Leveraging Artificial Intelligence to detect New, Emerging ...€¦ · Leveraging Artificial...

25
John Kirch Regional Director - North Asia International Computer Association July 27 th , 2017 Leveraging Artificial Intelligence to detect New , Emerging Cyber Threats in Realtime

Transcript of Leveraging Artificial Intelligence to detect New, Emerging ...€¦ · Leveraging Artificial...

Page 1: Leveraging Artificial Intelligence to detect New, Emerging ...€¦ · Leveraging Artificial Intelligence to detect New, Emerging Cyber Threats in Realtime. Darktrace: Background

John KirchRegional Director - North Asia

International Computer AssociationJuly 27th, 2017

Leveraging Artificial Intelligence to detectNew, Emerging Cyber Threats in Realtime

Page 2: Leveraging Artificial Intelligence to detect New, Emerging ...€¦ · Leveraging Artificial Intelligence to detect New, Emerging Cyber Threats in Realtime. Darktrace: Background

Darktrace : Background & Growth• Founded by world-leading mathematicians,

from the University of Cambridge, and cyber operations experts

• Fundamental technology innovation• Powered by machine learning and

mathematics• 3,000+ deployments worldwide • 600% year-on-year growth• Dual HQs in San Francisco, and

Cambridge, UK, and over 24 offices worldwide

“Darktrace detects threats without having to define the activity in advance” CIO, City of Las Vegas

“Darktrace’s technology is unique”CISO, Telstra

ICA

Page 3: Leveraging Artificial Intelligence to detect New, Emerging ...€¦ · Leveraging Artificial Intelligence to detect New, Emerging Cyber Threats in Realtime. Darktrace: Background

EvolutionICA

Page 4: Leveraging Artificial Intelligence to detect New, Emerging ...€¦ · Leveraging Artificial Intelligence to detect New, Emerging Cyber Threats in Realtime. Darktrace: Background

The Evolution of Cyber Security

Source: National Oil Company Conference 2014 - Evolving Cyber Security

ICA

Page 5: Leveraging Artificial Intelligence to detect New, Emerging ...€¦ · Leveraging Artificial Intelligence to detect New, Emerging Cyber Threats in Realtime. Darktrace: Background

The Cyber Landscape – Evolving Attack Sophistication

Source: National Oil Company Conference 2014 - Evolving Cyber Security

ICA

Page 6: Leveraging Artificial Intelligence to detect New, Emerging ...€¦ · Leveraging Artificial Intelligence to detect New, Emerging Cyber Threats in Realtime. Darktrace: Background

Selected Large Hacking Incidents Worldwide (1-6)SONY2014 Hackers believed to be associated with North Korea rampaged through the servers of Sony Pictures Entertainment in retaliation for a film comedy showing North Korean leader Kim Jong-un’s face being melted off.

ICA

TARGET2013- Dec110Mcustomers’personalandfinancialinformationwasexposed.TheCEOlaterresignedaspartofthefalloutfromthemassivebreach.

JPMorgan2014Hackershijackeda-JPMorganChaseserverandstoledataofmillionsofthebank’saccounts.ThedataallegedlyusedinfraudschemesgeneratingUS$100M+.

HOMEDEPOT2014Hackersstoleemailand creditcarddatafor50Mcustomers.Thebreachcosttheretailchainatleast$179Minsettlementswithconsumersandcreditcardcompanies.

USOfficePersonnelMgmt2015AdatabreachofSSNs,names,addressesof21.5Mpersonsincludinganundisclosednumberofpersonswhohadbackgroundchecksbutwerenotcurrentorformergovernmentemployees!

YAHOO2013-AugHackerscompromisedonebillionofYahoo’suseraccountsinAugust2013.Thatmakesthisthebiggestknownhackofuserdataofalltime.

Page 7: Leveraging Artificial Intelligence to detect New, Emerging ...€¦ · Leveraging Artificial Intelligence to detect New, Emerging Cyber Threats in Realtime. Darktrace: Background

Selected Large Hacking Incidents Worldwide (6-10)Chipotle2017An Eastern European gang reportedly used phishing to steal the credit card information of millions of Chipotle customers. The breach was part of a larger scam targeting restaurants.

