Cognitive Security:
How Artificial Intelligence Is Your New Best Friend
TM
The potential for machine learning in the cyber space
KEITH MOOREDIRECTOR OF PRODUCT MANAGEMENT
SPARKCOGNITION
Why Machine Learning Is Needed To Solve These Problems
Automates the analyst research process
Scales to ingest massive data streams
Combats constantly evolving malware variants
Defends networks against hard to identify APTs
Cross-correlates between data to find threats
SparkCognition A.I. technology can accelerate Decision Making
• Identifies anomalous events
• Aggregates multiple data streams
• Recognizes known and unknown patterns
• Incorporates analyst feedback so that underlying models learn from human response
• Presents actionable evidence behind its conclusions
A.I software trains on historical events to recognize patterns and provide maximum business awareness
Scan for matches Against DB and Suspected Patterns
Patterns Stored in Cognitive DB
Supervisory Input
Confidential
TM
What sort of problems can be solved using machine learning?
Polymorphic malware is significantly shifting the security landscape
78% of security analysts no longer trust anti-virus tools
99% of malware hashes are seen for only 58 seconds or less
16% of malware samples are “virtual machine aware”
Machine Learning Anti-Virus combats obfuscation and polymorphism
Break down the DNA of every file
Analyze all of the components individually
Determine likelihood of
malicious nature
• 50% of analysts cite too many false positives as a significant detractor of SIEM use
SIEM
Big data is leading to a big problem…
10,000 Alerts
• Analysts can focus on real threats with much of their research completely automated
SIEM
Machine Learning research and prioritization tools ensure analysts look at relevant threats
10,000 Alerts
Identifying terms are pulled from potential threat anomalies
Multiple search engines are automatically queried (e.g.: “Is Opera/ 12.14 using Port 8888 a threat?” )
Search engine results are filtered for language and relevance
Threat Term FilterThreat Confidence
& Evidence
NLP Model Processing
Summary Generation
Search engine results are aggregated
Proprietary NLP model reads and understands language, assigns confidence score reflecting malicious nature
Extraction
Search Engine 2
Search Engine 1
Aggregate Results
Relevant term text is extracted from web pages
Most relevant term text is identified and ranked
Evidence is summarized using natural language generation and displayed with confidence score
Search Engine 3…
Natural Language Processing builds a bridge between anomalous behavior and malicious intent
SparkSecure is a comprehensive, advanced cyber security platform
Agentless EP
Protection
Bot Detection Find the
Snowden
Personally
Identifiable Info
Web Server
Protection
Research
Automation
• Traditional AV detects
< 5% of new
advanced threats
• 56% of web traffic is bot
generated
• 29% of bot traffic is
malicious
• 11% of employees
access unauthorized
docs and sell for profit
• Companies need to
prevent the leakage of
PII. Out of compliance
can lead to penalties
• Web server breaches,
on average, cost $3.79M
• Analysts are inundated
with alerts, most of
which are false positives
• Forensic costs went up
25% last year
• Ingests network traffic
logs to monitors
network perimeter for
anomalies
• Deploys Machine
Learning AntiVirus to
detect 98% of new
zero-day attacks early
• Proprietary Machine
Learning classification
algorithm powers bot
identification
• Develops Bot signatures
and rules to block
threats
• Uses temporal and
behavioral analysis to
identify deviations and
threats with minimal
false positives
• Automatically examine
user agent and payloads
for PII
• Stop inbound &
outbound leakage
• Reads email traffic and
attachments for
unstructured PII
• Analyzes incoming traffic
for SQL injections, XSS,
DDoS etc.
• Co-relates to multiple
internal & external
sources
• Automated threat
research expedites time
to remediation
• Rapid custom data
querying in HDFS scales
to massive data sets
• IBM Watson powered
automated threat
research and advisor
Pro
ble
mSo
luti
on
TM
Thank You