Security Gets Smart(er) with AI: A SANS Survey...MACHINE LEARNING AI MATH MODEL SECURITY ADMIN UPDATES DEPLOY TO ENDPOINTS ~9 MONTHS t-1 t 0 ZERO-DAY MALWARE. CYLANCE NEXT-GENERATION

©2019 SANSTM Institute | www.sans.org

Security Gets Smart(er) with AI: A SANS Survey

1


Today’s Speakers

• Ray Davidson PhD, SANS Analyst and SANS Instructor

• Barbara Filkins, Senior SANS Analyst

• Bret Lenmark, Senior Product Marketing Manager, BlackBerry Cylance

2


Today’s Agenda

• Goals & Objectives

• Demographics & Definitions

• Capabilities & Criteria

• Risks & Recommendations

3


Goal/Objective:

Determine perceptions and intentions of InfoSec practitioners, with the goal of facilitating communication and increasing security

4

Why Are We Here?

©2019 SANSTM Institute | www.sans.org 5

To AI or Not to AI?


• Learning: Altering behavior based on past experiences, e.g. when encountering new and unseen situations

• Memory: Encoding, storage and retrieval of experiences

• Reasoning/Abstraction: Drawing logical conclusions and generalizing based on sample data

• Problem-Solving: The capability to systematically come up with possible solutions and derive the best answer to a problem

• Divergent Thinking: The capability to generate multiple solutions to a given problem

6

AI Functionality


AI Example: Threat Detection


• Weighted toward SMBs (<5000 workforce)

• Top industries

– Tech & Cybersecurity

– Banking/Finance

– Education/Government

• 3:1 Staff-to-Management Ratio

8

Demographics


Specific AI Technologies


Planning AI Applications


AI Enables Cybersecurity


AI Maturity—Opinions Vary


• Loss of privacy due to large quantity of data used

• Over-reliance on a single, master algorithm

• Not understanding the limitations of the algorithms used

• Inadequate protection of data/metadata used by AI platform

• Improperly or inadequately trained solutions

• Lack of visibility into decisions reached through AI

• Selection of the wrong algorithms for the problem being solved

13

Primary Risks


• Implementers:

– Know your use cases, and plan for specific applications, preferably with quantifiable outcomes.

• Providers:

– Expect skepticism → “Artificial Intelligence” has been a hot new thing for 60 years.

– Get specific about technology and results, and what’s different now.

14

Recommendations

Cylance AI

Bret Lenmark

Senior Product Marketing Manager

March 26, 2019

W E M A K E S O F T W A R E T H AT P R E D I C T S ,

then blocks, cyber attacks on the endpoint in real time using

pre-execution artificial intelligence algorithms.

TRADITIONAL AV

NEW MALWARE

(LAST 24 HOURS)

COLLECT TRIAGE AND

CLASSIFY

HUMAN MALWARE

RESEARCHERS

AND AUTOMATION

SIGNATURE

FILE

SECURITY ADMIN

UPDATES

TEST

SIGNATURE FILE

DEPLOY

SIGNATURE

CLOUD

THREAT DB

t0 t1 t2 t3 t4

t5 t6 t7

ALL KNOWN

MALWARE

ZERO-DAY

MALWARE

+

THE CYLANCE SOLUTION

CYLANCE NEXT GENERATION AI / AV

ALL KNOWN

MALWARE

MACHINE

LEARNING

AI MATH

MODEL

SECURITY

ADMIN UPDATES

DEPLOY TO

ENDPOINTS

~9 MONTHS

t-1t0

ZERO-DAY

MALWARE

CYLANCE NEXT-GENERATION AI / AV

Bad Files

Good Files

Every few months

AI Math Model Deploy To EndpointsMachine Learning

CylancePROTECT

leverages the power of

machines, not humans,

to dissect malware’s DNA.

Artificial intelligence then

determines if the code

is safe to run.

WHAT WE DO NOTWHAT WE DO


Please use GoToWebinar’s Questions tool to submit questions to our panel.

Send to “Organizers” and tell us if it’s for a specific panelist.

Q&A

22


And to our attendees, thank you for joining us today!

Acknowledgments

Thanks to our sponsor:

To our special guest:

23

Bret Lenmark

Documents

Security Gets Smart(er) with AI: A SANS Survey...MACHINE LEARNING AI MATH MODEL SECURITY ADMIN UPDATES DEPLOY TO ENDPOINTS ~9 MONTHS t-1 t 0 ZERO-DAY MALWARE. CYLANCE NEXT-GENERATION