DIGITAL TRANSFORMATION WHERE OUR FUTURE MAY LEAD US IN CYBERSECURITY Thomas Kaczmarek September 11, 2019 Intro to a FORTINET webinar: "I am certain you are fully aware how digital transformation is a business enabler, but it has also created an unending digital attack surface, on top of existing challenges like unprecedented complexity companioned with point solutions and the continuous

sophistication of threats. All of this has truly made traditional security approaches obsolete, often causing fatigue not only to your network but also to your precious security talent resources." Forces of change

Big Data Rising Risk Resource Gap Analytics System Administration Automation BIG DATA Impact Digital Transformation Digital Transformation is producing more data and using more services that must be secured Analyst Reports: Web Content Management - Forrester report

"cloud, and continuous delivery are reshaping web CMS's relevance to digital experience" "Web operations specialists need scalable tools" Accenture Analysts (Mike Sutcliff and Narendra Mulani ) "The fuel energizing this digital transformation is Big Data. CISCO Global IP Traffic will reach 3.3 ZB by 2021 Risks are growing The GUARDIAN "Wanton proliferation of artificial intelligence technologies could enable new forms of cybercrime, political disruption and even physical attacks within five years, a group of 26

experts from around the world have warned. " CISCO "The dramatic increase in cyber attack frequency, complexity, and size over the past year suggests that the economics of hacking have turned a corner" "DevOps services that have been deployed improperly or left open intentionally for convenient access by legitimate users pose a significant risk" RADWARE (CISCO partner) The modern hacking community is benefiting from quick and easy access to a range of useful and low-cost resources

GARTNER "Attackers are improving their ability to bypass traditional blocking and prevention security technologies, and end users continue to fall victim to attackers through social engineering methods" Workforce Demands are Rising & Leading to a Huge GAP 1.8 Million job openings in 2022 (Global Workforce Information Study conducted by Frost and Sullivan) Report sponsored by Herjavec Group predicts 3.5 million unfilled cyber security positions by 2021 Increasing workload

o Digital Transformation is increasing attack surfaces o Advanced "hacker technology" Using what we have learned in the Digital Transformation IS THERE HELP ON THE WAY? Analytic Capabilities are Rising IBM "predictive analytics can help you make significant progress in realizing a number of vital strategic objectives."

TWITTER "Twitters analytics help you understand how the content you share on Twitter grows your business." GARTNER "This wave of disruption began in around 2004, and has since transformed the market and new buying trends away from ITcentric system of record (SOR) reporting to business-centric agile analytics with self-service. AI Impact MIT Sloan Management Reports: How Big Data and AI Are Driving Business Innovation in 2018 -- A new

survey reports companies are now seeing a direct correlation between big data and AI success. Reshaping Business With Artificial Intelligence -- ... with change coming at breakneck speed, the time to identify your companys AI strategy is now. Accelerate Access to Data and Analytics With AI -- AI offers a potential solution to the problem of training employees how to find and use data. Are New Advances in AI Worth the Hype? -- Managers who wonder if AI is all hype and no substance should take its potential seriously. Video: AI Presents Business Opportunities and challenges -- Video: Two of the biggest barriers to corporate adoption of AI are access to talent and usable data. Its quite possible that weve created complex, systemic problems that

exceed our human capacity to solve them. In other words, AI may not just be nice to have; we may need it. Andrew Winston Using AI to Help the World Thrive Systems and Services are Changing through Automation Adds to complexity but provides some hope! Infrastructure as code - allows remote control Containers/Microservices - smaller controllable services ChatBots/ChatOps - improved efficiency in response

DevOps => DevSecOps - a seat at the table early and continuously Automation of Service Management (a.k.a. System Administration ORCHESTRATION also performs rolling updates and rollbacks GARTNER "Security and risk management leaders are implementing and expanding SIEM to improve early targeted attack detection and response"

FORBES Artificial Intelligence is set to change the face of IT operations Can use digital transformation of security operations to help close the workforce gap and respond to advanced threats? CYBER RISK CAN BE MITIGATED THROUGH AUTOMATION Major Players Turning to Automation GARTNER

Ideal cybersecurity architecture: "Adaptive prevention, detection, response, remediation and prediction functions Splunk Acquired Phantom, a Security Orchestration, Automation and Response Leader CHECKPOINT (major force in network security Standard cyber security practice will see automated responses to cyber attacks. New role for SOAR: Security

Operations, Analytics, and Reporting SOAR: Security Orchestration and Automated Response being redefined as Security Operations, Analytics and Reporting NICE Framework & SOAR o o o o o Identify Assets

Protect Detect Respond Recover NIST/NICE Job Categories Impacted 1. 2. 3. 4. 5. 6.

