art hathaway - artificial intelligence - real threat prevention
TRANSCRIPT
![Page 1: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/1.jpg)
Artificial Intelligence.Real Threat Prevention.
Art HathawayRegional Sales Director, Ohio Valley
Steve RichardsSales Engineer, Ohio Valley
![Page 2: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/2.jpg)
![Page 3: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/3.jpg)
3 | © 2015 Cylance, Inc.
The Future of Security
Past
Pre-ExecutionHumans Needed
Present Future
AV SANDBOXING ISOLATION EDR
Post-Execution
z
Pre-ExecutionNo Humans
AI
HIPS / ANTI-EXPLOITATION
![Page 4: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/4.jpg)
4 | © 2015 Cylance, Inc.
Required Solution
Reduce risk by preventing malware before it executes.
Cylance prevents malware by using Artificial Intelligence tounlock the DNA of advanced threats.
![Page 5: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/5.jpg)
5 | © 2015 Cylance, Inc.
Algorithmic Science• Machine Learning• Cluster & Classify• Pandora ML
Confidence Scoring
Threat Indicators• Anomalies• Collection• Data Loss• Deception• Destruction
Collect / Classify / Context
![Page 6: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/6.jpg)
6 | © 2015 Cylance, Inc.
How It Works
EXTRACT
COLLECT CLASSIFY& CLUSTER
TRANSFORM,VECTORIZE
& TRAIN
BAD
GOOD
![Page 7: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/7.jpg)
7 | © 2015 Cylance, Inc.
What is a Feature / Attribute
![Page 8: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/8.jpg)
8 | © 2015 Cylance, Inc.
Extract ~15,000,000 features
RosAsm Base3.exe PE File Structure
DosMZ Header
DOS Stub
PE File HeaderPE Signature
Image_Optional_Header
Section TableArray of Image_Section Headers
Sections.idata
.rsrc
.data
.text
.src
Directories
lea rcx,[rdi+20h]mov qword ptr [rdi+8],r13mov qword ptr [rdi+10h],r13mov qword ptr [rdi+18h],r13mov qword ptr [rcx+20h],r12mov qword ptr [rcx+18h],r13lea rdx,[rsp+258h]or r9,0FFFFFFFFFFFFFFFFhxor r8d,r8dmov word ptr [rcx+8],r13wmov ebx,r14d
DOS HeaderNT HeaderFile HeaderSection HeadersExport DirectoryImport DirectoryResource DirectoryRelocation DirectoryDebug DirectoryPacker UsedCompiler TypeCompiler LanguageFile sizePE sizeImage section headersImage importsFunctions calledKernel hooksImage PathsImage Resource DirectoryBitmapsIconsStringsRCDataIcon GroupsVersion Info
![Page 9: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/9.jpg)
9 | © 2015 Cylance, Inc.
x=[1007013456]
TransformationNormalization and Vectorization
Meta-data that creates new featuresx=[1602111430]
x=[2819209111]
x=[3220101036]
x=[9910192839]
x=[2201920391]
x=[8819102999]
x=[5778492200]
x=[0001928311]
x=[7564778203]
x=[9928183918]
x=[9929192839]
X
Matrix
x=[0019376471]
x=[0093810292]
x=[0019102922]
x=[6657749100]
Unsafe
Safe
![Page 10: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/10.jpg)
10 | © 2015 Cylance, Inc.
Deep Discussion
• First Order Feature – information you can extract directly from the binary or it’s structure
• Second Order Feature – Ex. Entropy Value of a binary or section of binary.
• Third Order Feature
![Page 11: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/11.jpg)
11 | © 2015 Cylance, Inc.
![Page 12: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/12.jpg)
![Page 13: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/13.jpg)
The world is growing more
VOLATILE AMBIGUOUS COMPLEX
And it is all speeding up …
![Page 14: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/14.jpg)
© 2015 Cylance, Inc. 14
The Escalating Battle for Control in Cyberspace
Increase in sophistication and number of cyber attacksGovernment concerns are driving new regulationIncreasing tensions between privacy and security
Growing debate about the Roles of Government and Industry in Privacy and Security
![Page 15: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/15.jpg)
Threats & Impacts – A Simple Summary
IP Loss(technology leadership)
Shut Down Your Business(materiality impact)
Compromise you to Compromise others
(trust, brand, reputation)
Product Vulnerability (trust, brand and reputation)
An Adversary
![Page 16: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/16.jpg)
The idea is to assess soil and landscape types, weather and pest issues to boost crop yields and profits.
All the farmer needs is a smartphone, a GPS enabled tractor connected to cloud, with the data & analytics
![Page 17: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/17.jpg)
All a government needs is access to the data
The idea is to facilitate a precision bombing.
![Page 18: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/18.jpg)
The idea is to cure blindness.
Doctors on June 19th 2015 insert a retinal implant into a patients eye that is connected to high tech glasses with a
camera and a video processing unit
![Page 19: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/19.jpg)
The idea is to extort money.
