Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
©2019 SANSTM Institute | www.sans.org
Security Gets Smart(er) with AI: A SANS Survey
1
©2019 SANSTM Institute | www.sans.org
Today’s Speakers
• Ray Davidson PhD, SANS Analyst and SANS Instructor
• Barbara Filkins, Senior SANS Analyst
• Bret Lenmark, Senior Product Marketing Manager, BlackBerry Cylance
2
©2019 SANSTM Institute | www.sans.org
Today’s Agenda
• Goals & Objectives
• Demographics & Definitions
• Capabilities & Criteria
• Risks & Recommendations
3
©2019 SANSTM Institute | www.sans.org
Goal/Objective:
Determine perceptions and intentions of InfoSec practitioners, with the goal of facilitating communication and increasing security
4
Why Are We Here?
©2019 SANSTM Institute | www.sans.org 5
To AI or Not to AI?
©2019 SANSTM Institute | www.sans.org
• Learning: Altering behavior based on past experiences, e.g. when encountering new and unseen situations
• Memory: Encoding, storage and retrieval of experiences
• Reasoning/Abstraction: Drawing logical conclusions and generalizing based on sample data
• Problem-Solving: The capability to systematically come up with possible solutions and derive the best answer to a problem
• Divergent Thinking: The capability to generate multiple solutions to a given problem
6
AI Functionality
©2019 SANSTM Institute | www.sans.org 7
AI Example: Threat Detection
©2019 SANSTM Institute | www.sans.org
• Weighted toward SMBs (<5000 workforce)
• Top industries
– Tech & Cybersecurity
– Banking/Finance
– Education/Government
• 3:1 Staff-to-Management Ratio
8
Demographics
©2019 SANSTM Institute | www.sans.org 9
Specific AI Technologies
©2019 SANSTM Institute | www.sans.org 10
Planning AI Applications
©2019 SANSTM Institute | www.sans.org 11
AI Enables Cybersecurity
©2019 SANSTM Institute | www.sans.org 12
AI Maturity—Opinions Vary
©2019 SANSTM Institute | www.sans.org
• Loss of privacy due to large quantity of data used
• Over-reliance on a single, master algorithm
• Not understanding the limitations of the algorithms used
• Inadequate protection of data/metadata used by AI platform
• Improperly or inadequately trained solutions
• Lack of visibility into decisions reached through AI
• Selection of the wrong algorithms for the problem being solved
13
Primary Risks
©2019 SANSTM Institute | www.sans.org
• Implementers:
– Know your use cases, and plan for specific applications, preferably with quantifiable outcomes.
• Providers:
– Expect skepticism → “Artificial Intelligence” has been a hot new thing for 60 years.
– Get specific about technology and results, and what’s different now.
14
Recommendations
Cylance AI
Bret Lenmark
Senior Product Marketing Manager
March 26, 2019
W E M A K E S O F T W A R E T H AT P R E D I C T S ,
then blocks, cyber attacks on the endpoint in real time using
pre-execution artificial intelligence algorithms.
TRADITIONAL AV
NEW MALWARE
(LAST 24 HOURS)
COLLECT TRIAGE AND
CLASSIFY
HUMAN MALWARE
RESEARCHERS
AND AUTOMATION
SIGNATURE
FILE
SECURITY ADMIN
UPDATES
TEST
SIGNATURE FILE
DEPLOY
SIGNATURE
CLOUD
THREAT DB
t0 t1 t2 t3 t4
t5 t6 t7
ALL KNOWN
MALWARE
ZERO-DAY
MALWARE
+
THE CYLANCE SOLUTION
CYLANCE NEXT GENERATION AI / AV
ALL KNOWN
MALWARE
MACHINE
LEARNING
AI MATH
MODEL
SECURITY
ADMIN UPDATES
DEPLOY TO
ENDPOINTS
~9 MONTHS
t-1t0
ZERO-DAY
MALWARE
CYLANCE NEXT-GENERATION AI / AV
Bad Files
Good Files
Every few months
AI Math Model Deploy To EndpointsMachine Learning
CylancePROTECT
leverages the power of
machines, not humans,
to dissect malware’s DNA.
Artificial intelligence then
determines if the code
is safe to run.
WHAT WE DO NOTWHAT WE DO
©2019 SANSTM Institute | www.sans.org
Please use GoToWebinar’s Questions tool to submit questions to our panel.
Send to “Organizers” and tell us if it’s for a specific panelist.
Q&A
22
©2019 SANSTM Institute | www.sans.org
And to our attendees, thank you for joining us today!
Acknowledgments
Thanks to our sponsor:
To our special guest:
23
Bret Lenmark