Welcome everyone to this nice innovation night with drinks and snacks. It's a series of events which we started. So we did something like this at our flagship event in Munich, at EIC where the topic was blockchain identity. And now our topic is cybersecurity and specifically machine learning and deep learning for the secure future. So the applications for the cybersecurity area together we will have today, we will have seven presentations. There were eight, but one speaker had to meet early, unfortunately.
So we'll have seven talks and we'll have a jury consisting of Martin COER principal Analyst, Analyst, co call Tom Hoffman, Tom Hoffman manager, Aston young Warwick Ashford security editor at computer weekly. And talk to Michelle from the host senior director, cybersecurity, Germany, Cisco, and Cisco is also the sponsor of the innovation night. Okay.
We will grant the winner, the prize of 2000 euros and also an opportunity to speak at our flagship event in Munich next year, middle of may.
So it's, I think a nice chance to present the company and the work also in Munich next year, we will do voting for the winner. It'll be done at the end of all the talks. So we'll do this via the copier call app, which you hopefully have already downloaded.
If not, you can do this during the evening. We have a lot of time for that. And at the end, everyone could vote for the winner using the app. If nothing goes wrong, if everything goes wrong, then we can do something else, clap, dance, jump, or something like that, but we will have a winner and he will get the prize.
So without further ado, let me introduce a William degra co-founder of who will speak about keeping your organization secure the impact of artificial intelligence and machine learning on identity and access management
Evening, everyone I'm I'm co-founder of we're speed off of the university of blue. We started last year in, in April and myself.
I did a PhD in computer science and computer security more specifically, and together with a few of my colleagues at university, I started T in the area and we have a software product in the area of identity and access management, and more specific about compliance in identity and access management. And yes, we use a bit of machine learning in our software, despite all the, the buzzwords. So just to kick off my presentation, why do we do identity and access manage management?
Well, it's basically to do, let people do their jobs within the company, right? People need access to data. People need access to applications, and somehow we need to restrict it a bit so that they can see too much so that they can still do their jobs, right.
We need to be sure with respect to security and privacy, that we are still in control. We need to make sure that we are compliant with specific regulations. That's all, all the reasons why we do identity and access management.
And if you look at the people involved with identity and access management, you will see that many people throughout the organizations are in fact involved, right? We took this typical approach of dividing a specific problem into many pieces, and we divided the pieces throughout all the company. And many of the people actually know pretty well, what they should do when it's about identity and access management.
For example, a line manager knows pretty well that he, from time to time should check the access of his team members to make sure that they can do too much people from compliance know pretty well that they should check and make sure that for example, no one within the company can both approve and submit contracts at the same time.
But the real problem is that identity and access management today doesn't really work on that level. There are a lot of tools already available in the market, but they're all very, very technical, right?
And when a compliance manager needs to check this separat, this specific separation of duty, he needs to do that by translating somehow the high level idea of separation of duty into very technical, low level stuff. It's the same, for example, for a line manager, it needs to go to Excel sheets with thousands of lines of access requests and, and, and assignments of rights and needs to make sure that it's all fine.
So as an organization, how can we be sure that we are actually secure because people need to do these compliance exercises, these, these three certifications so many times a year that people often wonder what about the so-called security fatigue? Nobody really likes to do that because it's very, very hard for people to really understand what they are actually doing. So given all these technologies, these, these cool technologies that we have these days, how long can we still keep up doing it the old way?
How nice would it be if we have something like Google or like Wolf from alpha, where we can ask a very simple high level question and get a very structured answer in a snap with a snap, a finger, anytime we want very clean answer to the points in a language that is understandable.
If we want something for, I am, what we need is a lot of data. A lot of data, we see that also for, for other companies, it all starts with gathering data.
And a lot of companies, enterprises have a lot of data that is relevant for identity and access management, but it's scattered all out throughout the organization and it's very hard to unlock it. And that is in fact, the first step. So once you gather all the data, you unlock the data, you can add context to the data, you can add organizational context to the data, and suddenly you can transform that massive pile of data into information, but it's still a huge amount of information.
And then you need to cleverly apply analytics or any AI algorithm in order to give people the right focus on the data to give them the necessary insights so that they can make well-founded decisions based on the information.
And that is exactly what we try to do with the limiting. What we do is we create a data analytics tool for compliance, for identity and access management.
And we do that by first gathering all the IM and other relevant data in a circle data Mart, where we take care of all the data engineer that is typically involved with setting up such a data Mar, and then applying our software on top of that data, Mar to give people the people I was talking about.
So compliance managers, role owners, application owners, team managers, line managers, a tool to gain access to that data Mart in order to get focus on the controls that they need to do in order for them to really understand what they are doing and still the exercises that they need to do will take up a lot of time.
But by cleverly applying some machine machine learning algorithms, we can really pinpoint them to the specific problems that for example, within their team, there are people that have abnormal access rights, for example, but we can also come up with certain, yeah, you could call it business rules.
So to speak about the state of, for example, a specific team or a specific part of the organization. And once we have all this knowledge, we can transform that in, in, in a way to automate a lot of the controls that people now still have to do manually.
And once you've automate a lot of controls, you can also use them in the face before, and you can only alert people when something violates the current state, you can go to a more detective mode. And once you have this model in place, you can even go one step further and you can integrate with the existing IM tools in order to go to a more preventive access management.
So that even before assigning a specific right to someone, you can pinpoint a specific problem and, and say to, for example, a team manager, Hey, if you allow this request, be careful because it's a potential fraud threat, all based on all the relevant data in place.
And we think that is of massive importance for large organizations, because right now they're spending a lot of time and money on identity and access management compliance.
