Como a través de un simple acceso un atacante puede causar daños en las organizaciones a nivel operacional o de robo de información y como se pueden proteger las organizaciones de dichos ataques.
1. IA para la ciberdefensa: Como la
Ciber IA neutraliza amenazas nunca
antes vistas
SantiagoCristanchoCarillo
Ejecutivo deciberseguridad
#ProtectionPeru2019
2.
3. Desafíos en la era digital
El ambiente de la ciber amenaza
Aumento en la velocidad y sofisticación de los
ataques.
Días cero
Hacks de IoT
Ransomware automatizado
Amenaza interna
Exfiltración de datos "bajos y lentos"
El ambiente empresarial y las herramientas
tradicionales
Las herramientas tradicionales se basan en la
definición de "benigno" o "malicioso" por
adelantado, a través de reglas o firmas
Ya no es viable, dado:
Aparición de amenazas novedosas y de información
privilegiada.
Complejidad, diversidad y escala del negocio digital.
4. IA puede hacer frente a la complejidad digital, mejorar las
defensas antiguas y permitir enfoques fundamentalmente
nuevos en seguridad cibernética:
• Antiguas defensas- mejoras incrementales de los
enfoques de protección existentes que se basan en
reglas, firmas o líneas de base fijas, incluyendo las
variantes de la "próxima generación" de:
• Anti-virus
• Firewalls/ CASB
• SIEM, UEBA y analítica basada en log
• Analítica basada en red
• Nuevos enfoques: los "sistemas inmunes
empresariales" que pueden aprender a funcionar
normalmente "en el trabajo", detectar amenazas
novedosas y luchan en una etapa temprana
La promesa de la Inteligencia Artificial
#ProtectionPeru2019
5. Aprende el ‘yo 'en tiempo real
Detecta toda forma de amenaza cibernética
Funciona en la nube, SaaS, empresa, industrial
Combate de forma autónoma
Se escala hacia arriba o hacia abajo en diversos
ambientes
100% de visibilidad
Ciber sistema
inmune basado
en IA
#ProtectionPeru2019
8. Encuentra las amenazas que logran entrar
Miles de amenazas en curso detectadas cada día:
• Gusanos indiscriminados, troyanos, ransomware
• Exfiltración de datos confidenciales por parte de
personal interno
• Dispositivos IoT hackeados, como HVAC,
videoconferencia, peceras conectados a Internet
• Acceso a VPN irregular desde usuarios y sitios
remotos
• Sistemas de control industrial comprometidos
• Ataques a la seguridad física, como escáneres
biométricos y lectores de cedulas
• Campañas criminales a largo plazo y secuestro de
infraestructura.
10. "Anticuerpo" digital que responde a las
amenazas emergentes que ya están dentro del
negocio pero que se pueden manejar antes de
que se conviertan en una crisis
Combate contra ataques automatizados y
rápidos
Ejecuta quirúrgicamente el "patrón de vida"
individual o grupal y mantiene las operaciones
normales durante los ataques
Da tiempo a los humanos para ponerse al día y
minimiza la lucha contra amenazas criticas
Respuesta de Ciber IA
12. Industry:
Point of entry:
Apparent objective:
Darktrace previene el cifrado de 5.000 documentos
Asociado de inversiones
descargó inadvertidamente un
archivo malicioso de
ransomware
Al descargar el ejecutable, el
ransomware comenzó a cifrar
casi 5.000 documentos.
Darktrace Antigena respondió
en segundos, neutralizando la
amenaza y evitando una mayor
pérdida de datos
Adjunto malicioso mediante email
Cifrar los archivos cruciales y
extorsionar el pago por la clave de
descifrado
Servicios Financieros
#ProtectionPeru2019
13. Industry:
Point of entry:
Apparent objective:
Un casillero inteligente intenta exfiltrar datos
Atacante se infiltró en la red a
través de un casillero conectado
a internet
Comenzó a mover mas de una
gigabyte de datos lateralmente a
través de la red
Darktrace Antigena respondió,
bloqueando las conexiones
salientes del dispositivo sin
interrumpir otras operaciones
Casillero conectada a internet
Exfiltrar información personal
sensible
Medios y entretenimiento
#ProtectionPeru2019
Traditional approach relies on the plausibility of being able to anticipate what bad is going to look like, and from the perspective of the GENERAL SITUATION
.Start w/ cloud so it doesn’t come across as an add-on or afterthought
Consoildate 6 and 7 and replace with total coverage with IoT, On Premise,
Autonomous Response:
When we talk about autonomous response, we are talking about AI that generates, automatically and independently, a response in reaction to a cyber-threat.
