ai and machine learning in endpoint cyber attack...machine learning • easy to get 99.9% accuracy...
TRANSCRIPT
![Page 1: AI and Machine Learning in Endpoint Cyber Attack...Machine Learning • Easy to get 99.9% accuracy • Hardto get 99.99999% accuracy • Last ~0.01% is: good training data and features](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f0206467e708231d4023398/html5/thumbnails/1.jpg)
AI and Machine Learning in Endpoint Cyber Attack
Jared Phipps
Vice President Worldwide Sales Engineering
![Page 2: AI and Machine Learning in Endpoint Cyber Attack...Machine Learning • Easy to get 99.9% accuracy • Hardto get 99.99999% accuracy • Last ~0.01% is: good training data and features](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f0206467e708231d4023398/html5/thumbnails/2.jpg)
Source: Ponemon Institute Source: Verizon DBIR 2017
90%
80%
70%
60%
50%
40%
30%
20%
10%
0
80%
20%
71%
29%
65%
35%
Breaches And Malware Use In Breaches Continues
Trending Up
What tactics do they use?
62%Of breaches
featured hacking
51%Over half breaches
includes malware
81%Of hacking-related breaches leveraged
either stolen and/or weak password
F Y 2 0 1 6 F Y 2 0 1 7 F Y 2 0 1 8
![Page 3: AI and Machine Learning in Endpoint Cyber Attack...Machine Learning • Easy to get 99.9% accuracy • Hardto get 99.99999% accuracy • Last ~0.01% is: good training data and features](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f0206467e708231d4023398/html5/thumbnails/3.jpg)
Hope is not a strategy
![Page 4: AI and Machine Learning in Endpoint Cyber Attack...Machine Learning • Easy to get 99.9% accuracy • Hardto get 99.99999% accuracy • Last ~0.01% is: good training data and features](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f0206467e708231d4023398/html5/thumbnails/4.jpg)
Threat Landscape
Malware
Exploits
Live
Attacks
Document-based
exploits
Browser-based exploits
Application-based
exploits
Ransomware, Trojans, worms,
backdoors
File-less / Memory-based malware
Script-based: Powershell,
WMI, VBS
Credentials: credential-
scraping, Mimikatz
![Page 5: AI and Machine Learning in Endpoint Cyber Attack...Machine Learning • Easy to get 99.9% accuracy • Hardto get 99.99999% accuracy • Last ~0.01% is: good training data and features](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f0206467e708231d4023398/html5/thumbnails/5.jpg)
![Page 6: AI and Machine Learning in Endpoint Cyber Attack...Machine Learning • Easy to get 99.9% accuracy • Hardto get 99.99999% accuracy • Last ~0.01% is: good training data and features](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f0206467e708231d4023398/html5/thumbnails/6.jpg)
![Page 7: AI and Machine Learning in Endpoint Cyber Attack...Machine Learning • Easy to get 99.9% accuracy • Hardto get 99.99999% accuracy • Last ~0.01% is: good training data and features](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f0206467e708231d4023398/html5/thumbnails/7.jpg)
![Page 8: AI and Machine Learning in Endpoint Cyber Attack...Machine Learning • Easy to get 99.9% accuracy • Hardto get 99.99999% accuracy • Last ~0.01% is: good training data and features](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f0206467e708231d4023398/html5/thumbnails/8.jpg)
Q: Can we relay on signatures and reputation data for
Endpoint Protection?
A: How hard is it to change a file hash?
![Page 9: AI and Machine Learning in Endpoint Cyber Attack...Machine Learning • Easy to get 99.9% accuracy • Hardto get 99.99999% accuracy • Last ~0.01% is: good training data and features](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f0206467e708231d4023398/html5/thumbnails/9.jpg)
(It’s never too early
for XKCD)
![Page 10: AI and Machine Learning in Endpoint Cyber Attack...Machine Learning • Easy to get 99.9% accuracy • Hardto get 99.99999% accuracy • Last ~0.01% is: good training data and features](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f0206467e708231d4023398/html5/thumbnails/10.jpg)
© 2018 SentinelOne All Rights Reserved. Confidential
Secret Sauce
What is it?
![Page 11: AI and Machine Learning in Endpoint Cyber Attack...Machine Learning • Easy to get 99.9% accuracy • Hardto get 99.99999% accuracy • Last ~0.01% is: good training data and features](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f0206467e708231d4023398/html5/thumbnails/11.jpg)
© 2018 SentinelOne All Rights Reserved. Confidential
Data.
