predicting likelihood of cyber breach by analyzing ...€¦ · 18 years at fico • guide analytic...
TRANSCRIPT
© 2017 Fair Isaac Corporation. Confidential. 1© 2017 Fair Isaac Corporation. Confidential. This presentation is provided for the recipient only and cannot be reproduced or shared without Fair Isaac Corporation’s express consent.
P redicting likelihood of cyber breach by analyzing external s ecurity pos ture of enterpris es
Scott M. Zoldi, Ph.D. Chief Analytics Officer FICO
@ScottZoldi
© 2017 Fair Isaac Corporation. Confidential. 2
S cott Zoldi, PhD – Chief Analytics Officer
• 18 years at FICO
• Guide analytic development, across Fintech, Fraud, AML, Retail, Insurance, Healthcare, Cyber-security and IoT.
• Author of 79 patents (39 granted and 40 in process)
• New initiatives in Machine Learning and Streaming Analytics
• Recent focus on self learning analytics for real-time detection of Cyber attacks and mobile device analytics
01020304050607080
2012 2013 2014 2015 2016
Pat
ent C
ount
*
*Includes published and filed
Fraud
Cyber and Other
Multilayer Self-Calibrating Analytics(Neural learning)
Unsupervised Archetype Profiling(Text Analytics)
Biometric Analytics(Streaming)
Auto-encoder Model-monitoring(Deep Learning)
Purchase Propensity(Context-aware)
© 2017 Fair Isaac Corporation. Confidential. 3
Cyber s ecurity threats : Everyone is a target and every vulnerability is exploited!
ATM
POS
Mobile
WebsiteSWIFT
Employees
Partners
ISV / Telecom
© 2017 Fair Isaac Corporation. Confidential. 4
Forres ter 2017 Breach Predictions :
S ignificant “cyber-cris is ”
A Fortune-1000 will fail due to cyber-breach
CIS Os to allocate 25% to externals ervices and automation tools
60% of s mall bus ines s es fail in the firs t 6 months
© 2017 Fair Isaac Corporation. Confidential. 5
A s ingle, eas ily interpreted, commonly unders tood s core of an organization’s potential breach ris k – a reference metric us ed enterpris e-wide: Board of Directors , CEO, CIS O, and s ecurity profes s ionals alike.
Quantifies how an organization appears to a cyber criminal
Inform breach ins urance underwriting proces s
As certain s ecurity ris k of partner organizations and the vendor s upply chain
What is facilitated by Cyber Risk Score
###
840
835
© 2017 Fair Isaac Corporation. Confidential. 6
Cyber R is k – Leveraging a Credit R is k Playbook
Top lenders us ing FICO® S cores when making lending decis ions90%
FICO Scores purchas ed in US annually10B
Bus ines s es that rely on the FICO S core 70K
Countries where the FICO S core is deployed20
Low RiskHigh Risk
© 2017 Fair Isaac Corporation. Confidential. 7
ES S Delivers a Pas s ively Obtained Empirical S core
• Millions of data elements continually monitored at internet s cale
• His torical depth to reflect s ecurity pos ture of breached networks prior to the incident
• Meas urements that s erve to as s es s policy effectivenes s and management behaviors
• Data richnes s that s upports empirical analys is , not judgment-bas ed grades
CommercialS ources
Breach Events
CompiledS ources
Internet P res ence
E.g., Spamhaus
Details of global breaches incidents
Firm demographics
FICO EnterpriseSecurity Score
Passive Scan Info
E.G., open ports, version / patches,
expired certs
Exposure
© 2017 Fair Isaac Corporation. Confidential. 8
2 тη
χc
c S
Ü ß
ģ
Cyber Breach R is k: Building an Empirical ModelPerformance Date (ex: 12-15-2016)
Data elements collected on observation date
Malware/Spam/Phishing
NTP/DNS/SNMP/SSDP
Certificates/configs
Demographic Data
300 350 400 450 500 550 600 650 700 750 800 850
BadsGoodsFICO: 24 Xothers: 5X
Observation Date (ex: 12-15-2015)
+ TAG+ FEATURES
Breached??
ScorecardModel(s)
© 2017 Fair Isaac Corporation. Confidential. 9
Data Collected; Operationalized via S core and R eas on Codes
Three categories of monitored issues with corresponding
reason codes
Endpoint SecurityMalware/Spam/Phishing
Infrastructure SecurityNTP/DNS/SNMP/SSDP
Services & SoftwareCertificates/Configurations
Organization Score
© 2017 Fair Isaac Corporation. Confidential. 10
Does S ize Matter? Identification of R is kies t Network As s ets
( ) [ ]CCsssxsxq
PR
Lii ,0,0,maxmin| ∈
−−
=
Low Risk
Variable
Rela
tive
prob
abili
ty
LS RSpS
ix
Current variable value
High Risk
Security posture of the organization informed by its weakest link using patent-pending technology
US Patent 8,027,439; 8,041,597; 13/367,344; 15/463,420
Multi-Layer S elf
Calibrating S core
Hidden Layer
Input Layer
Output Layer
WeightsTuning
© 2017 Fair Isaac Corporation. Confidential. 11
As s et s coring and remediation : Where’s my weakes t links
Weakest Link
© 2017 Fair Isaac Corporation. Confidential. 12
R emediation and Overs ight: Actionable Intelligence
Prefix 205.153.84.0/22 contains 11 endpoints with expired SSL certificates
Prefix 169.54.49.208/28 contains 3 endpoints engaging in spamming behavior
Prefix 205.167.52.0/23 contains 4 endpoints that resolve recursive DNS queries
© 2017 Fair Isaac Corporation. Confidential. 13
1. A single risk metric: ESS continuously quantifies the likelihood of a future data breach
2. Utility: In addition to breach prediction, ESS can be used to inform the breach insurance underwriting process
3. Liability: Know your vendors’ and partners’ risk along the entire vendor supply chain prior to data exchange
© 2017 Fair Isaac Corporation. Confidential. 14
Thank you!