See how Adaptive Solutions is delivering leading cyber risk management solutions through its strategic alliance with Willis Towers Watson and Darklight Technologies.
Cyber liability insurance provides protection against the risks associated with data breaches and loss of personally identifiable information. As property owners and managers collect large amounts of private data on residents, employees, and applicants, the costs of a cyber attack or data breach can be substantial. Cyber liability policies cover expenses like notification of affected individuals, credit monitoring, lawsuits, investigations, and loss of business resulting from attacks. While prevention is important through security measures and policies, the growing threat of cyber crime means companies should evaluate cyber liability insurance as part of their risk management strategy.
Cybersecurity: Protection strategies from Cisco and Next Dimension
The document discusses several data breaches that various organizations experienced and the challenges IT leaders face in preventing, detecting, and responding to cyber threats. It summarizes Cisco's integrated security approach which aims to provide continuous threat detection and verification across networks, endpoints, email, and cloud to help organizations address risks and simplify security management. Cisco's approach leverages over 30 years of network experience and global threat intelligence from 100+ partners to help customers find and contain problems faster.
This document discusses cybersecurity risks and challenges for banks. It notes that banks hold sensitive financial and customer data, making them attractive targets for sophisticated cyber attacks seeking monetary rewards. The document outlines key cybersecurity issues banks face such as regulatory compliance pressures, consumerization trends, emerging attack types like APTs, and the sophistication of threats. It provides examples of past attacks on banks and discusses security challenges from e-banking, mobile banking, outsourcing, and PSD2 regulations. The document advocates for strategies like threat intelligence, compliance with standards like PCI DSS and ISO 27001, and information security maturity to help banks mitigate cybersecurity risks.
Eliminating the Confusion Surrounding Cyber Insurance
The document summarizes a panel discussion on cyber insurance. It provides an overview of the cyber insurance market trends, including rising premiums and number of carriers. It also outlines average costs of cyber attacks and losses in 2018. The panel discusses whether cyber insurance is needed and what types of coverage it provides. Specific examples are given of claims related to crime/cyber and technology errors and omissions insurance. Attendees are invited to join future Triangle Security User Group discussions.
The document discusses how cybersecurity risks have become a major topic of discussion at high levels of organizations due to a combination of forces over the past decade. Sophisticated attackers now outpace security controls, and data breach disclosure laws have led to extensive media coverage of cyber attacks. This has increased pressure on boards of directors to oversee cybersecurity risks. Several case studies of large companies that suffered data breaches like Sony, Target, and TJX are presented to show how cyber attacks can significantly impact businesses but typically do not cause their downfall.
Designed for bankers, this cybersecurity policy presentation given via partnership with the BSG Financial Group explains where the industry should pay attention and what is next. It was presented on Jan. 24, 2017.
Although Sony seemed to dominate the cyber-security headlines of 2014, it was just one of many corporations infiltrated by an increasingly sophisticated and driven pool of hackers. J.P. Morgan Chase, Home Depot, and Target also top the list of businesses struggling with data breaches.
The most recent major cyberattack against Anthem Healthcare shook the insurance industry. In a rare show of honesty, the insurer began alerting customers and the media to the potential of a data break just eight days after it first noted suspicious activity on Jan. 27, 2015.
Immediately upon discovering it had been attacked, Anthem jumped to address the security vulnerability, contacted the FBI, and hired leading cyber-security firm Mandiant to evaluate its systems, said president and CEO Joseph Swedish in a statement.
Noting the importance of protecting financial institutions, New York's Department of Financial Services responded to the Anthem breach by announcing its intent to integrate regular assessments of cyber-security preparedness at insurance companies as part of its examination process. It will also enforce "enhanced regulations" on insurers based in New York.
"Recent cyber security breaches should serve as a stern wake up call for insurers and other financial institutions to strengthen their cyber defenses," said Benjamin M. Lawsky, New York State's superintendent of financial services, in a statement. He continued, "Regulators and private sector companies must both redouble their efforts and move aggressively to help safeguard this consumer data.â
Most people might expect that larger insurers, given the sensitive customer information they handle, would boast robust cyber-security programs. This is not necessarily true.
As part of its investigation, the Department found that 95% of insurers already think they have sufficient staff for information security, and just 14% of CEOs receive monthly briefings on data security. Anthem, the nation's second-largest health insurer, had not even encrypted its database containing nonmedical data. It claims that the HIPAA did not require it to do so.
While experts believe that Anthem was exclusively targeted in its attack, there is no doubt that all financial institutions are at risk. Here are eight things to know as the industry enters a year of increasingly heightened cyber-vulnerability.
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Steve Robinson of RPS Technology & Cyber presented "Discussing Cyber Risk Coverage With Your Commercial Clients" to the 68th Annual F. Addison Fowler Fall Seminar on October 17, 2014.
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
This document discusses cyber insurance and common misconceptions about cyber risk. It provides statistics about Chubb's global cyber practice and the types of cyber incidents experienced by companies. The average costs of responding to cyber events are shown by expense category. Case studies demonstrate how Chubb assists clients that experience ransomware attacks, data breaches, and other cyber incidents. Coverage includes incident response costs, data recovery, business interruption, and liability protection. The role of cyber insurance is to provide an expert response and help minimize impacts of cyber attacks.
Business Continuity, Data Privacy, and Information Security: How do they link?
Considering the increased number of cyberattacks and the significant damage caused to the IT infrastructure, organizations should ensure that their efforts to secure IT operations are linked with efforts to maintain resiliency within organizations.
The webinar covers
⢠Cybersecurity during pandemic through statistics
⢠Attack trends during pandemic
⢠Mitigating steps to take
⢠Relevance of IT Disaster Recovery in the time of Cloud computing
⢠Achieving optimal alignment and efficiency regarding your ISMS, BCP, BIA and Risk Management efforts
⢠Post-pandemic cyber and privacy considerations
⢠BCP and pandemic scenario planning 'beyond COVID'
⢠How to keep your privacy policy and incident response plan actionable
⢠How to keep your BCP short, sharp, up-to-date and user-friendly during an actual invocation
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Youtube video: https://youtu.be/0AbrywA5oic
Improving Cyber Security Literacy in Boards & Executives
In response to the rapidly evolving threat landscape, Boards of Directors (BoDs) and executives are now more aware of todayâs cyber threats and how they might adversely affect their business. However, most executives are nonetheless limited in their knowledge of security and do not know what to ask their security teams.
It is therefore up to security professionals to help their executives become more cyber security literate and thereby assist in framing security considerations as an integral part of any risk/opportunity discussion, as well as a wider enterprise risk management strategy.
Acknowledging this responsibility on the part of information security personnel, Tripwire has asked a number of prominent experts in the field how security teams can improve their executivesâ cyber security literacy.
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
The document discusses various topics related to cyber insurance and cyber risks. It reports on startling cybercrime numbers from Australia's cybercrime reporting network, and how Lloyd's is appealing to brokers to help standardize cyber risk data collection. It also discusses how the Australian and US governments will strengthen their partnership to combat cybercrime, and predictions that cyber insurance in Asia will significantly increase in the next few years.
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
In June, a massive cyberattack brought down one of the country's biggest law firms. DLA Piper, its systems ravaged by the Petya ransomware program, was forced to shut down its phones service, email, and internal computer network--potentially costing millions in lost income. Weeks later, the firm was still digging itself out.
Such attacks are increasingly an existential threat to firms of all sizes: the difference between being billing and nothingness. Join us as we discuss this urgent issue.
New York Cybersecurity Requirements for Financial Services Companies
Is Your Strategy in Place to Meet the NYS DFS Regulation?
Understanding New York Stateâs required cybersecurity policies and procedures, how these new regulations apply to you, and what you need to do to become compliant can all be confusing and overwhelming. To help you through this process, Citrin Cooperman and Walker Wilcox Matousek, LLP hosted an informational webinar to walk you through the complexities of this new regulation.
Key questions that were answered, include:
Whatâs required under the new regulation?
Does this new regulation apply to you?
How will you comply with this new regulation?
What are the consequences of not complying?
What CIOs Need To Tell Their Boards About Cyber Security
Companies are under increasing risks of breaches, theft of intellectual property and erosion of customer trust. CIOs and CISOs need to be able to explain to executive management what's being done to shore up their company's security strategy and defenses.
This presentation focuses to the rising prominence of insurance considerationsâand more particularlyâto legal aspects of insurance as it relates to cybersecurity and privacy.
The presentation defines "Cyber and Privacy Insuranceâ and organizes such insurance into four main types of cyber insurance coverage: data breach and privacy management coverage, multimedia liability coverage, extortion liability coverage, and network security liability coverage. With these definitions, the presentation then gives snapshot of how the Cyber Insurance Market Is Maturing, its participants, costs, and related attributes.
