Cognitive Security:

How Artificial Intelligence Is Your New Best Friend

TM

The potential for machine learning in the cyber space

KEITH MOOREDIRECTOR OF PRODUCT MANAGEMENT

SPARKCOGNITION

Why Machine Learning Is Needed To Solve These Problems

Automates the analyst research process

Scales to ingest massive data streams

Combats constantly evolving malware variants

Defends networks against hard to identify APTs

Cross-correlates between data to find threats

SparkCognition A.I. technology can accelerate Decision Making

• Identifies anomalous events

• Aggregates multiple data streams

• Recognizes known and unknown patterns

• Incorporates analyst feedback so that underlying models learn from human response

• Presents actionable evidence behind its conclusions

A.I software trains on historical events to recognize patterns and provide maximum business awareness

Scan for matches Against DB and Suspected Patterns

Patterns Stored in Cognitive DB

Supervisory Input

Confidential

TM

What sort of problems can be solved using machine learning?

Polymorphic malware is significantly shifting the security landscape

78% of security analysts no longer trust anti-virus tools

99% of malware hashes are seen for only 58 seconds or less

16% of malware samples are “virtual machine aware”

Machine Learning Anti-Virus combats obfuscation and polymorphism

Break down the DNA of every file

Analyze all of the components individually

Determine likelihood of

malicious nature

• 50% of analysts cite too many false positives as a significant detractor of SIEM use

SIEM

Big data is leading to a big problem…

10,000 Alerts

• Analysts can focus on real threats with much of their research completely automated

SIEM

Machine Learning research and prioritization tools ensure analysts look at relevant threats

10,000 Alerts

Identifying terms are pulled from potential threat anomalies

Multiple search engines are automatically queried (e.g.: “Is Opera/ 12.14 using Port 8888 a threat?” )

Search engine results are filtered for language and relevance

Threat Term FilterThreat Confidence

& Evidence

NLP Model Processing

Summary Generation

Search engine results are aggregated

Proprietary NLP model reads and understands language, assigns confidence score reflecting malicious nature

Extraction

Search Engine 2

Search Engine 1

Aggregate Results

Relevant term text is extracted from web pages

Most relevant term text is identified and ranked

Evidence is summarized using natural language generation and displayed with confidence score

Search Engine 3…

Natural Language Processing builds a bridge between anomalous behavior and malicious intent

SparkSecure is a comprehensive, advanced cyber security platform

Agentless EP

Protection

Bot Detection Find the

Snowden

Personally

Identifiable Info

Web Server

Protection

Research

Automation

• Traditional AV detects

< 5% of new

advanced threats

• 56% of web traffic is bot

generated

• 29% of bot traffic is

malicious

• 11% of employees

access unauthorized

docs and sell for profit

• Companies need to

prevent the leakage of

PII. Out of compliance

can lead to penalties

• Web server breaches,

on average, cost $3.79M

• Analysts are inundated

with alerts, most of

which are false positives

• Forensic costs went up

25% last year

• Ingests network traffic

logs to monitors

network perimeter for

anomalies

• Deploys Machine

Learning AntiVirus to

detect 98% of new

zero-day attacks early

• Proprietary Machine

Learning classification

algorithm powers bot

identification

• Develops Bot signatures

and rules to block

threats

• Uses temporal and

behavioral analysis to

identify deviations and

threats with minimal

false positives

• Automatically examine

user agent and payloads

for PII

• Stop inbound &

outbound leakage

• Reads email traffic and

attachments for

unstructured PII

• Analyzes incoming traffic

for SQL injections, XSS,

DDoS etc.

• Co-relates to multiple

internal & external

sources

• Automated threat

research expedites time

to remediation

• Rapid custom data

querying in HDFS scales

to massive data sets

• IBM Watson powered

automated threat

research and advisor

Pro

ble

mSo

luti

on

TM

Thank You