• Home

  • Documents

  • Who am I? › USA-19 › Thursday › us-19-Westelius-Attack-S… · analytics product engineering...
23
@bubblewire Arkose Labs Scandi Why am I here? Who am I?

Who am I? › USA-19 › Thursday › us-19-Westelius-Attack-S… · analytics product engineering heuristics waf signals ml siem insights sweet spot for accurate, actionable & scalable

  • Upload
    others

  • View
    1

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Who am I? › USA-19 › Thursday › us-19-Westelius-Attack-S… · analytics product engineering heuristics waf signals ml siem insights sweet spot for accurate, actionable & scalable

@bubblewire Arkose Labs

Scandi

Why am I here?

Who am I?

Page 2: Who am I? › USA-19 › Thursday › us-19-Westelius-Attack-S… · analytics product engineering heuristics waf signals ml siem insights sweet spot for accurate, actionable & scalable

SubjectMatter

Expertise

DataAnalytics

Product engineering

heuristicsWAF

signalsML

SIEMinsights BUILDING

SECURITYPRODUCTS

ACCURATE,ACTIONABLE & SCALABLE SOLUTIONS

Page 3: Who am I? › USA-19 › Thursday › us-19-Westelius-Attack-S… · analytics product engineering heuristics waf signals ml siem insights sweet spot for accurate, actionable & scalable

SubjectMatter

Expertise

DataAnalytics

Product engineering

heuristicsWAF

signalsML

SIEMinsights

TRADITIONALDEFENSIVEPRODUCTS

Page 4: Who am I? › USA-19 › Thursday › us-19-Westelius-Attack-S… · analytics product engineering heuristics waf signals ml siem insights sweet spot for accurate, actionable & scalable

SubjectMatter

Expertise

DataAnalytics

Product engineering

heuristicsWAF

signalsML

SIEMinsights

SWEET SPOT

FOR ACCURATE,ACTIONABLE & SCALABLE SOLUTIONS

Page 5: Who am I? › USA-19 › Thursday › us-19-Westelius-Attack-S… · analytics product engineering heuristics waf signals ml siem insights sweet spot for accurate, actionable & scalable

HOW DO WE

SCALEENABLING AUTOMATION AND MACHINELEARNING WHILST AVOIDING COMMON PITFALLS

Page 6: Who am I? › USA-19 › Thursday › us-19-Westelius-Attack-S… · analytics product engineering heuristics waf signals ml siem insights sweet spot for accurate, actionable & scalable

INTERMEDIATEATTACK SURFACE

SEPARATED ENVIRONMENT USED TO TEST AND VALIDATE SUSPECT USAGE, ACTION ORBEHAVIOR

Page 7: Who am I? › USA-19 › Thursday › us-19-Westelius-Attack-S… · analytics product engineering heuristics waf signals ml siem insights sweet spot for accurate, actionable & scalable

WHERE WE SEE SOMEADJACENTCONCEPTS

INTERACTIVE HONEYPOTS, LAYER 7 IDS,ANTI-FRAUD,SPAM, BOT & ATO SOLUTIONS

Page 8: Who am I? › USA-19 › Thursday › us-19-Westelius-Attack-S… · analytics product engineering heuristics waf signals ml siem insights sweet spot for accurate, actionable & scalable

TO RETAIN ACCESS USERS MUST

COMPLETE TASKS AND TESTS AND PERFORM AS EXPECTED

Page 9: Who am I? › USA-19 › Thursday › us-19-Westelius-Attack-S… · analytics product engineering heuristics waf signals ml siem insights sweet spot for accurate, actionable & scalable

ESCALATEDVALIDATION

& WHAT WE LEARN FROM HONEYPOTS

Page 10: Who am I? › USA-19 › Thursday › us-19-Westelius-Attack-S… · analytics product engineering heuristics waf signals ml siem insights sweet spot for accurate, actionable & scalable

BENEFITS OF INTERMEDIATEATTACK SURFACE

MOVE TARGET FROM YOUR ASSETS, WASTE ATTACKERS TIMEAND EXHAUST RESOURCESVALIDATE USERS

Page 11: Who am I? › USA-19 › Thursday › us-19-Westelius-Attack-S… · analytics product engineering heuristics waf signals ml siem insights sweet spot for accurate, actionable & scalable

BUT WHAT IF IT COULD LEARN?

