PERATON PROPRIETARY INFORMATIONThe information in this document is proprietary to Peraton. It may not be used, reproduced, disclosed, or exported without the written approval of Peraton.
PERATON PROPRIETARY INFORMATIONThe information in this document is proprietary to Peraton. It may not be used, reproduced, disclosed, or exported without the written approval of Peraton.
TENICA’s 2018 Enterprise Innovation Symposium Georgia Tech Global Learning CenterWednesday, May 2, 2018
Assessing and Integrating Emerging Technologies
Richard Domikis Chief EngineerIntelligence & Cyber
PERATON PROPRIETARY INFORMATIONThe information in this document is proprietary to Peraton. It may not be used, reproduced, disclosed, or exported without the written approval of Peraton.
2
Today’s IT environments are large, complex and rapidly changing
Cyber Challenges
Enterprise-wide situational awareness for mission ops and security– Must include multiple views of the enterprise data– Priorities and actions must be coordinated and guided for best overall result
Most customers are in continuous operations– Changes and improvements must be successfully Integrated into the operational enterprise– It’s not just technologies but also processes, training and change management– COOPs are often giving way to multi-homed operations
Static environments moving quickly to virtual and dynamic environments– Security has to move from “survey and lockdown” to continuous virtual monitoring – Dynamic environments both help and challenge operations– Risk perceptions and risk realities are not always the same
PERATON PROPRIETARY INFORMATIONThe information in this document is proprietary to Peraton. It may not be used, reproduced, disclosed, or exported without the written approval of Peraton.
3
Attacks have become faster, more obscure and more effective
Cyber Challenges
Moving enterprises from reactive to proactive postures– While reactive defenses will continue they are no longer sufficient– Systems have hardened and as a result attacks seek new vectors often unexpected!– Threats now decoy and lay dormant to improve attacks/persistence
Adversaries have advanced; time from attack to compromise is much shorter– The kill-chain has tightened for defense resulting in less time for impact analysis – Long-plan actions, including preplaced attacks and defense defeats, are enabling attacks
Inside threats can often avoid many of the protections– We continue to have events facilitated by insiders (intentional and unintentional)– Internal defenses must be balanced with efficient mission operations– Large numbers of privileged users with insufficient action controls
PERATON PROPRIETARY INFORMATIONThe information in this document is proprietary to Peraton. It may not be used, reproduced, disclosed, or exported without the written approval of Peraton.
4
Enterprise environments are rapidly evolving
Cyber Environment Evolution
Customers use evolving enterprises – more cloud, more services, more mobile– Economies of scale have moved many to seek storage and compute as a service
– BYOD (Bring Your Own Device) or UAD (Use Any enterprise Device) have forced enterprise evolutions
Increased connectivity and clouds have changed the digital landscape– Where our data resides– Where value must be protected– Perceived and real losses
When we were not well connected– Things still happened but we didn’t know it– Things that happened stayed isolated longer– The risk and effects were more limited– Defenses had time to use lessons learned
PERATON PROPRIETARY INFORMATIONThe information in this document is proprietary to Peraton. It may not be used, reproduced, disclosed, or exported without the written approval of Peraton.
5
Use technologies carefully
Unexpected Risks
Un-anticipated risks such as“accidental” resolution
Accidental threats Not all risks are from intentional threats
– Accidental insiders– Accidental spills
– https://www.linkedin.com/pulse/accidental-resolution-revisited-richard-domikis-pmp-cissp
– https://www.theverge.com/2016/6/22/11999598/bentley-mulsanne-gigapixel-nasa-photo
PERATON PROPRIETARY INFORMATIONThe information in this document is proprietary to Peraton. It may not be used, reproduced, disclosed, or exported without the written approval of Peraton.
6
Misperception of risk
Why Humans Accept Risks
Ambiguous definitions of risks– Is a risk a hazard, probability, consequence or description of adversary/threat?
Ambiguous quantification of risks – How do we accurately quantify risks (deaths per million, deaths per exposure,
deaths by age, etc.)?– Is it multi-variate on purpose or by accident?
