/KS3/Y9revision. These can be accessed at home via the internet.
  • World War I

    World War I

    Germany gets stuck in a two front war. Western Front (France) "Bloody Stalemate" Trench Warfare. Eastern Front (German/Russian Border) Russian supply lines are SLOW. Russia's strength is its SIZE *** Other Fronts(German/Russian Border) Gallipoli Campaign (Ottoman Empire) Colonies in Africa/Asia....
  • U.S. Department of Energy Consolidated Audit Program 1

    U.S. Department of Energy Consolidated Audit Program 1

    Logging In. Ensure that you have Internet access. You must first have the VDI Client Installed on the device you are using and launch the program.