SlideShare a Scribd company logo

Challenges in Applying AI to Enterprise Cybersecurity

T
Tahseen Shabab

Applying AI/ML in live Cybersecurity environments can be challenging. We share some of our learnings and identify common pitfalls. Bibu Labs is a leading Cybersecurity company leveraging AI to solve complex problems faced by Enterprise clients.

Technology
1 of 36
Download to read offline
tahseen@bibulabs.com
Bob
300+ alerts per day 60-75% noise (false positives) 2-7 days to detect attacks + =
300+ alerts per day 60-75% noise (false positives) 2-7 10Xdevices over next 5 yrs + = days to detect attacks
300+ alerts per day 60-75% noise (false positives) 2-7 10Xdevices over next 5 yrs Complexity of sensor data + = days to detect attacks
BibuLabs 7 Hacker Attacks Organized Sophisticated Targeted I n c r e a s i n g l y :
BibuLabs 8 “Challenges in Applying AI to Cybersecurity” Tahseen Shabab Presenter Large Bank (Canada) Fortune 60 Telecommunication Firm (US) Top 3 Financial Services Firm (Canada) North American Government More +
BibuLabs 9 Bibu Labs Team Tahseen Shabab Founder & CEO Prof. Hassan Khan Chief Scientist Prof. Kate Larson Advisor - AI Prof. Larry Smith Advisor - Strategy
BibuLabs 10 ACCESSING WATERLOO REGION’S SECURITY ECOSYSTEM waterlooedc.ca NOTE: While companies may have a presence in mul�ple categories of this cluster map, they will only appear in the category that most directly reflects their business. CYBERSECURITY CRYPTOGRAPHY QUANTUMLAF INC. FINTECH Security P2P BLOCKCHAIN/SECURITY NETWORKS COMMERCIALIZATION HUBS 01100001 01110100 01100101 01110010 01101100 01101111 01101111 00100111 01110011 00100000 01010011 01100101 01100011 01110101 01110010 01101001 01110100 01111001 00100000 01000101 01100011 01101111 01110011 01111001 01110011 01110100 01100101 01101101 01000100 01100101 01100011 01101111 01100100 01101001 01101110 01100111 00100000 01010111 01100001 01110100 01100101 01110010 01101100 01101111 01101111 00100111 01110011 00100000 01010011 01100101 01100011 01110101 01110010 01101001 01110100 01111001 00100000 01000101 01100011 01101111 01110011 01111001 01110011 01110100 01100101 01101101 01000100 01100101 01100011 01101111 01100100 01101001 01101110 01100111 00100000 RISK ASSESSMENT/THREAT DETECTION BLOCKCHAIN RESEARCH LABS AND HUBS MS2discovery Interdisciplinary Research Ins�tuteWaterloo Cybersecurity and Privacy Ins�tute Cryptography, Security, and Privacy Research Group The Centre for Wireless Communica�ons Centre for Applied Cryptographic Research Centre for Computa�onal Mathema�cs in Industry and Commerce Waterloo Ar�ficial Intelligence Ins�tute Waterloo Centre for Automo�ve Research Communica�ons Security Lab Waterloo Ins�tute for Nanotechnology Ins�tute for Quantum Compu�ng RBC Cybersecurity Lab Cybersecurity Zone EMBEDDED SECURITY
BibuLabs 11 Enterprise Security
BibuLabs HR Data Lake Enterprise Security Simplified Router IPS/IDS End Point Server Threat Intel FW Decoy Sensors SIEM Tool Attack Detection Orchestration IDS NAC Antivirus FW Controls Analysts APIs Note: The following is a simplified conceptual diagram
BibuLabs 13 Impact 96% 4%19% Security Solutions (avg) Alerts Not Addressed Alerts Reliable Alerts Investigated 75 Reference: Ponemon Institute
BibuLabs 14 Last Line of Defence Threat Vectors Increasing Analysts have to constantly keep updated with latest attack vectors Deployment of More Sensors with AI Analysts have to look at individual inference from each sensor Contextual Knowledge Analysts have to match their expertise with inference to make decisions
BibuLabs Domain Knowledge Still Required (An Analogy) Pill Pill.ai Tool = AI Surgeon = Cybersecurity Note: “The following is my opinion” ~ Tahseen Shabab
BibuLabs 16 Understanding Tools of the Trade (Explainable Inference)
BibuLabs White Paper VS Client Impact
BibuLabs 18 The Perfect Onboarding Vendor Provides Expert Analyst Heavy manual intervention during POC period Custom Report Curated Analysts pin point some rare attacks, remove false positives and share report with client Clients Suffer After POC Clients expect product to run by itself after POC period Image Credit: Hackernoon: How to Attract “Turkers” and Be the Ultimate Mechanical Turk Hero!
BibuLabs 19 Lab VS Production Environment Pill Lab (Research Setting) Production
BibuLabs 20 Imbalanced Datasets ~ 0.001% of dataset correlates to hack Dynamic Environment Traffic, User Behaviour, Attacker Behaviour Attack Pattern Not Necessarily Carried Forward Hackers are getting increasingly targeted Problems Specific to Cybersecurity
BibuLabs 21 Context Relevance of inference is dependant on context which keeps on changing Attack Surface Unique Based on Clients specific IT Environment Clients Prioritize Attack Vectors specific to risk appetite Data Quality Data quality might be the real bottle neck Challenges With Generic Solutions
BibuLabs 22 Red Team VS Data Science Team Identify Relevant Attack Vectors Red Team Performs Attacks Data Science Team Builds Models 1 2 3 Attack Data Generated 4 Validated Models Deployed In Production 5
BibuLabs Cybersecurity - AI Talent? Cybersecurity AI
BibuLabs Strategic View AI
BibuLabs HR Data Lake Where To Apply AI? Router IPS/IDS End Point Server Threat Intel FW Decoy Sensors SIEM Tool Attack Detection Orchestration IDS NAC Antivirus FW Controls Analysts APIs Note: The following is a simplified conceptual diagram AI (HCI) AI AI AI AI AI AI AI AI AI AI AI AI
BibuLabs 26 Adversarial Attacks
BibuLabs 27 Hackers take path of least resistance If a patch has been deployed, hackers will try another route Adaptive Nature of Hackers (Cat and Mouse Game) Vulnerability 1 Vulnerability 2 Vulnerability 3
BibuLabs 28 Data Distribution Actively Manipulated
BibuLabs Attack: Data Poisoning
BibuLabs Impact •  Analysts waste time on False Positives •  Illustration* User Behavior of Sales Executives Legitimate deviation from norm Sophisticated lateral movement Priority 1.  False Positives 2.  False Positives 3.  False Positives 4.  False Positives 5.  Sophisticated Attack
BibuLabs web.config Crown Jewel Sophisticated lateral movement logs Under The Radar
BibuLabs 32 Attack: Induce Specific Output Add Noise Classifier Misclassifies Object Models Learn Differently Than Humans “Explaining and Harnessing Adversarial Examples”, Ian Goodfellow
BibuLabs 33 Attack: Expose Model Attributes Submit queries, Observe response - Training Data - Architecture "Towards Reverse Engineering Black Box Neural Networks”, Seong Oh - Optimization Procedures
BibuLabs 34 Cost of Error High
BibuLabs 35 High Throughput of Data Analysts Short in Supply Consequence of missed False Negatives 0.001% Error Rate Could Be Too High
BibuLabs 36 Thank You

