Cognitive Security - Corporate Introduction ('12)

Gabriel Dusil
VP, Global Sales & Marketing

www.facebook.com/gdusil
cz.linkedin.com/in/gabrieldusil
gdusil.wordpress.com
dusilg@gmail.com

Origins
 Research began in 2006
 Company established in 2009
 Funded by U.S. Army, Navy & Air Force

Experts in Network Behavior Analysis
Mission
 Providing detailed intelligence to detect
modern sophisticated network attacks

Headquarters Security
 Prague, Czech Republic & Silicon Valley, CA Innovation
Page 2, www.cognitive-security.com
© 2012, gdusil.wordpress.com

Point of Entry  Compromise Compromise  Discovery

  50% attacks take days to   70% of victims allow a breach to
months of reconnaissance for a persist for weeks to months before
successful breach detecting a compromise

Verizon – ‘11 Data Breach Investigations Report © 2012, gdusil.wordpress.com

• Managed Security Services
• Security Monitoring & Management

• Network Behavior Analysis
• Anomaly Detection

• Web Security, Content Filtering • SIEM
• Web-Application Firewalls • IDS & IPS
• Vulnerability Management • IAM

• Firewalls • Email Security
• Anti-Virus • VPN (SSL & IPsec)

SIEM = Security Information & Event Management)
IDS & IPS = Intrusion Detection & Prevention System
AAA = Authentication, Authorization, & Accounting Experts in Network Behavior Analysis
IAM = Identity & Access Management Page 4, www.cognitive-security.com
VPN = Virtual Private Network, SSL = Secure Sockets Layer © 2012, gdusil.wordpress.com

Security as a Service
Network APT, Zero-Day, Exploit Kits
Behavior & Polymorphic malware…
Analysis
Attack Patterns
IDS & IPS malware, etc.
Web Security
email Security Filtering, XXS
SQL Inj., etc.
Firewall
Virus,
Trojans,
Network Behavior Analysis Span, etc.
 Cost effective Expert Security for Footprint
enterprises, telcos & governments reduction,
 Important security layer & a higher scripts, etc.
wall for modern-day protection


Cost Effective & Robust
Network Behavior Analysis for
Cognitive Analyst

Enterprise

High Throughput Traffic
Volumes
- Telco, Mobile, ISP & NSP

High Resolution & Attack
sensitivity
- custom for Governments


Monitoring Awareness,
Employees,
Corporate Governance 4% Patching,
7%
 Device or Network Misconfig 21% IAM, 11%
 Restricted Apps, Policy Violations Log Anal., 8%
Audits, 8%
 Irregular Behavior & Misuse Vulnerability
Analysis, 10%
Malware
Analysis, 14%
Diagnostics Support Incident
Response,
 Vulnerability & Pen-testing 12%
Threat
Research,
 Forensics Analysis 8%
 Incident & Response
Responsibilities of a
Security Administrator
Advanced Cyber-Attacks
 Trojans, Botnets, C2 & Exploit Kits Modern Sophisticated Attacks
 Spyware & Info leaks  Advanced Persistent Threats
 Brute Force & Insider Attacks
 Reconnaissance & Sabotage
 Denial of Service (DoS)
 Polymorphic Malware  Zero-Day Attacks

Information Week - Strategic Security Survey '11 © 2012, gdusil.wordpress.com

Heavy DNS
Use &
Sophisticated
Unclassified Scans Periodic
Behavior - Polling
Unexpected - Command
Anomaly & Control

Peer 2 Peer Unexpected
Network new service
Behavior or Outlier
Outbound Client
Encrypted
sessions
(eg. SSH)

No Signatures! Artificial Intelligence
 No Signature limitations  Strength of 8 Detection Algorithms
 Attackers will exploit: • Highly Accurate Attack detection
• Delays in writing signatures  Peer-Reviewed Algorithms
• Delay to install new signatures • Tested by the scientific community
• Clients ignoring updates due to
resource constraints  Long-Duration Trust Modeling
• Analyzing current behavior against
past assessments
 Unique Self-configuration
• Challenge Agents ensures system
is operational
 Hacker Circumvention Resistance
• Game Theory optimization ensures
system behavior is not predicable
 State-of-the-art Auto-Tuning
Cost Competitive • Minimal deployment resources
 Cost effective Expert Security needed