Consideration is given to the importance of defined terms, before launching into difficulties that providers and users have relative to measuring, modeling, and pricing cyber insurance risk. Particular attention is given to the language of âclaimsâ and how to navigate through associated risk/cost analyses and cost structures.
Additionally, general considerations, pre-conditions, cost of compliance, business interruption, governing board oversight and related issues are brought together is a cohesive manner.
Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...
This document discusses challenges in managing cyber risk for businesses. It notes that while cybersecurity is important for the economy, many businesses underestimate cyber risks. The author's work focuses on improving private sector cybersecurity through market solutions and risk assessment. Some key challenges include a lack of sound risk assessment data and understanding gaps between businesses and insurers. The author's approach involves gathering extensive cyber incident data to better understand and predict risks. Solutions proposed include the CRIDA tool for financial risk assessment and the CLAD database for analyzing insurance litigation. The document also discusses needs for reforming laws around data breaches, computer crimes, and identity theft.
This document summarizes a cyber security planning panel discussion. The panelists discussed (1) the importance of cyber security for all organizations, even small and medium enterprises, as attackers target any organization that may have assets; (2) that all organizations have cyber security responsibilities to customers, stakeholders, and authorities; and (3) that organizations can take action to improve their cyber security through basic measures and defenses. The panel then covered specific cyber security threats like ransomware and weaponized artificial intelligence, trends showing small businesses and public sectors are increasingly targeted, and best practices for mitigation including having a plan, insurance, and a cyber security partner.
Cyber risk represents both risk and opportunity for insurance companies. While cyberattacks can result in multi-billion dollar losses, there is growing demand from companies for cyber insurance coverage. Actuaries can help develop sustainable cyber insurance products by analyzing available breach data, determining appropriate policy terms, and encouraging policyholders to strengthen cybersecurity. Offering generous policy limits alongside strict security requirements and high deductibles allows insurers to expand in this area while properly managing risk. The increasing need for cyber coverage represents a chance for actuaries to add value and for insurers to generate new revenue streams.
While large companies experience most publicly reported data breaches, small businesses are also at high risk - 62% experience cyber attacks with the average cost of a breach being $38,000. IT security is not a top priority for many small businesses, with 44% lacking anti-malware solutions and half not considering security a main concern. This indifferent approach leaves small businesses vulnerable to the over 70% of successful cyber attacks experienced industry-wide each year.
Cyber insurance is probably one of the top security measures each organization, big corporations, and Small and Medium Enterprises (SMEs) should look up to when it comes to a cybersecurity data breach. https://cyberpal.io/
Patrick Bourk, National Cyber Practice Leader from Hub International, discusses the various cyber policies available for mid size commercial businesses. He also showcases the various types of risk to consider when working with an insurer.
The document provides information about a ransomware bootcamp hosted by CynergisTek. It introduces the speakers, including Elissa Doroff from Lockton Financial Services and Mac McMillan from CynergisTek. It discusses how ransomware is influencing cyber insurance, with Elissa Doroff's presentation focusing on the evolution of cyber insurance, current coverages and endorsements, emerging risks, and best practices. It provides statistics on cyber attacks and discusses how ransomware is impacting organizations.
Cyber Resilience is like muscle â training helps you achieve more. In this Ransomware Bootcamp seminar, you will learn about the changes to cyber insurance and how to prepare for them, an inside perspective from a ransomware negotiator, and steps on how to train your resilience muscle to strengthen your defensive and offensive strategies.
.
Join CynergisTek on December 9th at our free, virtual Ransomware Bootcamp providing insider insights and unique value to help you stay ahead of the curve and protect yourself from being the next target.
The preset (third) âHiscox Cyber Readiness Report 2019â provides you with an up-to-the-minute picture of the cyber readiness of organisations, as well as a blueprint for best practice in the fight to counter the ever-evolving cyber threat.
More businesses report being impacted by a cyber incident year-on-year, with the risk appearing to be indiscriminate when it comes to size of business or sector.
The cost of cyber crime to businesses appears to be on an aggressive upwards trajectory â up by as much as 61% in aggregate this year.
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
Michael Barba and Jeff Hall discuss the most pressing cyber-threats facing retailers and what companies can do in the event of a cyber breach, data loss or claim. Mr. Barba is a managing director and Mr. Hall is a senior manager with BDO Consulting.
- Sara posted pictures from a business trip to Dubai on social media that went viral and received negative comments, causing her trauma. Her employer asked for an explanation.
- Alex and Sara are examples of people with significant personal cyber exposure due to their active online presence and travel.
- Hannover Re offers modular personal cyber protection plans that reimburse for expenses from incidents like identity theft, cyber bullying, and online purchase fraud. The plans also include assistance services.
Every business is vulnerable to cyber threats and increasingly small and mid-size companies (SMBs) are targets. Yet most know little about what or how to communicate if faced with a breach. This slide presentation addresses the reputation risks for SMBs in today's digital landscape and resources to deal with the threat.
The document summarizes cybersecurity trends in the financial services sector in 2016. Some key points:
1) The financial services sector remained the most attacked industry in 2016, experiencing 65% more attacks on average than other sectors. Common attack methods included SQL injection and command injection exploits.
2) While total attacks increased in 2016, average security incidents decreased for financial services organizations monitored by IBM.
3) Insider threats, both malicious and inadvertent, posed a larger risk than outsider attacks for financial services organizations. The majority of insider attacks were caused by inadvertent or compromised systems rather than malicious insiders.
This document provides an overview of cyber risks management and cyber insurance. It discusses key topics like the costs of data breaches, regulations like GDPR, prevention strategies, how insurers evaluate cyber risk, and available insurance covers. Appendices provide more details on the historical development of cyber insurance and common types of first-party and third-party insurance covers. Resources are also listed for getting cyber insurance quotes in Greece and learning more about privacy and cybersecurity risk advising.
Pandemic has taken a fair share of the toll on every economy, affecting millions of businesses across the globe. As organizations are adopting technology and innovation to fulfil their quest for growth, they must comprehend, the ghost of cyberattack will come to haunt them sooner or later. Cyber breaches will not only cause brand degradation, but also lead to loss of digital assets, and change in consumer behaviour. As a result, companies are considering corporate cyber insurance as a part of their cybersecurity strategies. Click on the link to read what cyber insurance is and why companies direly need it.
#IBMInsight session presentation "Mitigate Risk, Combat Fraud and Financial Crimes"
The Issue of fraud, challenges, fighting fraud as an enterprise endeavor, IBM Smarter counter fraud framework and IBM Counter Fraud business services
More at ibm.biz/BdEPRH
Protecting the brandâcyber-attacks and the reputation of the enterprise
Cyber-criminals are assaulting every part of the enterprise. But not all cyber-attacks are created equal. In the minds of senior executives, the greatest danger of cyber-attacks is damage to the reputation of the firm with its customers.
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
⢠Fiduciary responsibility
⢠How to efficiently deal with personal liability and the threat of court action
⢠The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
⢠How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
AIRLINE_SATISFACTION_Data Science Solution on Azure
Airline Satisfaction Project using Azure
This presentation is created as a foundation of understanding and comparing data science/machine learning solutions made in Python notebooks locally and on Azure cloud, as a part of Course DP-100 - Designing and Implementing a Data Science Solution on Azure.
Building a database that can beat industry benchmarks is hard work, and we had to use every trick in the book to keep as close to the hardware as possible. In doing so, we initially decided QuestDB would scale only vertically, on a single instance.
A few years later, data replication âfor horizontally scaling reads and for high availabilityâ became one of the most demanded features, especially for enterprise and cloud environments. So, we rolled up our sleeves and made it happen.
Today, QuestDB supports an unbounded number of geographically distributed read-replicas without slowing down reads on the primary node, which can ingest data at over 4 million rows per second.
In this talk, I will tell you about the technical decisions we made, and their trade offs. You'll learn how we had to revamp the whole ingestion layer, and how we actually made the primary faster than before when we added multi-threaded Write Ahead Logs to deal with data replication. I'll also discuss how we are leveraging object storage as a central part of the process. And of course, I'll show you a live demo of high-performance multi-region replication in action.
Cyber crimes are growing rapidly and cyber liability insurance is the safest way for companies to stay harmless. Information security is expected by all the customers and loss of these information could cost a company loyal customers and financial crisis.
Cyber Risk: Exposures, prevention, and solutionsCapri Insurance
Paula Garrecht, Partner and Commercial Insurance Broker at Capri Insurance, explores the emerging risk of cyber attacks and data breaches with specific relation to public entities. In the ever changing landscape of business communications and processes we face ever changing risks as well. Learn how to:
1. Identify cyber exposures
2. Minimize those exposures
3. Find the right insurance policy to fit your unique cyber needs
This document discusses cyber risks and cyber liability insurance. It summarizes that many major companies have experienced data breaches in recent years. It outlines common cyber risks like computer intrusions, loss of physical devices, and social media issues. It recommends basic loss control techniques and identifies what cyber liability insurance can cover, such as first and third party losses from network security breaches, privacy breaches, and internet media liability. Coverage limits start at $100,000 with premiums as low as $250.