Page 12: Who am I? › USA-19 › Thursday › us-19-Westelius-Attack-S… · analytics product engineering heuristics waf signals ml siem insights sweet spot for accurate, actionable & scalable

MACHINELEARNING

DIFFERENT ALGORITHMS FOR DIFFERENT SITUATIONS WITH DIFFERENT REQUIREMENTS

Page 13: Who am I? › USA-19 › Thursday › us-19-Westelius-Attack-S… · analytics product engineering heuristics waf signals ml siem insights sweet spot for accurate, actionable & scalable

ENSAMBLEALGORITHMS

META ALGORITHMS THAT COMBINE SEVERAL ML MODELS FOR IMPROVED PERFORMANCE

Page 14: Who am I? › USA-19 › Thursday › us-19-Westelius-Attack-S… · analytics product engineering heuristics waf signals ml siem insights sweet spot for accurate, actionable & scalable

APPLYINGMACHINELEARNINGIN SECURITY

SHOW US THINGS WE DON’T KNOW

DO THINGS WE DO KNOW FASTER OR MORE EFFICIENT

(AT SCALE)

ANOMALYDETECTIONMALWARECLASSIFICATION

NETWORKFILTERINGBEHAVIORALANALYTICSMARKETING

LACK OF TRUSTNO EXPERTISEABSTRACT IDEAOVER RELIANCEON “SCIENCE”TRAINING DATANOT DEFINED PROBLEM

Page 15: Who am I? › USA-19 › Thursday › us-19-Westelius-Attack-S… · analytics product engineering heuristics waf signals ml siem insights sweet spot for accurate, actionable & scalable

ISSUES INMACHINELEARNINGIN SECURITY

SECURITY EXPERTS ARE NOT RARELY DATA SCIENTISTS

DATA SCIENTISTS ARE NOT RARELY

SECURITY EXPERTS

ANOMALYDETECTIONMALWARECLASSIFICATION

NETWORKFILTERINGBEHAVIORALANALYTICSMARKETING

LACK OF TRUSTNO EXPERTISEABSTRACT IDEAOVER RELIANCEON “SCIENCE”TRAINING DATANOT DEFINED PROBLEM

Page 16: Who am I? › USA-19 › Thursday › us-19-Westelius-Attack-S… · analytics product engineering heuristics waf signals ml siem insights sweet spot for accurate, actionable & scalable

PERCEPTIONMORE DATA

BETTER PERFORMANCE

MANY BELIEVE THAT FEEDING MORE DATA TO THE MODEL ALWAYS YIELD BETTER RESULTS

Page 17: Who am I? › USA-19 › Thursday › us-19-Westelius-Attack-S… · analytics product engineering heuristics waf signals ml siem insights sweet spot for accurate, actionable & scalable

REALITYSIZE DOESN’T REALLY MATTER

WHAT MATTERS MORE IS A CLEARLY DEFINED PROBLEM STATEMENT

Page 18: Who am I? › USA-19 › Thursday › us-19-Westelius-Attack-S… · analytics product engineering heuristics waf signals ml siem insights sweet spot for accurate, actionable & scalable

REDUCING

SCOPEDEFININGEXPECTEDBEHAVIOR FOR BETTER

RESULTS

Page 19: Who am I? › USA-19 › Thursday › us-19-Westelius-Attack-S… · analytics product engineering heuristics waf signals ml siem insights sweet spot for accurate, actionable & scalable

What about continuous reinforcement? → the beauty of

webapp security and user interaction

INTERACTIVEREINFORCEMENT

UTILIZING USER INTERACTION AS CONTINUOUS REINFORCEMENT FOR MODELS & HEURISTICS

Page 20: Who am I? › USA-19 › Thursday › us-19-Westelius-Attack-S… · analytics product engineering heuristics waf signals ml siem insights sweet spot for accurate, actionable & scalable