Ambiguous perceptions of risks for both laypeople and experts– Reality: experts tell laypeople what to think; laypeople form their own opinions
Perception of Risk Posed by Extreme Events - Paul Slovic, Elke U. Weber http://www.rff.org/files/sharepoint/Documents/Events/Workshops%20and%20Conferences/Climate%20Change%20and%20Extreme%20Events/slovic%20extreme%20events%20final%20geneva.pdf
PERATON PROPRIETARY INFORMATIONThe information in this document is proprietary to Peraton. It may not be used, reproduced, disclosed, or exported without the written approval of Peraton.
7
Risk perceptions – experts and the rest of us
To Protect You Must Understand WHY We Accept Risks
Perception of Risk Posed by Extreme Events - Paul Slovic Elke U. Weber http://www.rff.org/files/sharepoint/Documents/Events/Workshops%20and%20Conferences/Climate%20Change%20and%20Extreme%20Events/slovic%20extreme%20events%20final%20geneva.pdf
4 forms of risk perception (my observation)• Agree with Experts• Underestimate Risk• Overestimate Risk• Inconsistent Perceptions
Perceived risk attributes (from Slovic’s paper)1. Voluntary– Involuntary2. Chronic – Catastrophic3. Common – Dread4. Certainly Not Fatal – Certainly Fatal5. Known/Exposed – Not Known/Exposed6. Immediate – Delayed7. Known to Science – Not Known to
Science8. Controllable – Not Controllable 9. New - Old
Physical– often concerned with environment and
user proximity
Medical– often concerned with exposure, infection
and response to treatment
Criminal – often concerned severity, vulnerabilities
and avoidable/unavoidable risks
Warfare– often concerned with perimeters, effect
ranges and survivability
Composites– The reality is most risk analysis includes
aspects from several models
PERATON PROPRIETARY INFORMATIONThe information in this document is proprietary to Peraton. It may not be used, reproduced, disclosed, or exported without the written approval of Peraton.
8
The data tsunami isn’t going to stop
Cyber Environment Evolution
Big Data has become a significant driver for many solutions – creation, access, use, storage
These are not really laws more like clear trends with strong likelihood of continuing
Moore’s Law - Processing/$ doubles every 18-24 months– 1965 Gordon Moore
Kryder’s Law - Storage/$ doubles about every 23 months– 2005 Mark Kryder
Noah’s Law – As Processing/$ increases and Storage/$ increases the volume of data grows at a composite rate – 2006 Rich Domikis
PERATON PROPRIETARY INFORMATIONThe information in this document is proprietary to Peraton. It may not be used, reproduced, disclosed, or exported without the written approval of Peraton.
9
We are now at the point where transistors cannot continue to shrink
Computational Change Point
Things are about to change in significant ways
Possibility of temporary stagnationhttp://philosophyworkout.blogspot.com/2016/01/a-decade-of-economic-stagnation-looms.html
PERATON PROPRIETARY INFORMATIONThe information in this document is proprietary to Peraton. It may not be used, reproduced, disclosed, or exported without the written approval of Peraton.
10
What took years now takes months
Key Challenges
Fast-paced technologies – Quantum computing, software defined networks, homomorphic encryption, block chain– Many technologies thought theoretical and distant have already arrived
The ability to consider and accept a new technology is a challenge– If your “Approved Product List” keeps critical technologies off your network your in trouble! – The fact that adversaries will quickly use that same technology as a weapon is a reality
Adversaries have become faster and attacks more obtuse– As defenses increase attackers are driven to different threat vectors– 3rd party attacks on the increase– Effective deployable malware has become a service
Threat families and signatures are becoming more difficult to characterize– Adversaries ARE profiling defensive tools to better evade detection– Adversaries ARE using zero-day data sources to implement fast low-effort attacks– Non-traditional paths are being used in the commercial and financial sectors
New environments can challenge both attackers and traditional defense mechanisms– Clouds and virtualized environments must be considered from both the threat and defense
perspectives– The ability to spawn, operate and dissolve a virtual environment changes how we must provide
security and identify/monitor inside threats
PERATON PROPRIETARY INFORMATIONThe information in this document is proprietary to Peraton. It may not be used, reproduced, disclosed, or exported without the written approval of Peraton.