Recommended

From machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurityFrom machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurity
Infosec
 
AI cybersecurity
AI cybersecurityAI cybersecurity
AI cybersecurity
ShauryaGupta38
 
AI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtAI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for Thought
NUS-ISS
 
The good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurityThe good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurity
Mohammad Khreesha
 
How Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber SecurityHow Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber Security
DevOps.com
 
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
Shawn Tuma
 
Is AI going to provide safety for us?
Is AI going to provide safety for us?Is AI going to provide safety for us?
Is AI going to provide safety for us?
DLabs
 
The Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsThe Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact Us
PECB
 

Recommended

From machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurityFrom machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurity
Infosec
 
AI cybersecurity
AI cybersecurityAI cybersecurity
AI cybersecurity
ShauryaGupta38
 
AI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtAI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for Thought
NUS-ISS
 
The good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurityThe good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurity
Mohammad Khreesha
 
How Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber SecurityHow Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber Security
DevOps.com
 
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
Shawn Tuma
 
Is AI going to provide safety for us?
Is AI going to provide safety for us?Is AI going to provide safety for us?
Is AI going to provide safety for us?
DLabs
 
The Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsThe Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact Us
PECB
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AI
DexterJanPineda
 
How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security
Robert Smith
 
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
SahilRao25
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in Cybersecurity
Forcepoint LLC
 
