IA et Cyber Securitymythe ou réalité?

Swisscom DialogueExperience 2019

Duilio Hochstrasser : Moderation

Tarek Amiri: Security Officer, Swisscom Group Security

Alessandro Trivilini, Head of SUPSI Digital Forensics Lab

SUPSI: Scuola universitaria professionale della Svizzera italiana

Swis

sco

m D

ialo

gu

e 2

01

9 C

yber

Se

curi

ty, 8

ma

i 2

01

9, C

1 P

ub

lic

2

?

Paysage des menaces en Suisse

4

Swis

sco

m D

ialo

gu

e 2

01

9 C

yber

Se

curi

ty, 8

ma

i 2

01

9, C

1 P

ub

lic

Swis

sco

m D

ialo

gu

e 2

01

9 C

yber

Se

curi

ty, 8

ma

i 2

01

9, C

1 P

ub

lic

5

La menace est réelleSwisscom, chaque mois

20Incident de sécurité critiques Swisscom CSIRT

2'500Compte login compromis

3'000Campagnes des Phishing bloquées

2'100'000Tentatives d'attaques

Structure du radar

6

Radar des menaces2019

Swis

sco

m D

ialo

gu

e 2

01

9 C

yber

Se

curi

ty, 8

ma

i 2

01

9, C

1 P

ub

lic

3D-Printing

Workplace Diversity

Insider ThreatDevice Theft

Drones & Robots Infrastructure Masconfiguration

Decentralised Development

SCADA

IoT DevicesSecurity job marketIoT-Based DDos

Digitalisation

SubscriberCompromisation

AI/Analytics

Political Influence

DigitalIdentity

Destabilising / Centralisation

Automatisation & Scaling

All IPIncreased Complexity

QuantumComputing

Ransomware

Targeted Attacks (APT)

5G SecurityInfrastructureIntegrity

TendenceAujourd'hui

• 4 anneaux: actualité de la menace

• 7 segments, domaines

• Source des informations

- Attaques et incidents

- Analyse du marché

• Tendances & Vitesse

IA et Cyber defence / attaques

7

Swis

sco

m D

ialo

gu

e 2

01

9 C

yber

Se

curi

ty, 8

ma

i 2

01

9, C

1 P

ub

lic

8

Main pillars

Cyber security: from the garden to the forest … of data

Cultural change

Interdisciplinarity cyber education

Definition of common testing hubs

Continuous education

Swis

sco

m D

ialo

gu

e 2

01

9 C

yber

Se

curi

ty, 8

ma

i 2

01

9, C

1 P

ub

lic

• Cyber security as a new business economy

• Incident response approach as agile cultural behavior

From tracking to recognition approach

• Machine learning

• Behavior pattern recognition

Swis

sco

m D

ialo

gu

e 2

01

9 C

yber

Se

curi

ty, 8

ma

i 2

01

9, C

1 P

ub

lic

9

Threat Detection & Response

Everything is changed from regulatory perspectives

• 25 May 2018 GDPR (General Data Protection, EU)

• 26 June 2018 NIS (Network and Information

Security, EU)

• 23 November 2018 Guidelines 3/2018 on the

territorial scope of the GDPR (Article 3)

"Predictive technologies"

• companies

• law enforcement agencies

"Existing approaches"

• not suitable for complex threats

10

AI & Big Data for cyber threats predictionSw

issc

om

Dia

log

ue

20

19

Cyb

er S

ecu

rity

, 8 m

ai

20

19

, C1

Pu

bli

c

11

Fiction or reality?

Machine learning Prevention Prediction

BIG DATA hybrid scenario

Connectivity

and mobility

AI

Virtualization

and IoT

Artificial

intelligence

Quantum

computing

Augmented

humans

2003 2015 2020 2030

Deeplearning

Swis

sco

m D

ialo

gu

e 2

01

9 C

yber

Se

curi

ty, 8

ma

i 2

01

9, C

1 P

ub

lic

12

AI and Big Data applied by strikers

The strength and the effectiveness of

(non) responses

• Precision and methodology

• Preparation

• Discipline

• Skillsstrikers

Big Data + AI

Swis

sco

m D

ialo

gu

e 2

01

9 C

yber

Se

curi

ty, 8

ma

i 2

01

9, C

1 P

ub

lic

Example: one e-mail of spear phishing

Profiling target

• Continuous feedback

− Positive (get money from ransom)

− Negative (do not answer)

− Indifference

Attacker

13

AI and Big Data (not) applied by defenders

Weakness, lack of data sharing and

inefficiency of strategies

• Little or no investments

• Obsolete training

• Security as a tool and not as a process (by design)

• Poor partnerships and data sharing

Example: one e-mail of spear phishing suffered

Profiling target

• Omerta and closing

• Scare of reputation

• Silence

Swis

sco

m D

ialo

gu

e 2

01

9 C

yber

Se

curi

ty, 8

ma

i 2

01

9, C

1 P

ub

lic

Big Data + AI

Defender

14

Creation of a cyber range public private partnership

New common cyber education courses

By participating to a research international

By providing real cases for educational projects and bachelor/master thesis

How?

Swis

sco

m D

ialo

gu

e 2

01

9 C

yber

Se

curi

ty, 8

ma

i 2

01

9, C

1 P

ub

lic

Exemple d'intelligence artificielle dans la cyber sécurité

15

Swis

sco

m D

ialo

gu

e 2

01

9 C

yber

Se

curi

ty, 8

ma

i 2

01

9, C

1 P

ub

lic

16

Exemple Security Analytics & Machine Learning Une "intelligence" sur mesure pour la Suisse

Scenario

Page WEB Phishing

Attaquant Mail Phishing User

https://login.sso.bluew!n.ch/...

Phishing Inspectorwith machine learning

Prevention & Detection pour ce sénario

Security Analytics& Detection

Security response

Threat intelligence security community

Identify

Detect

Protect

Respond

Recover

Web Proxy

Mail System

Mail Security

Use Case

Swis

sco

m D

ialo

gu

e 2

01

9 C

yber

Se

curi

ty, 8

ma

i 2

01

9, C

1 P

ub

lic

User

Focus Suisse avec Machine Learning

• 70 éléments

• 2 heures

• > 97% pages détectés

• 85–95% inconnus

17

Detection de Phishing : Chaque minute compte

Swisscom Abuse

Mailbox

Swisscom DNS

Network Proxy

Phisherman

BluewinHoneypots

Swisscom Mail Services

Other Phishing Inspector

www.antiphishing.ch

(MELANI)

Swis

sco

m D

ialo

gu

e 2

01

9 C

yber

Se

curi

ty, 8

ma

i 2

01

9, C

1 P

ub

lic

18

2018 2019

Intelligence Artificielle & Targeted attacksEstimation et approches de la défense

Download comingin March

Swis

sco

m D

ialo

gu

e 2

01

9 C

yber

Se

curi

ty, 8

ma

i 2

01

9, C

1 P

ub

lic

https://www.swisscom.ch/fr/business/enterprise/downloads/security.html

https://bit.ly/2DWnUHp

19

Questions?

Swis

sco

m D

ialo

gu

e 2

01

9 C

yber

Se

curi

ty, 8

ma

i 2

01

9, C

1 P

ub

lic