next gen security - the channel company...others include poisoning the data set, adversarial...

$: Next Gen Security - The Channel Company...Others include poisoning the data set, Adversarial learning, hostile environment, Intelligent human attacker who knows M.L. we\ൡknesses,$
Next Gen Security5 Myths Busted

Stephen Cobb| Senior Security Researcher

Presenter

Presentation Notes

Global cybersecurity company – known for our endpoint protection products – used in over 200 countries – 110 million points of protection. ESET has been around for 30 years. Europe’s largest security software company (EU and NATO)

Stephen Cobb has been researching computer security and data privacy for 30 years, helping companies, consumers, and government agencies to manage cyber risks, with a focus on emerging threats and policy issues. Cobb holds a master’s in security and risk management and has been a CISSP since 1996. He heads a US security research team for ESET, one of the world’s largest security software vendors.

Stephen CobbSr. Security ResearcherESET North America

Presenter

Presentation Notes

I’ve been researching information system security for 30 years. Born in Coventry, England, Britain’s Detroit. So I like car analogies. Anyone start out on a car journey and arrive seriously late, car troubles, traffic?

TRADITIONAL CARS DON’T WORK!TRADITIONAL CARS DON’T WORK!

Presenter

Presentation Notes

In some cases, under some circumstances

AeroMobil.com

YOU NEED A NEX GEN CAR!

Presenter

Presentation Notes

Made in Slovakia, Europe’s leading maker of cars (per head of population)

Nex Gen Security Myth #5:

Nex Gen security products were the first to use AI

Naive Bayes spam filtering (sold to Symantec)1990s

“The first company to introduce artificialintelligence to cyber security” - Cylance2016

Computer virus identification by neural networks – Daniel Guinier

Academia1991

NN for boot sector viruses – IBMFirst practical use in the security industry1996

Detection of Macro Viruses – ESET Machine Learning in ESET1997

Presenter

Presentation Notes

History matters.

Automated expert system

for mass processing

Algorithm placing

samples on a “cybersec map”

1998

Neural Networks

in ESET products

2006 20122005

DNA Detections(Online ML)

Presenter

Presentation Notes

Has real world benefits in current and future products

ESET Machine Learning flow

Presenter

Presentation Notes

This is how our Machine learning flow looks like. This is what we do with received executable file (or with document, etc) whenever anything is submitted to us as suspicious. We do both static and dynamic analysis, we extract DNA features and we push it through deep learning and neural networks and multimodel classifier and we consolidate the results and make a decision if the file is malicious or not. We do the same with sandboxes (both real and virtual). We do both behavioral analysis, deep monitoring of processes using kernel and hypervisor tracking and we extract behavioral features and connect it together to see if the sample is malicious or not. Using this automated processing, only the most interesting samples are given to Malware Research Labs and if those potentially malicious samples are really malicious we can create manual detection form them.


AI and Machine Learning are a silver bullet

MaliciousAIreport.com

“the pace of progress in AI suggests the likelihood of cyber attacks leveraging machine learning capabilities in the wild soon, if they have not done so already”

Presenter

Presentation Notes

Great report – must read.

Mimicry is just one was to defeat machine learning

Presenter

Presentation Notes

Others include poisoning the data set, Adversarial learning, hostile environment, Intelligent human attacker who knows M.L. weaknesses, new and old techniques, mean you have to keep updating algorithms.


False positive are no big deal

• False positives ARE a big deal• Some argue that, because some bad stuff is bound to get

onto your systems, you might as well get good at threat hunting then crank your detection up to 11

• Yes, threat hunting is important (check out ESET EDR)• But it is resource heavy and not everyone has the resources• So use a product with low false positives AND high detection

Presenter

Presentation Notes

FPs can bring work to a halt and waste a lot of $$

To reduce FPs your AI/ML needs a large database of correctly labelled samples.

How about 30 year’s worth?

Presenter

Presentation Notes

Our databases contain 100s of TBs of samples, but the amount is not the important thing in terms of training and ML model, our real advantage is the intelligence associated with that data, and correct labels for the data – which is the key for training a well-performing model.

Nex Gen Security Myth #2:The old, established security vendors can’t keep

up with the nex gen newcomers

• Did you miss the bit about the 30-year old vendor using ML last century?

• Do you mean keep up with the advertising spend, or keep up with evolving threats?

• How? Leverage a multi-layered defense, plus vast experience, across a complete security eco-system

Presenter

Presentation Notes

For example…

UEFI Scanner

Network AttackProtection

Reputationand Cache

In-productSandbox DNA Detections

AdvancedMemoryScanner

RansomwareShield

ExploitBlocker

BotnetProtection

Script Scanner(AMSI)

LiveGrid® Protection

DeviceControl

Presenter

Presentation Notes

ESET provides its customers with multi-layered protection since single layer is simply not enough to protect against our adversaries.

Presenter

Presentation Notes

ESET ecosystem from point of view of the technologies and the products/solutions

WannaCry• Stopped by ESET• Before it started• No updates needed

Not everyone saw this

Presenter

Presentation Notes

ESET defeated EternalBlue well before WannaCry

Or this

NotPetya• Stopped by ESET• And we found where it

was coming from• Helped shut it down

Presenter

Presentation Notes

We not only defeated it, we helped shut it down by finding the source (supply chain attack).

Nex Gen Security Myth #1:The fact that security breaches still happen

means security software doesn’t work

• We bought your software but we still got infected• Did you install it, correctly, on all your endpoints?• Did you configure it so people can’t turn it off?• Does it alert you if people do turn it off?• Do your users know how to respond to alerts?

• This is true for any gen

Presenter

Presentation Notes

We all win.

Nex Gen Security: 5 myths busted

1. The fact that security breaches still happen means security software doesn’t work

2. The old, established security vendors can’t keep up with nex gen players

3. False positives are no big deal4. AI and Machine Learning are a silver bullet5. Nex Gen security products were the first to use AI

Presenter

Presentation Notes

Recap

NexGen MSPs are NOT a myth

You are the future of technology deployment

• We all benefit from safe and secure technology• We can achieve that if we form the right partnerships• Look for security partners with a history of innovation

and a solid history of delivering reliable solutions• Solutions that are supported with passion by partners

with integrity and a passion for security

Presenter

Presentation Notes

Go nex gen MSPs!

Presenter

Presentation Notes

WeLiveSecurity.Com

www.eset.com | www.welivesecurity.com

Stephen CobbSenior Security Researcher

@zcobb

Presenter

Presentation Notes

Thank you

Local Offices & BranchesPrague (CZ)Jablonec nad Nisou (CZ)Sao Paulo (BR)Jena (DE)Krakow (PL)Sydney (AU)Taunton (GB)Bournemouth (GB)Toronto (CA)

Montreal (CA)Iași (RO)Mexico City (Mexico)Zilina (SK)Brno (CZ)Tokio (JP)Kosice (SK)Munich (DE)Melbourne (AU)

BRATISLAVAHeadquarters

BUENOS AIRES

SINGAPORE

SANDIEGO

MONTREALTORONTO

Presenter

Presentation Notes

Global

next gen security - the channel company...others include poisoning the data set, adversarial...

Documents