Blackbox Testing in AI Cybersecurity
Blackbox Testing in AI CybersecurityBlackbox Testing in AI Cybersecurity
Blackbox Testing in AI Cybersecurity
ShauryaGupta38
 
AI In Cybersecurity – Challenges and Solutions
AI In Cybersecurity – Challenges and SolutionsAI In Cybersecurity – Challenges and Solutions
AI In Cybersecurity – Challenges and Solutions
ZoneFox
 
Practical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in CybersecurityPractical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in Cybersecurity
scoopnewsgroup
 
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
Forcepoint LLC
 
Application of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityApplication of Machine Learning in Cyber Security
Application of Machine Learning in Cyber Security
Dr. Umesh Rao.Hodeghatta
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AI
Raffael Marty
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AI
Forcepoint LLC
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on Cybersecurity
Graham Mann
 
Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)
Harsh Bhanushali
 
OA_Cyber security course with AI
OA_Cyber security course with AIOA_Cyber security course with AI
OA_Cyber security course with AI
Object Automation
 
Cybersecurity with AI - Ashrith Barthur
Cybersecurity with AI - Ashrith BarthurCybersecurity with AI - Ashrith Barthur
Cybersecurity with AI - Ashrith Barthur
Sri Ambati
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with ai
Burhan Ahmed
 
HOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYHOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITY
Priyanshu Ratnakar
 
Cognitive automation with machine learning in cyber security
Cognitive automation with machine learning in cyber securityCognitive automation with machine learning in cyber security
Cognitive automation with machine learning in cyber security
Rishi Kant
 
Product security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsProduct security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security Certs
LabSharegroup
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber Security
RajathV2
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetup
pbink
 
The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...
lior mazor
 

More Related Content

What's hot

AI In Cybersecurity – Challenges and Solutions
AI In Cybersecurity – Challenges and SolutionsAI In Cybersecurity – Challenges and Solutions
AI In Cybersecurity – Challenges and Solutions
ZoneFox
 
Application of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityApplication of Machine Learning in Cyber Security
Application of Machine Learning in Cyber Security
Dr. Umesh Rao.Hodeghatta
 
HOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYHOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITY
Priyanshu Ratnakar
 
Product security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsProduct security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security Certs
LabSharegroup
 

What's hot (20)

Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AI
 
How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security
 
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in Cybersecurity
 
Blackbox Testing in AI Cybersecurity
Blackbox Testing in AI CybersecurityBlackbox Testing in AI Cybersecurity
Blackbox Testing in AI Cybersecurity
 
AI In Cybersecurity – Challenges and Solutions
AI In Cybersecurity – Challenges and SolutionsAI In Cybersecurity – Challenges and Solutions
AI In Cybersecurity – Challenges and Solutions
 
Practical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in CybersecurityPractical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in Cybersecurity
 
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
 
Application of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityApplication of Machine Learning in Cyber Security
Application of Machine Learning in Cyber Security
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AI
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AI
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on Cybersecurity
 
Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)
 
OA_Cyber security course with AI
OA_Cyber security course with AIOA_Cyber security course with AI
OA_Cyber security course with AI
 
Cybersecurity with AI - Ashrith Barthur
Cybersecurity with AI - Ashrith BarthurCybersecurity with AI - Ashrith Barthur
Cybersecurity with AI - Ashrith Barthur
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with ai
 
HOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYHOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITY
 
Cognitive automation with machine learning in cyber security
Cognitive automation with machine learning in cyber securityCognitive automation with machine learning in cyber security
Cognitive automation with machine learning in cyber security
 
Product security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsProduct security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security Certs
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber Security
 

Similar to Challenges in Applying AI to Enterprise Cybersecurity

Verisign iDefense Security Intelligence Services
Verisign iDefense Security Intelligence ServicesVerisign iDefense Security Intelligence Services
Verisign iDefense Security Intelligence Services
TechBiz Forense Digital
 
Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Continuous Application Security at Scale with IAST and RASP -- Transforming D...Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Jeff Williams
 
V-Empower Services And Solutions
V-Empower Services And SolutionsV-Empower Services And Solutions
V-Empower Services And Solutions
guest609a5ed
 

Similar to Challenges in Applying AI to Enterprise Cybersecurity (20)

Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetup
 
The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence Services
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence Services
 
Verisign iDefense Security Intelligence Services
Verisign iDefense Security Intelligence ServicesVerisign iDefense Security Intelligence Services
Verisign iDefense Security Intelligence Services
 
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Continuous Application Security at Scale with IAST and RASP -- Transforming D...Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Continuous Application Security at Scale with IAST and RASP -- Transforming D...
 
