Assessing and Integrating Emerging Technologies · Why Humans Accept Risks Ambiguous definitions of...

PERATON PROPRIETARY INFORMATIONThe information in this document is proprietary to Peraton. It may not be used, reproduced, disclosed, or exported without the written approval of Peraton.


TENICA’s 2018 Enterprise Innovation Symposium Georgia Tech Global Learning CenterWednesday, May 2, 2018

Assessing and Integrating Emerging Technologies

Richard Domikis Chief EngineerIntelligence & Cyber


2

Today’s IT environments are large, complex and rapidly changing

Cyber Challenges

Enterprise-wide situational awareness for mission ops and security– Must include multiple views of the enterprise data– Priorities and actions must be coordinated and guided for best overall result

Most customers are in continuous operations– Changes and improvements must be successfully Integrated into the operational enterprise– It’s not just technologies but also processes, training and change management– COOPs are often giving way to multi-homed operations

Static environments moving quickly to virtual and dynamic environments– Security has to move from “survey and lockdown” to continuous virtual monitoring – Dynamic environments both help and challenge operations– Risk perceptions and risk realities are not always the same


3

Attacks have become faster, more obscure and more effective

Cyber Challenges

Moving enterprises from reactive to proactive postures– While reactive defenses will continue they are no longer sufficient– Systems have hardened and as a result attacks seek new vectors often unexpected!– Threats now decoy and lay dormant to improve attacks/persistence

Adversaries have advanced; time from attack to compromise is much shorter– The kill-chain has tightened for defense resulting in less time for impact analysis – Long-plan actions, including preplaced attacks and defense defeats, are enabling attacks

Inside threats can often avoid many of the protections– We continue to have events facilitated by insiders (intentional and unintentional)– Internal defenses must be balanced with efficient mission operations– Large numbers of privileged users with insufficient action controls


4

Enterprise environments are rapidly evolving

Cyber Environment Evolution

Customers use evolving enterprises – more cloud, more services, more mobile– Economies of scale have moved many to seek storage and compute as a service

– BYOD (Bring Your Own Device) or UAD (Use Any enterprise Device) have forced enterprise evolutions

Increased connectivity and clouds have changed the digital landscape– Where our data resides– Where value must be protected– Perceived and real losses

When we were not well connected– Things still happened but we didn’t know it– Things that happened stayed isolated longer– The risk and effects were more limited– Defenses had time to use lessons learned


5

Use technologies carefully

Unexpected Risks

Un-anticipated risks such as“accidental” resolution

Accidental threats Not all risks are from intentional threats

– Accidental insiders– Accidental spills

– https://www.linkedin.com/pulse/accidental-resolution-revisited-richard-domikis-pmp-cissp

– https://www.theverge.com/2016/6/22/11999598/bentley-mulsanne-gigapixel-nasa-photo

https://www.linkedin.com/pulse/accidental-resolution-revisited-richard-domikis-pmp-cissp

https://www.theverge.com/2016/6/22/11999598/bentley-mulsanne-gigapixel-nasa-photo


6

Misperception of risk

Why Humans Accept Risks

Ambiguous definitions of risks– Is a risk a hazard, probability, consequence or description of adversary/threat?

Ambiguous quantification of risks – How do we accurately quantify risks (deaths per million, deaths per exposure,

deaths by age, etc.)?– Is it multi-variate on purpose or by accident?

Ambiguous perceptions of risks for both laypeople and experts– Reality: experts tell laypeople what to think; laypeople form their own opinions

Perception of Risk Posed by Extreme Events - Paul Slovic, Elke U. Weber http://www.rff.org/files/sharepoint/Documents/Events/Workshops%20and%20Conferences/Climate%20Change%20and%20Extreme%20Events/slovic%20extreme%20events%20final%20geneva.pdf

http://www.rff.org/files/sharepoint/Documents/Events/Workshops%20and%20Conferences/Climate%20Change%20and%20Extreme%20Events/slovic%20extreme%20events%20final%20geneva.pdf


7

Risk perceptions – experts and the rest of us

To Protect You Must Understand WHY We Accept Risks

Perception of Risk Posed by Extreme Events - Paul Slovic Elke U. Weber http://www.rff.org/files/sharepoint/Documents/Events/Workshops%20and%20Conferences/Climate%20Change%20and%20Extreme%20Events/slovic%20extreme%20events%20final%20geneva.pdf

4 forms of risk perception (my observation)• Agree with Experts• Underestimate Risk• Overestimate Risk• Inconsistent Perceptions

Perceived risk attributes (from Slovic’s paper)1. Voluntary– Involuntary2. Chronic – Catastrophic3. Common – Dread4. Certainly Not Fatal – Certainly Fatal5. Known/Exposed – Not Known/Exposed6. Immediate – Delayed7. Known to Science – Not Known to

Science8. Controllable – Not Controllable 9. New - Old

Physical– often concerned with environment and

user proximity

Medical– often concerned with exposure, infection

and response to treatment

Criminal – often concerned severity, vulnerabilities

and avoidable/unavoidable risks

Warfare– often concerned with perimeters, effect

ranges and survivability

Composites– The reality is most risk analysis includes

aspects from several models

http://www.rff.org/files/sharepoint/Documents/Events/Workshops%20and%20Conferences/Climate%20Change%20and%20Extreme%20Events/slovic%20extreme%20events%20final%20geneva.pdf


