Upload
others
View
7
Download
0
Embed Size (px)
Citation preview
AI. READY? GO!Sergej EPPChief Security Officer, Central Europe
CONFCIKER
2 | © 2018, Palo Alto Networks. All Rights Reserved.
2008NOVEMBER
3 | © 2019 Palo Alto Networks, Inc. All Rights Reserved.
NETWORKENGINEERS
HACKERS
APPENDIX
4 | © 2019 Palo Alto Networks, Inc. All Rights Reserved.
SOC
BOTS
RISK MATRIX - 2019
5 | © 2019 Palo Alto Networks, Inc. All Rights Reserved.
§ Connected vehicle(air/rail/car) threats
§ Quantum computing
§ Data exfiltration in the cloud
§ Cyber Hygiene
§ AI voice fraud§ AI phishing§ AI chatbots
§ Firmware implants§ Destructive
threats§ ID mass
blackmailing
§ OT/IoT Threats§ Insider Threat
§ Third Party Threat§ Spyware§ Identity theft
§ Ransomware Virus
§ AI Exploit Fuzzing§ AI Malware Gen.
§ Biometrics loss § CEO Fraud§ Compromised
patch control
§ Crimeware-as-a-service
§ Phishing
§ SupervisoryOversight
§ BYOD threats § Attack obfuscation§ Denial of Service
§ Banking Malware
§ Advancedregulations
§ Cryptojacking
Emerging Unlikely Possible Likely Very Likely
Acute
Severe
High
Medium
Low
6 | © 2019 Palo Alto Networks, Inc. All Rights Reserved.
ROBOTS
7 | © 2019 Palo Alto Networks, Inc. All Rights Reserved.
DETECTION
PREVENTION
RESPONSE
§ Burden to triage§ Costs of false negative
§ Enforcement§ Feedback Loop
SECURITY LIFECYCLE
Cons
tant
ly ch
angi
ng e
nviro
nmen
t
§ Interability of alerts§ Often EDR limited§ Highly time-intensive
8 | © 2019 Palo Alto Networks, Inc. All Rights Reserved.4RECOMMENDATIONS
9 | © 2019 Palo Alto Networks, Inc. All Rights Reserved.
„I will fix your detection problems“- AI
OUTPUT DATA
INTRODUCTION INTO MACHINE LEARNING
10 | © 2019 Palo Alto Networks, Inc. All Rights Reserved.
INPUT DATA
PROGRAM
PROGRAMINPUT DATA
OUTPUT DATA
Machine Learning
Traditional Programming
Referece: Prof. Domingos
11 | © 2019 Palo Alto Networks, Inc. All Rights Reserved.
12 | © 2019 Palo Alto Networks, Inc. All Rights Reserved.
13 | © 2019 Palo Alto Networks, Inc. All Rights Reserved.
4. Run Red Team Exercises
5. Cross-organizational telemetry
3. Use Honeypots
2. Review incidents
1. Use public dataset
effe
ctiv
enes
s
HOW TO GET EFFECTIVE TRAINING DATA?
14 | © 2019 Palo Alto Networks, Inc. All Rights Reserved.
BEISPIEL: SPAM
15 | © 2019 Palo Alto Networks, Inc. All Rights Reserved.
IT’S A TEAMSPORT!
1. CREATE TRUST FOR
CLOUD SECURITY PRODUCTS
16 | © 2018, Palo Alto Networks. All Rights Reserved.
17 | © 2018, Palo Alto Networks. All Rights Reserved.
INTERABILITY OF ALERTS
18 | © 2018, Palo Alto Networks. All Rights Reserved.
BLIND SPOTS
19 | © 2018, Palo Alto Networks. All Rights Reserved.
COMPREHENSIVE ANALYSIS
2. ESTABLISHRICH DATA VISIBILITY
20 | © 2018, Palo Alto Networks. All Rights Reserved.
Reconnaissance Weaponizationand Delivery
Exploitation Command and Control
Lateral Movement
Installation Actions onthe Objective
Automated Detection and Prevention
Threat Alerting and Hunting
Focus on this side
Focus on this side
21 | © 2019 Palo Alto Networks. All Rights Reserved.
FOCUS HUMAN EFFORT ON THE RIGHT SIDE OF ATTACK LIFECYCLE
AFAutoFocus
TRTraps
WFWildFire
GPGlobalProtect
APAperture
Cortex XDR
EXAMPLE: THREAT INTELLIGENCE
Block list
Quarantine list
Alert list
Sandbox
ExploitKits, Scanning IPs
C2 IPs Move to quarantinenetwork
Rebuild device
Analyze device
Signatures
Firewall
Endpoint
Indicators
APT IPs
Notify user
AI:beaconing
SHARING
UserViolation
3. AUTOMATE YOUR
SECURITY PLAYBOOKS
23 | © 2018, Palo Alto Networks. All Rights Reserved.
24 | © 2019 Palo Alto Networks, Inc. All Rights Reserved.
25 | © 2019 Palo Alto Networks, Inc. All Rights Reserved.
THE HIDDEN COSTS OF POINT PRODUCTS
BUY IT
BUY SOMEBODY TO MANAGE
BUY A POINT PRODUCT INTEL PERSON
BUY SOMEBODY TO TIEIT ALL TOGETHER
ACTUAL COSTS
IT‘S SURVEY TIME
26 | © 2019 Palo Alto Networks, Inc. All Rights Reserved.
100 3050
“HOW MANY SECURITY TOOLS DO YOU USE IN YOUR ORGANIZATION?”
HYPE CYCLE
28 | © 2019 Palo Alto Networks, Inc. All Rights Reserved.
29 | © 2019 Palo Alto Networks, Inc. All Rights Reserved.
4. REVIEW YOUR
POINT PRODUCTS
30 | © 2018, Palo Alto Networks. All Rights Reserved.
LETS GET IT DONE
31 | © 2019, Palo Alto Networks. All Rights Reserved.
MY PLAN FOR CYBERHYGIENE AND FOCUS ON WHAT MATTERS
30 Days
Create inventory for security products and rate them on§ Penetration level across
network, endpoint, cloud§ Prevention maturity§ API maturity§ Crowd intelligence
90 Days
§ Introduce SecDevOps forkey products and validate recommendation from yourinventory
§ Create a plan and share with vendors
270 days
Rationalize security products
CONFICKER INFECTIONS 2019
32 | © 2019 Palo Alto Networks, Inc. All Rights Reserved.
THANK YOU
Email: [email protected]: @EppSecurity