LOCALMODEL CORRECTION

BE SELECTIVE ABOUT WHATTO REINFORCE

Page 21: Who am I? › USA-19 › Thursday › us-19-Westelius-Attack-S… · analytics product engineering heuristics waf signals ml siem insights sweet spot for accurate, actionable & scalable

GLOBALNETWORKEFFECT

SIMILARITY IN ATTACKS ACROSS MANY TARGETS PROVIDE GLOBAL PERSPECTIVE

Page 22: Who am I? › USA-19 › Thursday › us-19-Westelius-Attack-S… · analytics product engineering heuristics waf signals ml siem insights sweet spot for accurate, actionable & scalable

CONCLUSION

Page 23: Who am I? › USA-19 › Thursday › us-19-Westelius-Attack-S… · analytics product engineering heuristics waf signals ml siem insights sweet spot for accurate, actionable & scalable

@bubblewire

arkoselabs.com

Let’s connect!

THANK YOU

IM BUILDING PRODUCTS AT

COME SEE OUR BOOTH #860


Imperva waf

Imperva waf

Technology
Web Application Frameworks (WAF)

Web Application Frameworks (WAF)

Technology
Bypassing waf advanced

Bypassing waf advanced

Documents
© Copyright 2014 Hewlett -Packard Development Company, …h41382. · AKAMAI KONA. Cloud-based DDoS & WAF. Devices logging to ArcSight; SIEM correlation; enrich data; push updates

© Copyright 2014 Hewlett -Packard Development Company, …h41382. · AKAMAI KONA. Cloud-based DDoS & WAF. Devices logging to ArcSight; SIEM correlation; enrich data; push updates

Documents
Usability Heuristics CMPT 281. Outline Usability heuristics Heuristic evaluation

Usability Heuristics CMPT 281. Outline Usability heuristics Heuristic evaluation

Documents
burlando um WAF

burlando um WAF

Internet
Web Application Firewalls (WAF)

Web Application Firewalls (WAF)

Documents
Waf Esben Danielsen

Waf Esben Danielsen

Entertainment & Humor
2018 - Siem Offshore · SIEM OFFSHORE INC. ANNUAL REPORT 2018 3. VESSELS IN THE FLEET Platform Supply Vessels (PSV) Siem Pride Siem Symphony Siem Atlas Siem Giant Siem Hanne Siem

2018 - Siem Offshore · SIEM OFFSHORE INC. ANNUAL REPORT 2018 3. VESSELS IN THE FLEET Platform Supply Vessels (PSV) Siem Pride Siem Symphony Siem Atlas Siem Giant Siem Hanne Siem

Documents
Web Application Firewalls (WAF) - Cert-IST · Liste les fonctionnalités possibles d’un WAF et non les fonctions minimum nécessaires d’un WAF Permet d’évaluer techniquement

Web Application Firewalls (WAF) - Cert-IST · Liste les fonctionnalités possibles d’un WAF et non les fonctions minimum nécessaires d’un WAF Permet d’évaluer techniquement

Documents
Waf Calgary 2008

Waf Calgary 2008

Technology
1110 sS TechGuide WAF

1110 sS TechGuide WAF

Documents
Automated (AI) Planning - cvut.cz · Automated (AI) Planning Introduction Obtaining heuristics Relaxation heuristics Relaxation Heuristics Dominance relation between admissible heuristics

Automated (AI) Planning - cvut.cz · Automated (AI) Planning Introduction Obtaining heuristics Relaxation heuristics Relaxation Heuristics Dominance relation between admissible heuristics

