Gabriel Dusil
VP, Global Sales & Marketing
www.facebook.com/gdusil
cz.linkedin.com/in/gabrieldusil
gdusil.wordpress.com
dusilg@gmail.com
Origins
 Research began in 2006
 Company established in 2009
 Funded by U.S. Army, Navy & Air Force
Experts in Network Behavior Analysis
Mission
 Providing detailed intelligence to detect
modern sophisticated network attacks
Headquarters
 Prague, Czech Republic & Silicon Valley, CA
Security
Innovation
Experts in Network Behavior Analysis
Page 2, www.cognitive-security.com
© 2012, gdusil.wordpress.com
Point of Entry  Compromise
Compromise  Discovery
  50% attacks take days to
months of reconnaissance for a
successful breach
  70% of victims allow a breach to
persist for weeks to months before
detecting a compromise
Verizon – ‘11 Data Breach Investigations Report
Experts in Network Behavior Analysis
Page 3, www.cognitive-security.com
© 2012, gdusil.wordpress.com
• Managed Security Services
• Security Monitoring & Management
• Network Behavior Analysis
• Anomaly Detection
• Web Security, Content Filtering • SIEM
• Web-Application Firewalls
• IDS & IPS
• Vulnerability Management
• IAM
• Firewalls
• Anti-Virus
• Email Security
• VPN (SSL & IPsec)
SIEM = Security Information & Event Management)
IDS & IPS = Intrusion Detection & Prevention System
AAA = Authentication, Authorization, & Accounting
IAM = Identity & Access Management
VPN = Virtual Private Network, SSL = Secure Sockets Layer
Experts in Network Behavior Analysis
Page 4, www.cognitive-security.com
© 2012, gdusil.wordpress.com
Security as a Service
Network
Behavior
Analysis
IDS & IPS
Web Security
email Security
Firewall
Network Behavior Analysis
 Cost effective Expert Security for
enterprises, telcos & governments
 Important security layer & a higher
wall for modern-day protection
APT, Zero-Day, Exploit Kits
& Polymorphic malware…
Attack Patterns
malware, etc.
Filtering, XXS
SQL Inj., etc.
Virus,
Trojans,
Span, etc.
Footprint
reduction,
scripts, etc.
Experts in Network Behavior Analysis
Page 5, www.cognitive-security.com
© 2012, gdusil.wordpress.com
Experts in Network Behavior Analysis
Page 6, www.cognitive-security.com
© 2012, gdusil.wordpress.com
Cognitive Analyst
Cost Effective & Robust
Network Behavior Analysis for
Enterprise
High Throughput Traffic
Volumes
- Telco, Mobile, ISP & NSP
High Resolution & Attack
sensitivity
- custom for Governments
Experts in Network Behavior Analysis
Page 7, www.cognitive-security.com
© 2012, gdusil.wordpress.com
Corporate Governance
 Device or Network Misconfig
 Restricted Apps, Policy Violations
 Irregular Behavior & Misuse
Monitoring
Employees,
4%
IAM, 11%
Audits, 8%
Vulnerability
Analysis, 10%
Incident
Response,
12%
 Vulnerability & Pen-testing
 Forensics Analysis
 Incident & Response
Malware
Analysis, 14%
Threat
Research,
8%
Responsibilities of a
Security Administrator
Advanced Cyber-Attacks
Trojans, Botnets, C2 & Exploit Kits
Spyware & Info leaks
Brute Force & Insider Attacks
Denial of Service (DoS)
Polymorphic Malware
Patching,
21%
Log Anal., 8%
Diagnostics Support





Awareness,
7%
Modern Sophisticated Attacks
 Advanced Persistent Threats
 Reconnaissance & Sabotage
 Zero-Day Attacks
Information Week - Strategic Security Survey '11
Experts in Network Behavior Analysis
Page 8, www.cognitive-security.com
© 2012, gdusil.wordpress.com
Experts in Network Behavior Analysis
Page 9, www.cognitive-security.com
© 2012, gdusil.wordpress.com
Experts in Network Behavior Analysis
Page 10, www.cognitive-security.com
© 2012, gdusil.wordpress.com
Experts in Network Behavior Analysis
Page 11, www.cognitive-security.com
© 2012, gdusil.wordpress.com
Unclassified
Behavior Unexpected
Anomaly
Peer 2 Peer
Network
Behavior
Heavy DNS
Use &
Sophisticated
Scans
Outbound
Encrypted
sessions
(eg. SSH)
Periodic
Polling
- Command
& Control
Unexpected
new service
or Outlier
Client
Experts in Network Behavior Analysis
Page 12, www.cognitive-security.com
© 2012, gdusil.wordpress.com
No Signatures!