Cyber liability insurance provides protection against the risks associated with data breaches and loss of personally identifiable information. As property owners and managers collect large amounts of private data on residents, employees, and applicants, the costs of a cyber attack or data breach can be substantial. Cyber liability policies cover expenses like notification of affected individuals, credit monitoring, lawsuits, investigations, and loss of business resulting from attacks. While prevention is important through security measures and policies, the growing threat of cyber crime means companies should evaluate cyber liability insurance as part of their risk management strategy.
Cybersecurity: Protection strategies from Cisco and Next DimensionNext Dimension Inc.
The document discusses several data breaches that various organizations experienced and the challenges IT leaders face in preventing, detecting, and responding to cyber threats. It summarizes Cisco's integrated security approach which aims to provide continuous threat detection and verification across networks, endpoints, email, and cloud to help organizations address risks and simplify security management. Cisco's approach leverages over 30 years of network experience and global threat intelligence from 100+ partners to help customers find and contain problems faster.
This document discusses cybersecurity risks and challenges for banks. It notes that banks hold sensitive financial and customer data, making them attractive targets for sophisticated cyber attacks seeking monetary rewards. The document outlines key cybersecurity issues banks face such as regulatory compliance pressures, consumerization trends, emerging attack types like APTs, and the sophistication of threats. It provides examples of past attacks on banks and discusses security challenges from e-banking, mobile banking, outsourcing, and PSD2 regulations. The document advocates for strategies like threat intelligence, compliance with standards like PCI DSS and ISO 27001, and information security maturity to help banks mitigate cybersecurity risks.
The document summarizes a panel discussion on cyber insurance. It provides an overview of the cyber insurance market trends, including rising premiums and number of carriers. It also outlines average costs of cyber attacks and losses in 2018. The panel discusses whether cyber insurance is needed and what types of coverage it provides. Specific examples are given of claims related to crime/cyber and technology errors and omissions insurance. Attendees are invited to join future Triangle Security User Group discussions.
The document discusses how cybersecurity risks have become a major topic of discussion at high levels of organizations due to a combination of forces over the past decade. Sophisticated attackers now outpace security controls, and data breach disclosure laws have led to extensive media coverage of cyber attacks. This has increased pressure on boards of directors to oversee cybersecurity risks. Several case studies of large companies that suffered data breaches like Sony, Target, and TJX are presented to show how cyber attacks can significantly impact businesses but typically do not cause their downfall.
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
Designed for bankers, this cybersecurity policy presentation given via partnership with the BSG Financial Group explains where the industry should pay attention and what is next. It was presented on Jan. 24, 2017.
Although Sony seemed to dominate the cyber-security headlines of 2014, it was just one of many corporations infiltrated by an increasingly sophisticated and driven pool of hackers. J.P. Morgan Chase, Home Depot, and Target also top the list of businesses struggling with data breaches.
The most recent major cyberattack against Anthem Healthcare shook the insurance industry. In a rare show of honesty, the insurer began alerting customers and the media to the potential of a data break just eight days after it first noted suspicious activity on Jan. 27, 2015.
Immediately upon discovering it had been attacked, Anthem jumped to address the security vulnerability, contacted the FBI, and hired leading cyber-security firm Mandiant to evaluate its systems, said president and CEO Joseph Swedish in a statement.
Noting the importance of protecting financial institutions, New York's Department of Financial Services responded to the Anthem breach by announcing its intent to integrate regular assessments of cyber-security preparedness at insurance companies as part of its examination process. It will also enforce "enhanced regulations" on insurers based in New York.
"Recent cyber security breaches should serve as a stern wake up call for insurers and other financial institutions to strengthen their cyber defenses," said Benjamin M. Lawsky, New York State's superintendent of financial services, in a statement. He continued, "Regulators and private sector companies must both redouble their efforts and move aggressively to help safeguard this consumer data.â
Most people might expect that larger insurers, given the sensitive customer information they handle, would boast robust cyber-security programs. This is not necessarily true.
As part of its investigation, the Department found that 95% of insurers already think they have sufficient staff for information security, and just 14% of CEOs receive monthly briefings on data security. Anthem, the nation's second-largest health insurer, had not even encrypted its database containing nonmedical data. It claims that the HIPAA did not require it to do so.
While experts believe that Anthem was exclusively targeted in its attack, there is no doubt that all financial institutions are at risk. Here are eight things to know as the industry enters a year of increasingly heightened cyber-vulnerability.
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Don Grauel
Steve Robinson of RPS Technology & Cyber presented "Discussing Cyber Risk Coverage With Your Commercial Clients" to the 68th Annual F. Addison Fowler Fall Seminar on October 17, 2014.
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...Netpluz Asia Pte Ltd
This document discusses cyber insurance and common misconceptions about cyber risk. It provides statistics about Chubb's global cyber practice and the types of cyber incidents experienced by companies. The average costs of responding to cyber events are shown by expense category. Case studies demonstrate how Chubb assists clients that experience ransomware attacks, data breaches, and other cyber incidents. Coverage includes incident response costs, data recovery, business interruption, and liability protection. The role of cyber insurance is to provide an expert response and help minimize impacts of cyber attacks.
Business Continuity, Data Privacy, and Information Security: How do they link?PECB
Considering the increased number of cyberattacks and the significant damage caused to the IT infrastructure, organizations should ensure that their efforts to secure IT operations are linked with efforts to maintain resiliency within organizations.
The webinar covers
⢠Cybersecurity during pandemic through statistics
⢠Attack trends during pandemic
⢠Mitigating steps to take
⢠Relevance of IT Disaster Recovery in the time of Cloud computing
⢠Achieving optimal alignment and efficiency regarding your ISMS, BCP, BIA and Risk Management efforts
⢠Post-pandemic cyber and privacy considerations
⢠BCP and pandemic scenario planning 'beyond COVID'
⢠How to keep your privacy policy and incident response plan actionable
⢠How to keep your BCP short, sharp, up-to-date and user-friendly during an actual invocation
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Youtube video: https://youtu.be/0AbrywA5oic
Improving Cyber Security Literacy in Boards & ExecutivesTripwire
In response to the rapidly evolving threat landscape, Boards of Directors (BoDs) and executives are now more aware of todayâs cyber threats and how they might adversely affect their business. However, most executives are nonetheless limited in their knowledge of security and do not know what to ask their security teams.
It is therefore up to security professionals to help their executives become more cyber security literate and thereby assist in framing security considerations as an integral part of any risk/opportunity discussion, as well as a wider enterprise risk management strategy.
Acknowledging this responsibility on the part of information security personnel, Tripwire has asked a number of prominent experts in the field how security teams can improve their executivesâ cyber security literacy.
The document discusses various topics related to cyber insurance and cyber risks. It reports on startling cybercrime numbers from Australia's cybercrime reporting network, and how Lloyd's is appealing to brokers to help standardize cyber risk data collection. It also discusses how the Australian and US governments will strengthen their partnership to combat cybercrime, and predictions that cyber insurance in Asia will significantly increase in the next few years.
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity Logikcull.com
In June, a massive cyberattack brought down one of the country's biggest law firms. DLA Piper, its systems ravaged by the Petya ransomware program, was forced to shut down its phones service, email, and internal computer network--potentially costing millions in lost income. Weeks later, the firm was still digging itself out.
Such attacks are increasingly an existential threat to firms of all sizes: the difference between being billing and nothingness. Join us as we discuss this urgent issue.
New York Cybersecurity Requirements for Financial Services CompaniesCitrin Cooperman
Is Your Strategy in Place to Meet the NYS DFS Regulation?
Understanding New York Stateâs required cybersecurity policies and procedures, how these new regulations apply to you, and what you need to do to become compliant can all be confusing and overwhelming. To help you through this process, Citrin Cooperman and Walker Wilcox Matousek, LLP hosted an informational webinar to walk you through the complexities of this new regulation.
Key questions that were answered, include:
Whatâs required under the new regulation?
Does this new regulation apply to you?
How will you comply with this new regulation?
What are the consequences of not complying?
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
Companies are under increasing risks of breaches, theft of intellectual property and erosion of customer trust. CIOs and CISOs need to be able to explain to executive management what's being done to shore up their company's security strategy and defenses.
This presentation focuses to the rising prominence of insurance considerationsâand more particularlyâto legal aspects of insurance as it relates to cybersecurity and privacy.