8

The data tsunami isn’t going to stop

Cyber Environment Evolution

Big Data has become a significant driver for many solutions – creation, access, use, storage

These are not really laws more like clear trends with strong likelihood of continuing

Moore’s Law - Processing/$ doubles every 18-24 months– 1965 Gordon Moore

Kryder’s Law - Storage/$ doubles about every 23 months– 2005 Mark Kryder

Noah’s Law – As Processing/$ increases and Storage/$ increases the volume of data grows at a composite rate – 2006 Rich Domikis


9

We are now at the point where transistors cannot continue to shrink

Computational Change Point

Things are about to change in significant ways

Possibility of temporary stagnationhttp://philosophyworkout.blogspot.com/2016/01/a-decade-of-economic-stagnation-looms.html

http://philosophyworkout.blogspot.com/2016/01/a-decade-of-economic-stagnation-looms.html


10

What took years now takes months

Key Challenges

Fast-paced technologies – Quantum computing, software defined networks, homomorphic encryption, block chain– Many technologies thought theoretical and distant have already arrived

The ability to consider and accept a new technology is a challenge– If your “Approved Product List” keeps critical technologies off your network your in trouble! – The fact that adversaries will quickly use that same technology as a weapon is a reality

Adversaries have become faster and attacks more obtuse– As defenses increase attackers are driven to different threat vectors– 3rd party attacks on the increase– Effective deployable malware has become a service

Threat families and signatures are becoming more difficult to characterize– Adversaries ARE profiling defensive tools to better evade detection– Adversaries ARE using zero-day data sources to implement fast low-effort attacks– Non-traditional paths are being used in the commercial and financial sectors

New environments can challenge both attackers and traditional defense mechanisms– Clouds and virtualized environments must be considered from both the threat and defense

perspectives– The ability to spawn, operate and dissolve a virtual environment changes how we must provide

security and identify/monitor inside threats


11

Big data creates big challenges

Key Challenges

Big data analytics (getting to the data to find the answer)– Finding the data is one challenge– Moving or copying data is often impossible– Processing must “go” to the data– Often these large repositories are critical for Ops– There is NO room for errors or data damage


12

Deep learning offers significant improvements for cyber security

Peraton’s Solutions

Fast-paced proof of concepts – quick and effective “will-it-work?” analysis

Deep Learning Applied to Cyber

Learns like a human using ALL the data


13

Applying quantum computing to real-world problems


Greenfield Analysis – to identify unexplored design directions Quantum computing is here and operational! The challenge now is un-learning

– We May no longer have to avoid or estimate NP-hard problems– We must stop thinking binary and think waves


14

Coding a quantum computer is more like writing music


Creating a “Score” on the IBMQ– High Performance Grover’s Search on the IBMQ

https://www.quantiki.org/wiki/grovers-search-algorithm

Classically, searching an unsorted database requires a linear search, which is O(N) in time. Grover's algorithm, which takes O(N1/2) time, is the fastest possible quantum algorithm for searching an unsorted database. It provides "only" a quadratic speedup, unlike other quantum algorithms, which can provide exponential speedup over their classical counterparts. However, even quadratic speedup is considerable when N is large. Like all quantum computer algorithms, Grover's algorithm is probabilistic, in the sense that it gives the correct answer with high probability.The probability of failure can be decreased by repeating the algorithm.

https://www.quantiki.org/wiki/grovers-search-algorithm


15

It’s hard to understand what you can’t easily visualize


Visualizing big data using glyphs– Glyphs are visual multivariate depictions of a data “object”– Data objects can be people, systems, locations even attacks– Glyphs can also depict temporal events in data objects

Leveraging big data with effective visualizations– Can you see something “weird”?– Can you leverage the human processor better?– Visualizing temporal events can improve defenses


16

Visual fusion of multiple data sources improves situational awareness

Glyphs Applied to Real World Problems

Network and data visualizations– Highly adaptable and frequently virtualized data – Traditional visualizations are challenged in depicting “reality”

The Composite View - Data flows, data on the flows, network overlays, GIS overlays, temporal events


17

Emerging technologies are improving operations

Real World Results

Improved operations and security with a number of enabling technologies– Control, Situational Awareness and Protections– Example: Privileged User Activity Managed Access

Automation/Orchestration– Orchestration and Automation have created repeatable and share-able playbooks for defense,

operations and recovery– Machine-Guided actions allow our customers to monitor, decide and “grow” confidence in

automated actions before these are allowed to become fully autonomous

Big data visualization– The ability to visually “explore” big data repositories has uncovered numerous events and new

research vectors– The visualization technologies compliment traditional algorithm and Machine Learning search

Quantum, block chain and other emerging technologies– Quantum is already improving processing times and quickly maturing – Block Chain for Enterprise Configuration management may become “the” standard


18

Questions ?

“When you change the way you look at things, the things you look at change.”- Max Planck

Richard DomikisChief Engineer Intel & Cyber

[email protected]

mailto:[email protected]

Date post:	25-Aug-2020
Category:	Documents
Upload:	others
View:	3 times
Download:	0 times