And we can, we think that they can do better, that they can do this much faster, that they can be more secure, be less, have less risk just by applying the correct tools to IM compliance in order to achieve what we call a more continuous compliance state. So where that they can step away from these heavy paper based often paper based or Excel based exercises into a more continuous compliant situation, which would protect them against the regulatory pressure of the coming years. So that's what we do at the DT. Thank you.
Thank you. If jury has some questions, we have course time for it. Okay.
I think I have one question. So, so we had a little bit of AI also on the, your last slider, the slide before. Yep. But where exactly does ML come into play?
Yep. So based on the, the data that is in the data mark, so the data mark contains not only the, the data coming from tools like SalePoint over run identity, but also data from other departments like HR. And so based on machine learning algorithms, we can just build a model that contains yeah. Basically the, the current states where people can indicate that something is wrong or that it shouldn't be like that.
And that is used into accounting again in the model to come up with so-called rules, rules that states okay. In your team, everyone has access to application X. And so once that's a rule, then it can use throughout all the other tooling, because if someone requests access to application X, it's a rule and it can be automatically.
Got it. Thank you.
Yes. Further question. Is it just on access rights or is it also on behavioral analysis of what things users are doing then during your day-to-day work
For the moment? It's only based on the, on access rights.
So on database is already available in the I IM systems, but I guess it's, it could also be possible to include more user behavior data. But for the moment we are focusing purely on employee data and not so much on customer data customer IM data.
Thank you.
Hi will. Okay. So I'm very interested in, in, in your system, but I put, but this GDPR thing, and I'm, I'm a bit nervous about PII and stuff. And you're talking about an IM data Martin. One of the things that I've read about AI systems and machine learning is that one of the points of failures, maybe the, the, the data.
So how are you going to reassuring?
That's a very good question because it's one of our selling points to clients is that is the fact that we have a very fine grained access control model on top of the data Mar so that people who use our self-service dashboard can only see the data that they're allowed to see because you're right. The datamart contains a lot of PII. And so it's a fairly important to really pinpoint that. For example, a team lead can only see the data from people in his team and not from his manager, for example. So yes we have.
It's, it's very important for us. And we have, we have thought about that. Thank you.
Thank you. Thank you. Once again, William. Wonderful. Close. Thank you.
Hi everybody. My name is Frederick. I work ATL six and today I will talk a bit on adversarial examples in machine learning.
First, let me start with a little quiz. What do you see in this image? Let me ask you,
I see temple probably somewhere in
Asia.
Yeah, that sounds like a fairly correct answer. If we feed this image to a convolution neural network, it would say with 97% certainty that this is in fact a temple.
Now, what do you see in this image? It appears to be the same image right now. If we feed this image to the exact same convolution on neural network, it will tell us with 98% certainty that it isn't ostrich. So what is going on? This is what we call an adversarial example. These are generated images as opposed to camera images. These are artificially generated to full neural networks.
So today I will be talking on adversarial examples very briefly. I will skip some of the technical parts, but feel free to interrupt me or to ask any questions.
I will tell you what they are and why they are important. But first, let's see how many of you are familiar with neural networks a bit. So some of these things might seem fairly reasonable, but what happens is that we train a network of multiple layers of artificial neurons to recognize a certain kind of image. And so for each of the output classes, in this case, either cat or dog, we have two output neurons. Each of these output neurons learns from examples, examples of images that we feed through the network.
And we see when visualizing these neurons that they each learn different kind of structures or patterns. So without even having the class labels, we know that this neuron neuron two is probably learning some kind of doglike faces, right?
So now consider the following convolution network, which is able to predict where, what kind of object a certain picture is showing. So let's consider these three phase, these three glasses being baseballs, sunglasses, and match sticks.
Now a couple of researchers came up with a very intelligent evolutionary algorithm that is able to generate images that maximally excites these kind of neurons. And this is how the images look like. So for a human, we can tell that these are not real images. That ears are not real objects, but for a machine it's impossible to distinguish between both because in fact, the neural network architecture has been used to generate them. So this is how we fool neural networks. And this is extremely important today.
So seeing as a lot of machine learning models, machine learning has actually opened a box of very cool innovation of very cool opportunities.
Think of medical imaging and breast cancer detection, think of self-driving cars, drink of malware detection for cybersecurity, but it's very important to keep in mind that these neural networks actually have vulnerabilities themselves. So when talking about the trend of machine learning, this really is a big topic.
And so what you see in this image are, again, generated images to fool a neural network, into believing that a certain object is in a picture. And sometimes we can track where it's coming from. Like with the computer board, we can see why the image is thinking that, but in other cases, it's completely gibberish, but now we can see this as humans. So we're still kind of safe, right?
With what happens if we start from a regular image of, let's say a pan bear, if we would feed this to a neural network, it would tell us with 57% of accuracy that in fact, the image shows a Panda bear, but now there's a kind of algorithm, gradient descent that is used for training images.
But now instead of optimizing the gradients of the weights, instead of optimizing the weights in a network, we will optimize the image for showing another class. So let's say we want our image to be outputting. We want our network to be outputting the airplane class.
Therefore we will be calculating the gradient matrix, which to a human just appears as random noise, but for a machine, it makes a big difference. So adding this bias, this random noise to the image will output the cloud of airplane with 99% of confidence.
So, and now you can think, why is this important? Why is it so bad of misclassifying? A Panda bear as an airplane will think of the following example where if people realize how easy it is to adjust traffic sign with just a little bit of graffiti, making them for a computer vision model to appear as a different traffic sign.
Imagine in 10 years of self-driving cars are around and this isn't addressed how dangerous this can be. Couple of other researchers have found or designed 3d printed glasses that is able to hide your identity and even make the machine learning model tin.
You have a different identity. So identity T using computer vision models as well today is existing. And so it doesn't stop with images, right? It even exists for text in this case, just changing one word clever to death, which is in fact, a cinema changed the complete output of the sentiment analysis network. And in the next example, we didn't even need to change a whole word. We changed just one letter, completely changing the output clause of the text. And so a lot of machine learning use cases are built from NLP and text classification, especially in cybersecurity.
