joel windels - vp of marketing @ wandera - machine learning: the new frontier for zero-day security...
TRANSCRIPT
Joel Windels, VP MarketingMehul vora, head of pre-sales
MACHINE LEARNING: THE NEW FRONTIER FOR
ZERO-DAY SECURITY AND MOBILE DATA ANALYTICS
Machine learning hype
“Machine learning
is the science of getting
computers to act without being
explicitly
programmed”
Machine Learning
Traditional Machine Learning
Software
Input
Output
Software
Input
Output
Machine Learning Algorithms
Supervised Unsupervised
Hidden Markov model
Logistic regression
Linear regression
Anomaly detection
Clustering
Principal Component Analysis
Machine Learning Problems
classification regression
Champions
Hazard
Chelsea
Goals scored
Miles run per game
Number of fans
Google Translate
Uber
Netflix
AirBnb
For mobile security
Tireless Looks everywhere
ETERNAL IMPROVEMENT
Always online
Breakneck speed
2010 2011 2012 2013 2014 2015 20160.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1.0
20000
40000
60000
80000
Accuracy of results Quantity of training data
Size of d
ata
Mobile data boom
Mobile data boom
Why machine learning?
new malware variants in 2016
357 million
mobile malware: only 59 variants per family, though increasing
Symantec Internet Security Threat Report 2017https://www.symantec.com/content/dam/symantec/docs/reports/istr-22-2017-en.pdf
The Wandera challengeEvery month we see
2,168,777
Unique Domains Visited
890,448
Unique Apps Processed
1.175Billion
Requests Handled
58,226GB
Data Seen
481,386
High + Medium Severity Threats
Detected
Signatures are not enough
SusceptibleDevices
IdentifyVulnerabilities
App StoreDownload
IdentifyRisky Downloads
Malicious App
IdentifyOn-device Threat
Commandand Control
IdentifyLeaks & Exfiltration
Number of apps running
xkwtoznzvkpvgdedefeztwdmd.biz
yxofkncueqcnyyplqowlz.com
rwqojpuwdauooblrqgwcfypztcnznb.org
pndlihylmrxukcmnxduae.info
lnnaqlzeahvgtvwmbxqksczlewg.biz
tzdptukaezhpdmamtwwkjbvcdmca.biz
lrpkjvxeipgeiganbmjibrgfqq.biz
hmypqclzinrhapyllvxdegen.com
icmvscrzpghihetpnfikn.biz
cukzylcucqnzguwcvwemdqnfozts.net
gmtotggbudcuwgmhugymjtsd.info
yhtkbxnffmxcypgyeiovaqytxrgby.ru
eaaeyugabuhmhapnhwgozprq.org
lhakrtxcrwlfemgupirtqceu.net
Photo: Wendy Piersall / wendypiersall on Flickr - https://www.flickr.com/photos/wendypiersall/4406503559/ https://creativecommons.org/licenses/by/2.0/
The false alarm problem
Looking for rare events
1 bad event per million0.1% false alarm rate
Nearly 1000 false alarms per true alarm
Turn it off
The true alarm problem
Looking at big data
18 Bn DNS events per day1 bad event per million (say)
12.5 true alarms per minute
Turn it off
Rare doesn’t imply bad
Photo: Dennis Jarvis / archer10 on Flickr - https://www.flickr.com/photos/archer10/4062595504/ https://creativecommons.org/licenses/by-sa/2.0/
Spam email Phishing website Malware app Malware in PDF Worm propagation Malware control
Is it bad?
Image: JDHancock on Flickr, jdhancock.com - https://www.flickr.com/photos/jdhancock/6151250051https://creativecommons.org/licenses/by/2.0/
Mobile risk is broad
Vulnerabilities Data Leaks ThreatsRisky content
… and comes in varying degrees
State of the nation
RISKY CONTENT VULNERABILITIES DATA LEAKS THREATS
27%of corporate devices
run an out-of-date O/S with a
high severity rating
11%of corporate devices
attempt to access risky content every
day
50%of corporations operate devices with data loss
events involving password leaks
< 10%
of security incidents in 2016 involved mobile
malware
Looks can be deceiving
XCODEGHOST
Thousands of bad apps made with compromised compiler
FREE CALCULATOR
Basic app was fine Made more malicious with
additional download
FREE MUSIC PLAYER
Requested permissions to microphone and camera
Uploaded sensitive data to C&C service
Device that was jailbroken in real-time
Didn’t even have WebMD installed
Masqueraded as trusted medical app to avoid investigations
How we approach machine learning
SLocker
SLocker
Anomalous events
Future: The Internet of Toasters
Intel home energy sensor on toaster. Free Press / IntelFreePress on Flickrhttp://www.flickr.com/photos/54450095@N05/8634158491https://creativecommons.org/licenses/by-sa/2.0/