Role of Generative AI in Strengthening Cybersecurity Measures | USCSI®
Role of Generative AI in Strengthening Cybersecurity Measures | USCSI®Role of Generative AI in Strengthening Cybersecurity Measures | USCSI®
Role of Generative AI in Strengthening Cybersecurity Measures | USCSI®
 
V-Empower Services And Solutions
V-Empower Services And SolutionsV-Empower Services And Solutions
V-Empower Services And Solutions
 
V-Empower Services And Solutions
V-Empower Services And SolutionsV-Empower Services And Solutions
V-Empower Services And Solutions
 
Bsides SP 2022 - EPSS - Final.pptx
Bsides SP 2022 - EPSS - Final.pptxBsides SP 2022 - EPSS - Final.pptx
Bsides SP 2022 - EPSS - Final.pptx
 
Embedded Systems Security: Building a More Secure Device
Embedded Systems Security: Building a More Secure DeviceEmbedded Systems Security: Building a More Secure Device
Embedded Systems Security: Building a More Secure Device
 
Embedded Systems Security: Building a More Secure Device
Embedded Systems Security: Building a More Secure DeviceEmbedded Systems Security: Building a More Secure Device
Embedded Systems Security: Building a More Secure Device
 
Haystax Technology - About Us
Haystax Technology - About UsHaystax Technology - About Us
Haystax Technology - About Us
 
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...
 
NSS Labs Präsentation isd
NSS Labs Präsentation isdNSS Labs Präsentation isd
NSS Labs Präsentation isd
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
 
We cant hack ourselves secure
We cant hack ourselves secureWe cant hack ourselves secure
We cant hack ourselves secure
 
Introduction to PolySwarm
Introduction to PolySwarmIntroduction to PolySwarm
Introduction to PolySwarm
 