ICA

LEGALFIRMs2015ChinesehackersaccessedemailaccountsatfirmsCravathSwaine&MooreandWeilGotshal &Manges—andlearnedaboutupcomingcorporatemergers.TheyallegedlymadeoverUS$4Mtradingontheinformation.

SWIFT2016NorthKoreanhackersreportedlyexploitedweaknessesintheSWIFTpaymentsystemtostealUS$8MfromtheBangladeshCentralBank’saccountattheNewYorkFederalReserve.

TESCO2016Hackersdrainedatotalofaround$3.2Mfrommorethan9,000accountsinTescoBank,thebankrunbythegiantgrocerychain.Tescowasforcedtoreimbursecustomersforthestolenmoney.

WANNACRYMay12th,2017The WannaCryransomwareattack wasaglobalcyberattack affecting200K+devicesrunningin150countrieswhichtargetedcomputersrunningtheWindows OSbyencryptingdataanddemandingransompaymentsinthe Bitcoin.

Page 8: Leveraging Artificial Intelligence to detect New, Emerging ...€¦ · Leveraging Artificial Intelligence to detect New, Emerging Cyber Threats in Realtime. Darktrace: Background

The World’s Ten Largest Cyber Security Hotspots in 2016

0.00%

5.00%

10.00%

15.00%

20.00%

25.00%

USA China BRA IND GER Russia UK FR JPN Viet

1 2 3 4 5 6 7 8 9 10

23.96%

9.63%

5.84% 5.11% 3.35% 3.07% 2.61% 2.35% 2.25% 2.16%

1 USA 23.96%

2 China 9.63%

3 BRA 5.84%

4 IND 5.11%

5 GER 3.35%

6 Russia 3.07%

7 UK 2.61%

8 FR 2.35%

9 JPN 2.25%

10 Viet 2.16%

SourceBusinessInsider:May,2017

ICA

Page 9: Leveraging Artificial Intelligence to detect New, Emerging ...€¦ · Leveraging Artificial Intelligence to detect New, Emerging Cyber Threats in Realtime. Darktrace: Background

Key Hacking Incidents Japan (1-5)ICA

2013 – April

JapanAerospaceExplorationAgency(JAXA)

Foundunauthorizedaccesstoserversfromoutside.

2011– Sept

MitsubishiHeavyIndustries,Ltd.(MHI),andJapan’sHouseofRepresent-Atives (HR)

Experiencedavirusinfectionbytargetedattacks

2012– May

JapanNuclearEnergySafetyOrganization(JNES)

Informationleakageforpossiblymonths

2013– Jan

MinistryofAgriculture,Forestry&Fisheries

TPPnegotiations-relatedinformationstolen

2013– Fall

VariousJapangovernmentagencies.

Zero-dayattackinfectedtargeteduser’swebbrowsers

Source:Sasakawa USAFebruary,2016

Page 10: Leveraging Artificial Intelligence to detect New, Emerging ...€¦ · Leveraging Artificial Intelligence to detect New, Emerging Cyber Threats in Realtime. Darktrace: Background

Key Hacking Incidents Japan (6-10)ICA

2016– May

Injustthreehours,criminalsmanagedtosteal¥1.4Billion(~US$12.7M)usingabout1,4007-11BANKATMsinJapan

2016– Jan

Dataon7.93M JTBclientsleakedbyunauthorizedserveraccess,includingclientnames,addresses,emailaddressesandpassportnumbers.Cause:anemployeeopenedavirus-infectedemailfile

2016– Oct

HackersattackedtheUniversityofToyama'sHydrogenIsotopeResearchCenterandresearchonFukushimanuclearcrisis-personalinformationonnearly1,500researcherswasleaked.

2014– Jan

JapanAtomicEnergyAgency(JAEA)Experienceddatabreachviavirusinfection

2015– May

JapanPensionService- Anemailvirusinfecteddesktopscausingthelossof1.25Mconfidentialdatarecords

Source:Sasakawa USAFebruary,2016

Page 11: Leveraging Artificial Intelligence to detect New, Emerging ...€¦ · Leveraging Artificial Intelligence to detect New, Emerging Cyber Threats in Realtime. Darktrace: Background

Key Global Cyber Security Trends

Source: The Global State of Information Security Survey 2016 PwC

ICA

Page 12: Leveraging Artificial Intelligence to detect New, Emerging ...€¦ · Leveraging Artificial Intelligence to detect New, Emerging Cyber Threats in Realtime. Darktrace: Background

