Learn how to automate your systems, how to build chat bots and the future of deep learning. Explore the applications of machine learning, NLP, and computer vision transferring Neural Network know-how from academia to architects
An overwhelming number of security controls revolve around generating and forwarding alerts to System Administrators or a Security Operations Center (SOC). These mechanisms often require a significant human element to actively manage and triage alerts. In addition, alerting tools require ongoing TLC, a.k.a. tuning, and typically result in alert fatigue or delayed response times. To ensure a timely response to security events, 24/7 SOCs and response SLAs become a necessity. Unfortunately, a SOC is a luxury which many organizations cannot afford. To overcome this challenge, automated corrective access controls must be deployed in conjunction with preventative access controls in order to effectively manage security threats and discourage alert fatigue. In a cloud environment, automated corrective controls can be triggered based on specific events deemed as security violations. In AWS, this can be achieved using AWS Lambda functions. This talk will focus on how to implement automated corrective access controls in AWS to quarantine users based on security policy violations.
This talk will focus on an important but frequently overlooked area of Industrial Control System cybersecurity, asset and configuration management. While asset owners often do a good job of physical inventories, their management of software assets and their configurations on the OT side often leave much to be desired. While NERC CIP has forced utilities to dramatically improve their change and configuration management processes, particularly the tracking and approval aspects, many other industries are still operating in the dark in many cases. Moreover, even with utilities, the efforts may still rely heavily on labor-intensive, spreadsheet-based processes. We will discuss how organizations can insert more automation to not only improve security but also reduce costs. The session will highlight both the tools available, and, more importantly, the steps used to integrate those tools into a process appropriate for the environment.
Many believe that “To pay or not to pay?” is the fundamental dilemma in ransomware and cyber extortion. However, who is the crisis manager, and what should be the engagement process with the hackers, shareholders, customers and frustrated employees are far more relevant, and urgent, issues to address. This brief presentation will focus solely on managing the human dimension in cyber crisis, and will cast light on how to negotiate with cyber-criminals, as well as how to set up the company’s crisis management structures.
DarkLight is a first of its kind, AI-based expert system which enables sense-making and decision-making for active cyber defense and information sharing. /It helps an organization to immediately deploy a scientific, evidence-based foundation for vastly improved cyber security operations and automation of their most highly-prized resource: the logic and experience of the human analyst. DarkLight automates what was previously solely a human task in frameworks such as the Integrated Adaptive Cyber Defense (IACD), a collaboration between NSA, DHS, Johns Hopkins APL and many industryleading vendors. Upper-level sense-making and decision-making functions which require human expertise and analytic tradecraft in the loop are now captured, augmented and/or automated to perform at machine speed, while the human remains on the loop only as needed, to further train and guide the AI. Created, tested and proven at one of the nation's most advanced research aboratories over the course of more than four years, the company has been granted multiple patents on this unique technology. The company recently emerged from stealth and first demonstrated the product publicly at the RSA Early Stage Expo in February 2017.