The presentation defines "Cyber and Privacy Insuranceâ and organizes such insurance into four main types of cyber insurance coverage: data breach and privacy management coverage, multimedia liability coverage, extortion liability coverage, and network security liability coverage. With these definitions, the presentation then gives snapshot of how the Cyber Insurance Market Is Maturing, its participants, costs, and related attributes.
Consideration is given to the importance of defined terms, before launching into difficulties that providers and users have relative to measuring, modeling, and pricing cyber insurance risk. Particular attention is given to the language of âclaimsâ and how to navigate through associated risk/cost analyses and cost structures.
Additionally, general considerations, pre-conditions, cost of compliance, business interruption, governing board oversight and related issues are brought together is a cohesive manner.
Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...Jay Kesan
This document discusses challenges in managing cyber risk for businesses. It notes that while cybersecurity is important for the economy, many businesses underestimate cyber risks. The author's work focuses on improving private sector cybersecurity through market solutions and risk assessment. Some key challenges include a lack of sound risk assessment data and understanding gaps between businesses and insurers. The author's approach involves gathering extensive cyber incident data to better understand and predict risks. Solutions proposed include the CRIDA tool for financial risk assessment and the CLAD database for analyzing insurance litigation. The document also discusses needs for reforming laws around data breaches, computer crimes, and identity theft.
This document summarizes a cyber security planning panel discussion. The panelists discussed (1) the importance of cyber security for all organizations, even small and medium enterprises, as attackers target any organization that may have assets; (2) that all organizations have cyber security responsibilities to customers, stakeholders, and authorities; and (3) that organizations can take action to improve their cyber security through basic measures and defenses. The panel then covered specific cyber security threats like ransomware and weaponized artificial intelligence, trends showing small businesses and public sectors are increasingly targeted, and best practices for mitigation including having a plan, insurance, and a cyber security partner.
Cyber risk represents both risk and opportunity for insurance companies. While cyberattacks can result in multi-billion dollar losses, there is growing demand from companies for cyber insurance coverage. Actuaries can help develop sustainable cyber insurance products by analyzing available breach data, determining appropriate policy terms, and encouraging policyholders to strengthen cybersecurity. Offering generous policy limits alongside strict security requirements and high deductibles allows insurers to expand in this area while properly managing risk. The increasing need for cyber coverage represents a chance for actuaries to add value and for insurers to generate new revenue streams.
While large companies experience most publicly reported data breaches, small businesses are also at high risk - 62% experience cyber attacks with the average cost of a breach being $38,000. IT security is not a top priority for many small businesses, with 44% lacking anti-malware solutions and half not considering security a main concern. This indifferent approach leaves small businesses vulnerable to the over 70% of successful cyber attacks experienced industry-wide each year.
Cyber insurance is probably one of the top security measures each organization, big corporations, and Small and Medium Enterprises (SMEs) should look up to when it comes to a cybersecurity data breach. https://cyberpal.io/
Patrick Bourk, National Cyber Practice Leader from Hub International, discusses the various cyber policies available for mid size commercial businesses. He also showcases the various types of risk to consider when working with an insurer.
Ransomware Bootcamp with CTEK and GroupSenseSophiaPalmira1
The document provides information about a ransomware bootcamp hosted by CynergisTek. It introduces the speakers, including Elissa Doroff from Lockton Financial Services and Mac McMillan from CynergisTek. It discusses how ransomware is influencing cyber insurance, with Elissa Doroff's presentation focusing on the evolution of cyber insurance, current coverages and endorsements, emerging risks, and best practices. It provides statistics on cyber attacks and discusses how ransomware is impacting organizations.
Cyber Resilience is like muscle â training helps you achieve more. In this Ransomware Bootcamp seminar, you will learn about the changes to cyber insurance and how to prepare for them, an inside perspective from a ransomware negotiator, and steps on how to train your resilience muscle to strengthen your defensive and offensive strategies.
.
Join CynergisTek on December 9th at our free, virtual Ransomware Bootcamp providing insider insights and unique value to help you stay ahead of the curve and protect yourself from being the next target.
The preset (third) âHiscox Cyber Readiness Report 2019â provides you with an up-to-the-minute picture of the cyber readiness of organisations, as well as a blueprint for best practice in the fight to counter the ever-evolving cyber threat.
More businesses report being impacted by a cyber incident year-on-year, with the risk appearing to be indiscriminate when it comes to size of business or sector.
The cost of cyber crime to businesses appears to be on an aggressive upwards trajectory â up by as much as 61% in aggregate this year.
The Unseen Enemy - Protecting the Brand, the Assets and the Customers BDO_Consulting
Michael Barba and Jeff Hall discuss the most pressing cyber-threats facing retailers and what companies can do in the event of a cyber breach, data loss or claim. Mr. Barba is a managing director and Mr. Hall is a senior manager with BDO Consulting.
- Sara posted pictures from a business trip to Dubai on social media that went viral and received negative comments, causing her trauma. Her employer asked for an explanation.
- Alex and Sara are examples of people with significant personal cyber exposure due to their active online presence and travel.
- Hannover Re offers modular personal cyber protection plans that reimburse for expenses from incidents like identity theft, cyber bullying, and online purchase fraud. The plans also include assistance services.
Every business is vulnerable to cyber threats and increasingly small and mid-size companies (SMBs) are targets. Yet most know little about what or how to communicate if faced with a breach. This slide presentation addresses the reputation risks for SMBs in today's digital landscape and resources to deal with the threat.
The document summarizes cybersecurity trends in the financial services sector in 2016. Some key points:
1) The financial services sector remained the most attacked industry in 2016, experiencing 65% more attacks on average than other sectors. Common attack methods included SQL injection and command injection exploits.
2) While total attacks increased in 2016, average security incidents decreased for financial services organizations monitored by IBM.
3) Insider threats, both malicious and inadvertent, posed a larger risk than outsider attacks for financial services organizations. The majority of insider attacks were caused by inadvertent or compromised systems rather than malicious insiders.
This document provides an overview of cyber risks management and cyber insurance. It discusses key topics like the costs of data breaches, regulations like GDPR, prevention strategies, how insurers evaluate cyber risk, and available insurance covers. Appendices provide more details on the historical development of cyber insurance and common types of first-party and third-party insurance covers. Resources are also listed for getting cyber insurance quotes in Greece and learning more about privacy and cybersecurity risk advising.
Pandemic has taken a fair share of the toll on every economy, affecting millions of businesses across the globe. As organizations are adopting technology and innovation to fulfil their quest for growth, they must comprehend, the ghost of cyberattack will come to haunt them sooner or later. Cyber breaches will not only cause brand degradation, but also lead to loss of digital assets, and change in consumer behaviour. As a result, companies are considering corporate cyber insurance as a part of their cybersecurity strategies. Click on the link to read what cyber insurance is and why companies direly need it.
#IBMInsight session presentation "Mitigate Risk, Combat Fraud and Financial Crimes"
The Issue of fraud, challenges, fighting fraud as an enterprise endeavor, IBM Smarter counter fraud framework and IBM Counter Fraud business services
More at ibm.biz/BdEPRH
Cyber-criminals are assaulting every part of the enterprise. But not all cyber-attacks are created equal. In the minds of senior executives, the greatest danger of cyber-attacks is damage to the reputation of the firm with its customers.
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
⢠Fiduciary responsibility
⢠How to efficiently deal with personal liability and the threat of court action
⢠The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
⢠How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
Similar to Cyber Liability - Insurance Risk Management and Preparation (20)
Airline Satisfaction Project using Azure
This presentation is created as a foundation of understanding and comparing data science/machine learning solutions made in Python notebooks locally and on Azure cloud, as a part of Course DP-100 - Designing and Implementing a Data Science Solution on Azure.
How We Added Replication to QuestDB - JonTheBeachjavier ramirez
Building a database that can beat industry benchmarks is hard work, and we had to use every trick in the book to keep as close to the hardware as possible. In doing so, we initially decided QuestDB would scale only vertically, on a single instance.
A few years later, data replication âfor horizontally scaling reads and for high availabilityâ became one of the most demanded features, especially for enterprise and cloud environments. So, we rolled up our sleeves and made it happen.
Today, QuestDB supports an unbounded number of geographically distributed read-replicas without slowing down reads on the primary node, which can ingest data at over 4 million rows per second.
In this talk, I will tell you about the technical decisions we made, and their trade offs. You'll learn how we had to revamp the whole ingestion layer, and how we actually made the primary faster than before when we added multi-threaded Write Ahead Logs to deal with data replication. I'll also discuss how we are leveraging object storage as a central part of the process. And of course, I'll show you a live demo of high-performance multi-region replication in action.