This is a new frontier in cyber defense, but a very fundamental part of the Enterprise Immune System as an end-to-end platform
Like an antibody in the immune system, Antigena Network takes highly targeted, measured action to contain in-progress threats that Darktrace detects.
This is really important because it means that Antigena doesn’t disrupt day-to-day business functions. It can do this because essentially what Antigena is doing is enforcing the normal ‘pattern of life’ of a device or its peer group, allowing normal activity to continue uninterrupted. So an employee wouldn’t even notice if Antigena is taking action on their device.
Critically, Antigena buys security teams time to catch up. If you take ransomware, these attacks are capable of encrypting an entire network in a matter of minutes, and if it hits on a Friday night or at 3 in the morning, you’ll need intelligent, autonomous response to step in and contain it in real time.
Antigena also allows for integrations with leading firewalls (e.g. Palo Alto, Cisco, Juniper) and switches for orchestration.
And Antigena is not only able to instantly contain infections in the network and cloud environments, but is also able to pre-emptively protect the business against email-borne attack campaigns by neutralizing malicious emails before they even reach the user..
hide
Despite many high-profile cases and a large amount of public information, ransomware remains one of the most serious cyber-threats. As new strains emerge every day, CISOs cannot afford to become complacent. Compounding the challenge, new GDPR regulations have made the need for total visibility and control over sensitive information even more pressing.
On the network of a leading technology and media investment company in Asia, an investment associate inadvertently downloaded a ransomware file designed to look like an authentic email. The infected device connected to the GrandCrab ransomware infrastructure and instantly started to encrypt almost 5,000 internal documents, adding a file extension containing a ransom note demanding payment in order to unlock them.
The moment the device downloaded the executable, Darktrace identified the ongoing threat as a widespread and sophisticated ransomware attack. Darktrace Antigena blocked all outgoing communications from the infected device, stopping the infection in its tracks and preventing subsequent data loss.
Had Darktrace’s AI not reacted within seconds, a crippling amount of highly sensitive financial information could have been encrypted. Due to the swift autonomous response against the machine-speed attack, the organization was spared tremendous financial losses and reputational damage.
At an amusement park in North America, an advanced attacker targeted an IoT device – a physical locker designed to store personal belongings – to gain access to sensitive customer data. As part of its default setting, the ‘smart’ locker regularly established contact with the supplier’s third-party online platform. The threat-actor identified the source of this automated process, and hijacked it to compromise the locker.
Once infiltrated, the locker started to move over a gigabyte of unencrypted data across the network to a rare external site. The connections, which could have included identifying details or sensitive credentials, had the potential to be transmitted over the internet entirely unprotected – giving the attackers ability to intercept the connections and use the information to breach the company’s network defenses.
Making the attack particularly sophisticated and difficult to detect, the locker was sending data out in a slow but consistent manner. Without Darktrace’s AI-powered threat detection, the malicious activity could have remained hidden for months or even years.
Due to the severity of the threat, Darktrace determined that an autonomous response was required. Within seconds, Darktrace Antigena took action by intelligently blocking all outgoing connections from the compromised locker. In doing so, it gave ample time for the security team to remove the smart locker from the internet without impacting normal business processes.
Darktrace’s AI is uniquely able to identify the subtlest indicators of ‘low and slow’ attacks and intuitively blocks the attack within seconds, regardless of where it originates on the network. In this case, autonomous response was critical in mitigating the risk for the amusement park, before any sensitive company or consumer data could be exfiltrated.