So imagine how big of an impact this can have if you really have a techers focusing on your models themselves.
And so really the impact of adversarial examples is huge. They exist for nearly every known neural network architecture today being at convolution neural nets, L SDMs, but even for random forests or support vector machines. And so just like a virus would be attacking your system. The adversarial example is attacking your machine learning model.
And so even though you have the most advanced cybersecurity software, if there's a built in machine learning model where it's dependent on, it has vulnerabilities, and this is really what I want you to get from this part, you really need to be able to defend for your models themselves as well. So I really like this analogy of the red team versus blue team, which exists in cybersecurity. This also counts in machine learning. So we now know that adversarial attacks exist and they're attacking our models. How can we defend against them?
So let's see for people who know about neural networks, the answer is simple, right? We hide the gradient of the model. So it's unhackable. We make our model private.
Well, unfortunately this is not true. So the attacker can create their own model imitated from the existing model, by using even the outputs of the existing model. And by using the gradients of the imitated model, they can kind of approximate how the adversarial example would be attacking the real one. And then they would just apply the same thing. They would just try and error until it's breached.
Now, luckily for us, there are some other ways, so one way would be the reactive strategy where you implement a second model that is able to classify examples as being another adversarial example or not. And so the good thing about this is that it can be implemented afterwards next year, existing infrastructure.
The betting thing is that you have the double infrastructure and the double costs. Now in a proactive strategy, we are coming up with our own adversarial examples. We're using our own radiance to kill our own model, and we are including it in a model training phase.
And so by including it in the training phase, this allows us to have a more robust model, a more stronger model. And what we see here from research is that's actually more accurate on the real test images. And so what I want you to get from this is that machine learning is really breaking a lot of barriers of innovation and really offering a lot of opportunities. But I want you to remember to keep in mind adversarial attacks at a red team and how to tackle them.
I want you to remember to attack your models, to make them more abuse and to not only automate your processes with neural networks, keep a human in the loop that does it, sanity check, and that tests for these kind of attacks. My name is Frederick. I work for M six. We are a team of very enthusiastic machine learning, engineers and mathematicians. We implement state of the art machine learning models for our customers. And if you have any questions, please free free. Thank you.
Thank you. Very questions from the jury. Okay.
So I think cool stuff above my level of mathematics, at least where I'm at today, you say tailor made, is there any plan to sort of move from tailor made to sort of commercial of the shelf approaches for doing so? So a standard thing you trust can implement to optimize what you do in ML, or will this remain sort of tailor
Made for defending you mean, or for attacking
For, for defending ones?
Well, unfortunately right now, not so there's no kind of covering all strategy for defending. So this is a really difficult part. And this lives in cybersecurity, a lot attacking today is easier than defending. And so these last ones are just a couple of solutions, but for example, this one is not even robust to all adversarial attacks. There will still be way to hack it, but the idea is when you're already thinking of it, you're already defending.
Thank you. Thank you. One more question here.
One more kind of hypothetical critical question on that.
Even if you train with negative data episode data, the new model, we recognize that, but by the definition other facility data might show up and you might know, find other ways to trick
It. Exactly, exactly. That's completely true.
So it's, it's actually rapid and how's it call it in. Jim has, has an Eagle speed. So you just use step forwards, never ending. Exactly. And you can't be sure you might, you know, find other ways to circumvent that and to make sure you do it all for the good
Stuff. Exactly.
One way, one way would be to keep humans in the loop. Like a radiologist will always keep a sanity check on the classified images for breasts.
Thank you. Once again, Frederick,
Hey everyone, I'm Albert, I'm leading Davido. It's a Munich and Los Angeles based AI innovation lab. We do a lot of stuff for space defense and financial banking industry, obviously for the, and it's financial banking and for United States, it's space and defense. And today I'm going to present you how we use the best cybersecurity techniques and space on defense applications.
And one of our flagship products, which is called Skyla. And as you see, the topic is Zian can save life, but we need to be very, very careful about cybersecurity techniques. So what's the problem in the scale. As you know, in United States, only in 2018, there have been about 304 active shooting events. And what is an active shooting event? It's when some of the citizens in the United States or in some other country just takes the guns because the guns are allowed. It enters the public institution and starts shooting people openly.
And we work a lot with law enforcement organizations, especially in Los Angeles and also with FBI and according Toba reports. Most of the pre attack behavior of the people that are performing active shooting events, it's pretty clearly observable. So you could understand when a person is coming into the institution with the open gun, with a rifle, start killing one of two people and is showing aggressive behavior because most of the people are usually in the situation when they're insane and they don't control it themselves.
So now remember, we don't have to mess it with the terror attacks because terror attacks are very well defined and people are usually professionals with active shooting events. It's usually the people who have stress in their lives, the emotional situation they're being fired or whatever am. And this is very easily absorbable, but what can be done using the latest technologies to minimize the casual, the subjective shooting events, because it's at the end of the day, it's pretty bad because most of the people bank and are under range kids in schools or other institutions.
So we have been on assignment in 2017 in Los Angeles, and we have been talking to law enforcement officers. And the mission was to, in order to implement the buzzword artificial intelligence for the existing cameras that are out of the field and what is sky, we came up with solution, which is called sky, and it's running in several installations all over the world, including by the way, Europe Skyway is a real time violence detection system, which is running and installed on top of existing UAV cameras for people that are civilian and drones.
So unmet aired vehicles and CV cameras, and the mission of Skyway is to detect the violence and to understand what's happening before the attack. So let's say the latest situation in the Pittsburgh event, when the shooting happened in the synagogue, the active, the, the guy who was performing the active shooting event with an open gun, he approached the synagogue and then he entered with a gun, which could clearly visible from the distance of 10 to 15 meters.