Cyber Liability - Insurance Risk Management and Preparation
1. Cyber Liability Insurance:
A proactive approach to
managing risk
A NEW SAAS MODEL TO ADDRESS CYBER INSURANCE RISK
MANAGEMENT FROM ADAPTIVE SOLUTIONS
2. Our Presentation on Cyber Risk
⢠The Adaptive Solutions SaaS model in strategic alliance withWillisTowersWatson
⢠The Cyber Risk Insurance Market - background and current state
⢠Cyber Attacks⌠some current statistics
⢠Preparation of the âTo Beâ State: The Adaptive Cyber Security SaaS Platform
⢠DarkLight â enhanced cyber security effectiveness through ontology driven machine learning
3. SaaS based cyber liability risk management
⢠Adaptive Solutions LLC has announced a new cyber risk management program for enterprise
class clients
⢠Working withWillisTowersWatson, the largest broker of cyber insurance in the US, we will
develop programs for both insured and insurer
⢠Our solution will let you visualize data governance, lineage, traceability, retention, and
management throughout your organization with the Adaptive Metadata Management⢠suite
⢠We will improve the effectiveness of cyber security efforts through analysis, deconstruction
and prediction of cyber attacks with our strategic partner DarkLightâ˘
⢠These tools will better address the challenges of your operating environment with targeted
savings in insurance premium throughWillis
⢠We will provide post-attack analysis for leading insurance carriers and proactively prepare
digital assets to better withstand and recover from cyber attacks and further reduce expense
4. Key elements of the Adaptive SaaS offering â
what is involved ?
⢠Adaptive Metadata Manager, highest risk business unit first
⢠DarkLight Cybersecurity
⢠Implementation by Adaptive Solutions and Meta Informatics
⢠In partnership with WillisTowers Watson to design and deliver actual insurance products with
demonstrable effectiveness for Insurance carriers AND clients
5. The Cyber Risk Insurance Market - background
and current state
6. A quick background on the pervasive nature of Cyber Risk
⢠Cyber attacks are a constant threat to businesses around the world with vast sums of money
being spent to protect against them.
⢠While in 2015, 40 percent of attacks stemmed from âoutsidersâ, a surprising 60 percent were
actually perpetrated by company insiders.
⢠IBM, who produced the figures based on information from over 8,000 of their clients devices,
revealed that although 15.5 percent of such âattacksâ were caused inadvertently, 44.5 percent
were deemed to have been malicious.
⢠An insider is defined as anyone who has physical or remote access to a companyâs assets. IBM
noted that although this would often be an employee, it can also mean business partners or
maintenance contractors â people you trust enough to grant system access to.
⢠Insiders not only have this access, they may also be aware of your weaknesses and thus exploit
them more effectively than an outside agent might be able to.
7. Cyber Risk Coverage â Market Players
⢠U.S. insurers are cautiously underwriting cyber coverage
⢠The biggest challenge is to understand the true nature of the underlying risk
⢠While there are about 50 insurers that are writing some cyber coverage, the
market is dominated by five underwriters:
⢠Ace Ltd.
⢠American International Group Inc.
⢠Beazley P.L.C.
⢠Chubb Corp.
⢠Zurich Insurance Group Ltd.
8. Cyber Risk Insurance Market â Background
⢠Cyber coverage represents a significant area of opportunity for underwriters
⢠Some analysts predicting that the size of the cyber insurance market will
grow to $10 billion in the next five to 10 years
⢠Although this market is immature at the moment, there is still value to be
found if insurers properly underwrite risk
⢠Currently, cyber coverage predominantly is written on a claims-made basis
and primarily covers third-party liability in the United States
⢠About 90% of the premium volume for cyber â estimated by Lloyd's of
London to be $2.5 billion in 2014 â covers U.S. risks
⢠The market will increasingly demand tools to mitigate risk and manage
claims adjustment expenses post attack
9. The Cyber Risk Insurance Market
⢠Cyber insurance has emerged as a response to growing number of data
breaches worldwide and the extent of damage that they cause to businesses. Data
breaches are perceived as one of the leading risks to businesses as, among other
factors, they can have a huge influence on the company earnings.
⢠In the United States, the average cost of cyber crime amounted to 12.69 million
U.S. dollars in 2014. As well as financial costs, cyber crime has a negative
impact on employee morale, business reputation and relations with the clients. It
is not surprising, then, that companies have started to look for ways of protecting
themselves against cyber threats.
10. Cyber Insurance Market â current state
⢠In 2014, 54 percent of global companies were insured against loss of income due to
data breach, while more than half of the companies without cyber liability
insurance considered purchasing it.
⢠The share of businesses with cyber insurance worldwide increased with company
revenue. Only 3.8 percent of companies with revenues lower than 2.5 million U.S.
dollars owned cyber insurance.
⢠Among companies with revenues exceeding five billion U.S. dollars, this number
was equal to 25.9 percent.
11. Cyber Insurance Market - current state
⢠In the United States, 33 percent of companies owned cyber liability insurance in 2014.
In that year, the U.S. industry sector with highest share of companies purchasing the
insurance was the financial services sector.
⢠The average limit of purchased cyber liability insurance by the U.S. financial
institutions sector amounted to 23.5 million U.S. dollars. More than 82 percent of U.S.
companies reported that they were able to buy cyber insurance that met their
needs in 2014.
⢠The companies not protected by cyber insurance cited a lack of insurance fitting their
needs on the market, as well as low policy limits or too high costs, as the reason for
their lack of protection.
12. Cyber Insurance - Challenges
⢠S&P said that cyber risk presents a âunique challengeâ for underwriters
because neither frequency nor severity is predictable.
⢠Reliable Actuarial data is also unavailable.
⢠Metrics for cyber risk also are in the early stages of development, and
probabilistic models pose high levels of uncertainty, mostly because of the
unpredictable human behaviors associated with cyber attacksâ the report said.
⢠Other challenges for underwriters include limited and insufficient disclosures
about cyber attacks, the report said.
14. Statistics
and facts
about
businesses
and cyber
crime in the
U.S.
⢠According to the IC3, the monetary damage caused by reported cyber
crime in 2014 amounted to more than 800 million U.S. dollars.
⢠That year, the U.S. state with the highest amount of losses was California
with over 131 million U.S. dollars in reported cyber crime damages.
⢠The average cost of a company-directed cyber crime attack in the United
States was 15.42 million U.S. dollars.
⢠Based on the type of attack, industry figures estimate the number of
days necessary to solve a cyber attack on a company can take up to 62.7
days.
⢠The most common types of cyber attacks experienced by U.S. companies
as ofAugust 2015 were viruses and malware.
⢠According to a 2015 survey of U.S. companies, the most popular cyber
securities deployed were advanced perimeter controls, firewall
technologies, and extensive usage of encryption technologies.
15. Statistics
and facts
about
businesses
and cyber
crime in the
U.S.
⢠Despite these efforts to protect the company from outside
cyber attacks, there are many employee activities that render a
company vulnerable, such as mobile device usage or remote
work access.
⢠Other obstacles to implementing more robust cyber security
solutions for businesses are the lack of funds as well as the lack
of clarity regarding best practice.
⢠Overall, 42 percent of SMB owners in the United States
regarded cyber security expenditure as a cost of business with
36 percent of IT security layer spending being directed towards
the network layer.
⢠Furthermore, 27 percent of internal costs due to cyber crime
were allocated towards detection.
16. Total Cost of Cyber Crime
The statistic shows the amount of damages caused
by cyber crime reported to the IC3 from 2001 to
2015. In the last reported period, the annual loss of
complaints referred to the IC3 amounted to 1.07
billion U.S. dollars, up from 781.84 million U.S.
dollars in 2013.
In 2014, the United States accounted for 83.96
percent of complainant losses.
No data available on reported cyber crime losses in
2010.
The numbers refer to internet crimes reported to
the governmental Internet Crime Complaint
Center.
Methodology of evaluating loss amounts: FBI IC3
Unit staff reviewed for validity all complaints that
reported a loss of more than $100,000. Analysts
also converted losses reported in foreign
currencies to dollars. The final amounts of all
reported losses above $100,000 for which the
complaint information did not support the loss
amount were excluded from the statistics.
17. Type of Cybercrime and Loss
This statistic presents the types of
cyber crime with the highest amount
of victim losses in 2015. During the
reported period, online confidence
fraud accounted for 203.39 million
U.S. dollars in reported victim losses.
In 2014, the United States accounted
for 83.96 percent of complainant
losses.
18. Types of Cyber
Attacks
This statistic shows the types
of cyber crime attacks most
commonly experienced by
companies in the United
States.
During a 2015 survey of 58 U.S.
companies, it was found that
97 percent of respondents had
experienced malware attacks.
The most common type of
attacks were viruses, worms
and trojans.
19. Average cost of a breach
The statistic shows the average
organizational cost to business in the
United States after a data breach. In
2016, the average cost to businesses
affected by a data breach in the
United States amounted to 7.01
million U.S. dollars.
