Next Generation Threats and Utilising Artificial
Intelligence and Big Data Analytics
Ian Glover
0044 7970 817 101
The CREST Vision
Not For Profit
Organisation
Industry Support Research Guides
Pen Testing
Maturity Model
Social Responsibility Research
Current Research Activities
• SOC Accreditation
• Cyber Security Chartered Status
• Bug Bounty
• Wider Neuro diversity – Dyslexia
• Penetration Testing Standards
• Social Engineering In Penetration Testing
Schemes
Penetration Testing Cyber Security Incident Response
(CSIR)
Penetration Testing Threat Intelligence
Penetration Testing Cyber Incident Response
(CIR)
Penetration Testing Threat Intelligence
NSA NSCAP CIRA (Cyber Incident Response Assistance)
Reduce Threat Reduce Vulnerability
Avoid Detect
Recover
Reducing Threat Very Difficult
Reduce Threat
AI In Threat Reduction
• Artificial Intelligence is being used to combine huge amounts of threat intelligence
• Geopolitical
• Big Data
• Social Media
• Dark Web
• Company or Sector Target Information
Penetration Testing And Implementation Of Technical
Standards Reduces Vulnerabilities
How To Decide What Level Is Required?
Basic Levels of Assurance. Alignment with schemes such as Cyber Essentials. No specific industry orientation
High Levels of Assurance. Aligned to industry Simulation of known industry threats
AI In Vulnerability Assessment
• Very difficult to support the lower end of the market due to a lack of resource and cost
• Attack tools are more automated and sophisticated and therefore the analysis tools need to keep pace
• We need to assess outcome based results of tools (this needs to be the approach for other professions)
Cyber Essentials
Cyber Essentials
Evolve To Meet New Generation of Attack
Tools
AI In Basic Cyber Hygiene
• We must be investing in new ways to combat the new generation of threats
• We might need to change the model of protection – mafia against small shops is not a fair fight
Traditional Penetration Testing
More Formally Link With Existing Security
Standards
Establish Minimum Standards That Are Not Too Prescriptive
and Can Evolve Quickly
AI in Security Management and Audit
• The concept of continual security management should the topic of research (monitoring policy compliance, security improvement plans, personal security compliance etc.)
• Traditional views of period audit should move towards continual audit
• Traditional audit firms are working our what this means to their business
• In cyber we could take a much more proactive approach in all of these areas
Critical National Infrastructure
Intelligence Led Penetration Testing Services
Target Environment
Skill and knowledge of tester
Tools based on known vulnerabilities and attack
vectors
Validation from peer groups and informal
discussion forums
OWASP and other public sources
Company Research
Published Cyber Threat Intelligence
Up-to-date
incident data
Up-to-date
threat intel
Emerging Cyber Threat Intelligence
Evidence Based
Contextualised
CBEST / TBEST
Critical National Infrastructure
Potential Schemes Domestic
+
Civil Nuclear
Energy
Space
Water
Defence
Emergency Services
Chemical
Transport
Health
Food
AI In Threat Intelligence
• AI (artificial and augmented) is the basis and the reason that the new Cyber Security Threat Intelligence industry exists an d is flourishing
Also Exercise Continuity Plans Against Real Life
Scenarios
Detect
Continual Threat Monitoring
SOC Accreditation
SOC Accreditation
Document Review
On Site Audit
Technical Evaluation
AI In SOC
• SOC utilise big data analytics
• Professionally run SOCs are already saying that they use AI
• The AI services should be used as a way of supporting the decisions of the SOC analysts and management
Invocation Before Attack
Heighten Awareness Configuration Review
Update Penetration Test
Recover
Cyber Security Incident Response
• Again difficult to provide support at the lowest level
• AI utilised for malware reverse engineering
• Can we build AI concepts into CERTs
• Can we build AI into the information exchanges
AI In The Profession
Existing CREST Qualifications
Multiple Choice
Practical Long Form
Non Licence To
Trade Fellowship
We Have A Skills Shortage!
We need to upskill our existing workforce
We need to encourage more talented people into our industry
All Professions Impacted by AI and Big Data Analytics
How does a market react to the need to upskill an exiting work force?
How does a market react to difficulties
in the recruiting talent?
Operated as an industry without Chartered status
What has changed?
Balanced Assurance Programme
Reduce Threat
Detect
Reduce Vulnerability
Recover