next generation threats and utilising artificial intelligence and … · 2018-02-15 · next...

Next Generation Threats and Utilising Artificial

Intelligence and Big Data Analytics

Ian Glover

0044 7970 817 101

Ian.glover@crest-approved.org

The CREST Vision

Not For Profit

Organisation

Industry Support Research Guides

Pen Testing

Maturity Model

Social Responsibility Research

Current Research Activities

• SOC Accreditation

• Cyber Security Chartered Status

• Bug Bounty

• Wider Neuro diversity – Dyslexia

• Penetration Testing Standards

• Social Engineering In Penetration Testing

Schemes

Penetration Testing Cyber Security Incident Response

(CSIR)

Penetration Testing Threat Intelligence

Penetration Testing Cyber Incident Response

(CIR)

Penetration Testing Threat Intelligence

NSA NSCAP CIRA (Cyber Incident Response Assistance)

Reduce Threat Reduce Vulnerability

Avoid Detect

Recover

Reducing Threat Very Difficult

Reduce Threat

AI In Threat Reduction

• Artificial Intelligence is being used to combine huge amounts of threat intelligence

• Geopolitical

• Big Data

• Social Media

• Dark Web

• Company or Sector Target Information

Penetration Testing And Implementation Of Technical

Standards Reduces Vulnerabilities

How To Decide What Level Is Required?

Basic Levels of Assurance. Alignment with schemes such as Cyber Essentials. No specific industry orientation

High Levels of Assurance. Aligned to industry Simulation of known industry threats

AI In Vulnerability Assessment

• Very difficult to support the lower end of the market due to a lack of resource and cost

• Attack tools are more automated and sophisticated and therefore the analysis tools need to keep pace

• We need to assess outcome based results of tools (this needs to be the approach for other professions)

Cyber Essentials

Cyber Essentials

Evolve To Meet New Generation of Attack

Tools

AI In Basic Cyber Hygiene

• We must be investing in new ways to combat the new generation of threats

• We might need to change the model of protection – mafia against small shops is not a fair fight

Traditional Penetration Testing

More Formally Link With Existing Security

Standards

Establish Minimum Standards That Are Not Too Prescriptive

and Can Evolve Quickly

AI in Security Management and Audit

• The concept of continual security management should the topic of research (monitoring policy compliance, security improvement plans, personal security compliance etc.)

• Traditional views of period audit should move towards continual audit

• Traditional audit firms are working our what this means to their business

• In cyber we could take a much more proactive approach in all of these areas

Critical National Infrastructure

Intelligence Led Penetration Testing Services

Target Environment

Skill and knowledge of tester

Tools based on known vulnerabilities and attack

vectors

Validation from peer groups and informal

discussion forums

OWASP and other public sources

Company Research

Published Cyber Threat Intelligence

Up-to-date

incident data

Up-to-date

threat intel

Emerging Cyber Threat Intelligence

Evidence Based

Contextualised

CBEST / TBEST

Critical National Infrastructure

Potential Schemes Domestic

+

Civil Nuclear

Energy

Space

Water

Defence

Emergency Services

Chemical

Transport

Health

Food

AI In Threat Intelligence

• AI (artificial and augmented) is the basis and the reason that the new Cyber Security Threat Intelligence industry exists an d is flourishing

Also Exercise Continuity Plans Against Real Life

Scenarios

Detect

Continual Threat Monitoring

SOC Accreditation

SOC Accreditation

Document Review

On Site Audit

Technical Evaluation

AI In SOC

• SOC utilise big data analytics

• Professionally run SOCs are already saying that they use AI

• The AI services should be used as a way of supporting the decisions of the SOC analysts and management

Invocation Before Attack

Heighten Awareness Configuration Review

Update Penetration Test

Recover

Cyber Security Incident Response

• Again difficult to provide support at the lowest level

• AI utilised for malware reverse engineering

• Can we build AI concepts into CERTs

• Can we build AI into the information exchanges

AI In The Profession

Existing CREST Qualifications

Multiple Choice

Practical Long Form

Non Licence To

Trade Fellowship

We Have A Skills Shortage!

We need to upskill our existing workforce

We need to encourage more talented people into our industry

All Professions Impacted by AI and Big Data Analytics

How does a market react to the need to upskill an exiting work force?

How does a market react to difficulties

in the recruiting talent?

Operated as an industry without Chartered status

What has changed?

Balanced Assurance Programme

Reduce Threat

Detect

Reduce Vulnerability

Recover

Thank you

ian.glover@crest-approved.org 07970 817101

www.crest-approved.org