Total breach costs include: lost
business resulting from diminished
trust or confidence of customers;
costs related to detection,
escalation, and notification of the
breach; and ex-post response
activities, such as credit report
monitoring.
20. Average annual costs
related to Cyber Attacks- by
Industry
This statistic shows the average
annualized costs caused by cyber
crimes in the United States as August
2015, sorted by affected industry
sector.
That year, cyber crime caused an
average annualized loss of 16.45
million U.S. dollars in the technology
sector.
21. Cybercrime Loss Given a
Successful Attack
This statistic shows the estimated
damage a successful cyber attack will
cost a U.S. business.
In 2015, the maximum total annualized
cost of cyber crime committed against
U.S. companies amounted to 65.05
million U.S. dollars.
22. Number of days to
resolve a Cyber Attack
This statistic shows the average
number of days necessary to
resolve a cyber attack in U.S.
companies as of August 2015,
sorted by type of attack.
That year, U.S. companies need an
average of 41.3 days to resolve
web-based attacks.
23. IT Environments and
Cyber Attacks
This statistic gives
information on the IT
environments targeted by
cyber attacks worldwide in
2015, sorted by industry.
During the survey period,
it was found that 34
percent of cyber attacks
aimed at the professional
service industry were
targeted at corporate or
internal network
environments.
26. What do these
statistics tell us
about the
evolution of
Cyber Threats ?
⢠Threats posed by internal actors is the most significant;
in Finance and Insurance, this is effectively 100% of the
source of cyber risk
⢠E-Commerce is the largest threat to retail and travel;
Point of Sale fraud is largest for Food & Beverage
⢠Data breaches increasing in size and number of affected
parties
⢠Time to Resolution has improved, highlighting industry
education and prevention
⢠Most damaging attacks remain internal
⢠Preparation is the best policy
⢠So how to prepare ?
27. Preparation of the âTo Beâ State: The
Adaptive Cyber Security SaaS Platform
28. How does Adaptive Solutions propose to
revolutionize Cyber Liability Underwriting?
⢠Rudimentary underwriting
⢠Lack of defined risk metrics
⢠No means of identifying affected
data
⢠No traceability or lineage for post-
breach analysis and remediation
âAs Isâ State
⢠Identify and measure against key
metrics impacting risk
⢠Use preventative and analytical
tools to understand depth of event
and remediate/repair
⢠Create a âdata inventoryâ which
catalogues both data and lineage
Transform the
approach ⢠Inventory of key data assets and
traceability/lineage for breach
analysis
⢠More effective cyber security
infrastructure
⢠âLearningâ bots to assist with
volume of attacks
âTo Beâ State
29. Cyber Liability Insurance â Underwriting
Considerations
⢠What EXACTLY is being protected ? Or what exactly was affected
by the breach ?
⢠What are the key underwriting metrics ?
⢠How is the risk priced ? How is this determined ?
⢠What are typical policy exclusions ? Retention ?
⢠What are typical loss scenarios ? Recovery scenarios ?
This all needs to be discussed, documented, and linked to
technology that offers actionable solutions
30. The End State must specifically address the Threat Matrix
⢠External actor
⢠Access through a vendor
⢠Through ISP
⢠Through DNS/Brute Force
⢠Internal actor
⢠Disgruntled employee
⢠Actively placed sleeper mole
⢠Internal incompetence (like passwords in a desktop Folder
labeled âPasswordsâ â Come on man !)
⢠Things in Common
⢠Major Losses
⢠Lasting Damage
IMPACT
MATRIX
External to
Firewall
Internal to
Firewall
Malicious
Insiders
82 95
Malicious
Code
76 89
Web based
attacks;
phishing;
email fraud
92 84
31. Manta
Adaptive
Library
Data Model
Databases
Messages
Event Logs
Big Data
Enterprise
Database
âTo Beâ State - Cyber Risk Management with the Adaptive Repository Orchestration
Transform
Business Glossary
Metric Glossary
BI Objects
Data Objects
Analytic
Software
Reports
BITools
Business
Logic
Model
Data
Logic
Model
Physical
Model
Business
Verticals
NoMagic
Data Object
ETL
Metrics
Business
Process
Model
Terms
Business
Concepts
Integration
Process
People
Data
Quality
Applications
Business
Engagement
Model
DarkLight
Environment
32. How does it work ?
⢠We combine the disciplines of robust data governance and cyber
security through the application of world class technology
⢠Catalogue the key data assets by business unit and function
⢠Inventory the data assets, establish lineage and relation
⢠Implement an integrated cyber security solution
⢠Our solution lets you understand the key risk metrics BEFORE the risk
is assumed
⢠How stable and âorderlyâ is the client data environment ? Data quality ? Points of
access ?You better know before you bind the riskâŚ
⢠How do we do that ? Adaptive for lineage, governance, security, permissioning,
versioning, and data tracing; DarkLight for cybersecurity enhancement
33. Cyber Liability
Insurance â
Pre-SaaS
Underwriting
Review
⢠Understand the data environment
⢠By Business Unit
⢠By Data Source
⢠Understand the network environment
⢠Number of IP and Email addresses
⢠Web Sites
⢠IoT access
⢠Create enterprise data lineage and traceablity to establish base case
and identify data quality, loss, and retention issues
⢠Catalogue the data assets being protected and identify the key
stakeholders of each
⢠Integrate the DarkLight cyber solution with the Adaptive Metadata
Platform to enhance cybersecurity
⢠Integrate the underwriting review to prepare the SaaS solution for
the specific client
34. Cloud ServicesBig Data Platform
Metadata Connector
ODBC
RESTful
Custom SDK
Security
Semantic Layer
Templates
Data Store
Scheduler
Templates
- DG Maturity
- DM Compliance
- DQ Maturity
- DA Maturity
- DG Ownership
Data Landscape
* Build customized UI by enhancing
Adaptiveâ s UI
Templates
SaaS âHostedâ
Clientâs Data Landscape
Data Factory
HostedSolutionExistingDF
Clientâs Virtual
Data Excellence
Internal Users
- Data Stewards
- Data Owners
- CDO
- CIO
Reports
- Scheduled Reports
- Monthly DQ/DG Snapshots
- Monthly Data Compliance
- Alerts & Notifications
- On Demand Reports
Functional Data
Architecture Supported
- Data Modeling
- Data Governance
- Data Quality
- Production Support
Key elements of the Cyber Risk Management with the SaaS model
1
2
3
4
5
Client Service Provider Onsite Service Provider Offsite
Data Owners Business Analyst
Data Analyst
Data Analyst
Data Analyst
35. Legacy systems and cyber risk management
⢠Legacy systems pose a unique risk to an organization
⢠Failure to migrate to modern platforms complicate risk
management and recovery post attack
⢠Most firms delay migration due to theThree Pâs:
⢠pain, personnel, and priceâŚ
⢠We greatly reduce theThree Pâs in legacy migration and
management with automated data discovery and documentation
tools
⢠We offer this on a SaaS basis using open standards
37. Bank Client â establishing data governance and lineage with
huge amounts of data
⢠The technical truth of architecture and data flow within a large organization
is nearly impossible to understand for any user without technical
experience.
⢠We automatically scan the dataflow to identify all of these objects and links.
Because programs, procedures and scripts do refer to exactly these
technical objects, this may cause a huge complexity in the meta data
repository.
⢠As for example, one Clientâs Group Business Intelligence Repository holds over
320,000 tables, columns, views, entities, attributes, report fields and dimensions.
⢠Approximately 10% are interesting from business view.The others are used for layer
concept, arch. Principles, compliance, performance, Interfaces etc.
Page 37
When scanning the raw technical data automatically to generate data models and data
lineage, one very important aspect are considerations on how to manage the complexity for
different users, and how that data is presented.
38. Page 38
In this example, assume for a moment youâve been hacked⌠and you need to identify
all the affected data - In this Client case, search for affected data elements with a name
âcustomerâ returns 45,315 Results (across all object types)
Post intrusion
data analysis...
The impact
across an
organization can
be daunting and
difficulty to track
down all of the
affected data
41. Presentation Layer /
Search Results IV
Page 41
Classification âTable Layerâ equal Business Data reduces to 123⌠now its manageable
42. Presentation Layer / Classifications
Page 42
How to manually classify, track and trace lineage for > 300,00 Objects? You canâtâŚ
ď¨The âRules Engineâ can inherit classifications via CWM connection
Type: Relational.Schema
Name: LDDAPPL
Data Store: LDD
Type: Relational.View
Name: ALL_CUST
Data Store: LDD
table layer: LDD Views
Type: Relational.Column
Name: id_customer
Data Store: LDD
Table: layer: LDD Views
Type: Relational.Column
Name: short_name
Data Store: LDD
Table layer: LDD Views
43. Presentation
Layer
-
Virtual business
layers for lineage
Page 43
Although restrictions for data
flow are defined, lineage can
become very big and complex.