 No Signature limitations
 Attackers will exploit:
• Delays in writing signatures
• Delay to install new signatures
• Clients ignoring updates due to
resource constraints
Artificial Intelligence
 Strength of 8 Detection Algorithms
• Highly Accurate Attack detection
 Peer-Reviewed Algorithms
• Tested by the scientific community
 Long-Duration Trust Modeling
• Analyzing current behavior against
past assessments
 Unique Self-configuration
• Challenge Agents ensures system
is operational
 Hacker Circumvention Resistance
• Game Theory optimization ensures
system behavior is not predicable
Cost Competitive
 Cost effective Expert Security
 State-of-the-art Auto-Tuning
• Minimal deployment resources
needed
Experts in Network Behavior Analysis
Page 13, www.cognitive-security.com
© 2012, gdusil.wordpress.com
Experts in Network Behavior Analysis
Page 14, www.cognitive-security.com
© 2012, gdusil.wordpress.com
Experts in Network Behavior Analysis
Page 15, www.cognitive-security.com
© 2012, gdusil.wordpress.com
Cognitive Analyst classifies
trustfulness of
data,
then
is separated
from
Then further separated into…
assessed
event
into over
categories,
& into severity levels
which can not be
immediately classified
Experts in Network Behavior Analysis
Page 16, www.cognitive-security.com
© 2012, gdusil.wordpress.com
Comparing Near real-time data
to the past
Severity 8
Unclassified
Normal
 Historical threat data is
incorporated to detect
sophisticated attacks
Using the most sophisticated
self-learning techniques in the
Security Industry today
 Using 8 independent
Anomaly Detection Algorithms
Aggregating multiple threat
sources into clusters
Experts in Network Behavior Analysis
Page 17, www.cognitive-security.com
© 2012, gdusil.wordpress.com
Al1 → 0.7
TM1 → 0.5
Network Traffic
Al2 → 0.2
Al3 → 0.9
TM2 → 0.7
Al4 → 0.4
CTS→ 0.7
Al5→ 0.3
TM3 → 0.4
Al6 → 0.2
Al7 → 0.4
Cognitive
Trust
Score
..
.
TM4 → 0.6
Al8 → 0.5
Detection
Algorithms
Trust
Modeling
Knowledge
Fusion
Trustfulness
Assessment
Layer
CTS = Cognitive Trust Score
Unclassified
Behavior
Event
Generation
Layer
Severity
Assignment
Layer
Experts in Network Behavior Analysis
Page 18, www.cognitive-security.com
© 2012, gdusil.wordpress.com
(hh:mm) Start
System
connected to
network data
source
Self-Initialization
2 Algorithms
3 Algorithms
all Algorithms
Online
Knowledge
Fusion - active
Self-Configuration
 Artificial Intelligence
• Continually tunes to the client’s
environment
• Highly accurate by combining
several advanced algorithms
 Auto-Learning Engine
• Self-Optimizing
Self-Optimization
 Scalable Architecture
• Decentralized & Distributed
• Parallel Processing for attack
detection in high speed networks
Experts in Network Behavior Analysis
Page 19, www.cognitive-security.com
© 2012, gdusil.wordpress.com
Experts in Network Behavior Analysis
Page 20, www.cognitive-security.com
© 2012, gdusil.wordpress.com
Pharma
Defence
Chemical
Energy, Oil&Gas
Mobile
ISP & NSP
Defence
Intelligence
Finance
Manufacturing
Hosting
Utilities
Downtime Sabotage Tarnished Image
Lost Productivity
Terrorism
Theft of Corporate Secrets
Government Sponsored Attacks
Fraud
Detecting Modern Sophisticated Attacks
Attack Forensics
Advanced Threat Diagnostics
Security Monitoring Services
Behavior Monitoring
Expert Services
R&D
Cognitive1
Distribution
Bronze
Silver Gold
Consulting
Training
Software Development
Platinum
Forensics
Research
Cognitive10
CognitiveExpert
Appliance VM or ISO Image
Software
Experts in Network Behavior Analysis
Page 21, www.cognitive-security.com
© 2012, gdusil.wordpress.com
Experts in Network Behavior Analysis
Page 22, www.cognitive-security.com
© 2012, gdusil.wordpress.com
Security Innovation
 Delivering Forward-thinking
Security Solutions
 Thought Leadership
R&D Expertise
 Cost-effective Research &
Development resources
 Quick development turn-around
 Flexible integration with OEMs,
MSSPs, & device manufacturers
Product Reliability
 5th Generation Network Behavior
Analysis platform
Privacy Concerns
 Data anonymity is maintained
Intuitive Management Interface
 Easy-to-Use Dashboard
 Granular attack detection analysis
Experts in Network Behavior Analysis
Page 23, www.cognitive-security.com
© 2012, gdusil.wordpress.com
http://gdusil.wordpress.com/2013/03/08/cognitive-secu…ntroduction-12/
Experts in Network Behavior Analysis
Page 24, www.cognitive-security.com
© 2012, gdusil.wordpress.com
Experts in Network Behavior Analysis
Page 25, www.cognitive-security.com
© 2012, gdusil.wordpress.com
• Corporate leaders face complex challenges in balancing security
spending against the evolving risks that internet commerce
presents. This has resulted in new and advanced levels of
protection needed to facilitate these strategic objectives. Expert
Security addresses the need to implement more robust and cost
effective levels of expertise, and also helps to bridge the gap to
higher, and more expensive - and often culturally adverse outsourced solutions. As companies expand, their need for
additional layers of protection it is paramount to ensure asset
protection. Network Behavior Analysis are the building blocks of
Expert Security, and offers a viable solution to modern
sophisticated cyber-attacks. This presentation was prepared to
outline our corporate overview and market positioning of
Cognitive Security.
Experts in Network Behavior Analysis
Page 26, www.cognitive-security.com
© 2012, gdusil.wordpress.com
Network Behavior Analysis, NBA, Cyber Attacks, Forensics Analysis,
Normal vs. Abnormal Behavior, Anomaly Detection, NetFlow, Incident
Response, Security as a Service, SaaS, Managed Security Services,
MSS, Monitoring & Management, Advanced Persistent Threats, APT,
Zero-Day attacks, Zero Day attacks, polymorphic malware, Modern
Sophisticated Attacks, MSA, Non-Signature Detection, Artificial
Intelligence, A.I., AI, Security Innovation, Mobile security, Cognitive
Security, Cognitive Analyst, Forensics analysis, Gabriel Dusil
Experts in Network Behavior Analysis
Page 27, www.cognitive-security.com
© 2012, gdusil.wordpress.com