![Page 12: AI and Machine Learning in Endpoint Cyber Attack...Machine Learning • Easy to get 99.9% accuracy • Hardto get 99.99999% accuracy • Last ~0.01% is: good training data and features](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f0206467e708231d4023398/html5/thumbnails/12.jpg)
© 2018 SentinelOne All Rights Reserved. Confidential
Static Engine Model Creation
![Page 13: AI and Machine Learning in Endpoint Cyber Attack...Machine Learning • Easy to get 99.9% accuracy • Hardto get 99.99999% accuracy • Last ~0.01% is: good training data and features](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f0206467e708231d4023398/html5/thumbnails/13.jpg)
© 2018 SentinelOne All Rights Reserved. Confidential
![Page 14: AI and Machine Learning in Endpoint Cyber Attack...Machine Learning • Easy to get 99.9% accuracy • Hardto get 99.99999% accuracy • Last ~0.01% is: good training data and features](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f0206467e708231d4023398/html5/thumbnails/14.jpg)
© 2018 SentinelOne All Rights Reserved. Confidential
The first visualization you
look at will always reveal a
data quality error, and if it
doesn’t reveal a data quality
error, that just means you
haven’t found one yet. — Hadley
Wickam
Data Exploration
![Page 15: AI and Machine Learning in Endpoint Cyber Attack...Machine Learning • Easy to get 99.9% accuracy • Hardto get 99.99999% accuracy • Last ~0.01% is: good training data and features](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f0206467e708231d4023398/html5/thumbnails/15.jpg)
© 2018 SentinelOne All Rights Reserved. Confidential
t-Distributed Stochastic Neighbor
Embedding (t-SNE) Visualization
![Page 16: AI and Machine Learning in Endpoint Cyber Attack...Machine Learning • Easy to get 99.9% accuracy • Hardto get 99.99999% accuracy • Last ~0.01% is: good training data and features](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f0206467e708231d4023398/html5/thumbnails/16.jpg)
© 2018 SentinelOne All Rights Reserved. Confidential
Machine Learning
• Easy to get 99.9% accuracy
• Hard to get 99.99999% accuracy
• Last ~0.01% is:
good training data and features
super important (1 FP every 10k files is bad)
more skill = less “stirring”
![Page 17: AI and Machine Learning in Endpoint Cyber Attack...Machine Learning • Easy to get 99.9% accuracy • Hardto get 99.99999% accuracy • Last ~0.01% is: good training data and features](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f0206467e708231d4023398/html5/thumbnails/17.jpg)
© 2018 SentinelOne All Rights Reserved. Confidential
What is learning?learned function
aka decision boundary
aka model
![Page 18: AI and Machine Learning in Endpoint Cyber Attack...Machine Learning • Easy to get 99.9% accuracy • Hardto get 99.99999% accuracy • Last ~0.01% is: good training data and features](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f0206467e708231d4023398/html5/thumbnails/18.jpg)
© 2018 SentinelOne All Rights Reserved. Confidential
Learning / Training / Fitting a
Model
![Page 19: AI and Machine Learning in Endpoint Cyber Attack...Machine Learning • Easy to get 99.9% accuracy • Hardto get 99.99999% accuracy • Last ~0.01% is: good training data and features](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f0206467e708231d4023398/html5/thumbnails/19.jpg)
APT > Malware
(enter Behavioral models)
![Page 20: AI and Machine Learning in Endpoint Cyber Attack...Machine Learning • Easy to get 99.9% accuracy • Hardto get 99.99999% accuracy • Last ~0.01% is: good training data and features](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f0206467e708231d4023398/html5/thumbnails/20.jpg)
The S1 Platform: The Right Technology at the Right Time
BEFORE
Static
AIPrevent attacks
pre-execution
DURING
Behavioral
AIConstantly monitor and
map each running
process for
incongruous behaviors
AFTER
Automated
EDRAutomate remediation
and response...even
rollback
![Page 21: AI and Machine Learning in Endpoint Cyber Attack...Machine Learning • Easy to get 99.9% accuracy • Hardto get 99.99999% accuracy • Last ~0.01% is: good training data and features](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f0206467e708231d4023398/html5/thumbnails/21.jpg)
Live Scenarios
![Page 22: AI and Machine Learning in Endpoint Cyber Attack...Machine Learning • Easy to get 99.9% accuracy • Hardto get 99.99999% accuracy • Last ~0.01% is: good training data and features](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f0206467e708231d4023398/html5/thumbnails/22.jpg)
Where the EPP market is going ?
On ExecutionPre-Execution
Cloud Intelligence +
Whitelisting / Blacklisting
Post-Execution
Mitigation Remediation
Forensics
Dynamic Malware
Detection
Dynamic Exploit
DetectionAdvanced
Static Prevention
11010
101010
11001
+ +
In a single agent
![Page 23: AI and Machine Learning in Endpoint Cyber Attack...Machine Learning • Easy to get 99.9% accuracy • Hardto get 99.99999% accuracy • Last ~0.01% is: good training data and features](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f0206467e708231d4023398/html5/thumbnails/23.jpg)
Must Haves in Your Legacy AV Replacement
• Be autonomous. It must have the built in logic to be just as effective
offline as it is online. In other words, NOT cloud reliant.
• Be protective by reliably mitigating file-based & fileless attacks
• Provide visibility for SecOps (storyline, raw data & hunting)
• Not be a pain for SysOps (deployment, operation, remediation)
• Not be a pain for end users