Documents
Waf bypassing Techniques

Waf bypassing Techniques

Education
Heuristics: Heuristics and Biases at the Bargaining Table

Heuristics: Heuristics and Biases at the Bargaining Table

Documents
hello waf, hello phoenix

hello waf, hello phoenix

Technology
SIEM HELIX 1 & 2 - Helix Energy Solutions Grouphelixesg.com/media/36686/Siem1Siem2.pdf · SIEM HELIX 1 SIEM HELIX 2 The Siem Helix 1 and Siem Helix 2 vessels are purpose designed

SIEM HELIX 1 & 2 - Helix Energy Solutions Grouphelixesg.com/media/36686/Siem1Siem2.pdf · SIEM HELIX 1 SIEM HELIX 2 The Siem Helix 1 and Siem Helix 2 vessels are purpose designed

Documents
Search, Backtracking,Heuristics Exhaustive Search/Heuristics

Search, Backtracking,Heuristics Exhaustive Search/Heuristics

Documents
AWS WAF - API Reference · AWS WAF API Reference ... 540 SqlInjectionMatchSet.....541 SqlInjectionMatchSetSummary

AWS WAF - API Reference · AWS WAF API Reference ... 540 SqlInjectionMatchSet.....541 SqlInjectionMatchSetSummary

Documents
Web Application Firewalls (WAF) - OWASP · Liste les fonctionnalités possibles d’un WAF et non les fonctions minimum nécessaires d’un WAF Permet d’évaluer techniquement le

Web Application Firewalls (WAF) - OWASP · Liste les fonctionnalités possibles d’un WAF et non les fonctions minimum nécessaires d’un WAF Permet d’évaluer techniquement le

Documents
Presentazione waf nov011 def

Presentazione waf nov011 def

Business
WAF / ModSec + OWASP CRS

WAF / ModSec + OWASP CRS

Documents
Netiq Siem(SIEM)

Netiq Siem(SIEM)

Documents
SIEM Integration Guide - bomgar.com · BomgarSIEMToolPluginInstallationandAdministration TheSecurityInformationandEventManagement(SIEM)toolpluginforBomgarRemoteSupportenablestheprocessingand

SIEM Integration Guide - bomgar.com · BomgarSIEMToolPluginInstallationandAdministration TheSecurityInformationandEventManagement(SIEM)toolpluginforBomgarRemoteSupportenablestheprocessingand

Documents
Cyberoam Waf Presentation

Cyberoam Waf Presentation

Documents
Netscaler WAF XSS

Netscaler WAF XSS

Technology
A little waf

A little waf

Technology
AHTS VS491 CD SIEM PEARL SIEM EMERALD SIEM · PDF fileahts vs491 cd siem pearl siem emerald siem sapphire siem aquamarine siem ruby siem topaz siem diamond siem garnet siem opal siem

AHTS VS491 CD SIEM PEARL SIEM EMERALD SIEM · PDF fileahts vs491 cd siem pearl siem emerald siem sapphire siem aquamarine siem ruby siem topaz siem diamond siem garnet siem opal siem

Documents
Work Boats 250 -1,200kW WAF/LAF 164-572ozmarmarine.com/upl/WAF_LAF_164-572.pdf · Work Boats WAF/LAF EngineRatingupto3,650kW Work Boats WAF/LAF ... Gearbox Main dimensions (mm) WAF

Work Boats 250 -1,200kW WAF/LAF 164-572ozmarmarine.com/upl/WAF_LAF_164-572.pdf · Work Boats WAF/LAF EngineRatingupto3,650kW Work Boats WAF/LAF ... Gearbox Main dimensions (mm) WAF

Documents
wrap.warwick.ac.ukwrap.warwick.ac.uk/135016/1/WRAP_Theses_Oyebolu_2019.pdf3.3.2 Heuristics, Meta-Heuristics, and Hyper-Heuristics. . . .19 3.3.3 Simulation Optimisation. . . . .

wrap.warwick.ac.ukwrap.warwick.ac.uk/135016/1/WRAP_Theses_Oyebolu_2019.pdf3.3.2 Heuristics, Meta-Heuristics, and Hyper-Heuristics. . . .19 3.3.3 Simulation Optimisation. . . . .

Documents