1

Cyber Security for Digital-Era

AI, Machine Learning, Dynamic Threat Models for Proactive

Threat Detection and Elimination

Erich Berger

Executive, Secure DesignKevin Stillman

CISO, State University of NY

Lalit Shinde

EVP Security, Seceon

Outline of the Presentation

2

Why should CxOs pay particular attention to Cyber Security

Seceon’s Approach, Key Features/Technologies and Complete Solution

Real world Examples, Benefits, Value Proposition to Enterprises

Challenges faced by Cyber Security Experts, Tools and Solutions

Why should CxO’s pay attention to Cyber Security?

Cost of Data Breach is not just lost Data, but the impact on Reputation,

Brand and Business Revenue

Cyber attack puts not just you, but your customers, partners and

employees at risk

Breaches have hefty cost associated with them – it’s a financial burden

Your Cyber hygiene affects everyone that you connect with

Legal aspects of Cyber Regulations – Compliance is one of the most

important aspect in several regulated industries

3Source: Ponemon 2016 Cost of Data Breach Study Report

Cost of Data Breach at a glance – 2016

$4 million is the average total cost of data breach

29% increase in total cost of data breach since 2013

$158 is the average cost per lost or stolen record – For Healthcare industry,

it’s $355, most among all, for Education it’s $246 and for Banking it’s $221

per stolen record

Regulated industries, such as healthcare and financial services, have the

most costly data breaches because of fines and the higher than average

rate of lost business and customers.

15% increase in per capita cost since 2013

4Source: Ponemon 2016 Cost of Data Breach Study Report

5

Biggest Security Threats to Organizations

Source: UBM Ponemon HPE 2016 Cyber Security Trends Report

Challenges: Cost of MTTI and MTTC

6

MTTI – Mean Time To Identify

MTTC – Mean Time To Contain

US $M

US $M

Source: Ponemon 2016 Cost of Data Breach Study Report

Challenges: Most Security Products Fall Short

7Source: Verizon 2016 Data Breach Investigation Report

Stealing Credentials happens

in minutes

95% Data Extraction happens

within 24 hours

Data Breaches – Why Automated Real-Time solution is a must?

Today’s approaches are reactive than proactive

Despite the investment and focus over past 3 years organizations are losing ground

The attacks are smarter and faster

The smart people based centric approach is too slow, too complicated and too expensive

A new fully automated comprehensive threat detect and response system is required

One that Detects threats in Minutes, Fully deploys & protects in a few hours and does not need rule or signature updates

Challenges: Operational Cost of Investigations

8

Flows/Logs TroubleshootingActivity

Type

Flow/Log

Instances Comments

NG FW generates events/logs around

an instance of an infected device

attempting to connect to a bad web site.

North-South

Activity444

NG FW is resetting connections from

the device over time and is not

correlating these "non critical flagged"

instances

Device is also performing IP Sweeps East- West

Activity135

Few separate instances across the

internal network

Device is also performing IP Port scansEast- West

Activity92

Few separate instances across the

internal network

Device needs to be identified Internal Activity 1What device is it? who or what group it

belongs to?

Total Activity 672 Total instances to investigate

Consider an example where a device is infected with a Malware

9

Seceon’s Approach to Cyber Security

Traditional Security Approach Seceon OTM Security Approach

Reactive Approach

Tools are highly specialized, but work in

Silos with no comprehensive visibility

High CapEx with 20+ Security Tools

High OpEx with 1M+ events/logs per day –

almost 80% require follow up

Investigation and Incident Response

90% take an hour or longer to identify

90% take a day or longer (many times

months) to respond

Challenges

Lack of Integration among Tools

Knowledge/Skill of investigation and

Response is costly

Proactive Approach

Moving from Point Tools to Complete

Predictive Analysis Solution

Comprehensive Visibility across all Asset

Groups – Devices, Applications, Network,

Employees, Customers etc.

Automated Detection and Remediation

Predictive Threat Detection using AI, ML

and Behavioral Threat Models

Automated Remediation within near Real

Time

Automated Correlation

Contextual based Single Line Alerts

Rapid Deployment with Automated DevOps

model and Open API

Seceon OTM Platform Overview

10

Adaptive Visualization

• Comprehensive view of all assets and threats

• Fully automated solution that is easiest to deploy

• Allows drill down of threats with all details

Detect Threats that Matter

• Detects known as well as unknown threats

• Provides comprehensive information of the threats

• Indicates all compromised assets and potential targets

Contain Threats in Real Time

• Immediate corrective action in real time

• Automatic notification through email/text if required

• Provides actionable analytics

Built-in Security

Threat ModelingParse

Dyn

am

ic

Red

uctio

n

Behavior Analysis

Threat Correlation

Threat Intelligence

Un

iversal C

ollectio

n Bu

s

Unstructured

Data

Unstructured

Data

Store

Storage Engine

Search

Rapid Search

Agent

Analytics

Analytics Engine

Big Data Store &

Search

Real-time Threat

Detection

Real-time

Analytics

Predictive

Modeling

Outputs

Built-in Advanced

Correlation

Built-in ML

Engine

Built-in Data

Model Engine

Platform Security Engine

Structured

Data

Parse

Dyn

am

ic

Red

uctio

n

Parse

Dyn

am

ic

Red

uctio

n

Seceon’s Scalable – Fast Analytics Processing

Platform

Distributed Data Ingest (CCE) Fast Parallel Processing Architecture (APE)

Closed Loop Threat Containment

Threat

Containment

Use Case – Compromised Credentials

12

• Compromised Credentials Account for 75% of data theft

• Most traditional security solutions are blind to almost all forms of compromised credentials

• Seceon detects all forms of compromised credential use in real-time for external or insider source

verify

User “A”

CredentialsDirectory

User: “A”

“Credentials – User A”

Host Name: “Bob’s PC”

No threat

No threat Threat Indicator

No threat

User: “A”

“Credentials – User A”

Host Name: “Joe’s PC”

DB

High Value

Assets

SIEM

Learn User behavior based on geolocation, computer

Used, time of logins, assets accessed, etc.. etc.

Use Case – Ransomware

13

• Criminal Malware like Ransomware made it to top cyber security concern in 2016

• Ransomware had millions of different strains and families affecting large enterprises, as well as SMBs

• Seceon detects all forms of Ransomware using layered approach of predictive analytics in real-time

User “A” receives Email and cl

icks on a innocuous link

Threat Indicator 1

No threat

Bad Reputation URL

Malware Downloaded

Command and Control

Network Scan for other v

ulnerable hosts

Threat Indicator 2

High Value

AssetsInfection Propagation

Threat Indicator 3

Stops threats – automatically Disable compromised credentials

Set filters on firewalls and switches

Block, rate limit or redirect traffic

Detects a full range of threats Compromised Credentials

Insider threats

Brute force attacks

DDoS attack (all forms)

Malware, BOTs, APTs Ransomware…

14

Seceon OTM Key Features

Policy monitoring and enforcement Protect critical resources

Restricting access to only select groups

Alert and stop upon attempt

Visualizes impact of attacks On applications, users

On the network

Provides traffic trend monitoring

Thank youFor further info about Seceon please write to : meghna.jaiswal@jktech.com