Artificial Intelligence: a Silver Bullet in Cyber Security? CPX 360 Keynote

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
- Good morning, everyone; thank you for surviving the Ritz presentation, my presentation is going to talk about how we integrate AI technologies into cyber security, at Check Point, intelligently, and let me start off with a few quotes from individuals that we've all learned to respect, starting with Stephen Hawking; he believed that the development of full artificial intelligence could spell the end of the human race, here's another quote from Steve Wozniak, he believes that computers are definitely going to take over humans, there's no question about it. Elon Musk, he believes that AI is the most likely cause of World War III, and even Vladimir Putin has noted that the country that will lead AI is the most likely ruler of the world, so clearly, we're doomed, we're all going to succumb to some evil computer, sooner or later, and whether you believe in this bleak future or not, one thing is undeniable, and that is that everywhere you go, everybody is talking about artificial intelligence. In fact, we're not just talking about it, we're actually putting our money where our mouth is, with billions of dollars that are being invested currently in AI technologies, and into the companies that drive them, and this is because when we think of AI, we think of the next industrial revolution; if we look back at the original industrial revolution, it was all about replacing muscles with machines, machines that were stronger, machines that were more accurate, machines that do not get tired. When we look at the AI revolution, we're trying to do something similar by replacing human brains with machines, machines that are smarter, machines that are capable of a much larger scale and are faster, machines that do not get bored, they do not take a weekend break, and while AI may seem like a very futuristic concept, the reality is that AI is already around us, everywhere we look, starting with things like shopping predictions; every online retailer today offers shopping predictions that are based on AI technologies, and when I go into my image repository, in order to brag about the cakes that I baked for my girls over the years, I no longer have to tag each and every image, I can just type cakes, and all of the images that contain a cake will show up immediately, even this one, there at the bottom that's shaped like a dog. Speech recognition; personal helpers such as Siri and Cortana, and Alexa, we all know they're still, somewhat at their infancy, but they are actually capable of human like conversation, already today, and this is just the tip of the iceberg; really, AI technologies are around us, everywhere we look, touching on every facet of our human existence; with autonomous cars that protect themselves using AI technologies, and with the entire financial sector moving to AI based calculation of your insurance risk, and your loan eligibility, and with robot lawyers that are driven by AI algorithm and offering legal advice, and robot doctors that offer AI based medical diagnostics. Everywhere you look, AI is there to take us to the next level, and you have to ask yourself, all of these technologies didn't used to exist just a few, short years ago, so why now? That's the big question that we need to ask ourselves, why now? And the reason is, much like with many technological breakthroughs, is that we needed several technologies to finally mature together, and in the case of AI, we're talking about three, specific technologies, or key technologies; the first of which, is storage, we are now capable of storing gigantic amounts of data at a fraction of what it used to cost in the past, just a few years ago; the second thing that we needed is compute, we now have access to compute power that was previously dream like, and is capable, allowing us to actually process those gigantic mountains of data that we've collected, and the third and key technology that needed to mature, is the mathematics. The math that drives all of the AI algorithms, and we've seen major breakthroughs in the mathematics in just the last four to five years, and all of these, together, mean that what used to only be available for academic research, is now a viable baseline for actually introducing it into commercial product, which is what we see all around us. So let's ask the next question; is artificial intelligence magic, has the breakthrough that we've seen in the past year make it so that we now have an engine, where we put data in, and get the correct answer out of it, every single time? And in order to answer that, I want to share with you a couple of examples from recent time, here's the first one. This is Tay Bot; Tay Bot is a Twitter chat bot that was introduced by Microsoft in March 2016, and Tay Bot started chatting with people on the internet, and you know the internet is a wonderful place where you can meet all sorts of people, and they can teach you all sorts of things, so this is what Tay Bot learned; and these are some of the Tweets that it started generating, after just a few, short hours of Tweeting with people on the internet, and I won't read it out loud, but if you look at it, you can see that it actually learned, and then excelled, mostly at profanity and racial bias. So here's what you can learn from this, and of course, a few hours later, Microsoft realized this is a catastrophe; they shut it down, never to be seen again; here's another example, this is Google Translate, a tool that we all love and use on a daily basis to help us translate the world around us to a language that we can understand, and what you see here, is a bunch of phrases in the Turkish language. Now, what you may not know, is that Turkish is a gender neutral language, that means that both he and she are referred to as "o" in Turkish, and this is what we see when we put these phrases into Google Translate, and we ask it to translate it to English, and take a look at the right hand side, she's a cook, he's an engineer, he's a doctor, she's a nurse, look further down, my favorite at the bottom; he's happy, she's unhappy. You can see the bias throughout those translations, and you have to ask yourself, again, are the Google engineers sexist? Of course they're not, but the way their engine learned its language skills is by reading and digesting every, possible piece of text that was made available to it, and the gender bias, that just exists in our culture; okay, so we can agree that AI with today's technology, is still not magic, we're decades away from that magical engine that will always generate the correct and the proper response, but we can also agree that it's far from useless, in fact, it's very useful; so how do we know which application AI will be the most useful for? When should we apply AI in order to get the best result? So here's what a good AI solution requires, it really requires