And he started shooting people. So there was a lot of dead cases and a lot of victims in that event.
But what if you had that kind of system installed on the roof of the synagogue? Basically you could have been, you could have detected person who was performing active shooting event, and then using the excess system controls of the doors could close the synagogue and alert the responsive, special forces systems. So how it's working sky is a pretty sophisticated system, it's it? It consists of free models. One of them is a dispatch tower dashboard. So response unit commanders, usually it's the SW teams and the war rooms, like let's say it's bun, Netflix model Bundes or whatever. Yeah.
They have their war rooms in the S you have a lot of cameras, which are every single one is in the zoomed window. So usually you have free shifts of people that are working eight hours watching the worms on the event.
But because there's a human factor, people are getting tired. People are at the end of the day, getting to toilet or something else is happening. They get distracted when the shooting event is happening. So with this system, then the officers responsible for attaching on the field. The cameras can definitely assign. So people responsible for those cameras on the states.
So a real example would be, let's say, officer Hans Miller, he's responsible for patrolling Berg and the cameras there, the chief of pop, all this Anderson could assign just the cameras in the field. And he would be getting the alerts for those S and we have several models enabled, which is night vision infrared and wherever. Yeah. You call it. The second one is the web operations dashboard. So every single dashboard is connected to the camera in behind.
So as soon as something is happening, you, you hear a beep the dashboard is coming on top, and you definitely understand what's happening in the real 10 with the latest framework, the attack is happening.
And you also have two metrics, which is violence probability in the weapon probability. Now why Skyway is unique? You could say there's a lot of systems there on the market. Sky is the only system on the world that detects the motion in real time. So we analyzing a time lapse. Whatever's happening. Let's say it's a Frankfurt airport.
You see the police guys in the police side, big guys with real guns working. So we don't wanna send alerts every time we see a gun, but when we see someone taking the gun movement towards the crowd and pointing it in this area, that's a definite alert because that's an act of violence or a knife attack, or a physical violence happening as soon as something is happening in the ballroom. And the dashboard is coming on top, the police officers on the field have a mobile application, which is installed on their phones, and we call it smart suspect identification system.
Now let's remember this.
Why is this very important? Because in United States, especially when an active shooting event is happening, the SWAT teams get a shoot to kill command. And when the SWAT team is coming, usually they're coming after the core of 9 1, 1 9 1, 1 crew is done with usual people and they give really messy information. And when SWAT team is killing wrong, people then comes real.
A lot of problems for the police departments itself, with the smart suspect identification system, you could basically do the face matching and get the returned identity of the suspect that has been performing the active shooting event. Now, this is always good, but today is the cybersecurity event. Yeah. So you would ask me a lot of questions. How do we make sure that this is not hacked? Because if somebody hacks this kind of systems, the SWAT team was the SWAT team will be dispatched and they'll be killing again, wrong people.
So for that main reason, we have like spend about one year on securing it and doing according to regulation. So as we said with great technology comes great responsibility. And sky has a lot of multi channel models, which have to be secured properly with the latest techniques. And one of them is the encryption on the lockdown of the streaming network. So whenever sky is being installed on the customer on premise, which is usually the Polish military or law enforcement institutions, we use military grade is 256 bit encryption.
So all the cameras in the network are communicate communicating with each other within the secure network protocol. There's not a single zone B camera, which could be accessed from outside. And we also encrypt the streaming server where the actual software is running on. So every single software package is big deployed through secure virtual containers. These containers are all encrypted using the same military, great encryption and our engineers before deploying it to the customer.
They are doing source code source code checks using the all P standards.
So because we don't wanna have access from the cameras itself to the network, but we also need to make sure that the system is running in the encrypted virtual container, which is not accessible at all. And usually these are highly classified military installations, which have no access to the internet. Another model, which, which is accessible is called sky. Porwal where the smart identification system is running. So because this is a very sensitive topic.
It's not being deployed through the app store on either Google store or the play store it's being installed to the police officers, mobile apps, mobile phones, through very secure transportation protocols. And in order to mobile app, to be communicated to the server, we use Ts connection, which is a much more secure version of CTPs Ts two, actually.
So you should remember also one thing, there's only one way connection through streaming server to the mobile notifications through push notifications.
So mobile apps never get communicated to the server back because if the mobile application is hacked, then most probably they could send some kind of malicious request to the server as well. So there's only one way communication to the mobile app and the exchange. This is the most important. So let's make let's, let's, let's imagine we're running in SanCor of Asian prison yeah. Where they wanna detect suicide. And they don't wanna pay us every two weeks time, or they wanna hack the software and reuse it.
So we use very securement exchange protocols one minute, which are almost not, not possible to hack. So this is the latest protocol definition for the keys. And as long as the system is becoming the keys, the system is functioning.
If not, not, and data privacy, this is the most interesting stuff we don't store the real stream. It's vector, max mask, graphic analysis. So we like, let's say, if you're shooting me for the video camera, you just see black and white working, doing movements and so, so forth. This is how we train. This is how it works.
It's me. So I published a lot of works about security, and we have one of the best people in the co-founding base. He like 20 years of experience in computer vision and worked in most of the most famous universities in the world.
And if you guys have questions regarding the SCAA feel free to approach me, I'm happy to discuss.
Thank you, Albert. Excellent. Thank you. Any questions? Nope. From the audience maybe. Yeah. One question.
Speaker 10 00:33:42 Thank you for representation. So I'm concerned you are using end to end encryption completely, and you want to make your data real life. So which means that your hardware requirement to be able to perform that will be so high.
