Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
@bubblewire Arkose Labs
Scandi
Why am I here?
Who am I?
SubjectMatter
Expertise
DataAnalytics
Product engineering
heuristicsWAF
signalsML
SIEMinsights BUILDING
SECURITYPRODUCTS
ACCURATE,ACTIONABLE & SCALABLE SOLUTIONS
SubjectMatter
Expertise
DataAnalytics
Product engineering
heuristicsWAF
signalsML
SIEMinsights
TRADITIONALDEFENSIVEPRODUCTS
SubjectMatter
Expertise
DataAnalytics
Product engineering
heuristicsWAF
signalsML
SIEMinsights
SWEET SPOT
FOR ACCURATE,ACTIONABLE & SCALABLE SOLUTIONS
HOW DO WE
SCALEENABLING AUTOMATION AND MACHINELEARNING WHILST AVOIDING COMMON PITFALLS
INTERMEDIATEATTACK SURFACE
SEPARATED ENVIRONMENT USED TO TEST AND VALIDATE SUSPECT USAGE, ACTION ORBEHAVIOR
WHERE WE SEE SOMEADJACENTCONCEPTS
INTERACTIVE HONEYPOTS, LAYER 7 IDS,ANTI-FRAUD,SPAM, BOT & ATO SOLUTIONS
TO RETAIN ACCESS USERS MUST
COMPLETE TASKS AND TESTS AND PERFORM AS EXPECTED
ESCALATEDVALIDATION
& WHAT WE LEARN FROM HONEYPOTS
BENEFITS OF INTERMEDIATEATTACK SURFACE
MOVE TARGET FROM YOUR ASSETS, WASTE ATTACKERS TIMEAND EXHAUST RESOURCESVALIDATE USERS
BUT WHAT IF IT COULD LEARN?
MACHINELEARNING
DIFFERENT ALGORITHMS FOR DIFFERENT SITUATIONS WITH DIFFERENT REQUIREMENTS
ENSAMBLEALGORITHMS
META ALGORITHMS THAT COMBINE SEVERAL ML MODELS FOR IMPROVED PERFORMANCE
APPLYINGMACHINELEARNINGIN SECURITY
SHOW US THINGS WE DON’T KNOW
DO THINGS WE DO KNOW FASTER OR MORE EFFICIENT
(AT SCALE)
ANOMALYDETECTIONMALWARECLASSIFICATION
NETWORKFILTERINGBEHAVIORALANALYTICSMARKETING
LACK OF TRUSTNO EXPERTISEABSTRACT IDEAOVER RELIANCEON “SCIENCE”TRAINING DATANOT DEFINED PROBLEM
ISSUES INMACHINELEARNINGIN SECURITY
SECURITY EXPERTS ARE NOT RARELY DATA SCIENTISTS
DATA SCIENTISTS ARE NOT RARELY
SECURITY EXPERTS
ANOMALYDETECTIONMALWARECLASSIFICATION
NETWORKFILTERINGBEHAVIORALANALYTICSMARKETING
LACK OF TRUSTNO EXPERTISEABSTRACT IDEAOVER RELIANCEON “SCIENCE”TRAINING DATANOT DEFINED PROBLEM
PERCEPTIONMORE DATA
BETTER PERFORMANCE
MANY BELIEVE THAT FEEDING MORE DATA TO THE MODEL ALWAYS YIELD BETTER RESULTS
REALITYSIZE DOESN’T REALLY MATTER
WHAT MATTERS MORE IS A CLEARLY DEFINED PROBLEM STATEMENT
REDUCING
SCOPEDEFININGEXPECTEDBEHAVIOR FOR BETTER
RESULTS
What about continuous reinforcement? → the beauty of
webapp security and user interaction
INTERACTIVEREINFORCEMENT
UTILIZING USER INTERACTION AS CONTINUOUS REINFORCEMENT FOR MODELS & HEURISTICS
LOCALMODEL CORRECTION
BE SELECTIVE ABOUT WHATTO REINFORCE
GLOBALNETWORKEFFECT
SIMILARITY IN ATTACKS ACROSS MANY TARGETS PROVIDE GLOBAL PERSPECTIVE
CONCLUSION
@bubblewire
arkoselabs.com
Let’s connect!
THANK YOU
IM BUILDING PRODUCTS AT
COME SEE OUR BOOTH #860