Agenda › certcon9 › presentations › docs › AI › ... · Behavioral Analytics SD...
Transcript of Agenda › certcon9 › presentations › docs › AI › ... · Behavioral Analytics SD...
Agenda:
Cisco Security Architecture AI/ML use in SecurityChallenges in AI
Ovidiu Neghina- Cyber Security Sales Specialist – CISSP, CCIE RS
CERTCON9
8 October 2019
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Modern Security Architecture
Technology Partners and
other 3rd
party threat feeds
Open APIs · Developer Environment · Services
Management · Response
Deploy Policy
InvestigateDetect Remediate
Comprehensive Threat Intelligence
Known Threats Unknown/Zero-day
Continuous Trust
Verification
Users, devices, applications,
and more
Enforcement Everywhere
EndpointNetwork Cloud Application
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Broadest protections for businesses
*Slide with specific Cisco products in appendix
Trustand
Talos
Firewall
Behavioral Analytics
SD Segmentation
Web Security
Intrusion Prevention
Email Security
Security Internet Gateway
Public Cloud Security
Cloud Access Security
Workload Security
Breach Readiness and Response | Incident Response Services | Segmentation Services
Endpoint Detection and Response
VPN
Mobile Security
Multi-factor authentication
Endpoint CloudNetwork
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
How Cisco Integrates Security
Threat Intel/EnforcementIncreased Threat Prevention
Automated PolicyDecreased Time to Remediate
Context AwarenessDecreased Time to Investigate
Event VisibilityDecreased Time to Detect
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
AI@Cisco
Reinvent the Network
Unlock the Power of Data
Create Meaningful Experiences
Security is Foundational
Comprehensive, automated,
coordinated response between various security
components
Deliver insights, recommendations for
better decision making from all available data
Auto-tuning optimization for latency, reliability,
power, full context awareness
One policy, seamless operation
across clouds, w/ common security
Power a Multi-cloud World
Increasing the Pace of Innovation
Intent based, self driving, self healing network
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
How Cisco Approaches AI/ML
ConsumptionProducts use AI/ML to do things better
EnablementInfrastructure Supporting AI/ML workloads
Intersight
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
AI/ML At Cisco:
Security
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Identify anomalous web
traffic and pinpoint data
breaches with statistical
modeling
Recognize malicious
attacks by detecting
malicious domain
names on each
HTTP/HTTPS request
Uncover infections
through analyzing web
requests
Detect a broad range of
threats by recognizing C2
communication in
botnets.
Distinguish malicious
tunneling from
HTTP/HTTPS
requests through
multiple IOCs
Detection and analytics enginesto identify a variety of malicious activity
Data exfiltration Domain Generation
Algorithm (DGA)
Exploit KitCommand and Control
(C2) Communication
Tunneling through
HTTP/S requests
Somehow, in this tsunami of data, we’re supposed to detect attacks?!!
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
AnomalousTraffic
ThreatIncidents
MaliciousEvents
Anomaly detection
Trustmodeling
Event classification
Relationshipmodeling
10Brequestsper day
20Kincidentsper day
Cisco Cognitive Intelligence
Layer 1Unsupervised Learning
Layer 2Classification (Supervised)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Stealthwatch for Security Detecting Malware Embedded in Encrypted Traffic
Make the most of theunencrypted fields
Identify the content type through the size and timing
of packets
Initial Data PacketSequence of Packet Lengths and Times
Self-Signed certificate
Data exfiltration
C2 message
Who’s who of the Internet’sdark side
Global Risk Map
Broad behavioral information about the
servers on the Internet.
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Challenges in AI
• Garbage In – Garbage Out
• The “explainability problem” – unsupervised learning• do not trust what you do not understand
• Use AI for Stationary Domain
• Important is the entire system and it use no the algorithm by itself
• Labeled data DOES not exit – manual job on creating the ground truth
• Create real actionable intelligence and alerts
• Adapt all the time• Models degrade, Bad Guys change, Tactics move, updating the model can not take
forever
© 2018 Cisco and/or its affiliates. All rights reserved© 2018 Cisco and/or its affiliates. All rights reserved.