two things in order to be a good solution, the first of which is data, and I don't just mean any data, we need a lot, a lot of data, and that data needs to be rich enough that it covers the entire scope, and the entire versatility of the problem that we are trying to address, and the second thing that we need is expertise; we need two types of expertise, in fact, we need AI expertise, people that actually understand the mathematics, and how to fine tune the algorithm, those are key people that you have to have when you're building an AI based solution, and the second thing that you need is domain expertise. Now, this may be counter intuitive to the concept of artificial intelligence, but with today's technology, we're still decades away from having that self tuning, self learning machine that can learn anything, and can then apply it to solve a problem; with today's technology, in order to solve a problem, you need someone that understands the domain, so if you want to do proper speech recognition, you need somebody that understands human speech pattern, and if you want to do image recognition, you need somebody that understands digital photography. And when you want to apply AI to cyber security, you need somebody that understands the cyber landscape, and that brings me to my next section, let's talk about how we can use AI in cyber security, and certainly, there's no shortage of hype around use of AI in cyber security, in fact, every offender out there will tell you that they're using AI, some will tell you this is what the core of what they're offering, others will say this is just part of a broader picture, but everybody is talking about it at some capacity or another. It would please me to ask the same question, again; is AI in cyber security magic; is this the silver bullet that our industry has been searching for, and is trying to offer its customers? Have we managed to overcome all of the underlying problems with AI in cyber security? And of course, I don't need to keep you in suspense, the answer is, of course, no; AI in cyber security suffers from many of the same, inherit, underlying problems that we see in other fields, and sometimes even more so; why? Here are the key problems with cyber security AI, and it's no surprise, I'm using the same graphics just to tell you, that we often don't have enough data, and we don't have enough expertise. Access to cyber security training data is extremely difficult; it is certainly difficult if you're a small start up, you simply don't have access to that kind of data, and there is no public domain data that is relevant, and that you can train your engine based on, and even if you're a major vendor, it's still very difficult, because customers are very reluctant to share their data with their vendors, and even when they do, they would typically obfuscate it to death, to the point where it becomes useless, in order to train your algorithm. So access to data is a key thing, and it's very difficult, and you can only see the amount of data that you need if you're a major vendor, with many customers that has access to enough data that would cover, again, the entire scope of the problem that we are trying to solve; the other issue with AI systems is that the verdict that they offer is very obscure, meaning AI systems do not tend to explain themselves, so you can either choose to manually validate every verdict that you get out of the AI system, which of course, is not very practical, or you have to take a certain leap of faith, you have to trust the system that whenever it gives a verdict, this is the correct verdict, and that would have been okay, except the other thing is that AI systems are kind of notorious for having a fairly high false detection rate. They're very often, offering the wrong conclusion to the problem that they're trying to address, not always, but higher than other engines that tend to be more accurate, so if you think of AI in other domains, if among my images, my cake images, I will have an image or two of an ice cream cone, no harm done, but in cyber security, a false detection, a mis-detection, a false positive; those can have a very significant penalty on an organization. So AI is not the cyber security magic that we would wish that it will be, maybe it will be in a few years, but it's not there quite now, but it is far from useless, very far, and when we actually look down, into it, all of these algorithms, the machine learning, the deep learning, the deep, big data analytics, all of these are actually revolutionizing cyber security, and why do I say that they are revolutionizing it? Because they are offering us the opportunity to actually address the problem at a much larger scale; they're allowing us to automate tasks that were previously only handled by human analysts, and smart ones, at that, and there is very few of those people running around that you can actually use, so we can scale our operation, and we're now able to finally make sense of those gigantic amounts of log data that we've so diligently collected, only to never look at, again. These are all things that we can do with AI, and of course, at Check Point, we've acknowledged the potential of AI to address those problems in the modern world, and we started investing in it a few years ago, which takes me to my last segment of this presentation, which is how we use AI technologies at Check Point, in order to offer our customers the benefit of the latest, most advanced technologies out there in the market, in the most practical manner possible. So as we strive to offer you the best security, we've started introducing AI based engines into our threat prevention products week, already a few years ago, and some of these technologies exist today, under the hood, which you may or may not be aware of, and I want to share with you, some details about three of these engines that might interest you, and the success that we've seen through them. And here's the first one; this is an engine that we call Campaign Hunting, and the purpose of this engine, is to offer predictive threat intelligence, and what does that mean? If I see an indicator of compromise, for example, a malicious URL, and I'm a smart analyst, and I have the skills and the intuition to go look for additional IOCs, I will very often find similar IOCs that are part of the same campaign; those will be URLs that are probably registered by the same person, probably the same time frame, maybe using a similar lexicographic pattern, and it's very easy for me, using my intuition to say, okay, these 20 are identical to this first one that I've seen in one of the attacks, therefore, I should incriminate these 20, and add them to my threat intelligence. So what we've done with Campaign Hunting, is we've mechanized this process; we've taken that human intelligence and intuition, and taught it to a machine that is now capable of digesting not just a few dozen IOCs per day, but rather