11
Big data creates big challenges
Key Challenges
Big data analytics (getting to the data to find the answer)– Finding the data is one challenge– Moving or copying data is often impossible– Processing must “go” to the data– Often these large repositories are critical for Ops– There is NO room for errors or data damage
PERATON PROPRIETARY INFORMATIONThe information in this document is proprietary to Peraton. It may not be used, reproduced, disclosed, or exported without the written approval of Peraton.
12
Deep learning offers significant improvements for cyber security
Peraton’s Solutions
Fast-paced proof of concepts – quick and effective “will-it-work?” analysis
Deep Learning Applied to Cyber
Learns like a human using ALL the data
PERATON PROPRIETARY INFORMATIONThe information in this document is proprietary to Peraton. It may not be used, reproduced, disclosed, or exported without the written approval of Peraton.
13
Applying quantum computing to real-world problems
Peraton’s Solutions
Greenfield Analysis – to identify unexplored design directions Quantum computing is here and operational! The challenge now is un-learning
– We May no longer have to avoid or estimate NP-hard problems– We must stop thinking binary and think waves
PERATON PROPRIETARY INFORMATIONThe information in this document is proprietary to Peraton. It may not be used, reproduced, disclosed, or exported without the written approval of Peraton.
14
Coding a quantum computer is more like writing music
Peraton’s Solutions
Creating a “Score” on the IBMQ– High Performance Grover’s Search on the IBMQ
https://www.quantiki.org/wiki/grovers-search-algorithm
Classically, searching an unsorted database requires a linear search, which is O(N) in time. Grover's algorithm, which takes O(N1/2) time, is the fastest possible quantum algorithm for searching an unsorted database. It provides "only" a quadratic speedup, unlike other quantum algorithms, which can provide exponential speedup over their classical counterparts. However, even quadratic speedup is considerable when N is large. Like all quantum computer algorithms, Grover's algorithm is probabilistic, in the sense that it gives the correct answer with high probability.The probability of failure can be decreased by repeating the algorithm.
PERATON PROPRIETARY INFORMATIONThe information in this document is proprietary to Peraton. It may not be used, reproduced, disclosed, or exported without the written approval of Peraton.
15
It’s hard to understand what you can’t easily visualize
Peraton’s Solutions
Visualizing big data using glyphs– Glyphs are visual multivariate depictions of a data “object”– Data objects can be people, systems, locations even attacks– Glyphs can also depict temporal events in data objects
Leveraging big data with effective visualizations– Can you see something “weird”?– Can you leverage the human processor better?– Visualizing temporal events can improve defenses
PERATON PROPRIETARY INFORMATIONThe information in this document is proprietary to Peraton. It may not be used, reproduced, disclosed, or exported without the written approval of Peraton.
16
Visual fusion of multiple data sources improves situational awareness
Glyphs Applied to Real World Problems
Network and data visualizations– Highly adaptable and frequently virtualized data – Traditional visualizations are challenged in depicting “reality”
The Composite View - Data flows, data on the flows, network overlays, GIS overlays, temporal events
PERATON PROPRIETARY INFORMATIONThe information in this document is proprietary to Peraton. It may not be used, reproduced, disclosed, or exported without the written approval of Peraton.
17
Emerging technologies are improving operations
Real World Results
Improved operations and security with a number of enabling technologies– Control, Situational Awareness and Protections– Example: Privileged User Activity Managed Access
Automation/Orchestration– Orchestration and Automation have created repeatable and share-able playbooks for defense,
operations and recovery– Machine-Guided actions allow our customers to monitor, decide and “grow” confidence in
automated actions before these are allowed to become fully autonomous
Big data visualization– The ability to visually “explore” big data repositories has uncovered numerous events and new
research vectors– The visualization technologies compliment traditional algorithm and Machine Learning search
Quantum, block chain and other emerging technologies– Quantum is already improving processing times and quickly maturing – Block Chain for Enterprise Configuration management may become “the” standard
PERATON PROPRIETARY INFORMATIONThe information in this document is proprietary to Peraton. It may not be used, reproduced, disclosed, or exported without the written approval of Peraton.
18
Questions ?
“When you change the way you look at things, the things you look at change.”- Max Planck
Richard DomikisChief Engineer Intel & Cyber