The goal is to be able to
automate the lineage tracing
process and narrow presentation
to mazimize effectiveness
44. Zoom of Lineage
Page 44
And tracing lineage can become overwhelming â the majority of expense post
cyber attack is identifying and tracing affected dataâŚ
45. Managing the Presentation Layer /
Virtual business layers for lineage
Page 45
Adaptive uses smart algorithms to traverse through the lineage and pick only defined
columns to show them in a textual view: âColumn is derived from CEE IF Fieldsâ
Rules can be based on
- Classification
- Owning Schema
- OwningTable
Rules allow the user
define and manage their
data environment from
top to bottom
46. Investigation one â identify the affected data
Page 46
1. Locate the desired data
element (in this case, a
COGNOS Field)
2. Display the reverse lineage
3. Identify the Source Field
4. Investigate single
transformation steps further, if
needed
This allows the client to manage
the complexity and volume of the
data environment
47. Investigation two /
establish and understand the lineage
Page 47
Source Code: Insert Statement at given line number.
Lineage SVG Graphic
Selfmade âPLSQLâ object view of column
PLSQL object view. Gives line number.
49. Investigating the
interconnection of the
target data element
Page 49
This graphic shows the lineage of
just one of these data source
columns in Reporting.
Failing to understand internal data
lineage is not a good idea. Our SaaS
soultion will link data to business
terms and concepts to trace data.
Post Cyber Attack, this is the major
driver of expense in post attack
investigation, management and
remediation.
50. As a result of this work, our Client
gained a deeper understanding and
tangible simplification of their data
lineage.
In this example, the Client used
Adaptive to link business terms and
concepts directly to source data to
establish lineage and a governance
framekwork for regulatory compliance
and financial reporting.
This To Be State allowed them to
directly link business concepts and
source data, using automated lineage
tracing and data governance
capabilities.
Report Field Source Table Description
B2 - COLL
before HC:
Resid. Real
Estate
S3_EXPOSURE Basel 2 figure. Collateral value
from SAS BEFORE Haircuts
(deductions) divided to
Exposure-sets; Optimization
after recoverability of collateral;
COLL -
Market
Value
allocated:
Comm. Real
Estate
COAL_COLL_EX
P_CRR
Collateral value that considers
all collaterals independent of B2
eligibilitiy. Collateral Market
Value from SAS; distributed by
SAS Coll Type; capped with
Exposure
B2 - COLL:
Comm. Real
Estate after
Haircut
S3_EXPOSURE Basel 2 figure; Collateral value
from SAS AFTER Haircuts
(deductions);
divided to Exposure-sets;
Optimization after recoverability
of collateral.
COLL â
Accepted
Value
allocated:
Resid. Real
Estate
COAL_COLL_EX
P_CRR
The distributed collateral
acceptable value in the way of
SAS CRR acceptable value
algorithm in EUR.
Page 50
53. AI-Driven Analytics and Automation
âş Timeline
ď§ 2009: PNNL funded research
ď§ 2013: Company founded to transfer technology to market
ď§ 2016: Commercial release, deployed in production
âş Artificial Intelligence based on Semantic Graph Analytics
ď§ Patented Advanced Reasoning Platform; Two granted, several in process
ď§ Proprietary AI engine captures, automates and scales human expertise
ď§ Applicable to cybersecurity, fraud analysis, and the global movement of money,
etc.
54. âş Scarcity/high turnover of seasoned cyber analysts
ď§ Outnumbered and overworked - projected shortfall of 1.5 million Analysts by 2019(1)
ď§ Enterprise knowledge leaves with analyst â 18 mo. ramp to get âproficientâ
âş Staggering volume of cyber attacks creating âbig dataâ issue
ď§ Existing technology investments are underutilized while threats persist
ď§ Staff is âdrowning in dataâ
Challenges in the Market
(1) http://www.csoonline.com/article/2953258/it-careers/cybersecurity-job-market-figures-2015-to-2019-indicate-severe-workforce-shortage.html
55. Challenges in the SOC
ďą Not enough analysts to address the volume of alerts ďą New or junior Analysts not productive enough
ďą Not enough analysts to address the volume of events ďą Canât fill open requisitions for SecurityAnalysts
ďą Knowledge leaves org when Analysts leave
ďą Too much time spent monitoring rather than
responding
ďą Incident response time takes too long
ďą No centralized process or tools OR
ďą Too many tools, not enough coordination between
ďą Analysts waste time manually attributing and
documenting incident response
ďą Analysts waste time chasing down false positives ďą No Analysts dedicated to hunting
ďą Existing alerts or select security feeds are ignored ďą Other â domain specific
56. Drowning in Data vs. DarkLight
Source: âThe Cost of Malware Containment,â Ponemon Institute, January 2015 Survey of 630 IT / IT Security Practitioners in US responsible for detecting, evaluating and/ or containing malware infections.
17,000
ONLY
19%
Malware alerts
received on average
by an organization in
a typical week
Alerts investigated; Only 705
Exposed to risk of remaining 15%
Deemed âreliableâ
4%WASTED: 395 Hours/week due to False
positives/false negatives
LOSTVALUE: $25K/week or
$1.27 million/year/org
Typical Industry Experience Customer, deployed in production
100%
Alerts Examined n=9500
1,816
additional alerts/wk
investigated
Lowered Risk by
investigating
previously ignored
alerts
Improved IRR and
increased
utilization of
existing security
investments
With 30%fewer staff,
58. The Cybersecurity âBig Dataâ Problem
Wisdom
Operational
Cybersecurity
Knowledge
StructuredCybersecurity
Information
Cybersecurity Data
Science of Security &
Semantic Infrastructure
Cybersecurity Measurement
and Management
Cyber Ecosystem
Technology
& Data
Human Intelligence and Reasoning
59. DarkLight⢠- Human-quality analytics, at scale
Fuses data from disparate intelligence sources
Unifies network sensors + threat intelligence + enterprise context
Improves IRR on existing security investments
Captures analyst knowledge for retention by the enterprise
Augments deductive and investigative skills
Prevents âbrain-drainâ while accelerating training of new staff
Force-multiplier which enhances human reasoning
Acts as aVirtual Analyst, improving performance by 10X to 100X+
Advanced, AI-based reasoning able to infer conclusions
60. DarkLight Reference Model
Alerts Events
Adversarial Knowledge
Threat Intelligence - Internal/External
Feeds Incident Response System
Cyber
Ecosyste
m
Security:
Firewall,
Proxy, AV,
IDS/IPS,
Network
Devices
(Sensors)
Enterprise Knowledge:
AD, Legacy Data Sources, HRIS,
etc.
NotifiesAnalyst Directly
TriggersOrchestration / Action
in other product
61. âş Results
ď§ Improved ROI: Doing more with 30% fewer analysts by reducing false positive alerts
ď§ Improved Situational Awareness: Now analyzing 220 previously ignored data streams
ď§ Expanding to threat hunting
Customer Success
5000 employees, One of 17 DoE National Labs; Performs classified and unclassified research for
DoE, DoD, DHS and other government agencies.
100K+ alerts per day, 2.5B events/week through Splunk
âIncreased our effectiveness from 5-15% to 90-95%â
BJ Stephan, Deputy CISO
63. DarkLight PROs (Programmable Reasoning Objects) analyzing data
Once data is ingested into DarkLight, the Programmable
Reasoning Objects (PROs) go to work â in real time â
analyzing thousands or tens of thousands of events in
seconds.
The purpose of these are to make inferences on sets of
data whether contextual, working, or both. To put their
use into perspective, each PRO acts something like an
analyst assigned to finding correlations between different
data sets and records ranging from thousands if not tens
of thousands of logs.
In order to find any disruptive or dangerous activity
analysts must spend hours or days searching for these
patterns. DarkLight alleviates this by incorporating PRO
reasoners to do this daunting task for the analysts,
leaving them with a condensed data set to work with.
64. Results: Summary and Graph View
Several views work together to provide
the full picture about a single event. The
Working Memory view contains lists of
PRO Output Types and indicates how
many items are in each type. Clicking on a
working memory type loads those events
into the Events view where they can be
sorted by date. Clicking on a single event
populates the tabular Results view, the
graphical Results Graph view, and the
Processors View.
Since different users prefer to see
information in different ways, the user
may select which views are shown â and
save them as a perspective.
65. Graph View of Event with full attribution
In this example, DarkLight correlates a FireEye event with a vulnerable host, attributing CVE, device and employee details.
The ResultsGraph view is
a node/link graph that
describes the selected
item in the Events view.
It contains all of the
properties and objects
that have been attached
to the event as it works
its way through ingestors
and PROs.
Each new object gets a
different color.