All a bad person needs is poorly developed or managed technology and the ability to execute malicious code
![Page 20: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/20.jpg)
The idea is to improve road maintenance and safety
All a municipality needs is sensors in the cement, sensors in cars, sensors with people, connected to the
cloud, with data and analytics
![Page 21: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/21.jpg)
The idea is to profit from or to harm others
All a bad person needs is poorly developed or managed technology and the ability to execute malicious code
![Page 22: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/22.jpg)
The idea is to improve food safety and reduce cost
All a food and beverage organization needs is real time information flow from the slaughter house to the point of sale
![Page 23: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/23.jpg)
The idea is to save cows
All a bad person needs is poorly developed or managed technology and the ability to execute malicious code
![Page 24: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/24.jpg)
Adoption of smart grid
devices water/power
Tech inside more than
phones, tablets, laptops
IP enabled home
appliances
Centralized home
information flow (bundled
services via internet)
Proliferation of devices & app
markets
“Virtual assets” -
content with emotional
attachment in digital world
Pervasive wearables
updating social computing
Open source Intelligence
refining targets
Expanding attack surface - greater technology integration with society well beingCyber has been IS characterized as the 5th domain of warfare
Digital EvolutionIn the next few years the attack landscape will dramatically change:
![Page 25: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/25.jpg)
$2M in funding for the attack came from cyber crime
In November 2008,10 Pakistani members of an Islamic militant organization, carried out a series of 12 coordinated shooting and bombing attacks lasting four days across Mumbia. The attacks, began on Wednesday, 26 November and lasted until Saturday, 29 November 2008, killing 164 people and wounding at least 308.
![Page 26: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/26.jpg)
The idea is to terrorize
All a bad person needs is poorly developed or managed technology and the ability to execute malicious code
![Page 27: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/27.jpg)
A growing digital economy relies on Trust
“We saw air let out of the balloon, an evaporation of trust”
“the reputation of the Tech industry went backwards”
“By a margin of 2 to 1 people don’t believe that governments or businesses are thinking enough about the broad negative societal impacts that technology can have”
Richard Edleman – Feb 2015
![Page 28: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/28.jpg)
Breaking someone’s trust is like crumpling up a perfect piece of paper
![Page 29: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/29.jpg)
Breaking someone’s trust is like crumpling up a perfect piece of paper
You can work to smooth it over, but it’s never going to be the same again
![Page 30: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/30.jpg)
RESPOND
DETECT
PREVENT
Automated Manual
Control Approaches
Cont
rol T
ypes
Semi-Automated
9 – Box of Controls
![Page 31: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/31.jpg)
Risk
Cost
RESPOND
DETECT
PREVENT
Automated Manual
Control Approaches
Cont
rol T
ypes
Focus is on Minimizing damage – only variables are time to detect and time to contain
Focus is on Minimizing vulnerability and potential for harm
Semi-Automated
![Page 32: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/32.jpg)
Risk
Cost
RESPOND
DETECT
PREVENT
Automated Manual
Control Approaches
Cont
rol T
ypes
Semi-Automated
Where most of the industry is focused
![Page 33: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/33.jpg)
Risk
Cost
RESPOND
DETECT
PREVENT
Automated Manual
Highest RiskHighest CostMost Liability
Lowest RiskLowest CostLimited Liability
Control Approaches
Cont
rol T
ypes
Semi-Automated
Where most of the industry is focused
Shift Down and Left
![Page 34: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/34.jpg)
Risk
Cost
RESPOND
DETECT
PREVENT
Automated Manual
Control Approaches
Cont
rol T
ypes
Semi-Automated
MOTION
![Page 35: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/35.jpg)
Risk
Cost
RESPOND
DETECT
PREVENT
Automated Manual
Control Approaches
Cont
rol T
ypes
Semi-Automated
MOTION
PROGRESS
![Page 36: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/36.jpg)
Risk
Cost
RESPOND
DETECT
PREVENT
Automated Manual
Control Approaches
Cont
rol T
ypes
Semi-Automated
MOTION
PROGRESS
HIGH CONTROL
FRICTION
![Page 37: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/37.jpg)
Risk
Cost
RESPOND
DETECT
PREVENT
Automated Manual
Control Approaches
Cont
rol T
ypes
Semi-Automated
SUSTAINED PROGRESS
LOW CONTROL
FRICTION
![Page 38: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/38.jpg)
WE NEED SOLUTIONS THAT …
To Enhance Trust in Technology
LOWER RISK LOWER COST LOWER FRICTION
![Page 39: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/39.jpg)
so we can make sure tomorrow is better than today
![Page 40: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/40.jpg)
Total Cost of ControlsObvious Direct Cash Buckets• AV replacement• Security Operations• Hunting team• Investigations• Legal• Help Desk Calls
• Performance complaints• Infection related issues
• IT operations costs• IT emergency response• Infrastructure costs• Rebuild/re-image costs
Less Obvious Direct Cash Buckets• De-cluter other controls
• Other end point products (cyberark, client proxy, DLP, ect)
• Other control products • Extending PC lifecycle
• Headroom back due to performance• Other IT operations costs
• EOL’d systems – delayed upgrades• Change patching windows• Servers can be protected – normally cannot
complete disk scan with AV• Reduce infrastructure costs due to less
“chattiness” with cloud
![Page 41: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/41.jpg)
Total Cost of ControlsHero• Value of IP
• Maintain market leadership• Cost of a privacy breach
• Litigation• FTC, class actions, ect• ediscovery
• PR & Comms• Credit monitoring
• Mgmt Distraction
Zero• Spent on the “insurance” and no
proof that you “saved the world”
All about probability of bad things occurring and a wide range of outcomes/impacts financially
![Page 42: Art Hathaway - Artificial Intelligence - Real Threat Prevention](https://reader036.vdocuments.us/reader036/viewer/2022062412/58eecf021a28abef1b8b4591/html5/thumbnails/42.jpg)
Control Friction• Controls are a “drag coefficient” on business velocity
• Slow the user• Slow a business process
• Too Much control Friction• Business and users go around security and IT
• Add’s cost – IT isn’t managing IT anymore• Data and business silo’s are created• Loss of purchasing power
• Add’s risk• Risk and Security team becomes blind – cant prevent, hard to detect, and
everything ends up being an after the fact response• Business adheres to the controls – generates systemic Business Risk
• Loose time to market• Loose ability to innovate• Loose long term market leadership