joel windels - vp of marketing @ wandera - machine learning: the new frontier for zero-day security...

Joel Windels, VP MarketingMehul vora, head of pre-sales

MACHINE LEARNING: THE NEW FRONTIER FOR

ZERO-DAY SECURITY AND MOBILE DATA ANALYTICS

Machine learning hype

“Machine learning

is the science of getting

computers to act without being

explicitly

programmed”

Machine Learning

Traditional Machine Learning

Software

Input

Output

Software

Input

Output

Machine Learning Algorithms

Supervised Unsupervised

Hidden Markov model

Logistic regression

Linear regression

Anomaly detection

Clustering

Principal Component Analysis

Machine Learning Problems

classification regression

Champions

Hazard

Chelsea

Goals scored

Miles run per game

Number of fans

Google Translate

Uber

Netflix

AirBnb

For mobile security

Tireless Looks everywhere

ETERNAL IMPROVEMENT

Always online

Breakneck speed

2010 2011 2012 2013 2014 2015 20160.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1.0

20000

40000

60000

80000

Accuracy of results Quantity of training data

Size of d

ata

Mobile data boom

Mobile data boom

Why machine learning?

new malware variants in 2016

357 million

mobile malware: only 59 variants per family, though increasing

Symantec Internet Security Threat Report 2017https://www.symantec.com/content/dam/symantec/docs/reports/istr-22-2017-en.pdf

The Wandera challengeEvery month we see

2,168,777

Unique Domains Visited

890,448

Unique Apps Processed

1.175Billion

Requests Handled

58,226GB

Data Seen

481,386

High + Medium Severity Threats

Detected

Signatures are not enough

SusceptibleDevices

IdentifyVulnerabilities

App StoreDownload

IdentifyRisky Downloads

Malicious App

IdentifyOn-device Threat

Commandand Control

IdentifyLeaks & Exfiltration

Number of apps running

xkwtoznzvkpvgdedefeztwdmd.biz

yxofkncueqcnyyplqowlz.com

rwqojpuwdauooblrqgwcfypztcnznb.org

pndlihylmrxukcmnxduae.info

lnnaqlzeahvgtvwmbxqksczlewg.biz

tzdptukaezhpdmamtwwkjbvcdmca.biz

lrpkjvxeipgeiganbmjibrgfqq.biz

hmypqclzinrhapyllvxdegen.com

icmvscrzpghihetpnfikn.biz

cukzylcucqnzguwcvwemdqnfozts.net

gmtotggbudcuwgmhugymjtsd.info

yhtkbxnffmxcypgyeiovaqytxrgby.ru

eaaeyugabuhmhapnhwgozprq.org

lhakrtxcrwlfemgupirtqceu.net

Photo: Wendy Piersall / wendypiersall on Flickr - https://www.flickr.com/photos/wendypiersall/4406503559/ https://creativecommons.org/licenses/by/2.0/

The false alarm problem

Looking for rare events

1 bad event per million0.1% false alarm rate

Nearly 1000 false alarms per true alarm

Turn it off

The true alarm problem

Looking at big data

18 Bn DNS events per day1 bad event per million (say)

12.5 true alarms per minute

Turn it off

Rare doesn’t imply bad

Photo: Dennis Jarvis / archer10 on Flickr - https://www.flickr.com/photos/archer10/4062595504/ https://creativecommons.org/licenses/by-sa/2.0/

Spam email Phishing website Malware app Malware in PDF Worm propagation Malware control

Is it bad?

Image: JDHancock on Flickr, jdhancock.com - https://www.flickr.com/photos/jdhancock/6151250051https://creativecommons.org/licenses/by/2.0/

Mobile risk is broad

Vulnerabilities Data Leaks ThreatsRisky content

… and comes in varying degrees

State of the nation

RISKY CONTENT VULNERABILITIES DATA LEAKS THREATS

27%of corporate devices

run an out-of-date O/S with a

high severity rating

11%of corporate devices

attempt to access risky content every

day

50%of corporations operate devices with data loss

events involving password leaks

< 10%

of security incidents in 2016 involved mobile

malware

Looks can be deceiving

XCODEGHOST

Thousands of bad apps made with compromised compiler

FREE CALCULATOR

Basic app was fine Made more malicious with

additional download

FREE MUSIC PLAYER

Requested permissions to microphone and camera

Uploaded sensitive data to C&C service

Device that was jailbroken in real-time

Didn’t even have WebMD installed

Masqueraded as trusted medical app to avoid investigations

How we approach machine learning

SLocker

SLocker

Anomalous events

Future: The Internet of Toasters

Intel home energy sensor on toaster. Free Press / IntelFreePress on Flickrhttp://www.flickr.com/photos/54450095@N05/8634158491https://creativecommons.org/licenses/by-sa/2.0/