Cyber Threat Hunting Using Machine Learning and Artificial Intelligence
Cyber Threat Hunting using Machine Learning and Artificial Intelligence
Denis Onuoha Chief Information Security Officer Arqiva
IABM Copyright 2018 www.theiabm.org @THEIABM Introduction
Arqiva is a leading UK communications infrastructure company enabling a vibrant digital economy. We are behind the scenes and central to millions of vital connections. We are pioneers in an always on, always connected world. Every day our infrastructure and associated services enable millions of people and machines to connect wherever they are through TV, radio, mobile and the Internet of Things (IoT). Our technology enables us to work with everyone from mobile network operators, such as BT-EE, Vodafone, O2 and Three to independent radio groups and major broadcasters, such as the BBC, ITV, Sky, Turner and CANAL+ to utility companies such as Thames Water.
Denis Onuoha is the Chief Information Security Officer at Arqiva. He has the overall responsibility for Security Risk Management, Information Assurance and Cyber Security for the company and is at the forefront of its fight in defending against the latest media industry cyber-attacks. Denis commenced work in the financial sector with responsibilities for Risk and Information Security, subsequently making the move across to the broadcast industry. He is a qualified Lead Auditor for the ISO27001 and ISO22301 standards; a Lead Implementer for ISO22301; a Risk Manager in accordance with ISO27005; and has successfully attained ISACA’s CISA and CISM certifications. A proactive IT professional, Denis sits on three of UK's Centre for the Protection of National Infrastructure (CPNI) Government Information Security Exchanges and is the elected Chair of the AIB Cyber Security Working Group.
IABM Copyright 2018 www.theiabm.org @THEIABM Kill Chain Visualisation
Hours to Months Seconds Months Timeline 2. Weaponisation 4. Exploitation 6. Command & Control Coupling exploit Exploiting a vulnerability Command channel for with backdoor into to execute code on remote manipulation deliverable payload victim’s system of victim’s system
1. Reconnaissance Harvesting email addresses, conference information, etc 3. Delivery 5. Installation 7. Action on objectives Delivering weaponised Installing With ‘Hands on bundle to the victim malware on keyboard’ access, via email, web, usb the asset intruders accomplish etc… Mission objective
Preparation Intrusion Active Breach
IABM Copyright 2018 www.theiabm.org @THEIABM Artificial Intelligence and Machine Learning in Cyber Defence 4. 1.
Network Data User Behaviour IPS, IDS, Packet Analytics, User Data, Capture, Net Flow Active Directory, Proxy Logs, VPN
Application Data AI engine Endpoint Data API Calls, Data Registry, Connections, Exchange, WAF Data Processes, Memory, File Intergrity
3. 2.
IABM Copyright 2018 www.theiabm.org @THEIABM Benefit of AI & Machine Learning
Real time security Threat Anticipation Threat Hunting monitoring
Threat Intelligence and Indicators of Discovering covert Compromise from Detecting key known threats using Vendors - automated threats in real time behaviours can be mitigated before being hit
IABM Copyright 2018 www.theiabm.org @THEIABM Cyber Incident Management redefined via Artificial Intelligence
Automatic Stop the Contain containment spread
Response Response Clean up orchestration
IABM Copyright 2018 www.theiabm.org @THEIABM WHERE’S WALLY
IABM Copyright 2018 www.theiabm.org @THEIABM Conclusion
Makes good Improved Improved Improved Reduced Business Protection Detection Response Cost sense
IABM Copyright 2018 www.theiabm.org @THEIABM ? Any questions Denis Onuoha Email: [email protected] LinkedIn: www.linkedin.com/in/denisonuoha Mobile: +447814219954
IABM Copyright 2018 www.theiabm.org @THEIABM