Cognitive Analyst classifies
trustfulness of data,
then
is separated
from

Then further separated into…
assessed
into over event
categories,
& into severity levels

which can not be
immediately classified

Comparing Near real-time data
to the past
Severity 8  Historical threat data is
incorporated to detect
sophisticated attacks
Unclassified
Using the most sophisticated
Normal self-learning techniques in the
Security Industry today
 Using 8 independent
Anomaly Detection Algorithms

Aggregating multiple threat
sources into clusters


Al1 → 0.7
TM1 → 0.5
Al2 → 0.2
Al3 → 0.9
Network Traffic

TM2 → 0.7
Al4 → 0.4
CTS→ 0.7
Al5→ 0.3
TM3 → 0.4 Cognitive
Al6 → 0.2 Trust
Score
Al7 → 0.4
TM4 → 0.6 .
.
Al8 → 0.5 .
Detection Trust Knowledge
Algorithms Modeling Fusion Unclassified
Behavior
Trustfulness Event Severity
Assessment Generation Assignment
Layer Layer Layer

CTS = Cognitive Trust Score © 2012, gdusil.wordpress.com

(hh:mm) Start
System
connected to Self-Initialization
network data
source 2 Algorithms
3 Algorithms all Algorithms Knowledge
Online Fusion - active

Self-Configuration

Self-Optimization
 Artificial Intelligence
• Continually tunes to the client’s
environment
• Highly accurate by combining  Scalable Architecture
several advanced algorithms • Decentralized & Distributed
 Auto-Learning Engine • Parallel Processing for attack
• Self-Optimizing detection in high speed networks


Pharma Chemical Mobile Defence
Defence Energy, Oil&Gas ISP & NSP Intelligence
Finance Manufacturing Hosting Utilities

Downtime Sabotage Tarnished Image Lost Productivity Terrorism
Theft of Corporate Secrets Fraud Government Sponsored Attacks

Detecting Modern Sophisticated Attacks Attack Forensics
Advanced Threat Diagnostics Security Monitoring Services

Behavior Monitoring Bronze Silver Gold Platinum
Expert Services Consulting Training Forensics
R&D Software Development Research

Cognitive1 Cognitive10 CognitiveExpert
Distribution Appliance VM or ISO Image Software


Security Innovation Product Reliability
 Delivering Forward-thinking  5th Generation Network Behavior
Security Solutions Analysis platform
 Thought Leadership
Privacy Concerns
R&D Expertise  Data anonymity is maintained
 Cost-effective Research &
Development resources
 Quick development turn-around
 Flexible integration with OEMs,
MSSPs, & device manufacturers

Intuitive Management Interface
 Easy-to-Use Dashboard
 Granular attack detection analysis


http://gdusil.wordpress.com/2013/03/08/cognitive-secu…ntroduction-12/


• Corporate leaders face complex challenges in balancing security
spending against the evolving risks that internet commerce
presents. This has resulted in new and advanced levels of
protection needed to facilitate these strategic objectives. Expert
Security addresses the need to implement more robust and cost
effective levels of expertise, and also helps to bridge the gap to
higher, and more expensive - and often culturally adverse -
outsourced solutions. As companies expand, their need for
additional layers of protection it is paramount to ensure asset
protection. Network Behavior Analysis are the building blocks of
Expert Security, and offers a viable solution to modern
sophisticated cyber-attacks. This presentation was prepared to
outline our corporate overview and market positioning of
Cognitive Security.


Network Behavior Analysis, NBA, Cyber Attacks, Forensics Analysis,
Normal vs. Abnormal Behavior, Anomaly Detection, NetFlow, Incident
Response, Security as a Service, SaaS, Managed Security Services,
MSS, Monitoring & Management, Advanced Persistent Threats, APT,
Zero-Day attacks, Zero Day attacks, polymorphic malware, Modern
Sophisticated Attacks, MSA, Non-Signature Detection, Artificial
Intelligence, A.I., AI, Security Innovation, Mobile security, Cognitive
Security, Cognitive Analyst, Forensics analysis


Cognitive Security - Corporate Introduction ('12)

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (9)

Recently uploaded

Recently uploaded (20)

Cognitive Security - Corporate Introduction ('12)