thousands and hundreds of thousands and millions of IOCs, and look through every single one of them, and deduce whether we can find similar ones, as well, and the result is that we now have an additional feed, in our threat intelligence, that allows us to expose additional, unknown, malicious domains. We are capable of attributing an attack to a particular campaign, because we know they are part of the same family, and we are able to enrich our threat intelligence with predictive campaign prevention, meaning this is offering us first time prevention through IOCs that were never seen as part of an attack before, but we still know that if we will see them, they should be blocked. And here are some numbers to associate with that; these are the various feeds that we use in threat intelligence, and this is a unique contribution that they offer to our block rate, and what you can see, is that 10% out of the attacks that we block, are blocked based on intelligence that we wouldn't have had without Campaign Hunting, so it doesn't mean that we catch only 10% with those IOCs, it means that 10% of the attacks that we block, are blocked solely based on this engine, and we wouldn't have blocked them, otherwise. So that's the benefit, and this is one of our top performing feeds, and we're very proud of this feed, and continue to enhance it and improve the technology and the AI that's behind it, in order to give it even better results; here's another engine, we call this engine Huntress, and Huntress is designed to uncover malicious executables, now, determining whether an executable is malicious or not, is one of the toughest problems in our cyber security; unlike documents that need to adhere to a certain set of rules, and are limited by the operating system and what they are allowed and not allowed to do, executables are designed to be allowed to do anything, so deciding if what they're doing is malicious or not, is not trivial; luckily, for us, we have the domain expertise, and we understand how hackers operate, and we therefore know that hackers rarely, if ever, write the entire code from scratch. What they would usually do is either reuse preexisting pieces of code, or they will use preexisting logic that drives similar action, that is part of their malicious attack, and we use those similarities, in order to identify whether an executable is malicious or not; how do we do it? We let the executable run in our dynamic, runtime simulation environment, our sandbox, while it's running, we collect hundreds of different runtime parameters, every API code, the sequence, whatever it's touching on the operating system, and we feed those hundreds of parameters to an AI based engine, that is then able to classify this executable, and say whether it's similar to a malicious executable or not, and the results, on average, 13% of the executable that our system is now capable of determining as malicious, are determined as such by Huntress. Again, it's not that this engine only identifies 13% of the malicious executables, but the unique contribution, the one that we wouldn't have had without this engine, comes up to roughly 13% on average, and here's the third one; this one is called Cadet, Cadet stands for Context Aware Detection, and this is an engine we are particularly proud of, because this is where we are harnessing the real power, the true power of Check Point, and as you all know, with our infinity platform, Check Point covers the entire IT spectrum, and gives us access and invisibility into every part of your It, from your networks, to your data centers, to your cloud environments, your endpoints, your mobile devices; we have the ability to see the full picture, and get the right context. So rather than expecting an element on its own, and trying to determine whether it's malicious or not, we take the element itself, and the entire context that surrounds it; how did this element get into my IT? Did it come through an email attachment, or is it a web download? And if it's a web download, how did this user get to that link? Was it in an email, a URL that he received in an email that he clicked on? Maybe it got through an SMS message with a link in it; all of this context actually matters and gives us valuable information, that allows us to make better determination, and what we do, is we now inspect the full context, and the element itself, we collect thousands of different parameters from these things, and together, we feed them into our Cadet AI based engine, and ask it to reach a verdict; a single, accurate verdict, and this technology is currently being introduced into our products, so we only have preliminary results for it, but already, they are very promising results, and we see that in terms of our detection rate, there's a twofold increase in that in our detection rate, and a staggering tenfold decrease in our false positive rate. So these are very impressive results, but what's more impressive is to say that these are not just numbers that I get to put on a slide and brag about in front of an audience, this is not a mathematical game; this is all about making security practical, and the accuracy of an engine, is the key thing that makes it practical. If an engine is too noisy, it simply will not be put into production, it creates too much chaos, it creates too much overhead for the It department, so it won't be put into production, and it certainly will not be put into prevent mode, and the only way to have security in your organization, is if you make it practical, so that the IT team is willing and capable to actually introduce it into their environment, so when we, at Check Point, look at AI technologies, we rarely put them on their own; we combine them with a bunch of expert systems and other engines, that when combined, will deliver the right metrics that we think our customers deserve. We only put AI technologies where we can prove to ourselves that we can actually improve the metrics that actually matter, the metrics that actually make our security consumable and practical for our customers, and this is why intelligent use of AI technologies is just one more reason why, when it comes to prevention, Check Point is the vendor to choose; thank you very much. (applause)
Info
Channel: Check Point Software Technologies, Ltd.
Views: 26,683
Rating: 4.7309942 out of 5
Keywords: artificial intelligence, artificial, intelligence, check point, check, point, security, check point security, malware, cyber security, threat prevention, technology, AI, AI technology, AI technologies, CPX 360, keynote, Artificial Intelligence is the Industrial Revolution, network security, security solutions, sandblast, sandblast network, sandblast network security, check point software, cyber defense, security product, threat prevention technologies
Id: ggje-L0ViFM
Channel Id: undefined
Length: 21min 37sec (1297 seconds)
Published: Wed Mar 21 2018
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.