So where do you get the specification for the hardware requirement to be able to decrypt at the same time and make your data real life without any time like, like, so to say,
We use very advanced and complex GPU service. Usually we partner with M VJ Ws or Fujitsu on that side, and we make sure that it's very performed at the same time. Plus the keys that we exchange, they make sure that the it's encrypted. But if you miss the keys, the date is lost. We have to be compliant.
Thank you, Albert. I'll close once again.
Speaker 11 00:34:33 Okay. Good evening. Everyone. AI is disruptive.
That should be the truth for cybersecurity as well. Isn't it? Yeah. But what is it destructive? What is the mean for that?
For, for our customers now, as a CEO of company, I need to, I need to sell products. I don't need to sell ideas. I don't need to sell abstracting. My customer needs products.
What, what would be better at my product, which are AI against the other vendors? What would the case? This is my story. Now I will describe to you with a very short description, what is made at the on-prem situation. And from that we can conclude for the marketplace, what is going to be the disruption there? Okay. Whaf is something that everybody, I think in this, in this room, quite familiar with the problem currently with wha for customers is the problem of total cost of ownership.
Speaker 11 00:35:44 Basically, this is one second thing is it's not working for them.
That's a basic duty. If you're working, working one by one by customer, it's not working for me. I need to put all of my guys on top of that and it's not working for me still. So this is the real situation that you got. We developed one. Okay. And now it has been piloting just before the marketplace. This is a true story. And it's been pilot now on-prem and two days ago, that was a very treating an interesting situation, which give the true story of AI coming to the, coming to the market. Okay. We went to customer deployed onsite, secure place.
Deployment took us about half an hour because some trouble, but that's it, that's it guys that's it. After half an hour, they can went home. The customer can go to sleep nice. And with nice with, with peace in mind, thousands of web domains were protected on the spot. No need to configure anything. The system just worked for him.
Speaker 11 00:36:58 Nobody was amazed. Nobody was amazed because while this system come to the market, nobody amazed because it's, it seems such a natural situation that you come to your client, deploy your system, and it worked for you. That's a disruption.
Everybody knows that those who currently in the market need to be surrounded by professional team on a, on a daily basis. And they're there. And they cost a lot. AI system come to the marketplace, and this is a game changer. Now can be a game changer now for the client perspective. So if you're thinking about AI, this is a true story of how AI can disrupt the marketplace. Okay. Now think about this situation in Amazon store, in Azure, in those places, this will be the case. Now the marketplace in those cloud is disrupted by itself. That's well known. No channeling is needed anymore.
So if you're working with classical channeling approach, they have, you have got no work for them at the, at the end of the day, if you got the Amazon setting for you or Azure setting for you.
Speaker 11 00:38:16 So if you combine those two together, now, what will be the case here? Could this disruption be synergized on each other? What is the, what is the idea about the branding built for tens of years now in the market by channeling approach? When now to the marketplace, is it there anymore or not for the vendors? What would be the case?
There, there are a lot of question marks here. I don't know what would be the answers. I just can tell you that this is a very exciting situation.
Now, when AI can really disrupt existing market, not nuances, existing market WAFF is classical from 2003, four, something like that. Given in any architecture in the market for any customer you have in mind, and now they can shift what would be the case? Would the marketplace will synergize and generate some sort of approach here. Nobody can tell this is the reality. Thank you.
Thank you. If you have any questions.
Yeah. I just wanna ask it is just what you presented is like Tepa is well, okay. You've just added AI without giving us any details as to what is to a wha and Hey, it's great.
What, what is the AI component? Okay.
Speaker 11 00:39:51 The whaf is AI by itself. It's built it's AI system. I can tell you a long story for our now, what is, this is IES, unsupervised learning novel one, which we develop for several years, work for DDoS. Now it's went for the wha this is, this is the product that we have. This is the technology that we have. It was awarded here and there. This is the technology. There's the long story behind that.
So, so basically what you're saying is you have a tool, which isn't the way you don't set up the rules as you do traditionally above, but which learns itself, or is drained in a different way to counter sort of the things, the attacks, which might come end up at your, your, your system. Cetera. So is it that what you're doing? Yeah. Okay.
Speaker 11 00:40:44 Basically
Finally, finally, I've got it. Thank you.
Speaker 11 00:40:47 Everything.
Sorry, Peter,
Any more questions maybe from the audience? One question.
No, then thank you. Do once again.
Speaker 11 00:40:59 Good evening, everyone. My name is Zaki. I'm working as a cyber security solution architect at Atos, and I'm also currently researching the implementation and the usage of NLP tools and applications in our solutions. First of all, I will start with what is NLP for those who aren't aware. NLP is a sub domain of artificial intelligence, where basically we are teaching the, the machines to understand the natural language, whether it is human, or it might be also actually artificial, such as programming languages.
So why it is important to, or what could NLP bring into the cybersecurity equation since many years ago, actually, since the inception of the it, we are having basically a team meeting between the humans and the machines and the humans and the machines are basically communicating through this natural language and in cybersecurity where our endeavor is basically to keep safe, the information or keep safe.
Speaker 11 00:42:18 The people is at the end of the day, to, to secure this communication and to secure this information, which is based on natural language.
So we believe that with the increasing complexity of the technology stack. Yeah. If we are looking at IOT cloud, whatever else, yeah.
The, the complexity of the communication will arise. And therefore there will be a need of some kind of automation and of support again from the machine side in the communication towards humans. So how could machine learning in with NLP help here? We're having basically two patterns or two situations we're having the analytics. And if I bring some examples, it would be text understanding or speech understanding. There would be text classifications.
If I would go to the generator side, we would have also speech generation or text generation, but we are having also in both things combining both of them like question and answering systems and sentiment analysis and so on.
Speaker 11 00:43:43 So if I, if, if these things are a bit too abstract for you, well, I would have had quite many examples, but I have limited myself to two. One example is, has been taken from a company called endgame, which is actually a provider of endpoints and who is having an interesting approach.