7. Securely Provision Operate and Maintain Oversee and Govern Protect and Defend Analyze Collect and Operate Investigate Modern Security Architecture Sheldon Cuffie, Northwestern Mutual CISO

The intersection of cyber and data analytics is interesting for sure and foundational to our program, however it is one of approximately 20 specialties that feed telemetry and data into a SIEM aka Cyber Fusion Center. Parallel to Digital Transformation BI Analytics

Automation SIEM UEBA SOAR What is this? Whats new User and Event Behavior Analytics

UEBA UEBA Analytics for the new SOAR Traditional: Monitor and alert (or block/allow) individual action Single event More recent: "Event Correlation" Rules (Signatures) employing compression, counting, suppression, generalization, time sequencing

Newest: Analysis Using machine learning Learn what is normal and alert on anomalies System events and User behaviors UEBA and Machine Learning Unsupervised machine learning or adaptive learning to define normal behavior <= AI Big Data problem because of velocity, variety, and volume of LOGS DATA SCIENCE applied to security Three Components of Data Science

Problem Use cases Threat intelligence Targets Kill Chain Data Model

Logs IAM Networks Web Applications ML applied to logs Define normal events and behavior

Ideal SIEM/UEBA EXABEAM criteria 1. Minimize Cost of Collection 2. Maximize Ability to Analyze Correctly (includes reducing false positives/alarms) 3. Assists Complex Searching and Threat Hunting 4. Provides Expert Assistance 5. Provides "Ninja" for Automated Response Two Approaches or Both Infrastructure Logs

o IAM (AD or LDAP or ) o OS System logs o Service logs DHCP, SNMP, Security Logs, Web server, etc Network Traffic o Packet analysis (NetFlow) o Time, From, To, Duration, Size Business Context Importance in UEBA Threat Intelligence We cant do it all use other knowledge

o Elevated Authority o Location Build profiles with ML o Individual normally takes weeks (two or more) o Group 1 day of activity may be enough Data Science (UEBA) Life Cycle

Understand the problem and build Use Cases Find and process the data Explore and evaluate analysis Select and tune a learning algorithm Deliver the service into production Problem - Use Cases Threats Know the risks What are we looking for o

o o o Spearphishing? Exfiltatoin? Web App attacks? Supply Chain? Data What data is already available? How can you access it?

Examples: o Elevated privileges AIM (AD or LDAP or ) o Funds Transfer access management authority Analysis Beyond current Event Correlation o Compression, Counting, Suppression, Generalization, Time Sequencing Unsupervised learning o Assumes the data collected for training is normal o Recent advances make learning practical

o Off-the-Shelf Managed Detection and Response o Human and machine Hype or Hope? Gartner o SIEM on Plateau of Productivity o SOAR on Slope of Enlightenment o UEBA on Peak of Inflated Expectations Integration of these three will hasten maturity

Click to edit Master text styles CLICK TO EDIT MASTER TITLE STYLE

Recently Viewed Presentations

  • Dizziness | Vertigo

    Dizziness | Vertigo

    Posterior Circulation Stroke (POCS) Acute onset sustained vertigo lasting hours to days. Suspect if age >40 and / or vascular risk factors (or any other red flags) Associated neurological symptoms / signs (except midline cerebellar stroke) diplopia (ophthalmoplegia), dysphagia, dysarthria,...
  • Experiment 2 Preparation of Acetaminophen NHCOCH3 NH2 O

    Experiment 2 Preparation of Acetaminophen NHCOCH3 NH2 O

    It is a matter of kinetics; the -OH of the phenol is about as reactive as the -OH in H2O; therefore since water is present in a much higher concentration, some acetic anhydride reacts with water The -NH2 group is...
  • Chapter 7

    Chapter 7

    net salvage value used when expenses incurred in disposing of property; cash outflows must be deducted from cash inflows for final net salvage value. with classical methods of depreciation, estimated salvage value is established and used. with MACRS, the salvage...
  • Effects of the Internet on Politics -

    Effects of the Internet on Politics -

    -John Edwards = blog "The effect of the Internet on politics will be every bit as transformational as television was" "If you want to get your message out, the old way of paying someone to make a TV ad is...
  • The ABC&#x27;s of Miss Finkel&#x27;s Classroom

    The ABC's of Miss Finkel's Classroom

    This year, your child will receive an assignment book (agenda). In it, your child will record homework, reminders, and upcoming test dates. Your child is responsible for recording math and reading practice when it is assigned (usually Monday-Thursday). I may...
  • Regression Analysis: Model Building

    Regression Analysis: Model Building

    have exponents of one are called linear models. General Linear Model. A general linear model involving . p. independent variables is. Each of the independent variables . z. is a function of . x. 1, x. 2,..., x. k (the...
  • CIA Annual Meeting Ottawa June 2006 -

    CIA Annual Meeting Ottawa June 2006 -

    Peter Douglas University of Regina [email protected] ... When the loss model has a long or heavy right tail A "cliff" or trigger point Dependencies of Risk Looking At LTD Models Traditionally viewed as a life annuity We can also view...
  • Controlling for Transactions Bias in Regional House Price Indices

    Controlling for Transactions Bias in Regional House Price Indices

    (Conference in Honour of Pat Hendershott, Ohio, July 2006) Controlling for Transactions Bias in Regional House Price Indices Gwilym Pryce & Philip Mason