Recently uploaded

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 

Recently uploaded (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 

Challenges in Applying AI to Enterprise Cybersecurity

  • 2. Bob
  • 3. 300+ alerts per day 60-75% noise (false positives) 2-7 days to detect attacks + =
  • 4. 300+ alerts per day 60-75% noise (false positives) 2-7 10Xdevices over next 5 yrs + = days to detect attacks
  • 5. 300+ alerts per day 60-75% noise (false positives) 2-7 10Xdevices over next 5 yrs Complexity of sensor data + = days to detect attacks
  • 6.
  • 8. BibuLabs 8 “Challenges in Applying AI to Cybersecurity” Tahseen Shabab Presenter Large Bank (Canada) Fortune 60 Telecommunication Firm (US) Top 3 Financial Services Firm (Canada) North American Government More +
  • 9. BibuLabs 9 Bibu Labs Team Tahseen Shabab Founder & CEO Prof. Hassan Khan Chief Scientist Prof. Kate Larson Advisor - AI Prof. Larry Smith Advisor - Strategy
  • 10. BibuLabs 10 ACCESSING WATERLOO REGION’S SECURITY ECOSYSTEM waterlooedc.ca NOTE: While companies may have a presence in mul�ple categories of this cluster map, they will only appear in the category that most directly reflects their business. CYBERSECURITY CRYPTOGRAPHY QUANTUMLAF INC. FINTECH Security P2P BLOCKCHAIN/SECURITY NETWORKS COMMERCIALIZATION HUBS 01100001 01110100 01100101 01110010 01101100 01101111 01101111 00100111 01110011 00100000 01010011 01100101 01100011 01110101 01110010 01101001 01110100 01111001 00100000 01000101 01100011 01101111 01110011 01111001 01110011 01110100 01100101 01101101 01000100 01100101 01100011 01101111 01100100 01101001 01101110 01100111 00100000 01010111 01100001 01110100 01100101 01110010 01101100 01101111 01101111 00100111 01110011 00100000 01010011 01100101 01100011 01110101 01110010 01101001 01110100 01111001 00100000 01000101 01100011 01101111 01110011 01111001 01110011 01110100 01100101 01101101 01000100 01100101 01100011 01101111 01100100 01101001 01101110 01100111 00100000 RISK ASSESSMENT/THREAT DETECTION BLOCKCHAIN RESEARCH LABS AND HUBS MS2discovery Interdisciplinary Research Ins�tuteWaterloo Cybersecurity and Privacy Ins�tute Cryptography, Security, and Privacy Research Group The Centre for Wireless Communica�ons Centre for Applied Cryptographic Research Centre for Computa�onal Mathema�cs in Industry and Commerce Waterloo Ar�ficial Intelligence Ins�tute Waterloo Centre for Automo�ve Research Communica�ons Security Lab Waterloo Ins�tute for Nanotechnology Ins�tute for Quantum Compu�ng RBC Cybersecurity Lab Cybersecurity Zone EMBEDDED SECURITY
  • 12. BibuLabs HR Data Lake Enterprise Security Simplified Router IPS/IDS End Point Server Threat Intel FW Decoy Sensors SIEM Tool Attack Detection Orchestration IDS NAC Antivirus FW Controls Analysts APIs Note: The following is a simplified conceptual diagram
  • 13. BibuLabs 13 Impact 96% 4%19% Security Solutions (avg) Alerts Not Addressed Alerts Reliable Alerts Investigated 75 Reference: Ponemon Institute
  • 14. BibuLabs 14 Last Line of Defence Threat Vectors Increasing Analysts have to constantly keep updated with latest attack vectors Deployment of More Sensors with AI Analysts have to look at individual inference from each sensor Contextual Knowledge Analysts have to match their expertise with inference to make decisions
  • 15. BibuLabs Domain Knowledge Still Required (An Analogy) Pill Pill.ai Tool = AI Surgeon = Cybersecurity Note: “The following is my opinion” ~ Tahseen Shabab
  • 16. BibuLabs 16 Understanding Tools of the Trade (Explainable Inference)
  • 17. BibuLabs White Paper VS Client Impact
  • 18. BibuLabs 18 The Perfect Onboarding Vendor Provides Expert Analyst Heavy manual intervention during POC period Custom Report Curated Analysts pin point some rare attacks, remove false positives and share report with client Clients Suffer After POC Clients expect product to run by itself after POC period Image Credit: Hackernoon: How to Attract “Turkers” and Be the Ultimate Mechanical Turk Hero!
  • 19. BibuLabs 19 Lab VS Production Environment Pill Lab (Research Setting) Production
  • 20. BibuLabs 20 Imbalanced Datasets ~ 0.001% of dataset correlates to hack Dynamic Environment Traffic, User Behaviour, Attacker Behaviour Attack Pattern Not Necessarily Carried Forward Hackers are getting increasingly targeted Problems Specific to Cybersecurity
  • 21. BibuLabs 21 Context Relevance of inference is dependant on context which keeps on changing Attack Surface Unique Based on Clients specific IT Environment Clients Prioritize Attack Vectors specific to risk appetite Data Quality Data quality might be the real bottle neck Challenges With Generic Solutions
  • 22. BibuLabs 22 Red Team VS Data Science Team Identify Relevant Attack Vectors Red Team Performs Attacks Data Science Team Builds Models 1 2 3 Attack Data Generated 4 Validated Models Deployed In Production 5
  • 23. BibuLabs Cybersecurity - AI Talent? Cybersecurity AI
  • 25. BibuLabs HR Data Lake Where To Apply AI? Router IPS/IDS End Point Server Threat Intel FW Decoy Sensors SIEM Tool Attack Detection Orchestration IDS NAC Antivirus FW Controls Analysts APIs Note: The following is a simplified conceptual diagram AI (HCI) AI AI AI AI AI AI AI AI AI AI AI AI
  • 27. BibuLabs 27 Hackers take path of least resistance If a patch has been deployed, hackers will try another route Adaptive Nature of Hackers (Cat and Mouse Game) Vulnerability 1 Vulnerability 2 Vulnerability 3
  • 30. BibuLabs Impact •  Analysts waste time on False Positives •  Illustration* User Behavior of Sales Executives Legitimate deviation from norm Sophisticated lateral movement Priority 1.  False Positives 2.  False Positives 3.  False Positives 4.  False Positives 5.  Sophisticated Attack
  • 32. BibuLabs 32 Attack: Induce Specific Output Add Noise Classifier Misclassifies Object Models Learn Differently Than Humans “Explaining and Harnessing Adversarial Examples”, Ian Goodfellow
  • 33. BibuLabs 33 Attack: Expose Model Attributes Submit queries, Observe response - Training Data - Architecture "Towards Reverse Engineering Black Box Neural Networks”, Seong Oh - Optimization Procedures
  • 35. BibuLabs 35 High Throughput of Data Analysts Short in Supply Consequence of missed False Negatives 0.001% Error Rate Could Be Too High