They are, they have taken the, the natural language processing and poly and transform it into malicious language processing. So basically they are DISA assembling the binaries and are looking at them as they are being a natural language. What is interesting that with this approach, they can do hybrid and a hybrid mix of static and dynamic analysis of the code, and which brought them of being the only one solution who is completely covering the entire, the entire meter attack. If you know it, another solution is from a Chinese company called I fly tech.
Speaker 11 00:44:49 Well, what they are doing is basically they are simulating or emulating better, said a person's voice over some different text. And they actually, they became known for emulating Barga and Donald Trump, as they were speaking Chinese or Mandarin. What is interesting about this is to think about you, of, yeah. Being emulated in communicating with some other system of specific things that you are no, you are aware of. And the question is for us is how we will be able in, in the next years to defend against this kind of attacks.
And actually there, if, if we would look at the application area, there are quite many here I have listed about 15, and I could have provided you about 15 examples for them, but there are many more actually a couple of companies start tonight here.
And I, I, I was delighted to, to, to see them here, for example, for Fred intelligence, I believe Josephine will, will present after me, but for all these areas, I could provide you very good examples with startups or with non companies, such, such as 10 scale or open DNS that are currently using the NLP in defending or in sometimes also in attacking.
Speaker 11 00:46:23 Yeah, it's, it's interesting. Also there is an area here, censorship, and this information, there are statewide programs using NLP in order to do this. And we are not much aware of it.
Well, if I had finished the conversation, I would say only that what is important to take away from this is that the deep learning makes currently NLP, which is actually started many decades ago makes usable, and it makes it usable also for cybersecurity in the sense that it accelerates the electrical passing of the logs and all the information out there. The NLP may and is used already, currently by attackers, but there are also currently solutions in the market for defense activities. An interesting example is also about NLP ontologies.
I had a discussion today about the use of ontologies in risk management and intelligence. And if you are looking banks in the United States are using them already in the communication with the sec and last but not least is that the NLP supports the inference and the, the orchestration automation. And these will make easier. The activity of, of cybersecurity professionals at, at is, as it is currently very complicated for, for us to take more and more activities when the complexity of, of systems is growing. But we are having the same level of people or not, not, not as fast as growing. Okay.
That transfer me.
Thank you. Thank you.
Speaker 11 00:48:04 Thank you
Questions.
Speaker 12 00:48:11 So you would actually help me to implement that NLP into my security system, or how would ADOS support me on that one?
Speaker 11 00:48:19 Both of them Atos is actually quite big. So we're having two divisions. We're having an artificial intelligence division in a cybersecurity division. I'm currently somewhere in the middle. If you need help in support in, in implementing the AI parts of our custom implementation, that is, this is doable.
We are also providing many security services with our partners, which are using NLP already in their tools.
Thanks more questions.
Now, this seems to be actually quite frightening. If you think that, you know, two or three steps forward, what kind of information can we actually trust in the medium term, if you know, nations that actors or others are using this to create fake news, fake videos, fake pictures, or whatsoever as you're implying here?
Speaker 11 00:49:10 I would say mostly nothing, but I hope that fin will come afterwards from recorded future represent.
I know what they are doing an interesting approach with NLP of analyzing the content over, over the internet from an intelligence perspective and verification of the ity. Or if this, if, if this information is fake or not, there are also other approaches in, in the market, but I would, I would go to, to say no trust.
Thank you. Thank
Speaker 11 00:49:45 You. Thanks.
Speaker 13 00:49:48 Hello everyone. My name is, and I work as a software engineer at recorded future. Today.
I'm gonna talk about how we can deliver threat intelligence at scale in real time by using machine learning. So threat intelligence, what is it?
Well, I suppose some of, of the definitions out there include its evidence based knowledge about an existing or an emerging threat that we can utilize to make, you know, good decisions and smart decisions when we're being under attacked, under attack or before we're being attacked.
Speaker 13 00:50:37 So if you look at this picture and you imagine that this town is your organization and you want to protect it, right? So what do you do?
Well, you build a wall around it. Hopefully no bad guys will come through the wall, but you know, you can never be sure. So you hire some guards, keeping protections, you know, around the gates.
And also, you know, you have some of them running around on the inside trying to see if someone's, you know, digging tunnels beneath it or doing holes through it. But, you know, threat intelligence is thinking beyond the wall and is asking questions like, is someone asking for the keys? Is someone talking about attacking places like this one are the blueprints out there. And it's more about, you know, being proactive than passively waiting for, for the threat to come to you.
Speaker 13 00:51:39 So these, these questions are actually really hard to get a good answer from or four, I suppose you could Google, who's trying to sell my credentials, but you probably won't get any good answers. Right. And if you do get an answer to those questions, it's probably too late and the harm is already done. So what we want to do is make it possible for you to answer these questions in a really simple way and get, you know, all the information that you need to be easy to look at.
And, you know, if you want to, you can go in and dig deeper to get more context around it. And it's not just about, you know, delivering IP block list. It's about giving the context around the IP addresses on the block list, for example, so that you can make decisions quickly and confidently.
Speaker 13 00:52:38 So I believe that all the information that we need to answer these really specific questions is out there.
Maybe most of it is, you know, bird deep into threat blogs or cybersecurity reports, or, you know, there's a lot of it actually available on forums and marketplaces on the dark web. And you know, the real hard thing here is for analysis or Analyst analysts to, to, to go out there and find, you know, the juicy pieces. Yeah. So how do we do it?
Well, natural language processing at scale real time. So we process information from about half a million sources and it's everything it's dark web it's Twitter, it's, you know, everything that's openly out there or openly out on the dark web or deep web. And all these sources yields us about 20 million documents a day, which in turn we can extract about 55 million events a day from an an event is basically what we think could be available information for some of our clients.
