Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to The New Era of Cognitive Security
Similar to The New Era of Cognitive Security (20)
More from scoopnewsgroup
More from scoopnewsgroup (20)
Recently uploaded
Recently uploaded (20)
The New Era of Cognitive Security
- 1. The New Era of Cognitive Security IBM SECURITY ROADSHOW Peter Allor 29 August 2016 Senior Security Strategist, IBM Security Project Manager, Disclosures, IBM
- 2. 2 IBM Security Today’s security challenges • Organized Crime • Malicious Insiders • Nation States • Hacktivists ACTORS TARGETS VECTORS • Healthcare • Manufacturing • Government • Financials • Ransomware • Phishing, Exploit Kits • Stealthy Malware • Denial of Service REALITY • Cloud, mobile, IoT • Compliance • Human error • Skills gap
- 3. 3 IBM Security The attackers have organized… Global data sharing Marketplace for products and services Trusting relationships and networks Organized cyber gangs Criminal Boss Underboss Campaign Managers Affiliation Networks Stolen Data Resellers
- 4. 4 IBM Security Today’s attacks require a strategic security approach • Build multiple perimeters • Protect all systems • Use signature-based methods • Periodically scan for known threats • Shut down systems Tactical Approach Compliance-driven, reactionary Today’s Attacks • Assume constant compromise • Prioritize high-risk assets • Use behavioral-based methods • Continuously monitor activity • Gather, preserve, retrace evidence Strategic Approach Intelligent, orchestrated, automated Indiscriminate malware, spam and DDoS activity Advanced, persistent, organized, politically or financially motivated It takes power and precision to stop adversaries and unknown threats Yesterday’s Attacks
- 5. 5 IBM Security COGNITIVE, CLOUD, and COLLABORATION The next era of security INTELLIGENCE and INTEGRATION PERIMETER CONTROLS
- 6. 6 IBM Security Evolving to Cognitive Scale and magnify human cognition by leveraging automation Technique Outcome Human-centric communications • Advanced visualizations • Interactive vulnerability analysis, risk assessment, remediation, possible attribution • Ease the task of the security analyst Natural language sources and processing • Textual descriptions of past and current security breaches • Integrated vulnerability data per application and OS version • Consolidate threat intelligence Continuous machine learning • Deep learning and ensemble weighting techniques • Continuous extraction of features and patterns • Context in real time • Improve threat analyst decision-making Evidence-based reasoning • Provide evidence • Spot flawed logic • Enable analysts to weigh possible alternative outcomes • Improve human reasoning
- 7. 7 IBM Security Most security knowledge is untapped… Traditional Security Data Human Generated Knowledge • Security events and alerts • Logs and configuration data • User and network activity • Threat and vulnerability feeds • Threat intelligence • Research documents • Industry publications • Forensic information • Conference presentations • Analyst reports • Blogs • Webpages • Wikis • News sources • Wikis • Newsletters • Tweets A universe of security knowledge dark to your defenses
- 8. 8 IBM Security The world’s first Cognitive analytics solution using core Watson technology to understand, reason, and learn about security topics and threats Watson for Cyber Security Unlocking new possibilities
- 9. 9 IBM Security Revolutionizing how security analysts work Gain powerful insights • Tap into the vast array of data to uncover new patterns • Get smarter over time and build instincts Reduce the security skills gap • Triage threats and make recommendations with confidence, at scale and speed Save time and costs • Handle mass minutiae, so you can work on offense not endless defense SECURITY ANALYST Enterprise Security Analytics SECURITY ANALYST and WATSON !!! Cognitive techniques to mimic human intuition around advanced threats Human Generated Security Knowledge
- 10. 10 IBM Security Human Expertise Cognitive Security Cognitive systems bridge this gap and unlock a new partnership between security analysts and their technology Security Analytics • Data correlation • Pattern identification • Anomaly detection • Prioritization • Data visualization • Workflow • Unstructured analysis • Natural language • Question and answer • Machine learning • Bias elimination • Tradeoff analytics • Common sense • Morals • Compassion • Abstraction • Dilemmas • Generalization SECURITY ANALYSTS SECURITY ANALYTICS COGNITIVE SECURITY
- 11. 11 IBM Security A day in the life of investigating threats… Rafael Security Analyst HOUR Gets caught up on the latest security news through bulletins and social networks in order to identify new threats 1 HOURS Repeatedly investigates potential security incidents via online sources 3 HOURS Manually copies and pastes information from disparate and siloed tools to correlate data 4 All this mundane time spent, yet STILL SO MANY FALSE POSITIVES! Time consuming threat analysis
- 12. 12 IBM Security What I need is to feel human again. I need help from an experienced and trusted security advisor.”
- 13. 13 IBM Security The world’s first Cognitive analytics solution using core Watson technology to help analysts understand, reason, and learn about security topics and threats. Unlock new possibilities. Introducing… IBM Watson for cyber security
- 14. 14 IBM Security Watson for cyber security will significantly reduce threat research and response time RemediationInvestigation and Impact AssessmentIncident Triage Days to Weeks Manual threat analysis Remediation Investigation and Impact Assessment Incident Triage Minutes to Hours IBM Watson for cyber security assisted threat analysis Quick and accurate analysis of security threats, saving precious time and resources
- 15. 15 IBM Security With the help of Watson, Rafael can become more proactive • Faster investigations • Clear backlog easier • Increased investigative skills • Heavy lifting done beforehand Rafael Security Analyst Less time on the mundane, more time being human! Quick and accurate analysis of security threats, saving precious time and resources
- 16. 16 IBM Security We intend to integrate Watson for cyber security with IBM QRadar to accelerate Cognitive Security for our clients SendtoWatsonfor Security Internal Security Events and Incidents External Security Knowledge IBM QRadar Security Intelligence Platform Watson for cyber security QRadar sends Watson a pre-analyzed security incident Watson automatically provides response back to Security Analyst on probability of threat and best practices, resulting in substantial time savings
- 17. 17 IBM Security Cognitive systems scale knowledge Adapt and make sense of all data; “read” text, “see” images and “hear” natural speech with context Understand Interpret information, organize it and offer explanations of what it means, with rationale for the conclusions Reason Accumulate data and derive insight at every interaction, perpetually Learn IBM Confidential ANALYTICS COGNITIVE INFORMATION Knowledge DATASENSORS Cognitive systems curate knowledge from data without constant human intervention Security intelligence + big data analytics + Cognitive Security = maximum security
- 18. 18 IBM Security Application of Cognitive Computing to Cyber Security • Understanding of natural language, images and other sensory information. • Complex reasoning and deep interaction with experts • Hypothesis and question generation across arbitrary domains; meta-heuristic to automate algorithm choices
- 19. ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions © Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. FOLLOW US ON: THANK YOU
- 20. 20 IBM Security Watson saves the security analyst valuable time spent trying to keep pace manually Watson continuously crawls the internet for all information related to security in blogs, reports, advisories, and vulnerability disclosures
- 21. 21 IBM Security Watson helps uncover new connections previously unknown to the security analyst Watson aggregates local analytics with it’s own insight and quickly determines two possible malware families and an exploit kit (Locky or Dridex) SHARED UNDER NDA UNTIL MAY 10, 2016
- 22. 22 IBM Security Watson determines the specific campaign (Locky) and discovers more infected endpoints, sending results to incident response team Significantly reduces the attack surface by bringing new insights to the investigation and response process