An Increasingly Complex Digital World

Source: The Global State of Information Security Survey 2016 PwC

ICA

Page 13: Leveraging Artificial Intelligence to detect New, Emerging ...€¦ · Leveraging Artificial Intelligence to detect New, Emerging Cyber Threats in Realtime. Darktrace: Background

Increasing Damages from Cyber Incidents

Enterprise+Mobility+Scada/ICS+IoT +SaaS/Cloud

LargerAttackSurface->MoreThreats

ALargerNumberofAttacks->GreaterDamages

ICA

Page 14: Leveraging Artificial Intelligence to detect New, Emerging ...€¦ · Leveraging Artificial Intelligence to detect New, Emerging Cyber Threats in Realtime. Darktrace: Background

The Volume of Data Leakages is IncreasingICA

Page 15: Leveraging Artificial Intelligence to detect New, Emerging ...€¦ · Leveraging Artificial Intelligence to detect New, Emerging Cyber Threats in Realtime. Darktrace: Background

Network Breaches: Increasingly Caused by Email Spam/ Phishing

Source: AntiPhishing Working Group Phishing Activity Trends Report - Q4 2016; IBM X-Force Threat Intelligence Index 2017

ICA

Page 16: Leveraging Artificial Intelligence to detect New, Emerging ...€¦ · Leveraging Artificial Intelligence to detect New, Emerging Cyber Threats in Realtime. Darktrace: Background

Average Cost of Data Breach by Amount of Data LeakedICA

Page 17: Leveraging Artificial Intelligence to detect New, Emerging ...€¦ · Leveraging Artificial Intelligence to detect New, Emerging Cyber Threats in Realtime. Darktrace: Background

Average Cost of a Data BreachICA

Page 18: Leveraging Artificial Intelligence to detect New, Emerging ...€¦ · Leveraging Artificial Intelligence to detect New, Emerging Cyber Threats in Realtime. Darktrace: Background

Four Main Types of Cyber AdversariesICA

Page 19: Leveraging Artificial Intelligence to detect New, Emerging ...€¦ · Leveraging Artificial Intelligence to detect New, Emerging Cyber Threats in Realtime. Darktrace: Background

Data Breach Perpetrators (2016)

Source:Verizon2017

ICA

Page 20: Leveraging Artificial Intelligence to detect New, Emerging ...€¦ · Leveraging Artificial Intelligence to detect New, Emerging Cyber Threats in Realtime. Darktrace: Background

Tactics Used in Data Breaches (2016)

Source:Verizon2017

ICA

Page 21: Leveraging Artificial Intelligence to detect New, Emerging ...€¦ · Leveraging Artificial Intelligence to detect New, Emerging Cyber Threats in Realtime. Darktrace: Background

Cyber Attacks: The Scene is ChangingICA

Page 22: Leveraging Artificial Intelligence to detect New, Emerging ...€¦ · Leveraging Artificial Intelligence to detect New, Emerging Cyber Threats in Realtime. Darktrace: Background

Business Impact

• Hac

Reputation

Operations

Financial

ICA

TheHackingofTARGETCostOverUS$300Million+

Page 23: Leveraging Artificial Intelligence to detect New, Emerging ...€¦ · Leveraging Artificial Intelligence to detect New, Emerging Cyber Threats in Realtime. Darktrace: Background

Boardroom Conversations

"Cyber security is a board level issue, and I am responsible for it.”

Dido Harding, CEO, Talktalk

ICA

Page 24: Leveraging Artificial Intelligence to detect New, Emerging ...€¦ · Leveraging Artificial Intelligence to detect New, Emerging Cyber Threats in Realtime. Darktrace: Background

Advanced External Threats

Looking for what you expect an attacker to do isn’t enough

• Technical knowledge is advanced• Barrier to entry is lower - download

an exploit kit • Attack methods are constantly

evolving

ICA

Page 25: Leveraging Artificial Intelligence to detect New, Emerging ...€¦ · Leveraging Artificial Intelligence to detect New, Emerging Cyber Threats in Realtime. Darktrace: Background

Insider Threat

Insiders move at consumer technology speeds, not enterprise tech speeds

• Insiders are technically enabled• Wearable technology• Blocking or monitoring of cloud services• Learn normality for every piece of tech, across environments

ICA