Speaker 13 00:54:02 So this is a high level picture of what the system looks like.
We have all this information, which comes in, we do collection, you know, 24 hours a day, seven days a week, year round. We do polling. We do harvesting.
We have, you know, streams of data coming to us and we need to process that data as it comes in and we, then we then need to structure it so we can index it so we can search it and, you know, retrieve trends and patterns. So we can deliver information that is useful.
And we, you know, we deliver it in all the ways that you could think of, and that could be utilized by a system or a person or, you know, a sock or whatever.
Speaker 13 00:54:58 So this is where the magic happens, right? Natural language processing. So this is what our processing pipeline looks like. It's it consists of several steps. And as you can see, we use machine learning and rule waste, depending on which step it is, because some places, it feels natural for us to use machine learning. And some places is more reasonable to use rule waste.
So some of the interesting parts here are maybe the named entity recognition and dis invigoration. And in that step, for example, we need to determine like if we found sues in a text somewhere, we need to know if that text is talking about sues the malware or Sue's degree guard, because some of it is more interesting than the other stuff, right?
Speaker 13 00:55:51 And, and another part that is really interesting is the risk scoring. So the risk scoring is actually rule based.
And that is because we want to know what the reasons are for a specific entity to have retrieved a specific risk score. And as I suppose that most of you know, machine learning algorithms are kind of like black boxes. It's really hard to understand why they made the conclusions that they've made, and we want to be able to present reasons. So that's why that's one is rule-based.
And, you know, there's some different ways you can think of when to use rules and when to use machine learning. One example when to use machine learning is when is relatively easy to show examples, but it is hard for humans to describe the logic, right? So for example, it's easy for us to show different examples of cyber attack being mentioned in text, but it's really hard for us to describe the logic to, to that covers all the possible ways that someone can write about the cyber attack. And there's also some task that humans have not figured out how to solve react.
And that is particularly when you have, you know, really much data that is a really high dimension. So it's hard for humans to grasp what is really going on there. And then you want to use statistics and so on to, to find the hidden patterns in that data.
Speaker 13 00:57:25 So I just want to leave you with few thoughts, proceed with caution when deploying machine learning models. So first of all, don't overcomplicate things, complex algorithms are difficult to maintain. If you can use rules, use rules, I ensure you that it will make your life so much easier.
You don't have to go running around, you know, stating that you have state of the art latest machine learning research in production, because it would only harm you actively eliminate biases. So make your machines not, you know, perceive the world as you do, but to make their own decisions. So they don't, you know, make the dumb assumptions that we do every day, all day, don't let your models rot. So there's a lot of, I see a lot of examples of companies that deploy machine learning models, and then they think it's fine.
They just live on there, but the model is changing and the world is changing and, and the model needs to be changing with it, be vocal and transparent. So this is, yeah, there will be data dependencies. The more you talk between teams and between, you know, to, to your clients or whatever, the less error that's gonna be, or if there is an error, the easier it's gonna be to, to find where the source is.
Speaker 13 00:58:52 And at last investing, good engineering is gonna be worth it. If you have a robust and flexible system, you can make changes more easily.
And if you can make changes, then you can drive innovation forward. And that's it for me.
Thank you so much questions. Yeah. I guess one of the
Biggest challenges is how do you kind of measure the effectiveness of something? So if you're pitching to me an NLP threat intelligence, what could you tell me that would persuade me that it was better than any other threat intelligence system out there? And there are many,
Speaker 13 00:59:37 I would say that we can, you know, handle a lot of data really, really fast. I don't know.
I mean, what other systems are there other systems are there out there? So you can have an, an Analyst, right? They will be really slow and really expensive because humans are expensive and slow. That's what we are good at. And you can have, you know, you can have rules, okay. Maybe we're not, some of us are good at it, or you can have, you know, rule based algorithms or other kinds of algorithms that are not learning and adapting to the world around them as quickly as machine learning models do. So you will have the lack of, you know, evolution in, in your processing. Yeah.
Thank you one more time.
Speaker 13 01:00:34 Yeah. Thank you.
Speaker 14 01:00:37 Good evening. My part is now to finish off the session and I will be far not to technical as the people before in their speech. Maybe let's go a bit in history. So where we were coming from in a lot of cases, cyber security was handled in the way as we did with castles. So we built large digits and walls and so on. And the problem was already in the past that never worked really.
So we introduced, let's say further protection rules, like multiple rings, pets, guards, separations within the structured, things like that. So more or less you can take all these things, transfer that in our times. And you fill that in, usually in all of our it environments again, but to make it even worse, this does not work anymore because usually your, it is not anymore at your premise.
So it is, we have two day thousands or millions of devices endpoints. And in a lot of cases, the company is ending up in the pocket of an employee and it is not anymore locked behind the door.
Speaker 14 01:02:03 If you take that account into account, that means in the past, we were mainly focused on protecting the entrance to our it. So finally it was about protecting the firewall. And now we are in situation that we have have, let's say to protect a lot more, which is globally spreaded what does that mean?
If we have a few on, on some numbers, on some statistics we see on one hand, if it takes a number of computer devices which are around and take into account, that we face a huge growing number of IOT devices that will mean we will end up doubling more or less the devices we have to protect in some way. On the other hand, if you take, if you on existing malware, this numbers are growing up rapidly or more or less exploding. And on the other hand, we are facing the situation that we are lacking in security experts.
Speaker 14 01:03:06 So the available experts go down year by year, and that become even more, a bigger challenge. So finally cybersecurity has to fight with a growing number of endpoints with a growing number of malware cost of that, a growing number of events we have to treat somehow. And on the other hand, decreasing number of security experts. And in most cases, this ends up with the fact that we do not see the forest.
