Agenda:

Cisco Security Architecture AI/ML use in SecurityChallenges in AI

Ovidiu Neghina- Cyber Security Sales Specialist – CISSP, CCIE RS

CERTCON9

8 October 2019

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Modern Security Architecture

Technology Partners and

other 3rd

party threat feeds

Open APIs · Developer Environment · Services

Management · Response

Deploy Policy

InvestigateDetect Remediate

Comprehensive Threat Intelligence

Known Threats Unknown/Zero-day

Continuous Trust

Verification

Users, devices, applications,

and more

Enforcement Everywhere

EndpointNetwork Cloud Application

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Broadest protections for businesses

*Slide with specific Cisco products in appendix

Trustand

Talos

Firewall

Behavioral Analytics

SD Segmentation

Web Security

Intrusion Prevention

Email Security

Security Internet Gateway

Public Cloud Security

Cloud Access Security

Workload Security

Breach Readiness and Response | Incident Response Services | Segmentation Services

Endpoint Detection and Response

VPN

Mobile Security

Multi-factor authentication

Endpoint CloudNetwork

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

How Cisco Integrates Security

Threat Intel/EnforcementIncreased Threat Prevention

Automated PolicyDecreased Time to Remediate

Context AwarenessDecreased Time to Investigate

Event VisibilityDecreased Time to Detect

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

AI@Cisco

Reinvent the Network

Unlock the Power of Data

Create Meaningful Experiences

Security is Foundational

Comprehensive, automated,

coordinated response between various security

components

Deliver insights, recommendations for

better decision making from all available data

Auto-tuning optimization for latency, reliability,

power, full context awareness

One policy, seamless operation

across clouds, w/ common security

Power a Multi-cloud World

Increasing the Pace of Innovation

Intent based, self driving, self healing network

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

How Cisco Approaches AI/ML

ConsumptionProducts use AI/ML to do things better

EnablementInfrastructure Supporting AI/ML workloads

Intersight

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

AI/ML At Cisco:

Security

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Identify anomalous web

traffic and pinpoint data

breaches with statistical

modeling

Recognize malicious

attacks by detecting

malicious domain

names on each

HTTP/HTTPS request

Uncover infections

through analyzing web

requests

Detect a broad range of

threats by recognizing C2

communication in

botnets.

Distinguish malicious

tunneling from

HTTP/HTTPS

requests through

multiple IOCs

Detection and analytics enginesto identify a variety of malicious activity

Data exfiltration Domain Generation

Algorithm (DGA)

Exploit KitCommand and Control

(C2) Communication

Tunneling through

HTTP/S requests

Somehow, in this tsunami of data, we’re supposed to detect attacks?!!

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

AnomalousTraffic

ThreatIncidents

MaliciousEvents

Anomaly detection

Trustmodeling

Event classification

Relationshipmodeling

10Brequestsper day

20Kincidentsper day

Cisco Cognitive Intelligence

Layer 1Unsupervised Learning

Layer 2Classification (Supervised)

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Stealthwatch for Security Detecting Malware Embedded in Encrypted Traffic

Make the most of theunencrypted fields

Identify the content type through the size and timing

of packets

Initial Data PacketSequence of Packet Lengths and Times

Self-Signed certificate

Data exfiltration

C2 message

Who’s who of the Internet’sdark side

Global Risk Map

Broad behavioral information about the

servers on the Internet.

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Challenges in AI

• Garbage In – Garbage Out

• The “explainability problem” – unsupervised learning• do not trust what you do not understand

• Use AI for Stationary Domain

• Important is the entire system and it use no the algorithm by itself

• Labeled data DOES not exit – manual job on creating the ground truth

• Create real actionable intelligence and alerts

• Adapt all the time• Models degrade, Bad Guys change, Tactics move, updating the model can not take

forever

© 2018 Cisco and/or its affiliates. All rights reserved© 2018 Cisco and/or its affiliates. All rights reserved.