Cyber Threat Hunting Using Machine Learning and Artificial Intelligence
Total Page:16
File Type:pdf, Size:1020Kb
Cyber Threat Hunting using Machine Learning and Artificial Intelligence Denis Onuoha Chief Information Security Officer Arqiva IABM Copyright 2018 www.theiabm.org @THEIABM Introduction Arqiva is a leading UK communications infrastructure company enabling a vibrant digital economy. We are behind the scenes and central to millions of vital connections. We are pioneers in an always on, always connected world. Every day our infrastructure and associated services enable millions of people and machines to connect wherever they are through TV, radio, mobile and the Internet of Things (IoT). Our technology enables us to work with everyone from mobile network operators, such as BT-EE, Vodafone, O2 and Three to independent radio groups and major broadcasters, such as the BBC, ITV, Sky, Turner and CANAL+ to utility companies such as Thames Water. Denis Onuoha is the Chief Information Security Officer at Arqiva. He has the overall responsibility for Security Risk Management, Information Assurance and Cyber Security for the company and is at the forefront of its fight in defending against the latest media industry cyber-attacks. Denis commenced work in the financial sector with responsibilities for Risk and Information Security, subsequently making the move across to the broadcast industry. He is a qualified Lead Auditor for the ISO27001 and ISO22301 standards; a Lead Implementer for ISO22301; a Risk Manager in accordance with ISO27005; and has successfully attained ISACA’s CISA and CISM certifications. A proactive IT professional, Denis sits on three of UK's Centre for the Protection of National Infrastructure (CPNI) Government Information Security Exchanges and is the elected Chair of the AIB Cyber Security Working Group. IABM Copyright 2018 www.theiabm.org @THEIABM Kill Chain Visualisation Hours to Months Seconds Months Timeline 2. Weaponisation 4. Exploitation 6. Command & Control Coupling exploit Exploiting a vulnerability Command channel for with backdoor into to execute code on remote manipulation deliverable payload victim’s system of victim’s system 1. Reconnaissance Harvesting email addresses, conference information, etc 3. Delivery 5. Installation 7. Action on objectives Delivering weaponised Installing With ‘Hands on bundle to the victim malware on keyboard’ access, via email, web, usb the asset intruders accomplish etc… Mission objective Preparation Intrusion Active Breach IABM Copyright 2018 www.theiabm.org @THEIABM Artificial Intelligence and Machine Learning in Cyber Defence 4. 1. Network Data User Behaviour IPS, IDS, Packet Analytics, User Data, Capture, Net Flow Active Directory, Proxy Logs, VPN Application Data AI engine Endpoint Data API Calls, Data Registry, Connections, Exchange, WAF Data Processes, Memory, File Intergrity 3. 2. IABM Copyright 2018 www.theiabm.org @THEIABM Benefit of AI & Machine Learning Real time security Threat Anticipation Threat Hunting monitoring Threat Intelligence and Indicators of Discovering covert Compromise from Detecting key known threats using Vendors - automated threats in real time behaviours can be mitigated before being hit IABM Copyright 2018 www.theiabm.org @THEIABM Cyber Incident Management redefined via Artificial Intelligence Automatic Stop the Contain containment spread Response Response Clean up orchestration IABM Copyright 2018 www.theiabm.org @THEIABM WHERE’S WALLY IABM Copyright 2018 www.theiabm.org @THEIABM Conclusion Makes good Improved Improved Improved Reduced Business Protection Detection Response Cost sense IABM Copyright 2018 www.theiabm.org @THEIABM ? Any questions Denis Onuoha Email: [email protected] LinkedIn: www.linkedin.com/in/denisonuoha Mobile: +447814219954 IABM Copyright 2018 www.theiabm.org @THEIABM.