The Cybersecurity Trinity: Artificial Intelligence, Automation & Active Cyber Defense

This talk explores three crucial topics for cybersecurity professionals: artificial intelligence (AI), automation, and active cyber defense (ACD). The Cybersecurity Trinity will provide cybersecurity professionals with the necessary background to improve their defenses by harnessing the combined power of these three concepts. Security teams often treat AI, automation, and ACD as disparate solutions, addressing specific problems. However, there is much overlap, and security teams must develop a cohesive approach to realize the full potential.

With the growth of AI and machine learning (ML), cybersecurity professionals must understand its core concepts to defend AI and ML-based systems. Next, we turn our attention to security automation. We will discuss strategies for a successful security automation implementation and strategies that can lead to failure. However, accelerating the defense is only one side of the equation. Defenders can also implement ACD methods to disrupt and slow the attacker. Finally, we will combine these three concepts to form a comprehensive strategy aligned with the NIST Cybersecurity Framework. The resulting strategy will have AI as the foundation, incorporating automation to speed up defense and ACD to disrupt the attacker.

Attendee Objectives:

• Learn how to protect AI and ML systems by recognizing the vulnerabilities throughout their lifecycle.
• Integrate AI and ML-based systems to enhance cybersecurity.
• Develop security automation processes to enhance situation awareness, speed the time to respond, and increase the bandwidth of the limited security operations staff.
• Develop an ACD strategy to slow the attackers while minimizing legal and ethical concerns.
• Design a comprehensive strategy with AI as the foundation, incorporating automation to speed up defense and ACD to disrupt the attacker.

Artificial Intelligence: Cybersecurity’s Friend & Foe

Artificial intelligence (AI) is fundamentally improving the capabilities of defenders and attackers. Security strategies must account for the dual nature, friend and foe, of AI. Ensuring the security staff is prepared for the future is vital to any strategy. Cybersecurity professionals of the future must understand AI – how to use it, protect it, and defend against it.

Employing AI for cybersecurity offers tremendous benefits and great promise, for both groups. This discussion seeks to demystify machine learning for the non-data scientist so that cyber security professionals can harness its full potential. This presentation will briefly cover some underlying machine learning concepts and how AI can improve security. We will investigate the vulnerabilities when using AI within cybersecurity and the use of adversarial AI. Finally, we will look at strategies to improve AI-enhanced cybersecurity to ensure your security team is ready for the future. This discussion focuses on using machine learning for cybersecurity; however, the concepts could apply to employing machine learning in any adversarial environment.

Attendee Objectives

• Describe the benefits and potential of machine learning for defenders and attackers.
• Understand the types of attacks that can target AI in an adversarial environment and the associated mitigation tactics.
• Understand how to increase the security, robustness, and resiliency of AI for cybersecurity by leveraging both traditional methods and adversarial machine learning processes.
• Develop strategies to improve readiness to defend against emergent AI threats.

Security Automation: Strategies for Success (and Failure)

This presentation will explore why companies need security automation and how they can ensure success. Leveraging professional experience and doctoral research into security automation, the presenter will examine the keys to successful security automation, including how to prioritize use cases and build enterprise support. This session will look at how to decide what to automate (and what not to automate), strategies to help ensure a successful security automation program, and lessons learned from success. As a younger brother, the speaker understands the value of learning from his older brothers’ mistakes. Therefore, we will look also look at strategies for failure, including viewing security automation as a cost saving effort.

Attendee Objectives

• Describe the benefits of successfully implementing security automation.
• Develop stategies to ensure success of a security automation program.
• Understand how to fail when implementing security automation.

Vampires & Cybersecurity: Using Deception to Increase Cyber Resilience

Inviting attackers into your network can have serious repercussions, much like inviting vampires into your home. Furthermore, engaging them or watching them move about can be very risky. In most cases, companies should leave this type of engagement to the professionals, such as external security vendors and researchers, or in the case of vampires, let Buffy handle them. Alternatively, if you prefer, contact Von Helsing, Abraham Lincoln, or Anita Blake, all of whom, according to popular literature and film, are renowned vampire slayers. Often, the best approach when encountering a vampire is to drive a wooden stake through his heart as soon as possible. Similarly, in most situations, organizations want to evict and block the attacker quickly and effectively once a suspected attacker is identified. Toying with vampires after they have entered your home can be fatal. Likewise, allowing an attacker to move about in your network so you can observe him can result in additional damage, especially if the attacker can escape the honeynet and begin moving laterally throughout the environment.

Vampires are known for their social engineering skills. They will try to deceive their victims into inviting them in. Likewise, attackers often use social engineering to get unsuspecting users to invite them in. Unfortunately, unlike vampires, the attackers that target organizations can also enter without an invitation. Fortunately, defenders can use deception to identify the attacker within their network. Deception tactics are not limited to external-facing honeypots and honeynets. You do not have to invite the vampire into your home. In fact, you probably should not (unless you are sure of your abilities at wielding a wooden stake). The same goes for the cyber attacker. Instead of using deception to invite the attacker in, defenders can use deception as a warning system of possible intruders.

So when your perimeter defenses, such as firewalls, IDPSs, garlic, and crosses, do not work, and the cyber attacker or vampire enters your premises, you can leverage deception to shine a light on them. Deception within your environment can act as an early warning system of possible intrusions, much like using mirrors to detect vampires. Then, once you are alerted to their presence, you can vanquish them by shining sunlight on them or driving a stake through their heart. Of course, I am not encouraging you to drive a stake through the cyber attacker's heart. That would be illegal. But you can evict the attacker from your network.

Attendee Objectives

• Understand the deception methods that companies can implement, including their strengths and weaknesses.
• Develop strategies for a practical deception program to enhance cybersecurity while reducing risks.
• Learn the best approaches to deal with vampires and cyber adversaries.