We, we not see the forest for the trees anymore. And that is, let's say the problem we have to deal with today, AI or machine learning can be a way to get out of that.
Finally, it is a way to combat or to fight the big data problem we are facing around security.
Speaker 14 01:04:05 I had put together here, a couple of examples. So on the pure, purely on the malware side, more or less all AV vendors at taking the route to use somehow machine learning, AI, to get more sophisticated around pattern matching, to identify, let's say the real malware on the EDR system side, we introduced machine learning AI technologies to cut down the time when an event occurs up to the point where we let's say get a whereabout.
And there is another area which we have to take into account as well. And that is for example, a way we are going, we use, let's say somehow machine learning capabilities to reduce administration effort, to make, let's say, existing technology, more useful or easier to use. But all of this let's say approaches have some kind of challenges and are not really let's say perfect. So they are still lacking in some areas, going a bit into detail. What we are doing.
So we use, let's say predictive white listening mechanism. That will mean initially we learn what kind of applications are on the dedicated device and put that into a wide list. So that will get us to the point that we can already step stop the execution of the white list, because it is like a party who is not on the guest list will not get into.
Speaker 14 01:05:47 Then there are first or let's say checkpoints. So we try to validate what the application try to do from a functional point of view. So we can also stop, let's say unwanted application or maybe further malware.
And finally, we are capable to recognize applications, which we classify as good or as the applications you really want to use. And we are able to put that automatically to our wide list. So we extend here more or less the base, which is used for further decisions on a dedicated end point. And that works without, let's say sending back somehow data to backend system or whatever. So that can also work pretty well offline. And you get to specified white lists per device finally.
And maybe in some cases on a device, a, a certain set of applications will be allowed based on this model on other systems, the same application will be stopped from execution because it does not fit in this case, into that model,
Speaker 14 01:07:02 But least last but not least do not forget AI or ML can help a lot to let's say, improve our cybersecurity. But there are also from my point of view, some kind of limitations, you will not overcome with the use of machine learning or AI take simply the example.
If you have a bank accountant who will remember on a daily basis to a bank account and the amount on it, go home, write it down. So after a year, he will get a pretty good list of bank accounts with detailed information. And that is something you cannot get, let's say handled by technology, even if it's very sophisticated. Thank you so far.
Thank you, Martin. Any questions from the jury please? One question. Yeah. Yeah. Just trying to reach out to the microphone. I think I've got some understanding where the L I thing is, it seems to be in this predictive wireless thing.
So optimizing the wireless based on that, but I didn't really get to which extent this is really automated. So what is the data pool you're working on? Is it of all your customers, all the data, which you,
Speaker 14 01:08:32 Although we, we start with, let's say device specific data pool. So when we get our agent on the device, we do an initial scan and what will be at that time on this computer will be classified as let's say, the applications you can execute. So that is something we use as a basis for our data model model.
And from there on, we let's say learn over the time with updated applications, with applications, which is, will be installed on top. So we train this system, this individual system, and that is totally independent from a different machine.
Okay. One more question, maybe from the jury. Yeah.
Speaker 12 01:09:22 So we just heard about the adversarial training of like misguiding machine learning algorithm. So with this system automatically updating my whole white listening and taking care of that. Wouldn't that be quite a threat and vulnerability to my enterprise.
Speaker 14 01:09:40 You're right. If you take into account, what we have seen before in this other speech around this picture recognition, let's say more or less the same would work here in that case. Or if you have already, let's say mail, we are on the system during the initial scan, but to get, let's say, handle this situation, we still have the possibility from a central point of view to block certain applications or to let's say override things in the local white list.
Speaker 12 01:10:11 Thank you. Thank you.
Last chance for the audience to ask one question to the last speaker. No questions then. Thank you. Once again, that was our last presentation. I will ask a colleague to change cable to the laptop and we will vote for the winner. But before that, I will read through all the speakers and titles. So you can refresh your mind. We will vote using our app. We were trying to decide if, if our internet is okay for good, good enough for that. If anyone has any problems, let me know. And we will find another way.
So asking participants, if internet is functioning with everyone, you not, I will say that, but if internet is working then yeah. Okay. Yeah. So the way voting works, you go to copy or call app, which you hopefully already downloaded.
And if, hopefully everyone else also, and if you're doing it now, then maybe we vote the old way using hands. It works good. You go to copy or call app. Then you launch the cybersecurity leadership summit child app. No. Then you go to the cybersecurity leadership summit app. You scroll down to cybersecurity, innovation night, click on it. And then you see speakers. You scroll all the way down and then you find polling. So our contestants were William DRO co-founder of, he spoke about keeping your organization secure using artificial intelligence.
Then we had Frederick sta who spoke about intelligent machines in cybersecurity and MLK study. Then we had Albert Stepan who spoke about AI saving lives, but needing cybersecurity plan. Then we had Toma who spoke about AI, geared cyber defense and cloud marketplace. Then Ozaki natural language processing applications in cybersecurity, Joseph and threat intelligence powered by machine learning and Martin mango. Last speaker, why AI will become key for cybersecurity. So your voting will be visible and live on this screen. So I will also vote.
Hopefully you will not clearly see who I voted for just a second. And I see people are voting. I will also do the same.
People
Are voting. I'm also scrolling down.
You
Have enough time?
No, no rush voting, voting, voting response submitted. Thanks. Everyone had a chance to vote.
No, I'm waiting. We are. We finished early. So we have time. Yeah. Looks interesting. Finished holding all good. Okay. Then our winner is Frederick standard from ML six. So congratulations, Frederick. Come on to the center.
Thank
You.
Thank you. Yeah. Ran applause for Frederick and thank you everyone for being here and yeah, let's drink some more. And then yeah. And we are in Berlin. We'll have fun. Thank you once again.