66. DarkLight Event Orchestration
PROs do the heavy lifting to reason and analyze, saving time
âŚand based on the results, can alert, notify or orchestrate other systems to take action
69. Graph Databases â Big Data
⢠A graph is a data
structure
⢠A graph holds data
⢠Schema (ontologies)
⢠Facts (assertions)
King
Line Manager
192.168.5.164
Edwards
Jones
Employee
Employee
Employee
Log On
Event
rtedward
rtjones
hasAccountName
Project Manager
hasRole
imking
4624
70. Automated Reasoning
⢠Also known as an Inference Engine
⢠DARKLIGHT is a framework for
supporting multiple reasoners
⢠Each DARKLIGHT Reasoner (called a
PRO) examines the known facts
and asserts new facts based on the
axioms of cybersecurity.
Karen
Ryan
Roger
Known Fact
Inferred Fact
71. Old Ineffective Method:
⢠Read all facts into a single
monolithic graph
⢠Manage the logical consistency
of the large graph
⢠Use a single Reasoner over the
entire graph
Monolithic Reasoner
Monolithic Graph
WARNING:
All facts asserted into a graph
MUST be logically consistent or
the Reasoner will not function.
- AND -
The larger the graph the harder
it is to keep it logically consistent.
72. Our Innovative Method:
⢠Read all facts into a single
monolithic graph
⢠Manage the logical consistency
of small subgraphs as they need
to be reasoned over
⢠Use MULTIPLE Reasoners over
the graph, not just one
Monolithic Graph
PRO PRO
INNOVATION:
It is easier to maintain
consistency in many
smaller graphs than
one large graph.
75. DarkLight PROs in Use
False-Positive
Reduction
Insider Threat
Alerts
Data Enrichment
& Enhancement
Data Exfiltration
Suspicious
Command
Execution
Multiple Sensor
Correlation
Contextual Knowledge Maintenance
AnalysisHeartbeat FilteredFEIPSAlert
AttributedFEWebMalwareObject IPUserRecordCleanup
AttributedFEEMPSAlert MaliciousDomainMatch
AttributedFEEMPSAlertNotification MaliciousDomainMatchNotification
AttributedFEMalwareCallbackAlert NonNameServerFEDomainMatchAlert
AttributedFEMalwareCallbackAlertNotification NotifiedOnlyFEIPSAlert
*AttributedFEWebInfectionAlert Attributes SuspectPing
*AttributedFEWebInfectionAlertNotification SuspectPingNotification
AttributedFEWebMalwareObjectObjectNotificatio
n
TypeCountNotification
AttributedMaliciousProcess UnattributableEmailAddress
AttributedMaliciousProcessNotification UnattributableIPAddress
AttributedNetcat UnattributableUsername
AttributedNetcatNotification UnattributedEventNotification
BlockedFEIPSAlert WorkingTypeCountReport
BlockedFEIPSAlertNotification 1102 â The audit log was cleared.
ContextTypeCountReport 4672 â Special privileges assigned to new logon.
DHCPRecordCleanup 4798 â A userâs local group membership was enumerated
FEIPSAlertForVulnerableHost 4799 - Security-enabled local group membership enumerated
FEIPSAlertForVulnerableHostNotification 5156 - Windows Filtering Platform has allowed a connection
FEIPSAlertReport 5140 - A network share object was accessed
FEIPSAlertReportNotification 7045 - A service was installed in the endpoint
FEIPSAlertWithHostVulnerabilities 4624 - An account was successfully logged on
FEIPSAlertWithVulnerability 4663 - Attempt was made to access an object, File or Registry
Key
Force-Multiplying âVirtual Analystsâ
76. DarkLight
-
Description
⢠DarkLight is the only patented system that embraces the human
decision making process and knowledge to combat cyber threats.
DarkLight was created, tested, and proven at one of the nation's most
advanced research laboratories, spanning more than four years of
R&D.
⢠DarkLight intelligently processes the massive data streams from a
current network and security appliances through a patented formal
Description Logic Reasoning Framework and Semantic Graph
Analytics.
⢠Unlike all other workflow-driven or machine learning-based
automation tools, this approach more effectively models normal
and abnormal user and network behavior.
⢠DarkLightâs Reasoning Engine is used to interpret and analyze facts
using an analystâs unique knowledge of cybersecurity and the
enterprise, including the policies and compliance requirements of the
organization they are protecting. By utilizing the analyst rather than
black box or statistical models, the system becomes a true force
multiplier of expert experience and knowledge.
77. Applying DarkLight PROs to Detect Insider Threat
⢠By representing common sense knowledge from the cybersecurity
community and the knowledge from your enterprise's cybersecurity analysts,
tasks and data interpretation can be efficiently and intelligently automated.
⢠Because the DarkLight PRO (Programmable Reasoning Object) is created by
the security analyst themselves, it thinks and works like a human, and it can
be created to find any correlations and patterns between data sets.
⢠This gives your analyst the ability to create custom PRO's to track whatever
activity they deem necessary to keep your enterprise secure.
78. Ontologies and Threat detection
⢠Thought leaders at the CERT InsiderThreat Center at Carnegie Mellon's Software
Engineering Institute (SEI) have recently released new model concepts to help insider
threat programs to implement more effective controls.
⢠Based on cases from more than 1000 organizations, the research paper and models
have been several years in the making and provides a standardized method of
expression for indicators of potential malicious insider activity.
⢠They have identified an ontological approach to the problem and have provided the
industry with an InsiderThreat Indicator Ontology (ITIO).
⢠An ontological approach provides a standard common language with which to
represent and share knowledge, a factor they have identified as currently lacking
within the threat intelligence community.
79. Applying DarkLight PROs to Detect Insider
Threat
Examples of InsiderThreat PROs:
⢠Track group membership over time
⢠Detect off-hours system usage
⢠Detect uploading to known file-storage locations
⢠Detect unusual program execution
⢠Detect unusual printing activity
⢠Correlate when a member of a group decimated by layoffs uploads to a known location
⢠The InsiderThreat Indicator Ontology
80. Superior performance through reasoning
⢠DarkLight approaches the Cyber Security problem by allowing analysts to
explicitly establish what is the "normal" user behavior baseline in the context
of the enterprise business model and operations.
⢠For example, a compensation specialist working in HR should not be downloading customer
data; that is not part of the employee's normal user profile or approved behavior or UEBA.
⢠Understanding every employee, vendor and customer profile and behavior is
at the heart of what DarkLight gives the internal enterprise cyber security
analysts, followed by the ability to alert and act quickly.
⢠DarkLight offers the user a means to perpetuate their know-how via our
exclusive PROs. Other UEBA providers require an entity to use their machine-
learned models of the user and/or its peers.
81. Operationalizing the ITIO
⢠You can put CERTâs ITIO (as well as models like STIX,CybOX, OpenIOC and others) to work today with
DarkLight, for a force-multiplying, cyber analytic and automation platform.
⢠Import the InsiderThreat Indicator Ontology to DarkLight and the general concepts of the ontology are
mapped to real-time data of your organization.
⢠As an example, data of the âActorsâ are mapped to âPeople & Organizationsâ of the company,
immediately leveraging the ITIO. Once this mapping has occurred, the hard problem of InsiderThreat--
identifying the subtle changes in an employee's behavior--can be identified much more easily.
⢠DarkLight helps you:
⢠Find the indicators
⢠Identify exfiltration
⢠Identify I.D. theft and fraud
⢠Collect the intelligence needed to allow efficient forensic investigations of affected assets.
Our CTO, Ryan Hohimer has been working with big-data and data science since research work post-9/11, Person of Interest. Originally conceptualized idea in consultation with Counter Intelligence and Insider Threat SME
2009: PNNL funded initial research based on interest of stakeholders from IC community
2013: In parallel, Grad research @ Pepperdine University B-School. Searching for commercialization opportunities, found Ryan and technology. Identified more than 20 markets for technology, decided to pursue cyber first.
Company founded, patents applied for and began tech transfer.
2015: Recognized for successful technology transfer to industry (FLC Award) and at the âOscars of Innovationâ, the R&D100 Awards.
2016: Released to commercial market and deployed at a client site with 5K employees
---------------
Applicable to cybersecurity, fraud analysis, and the global movement of money, etc. Anywhere a human analysts is important.
WHY they make decisionsâŚ
HOW to make decisionsâŚ
WHAT is importantâŚ
Training a CI or security analysis takes longer than even cyber.
Because of scarcity, need solution that captures knowledge.
Most important in non-cyber: Hunt for information (knowing social media, etc.)
Approximately 4 percent of all malware alerts are investigated. - On average, organizations receive almost 17,000 malware alerts in a typical week but only 19 percent of these alerts are deemed to be reliable. Of the 3,218 reliable alerts, only 705 are investigated. This suggests that participating organizations do not have the resources or in-house expertise to detect or block serious malware.
Annual cost of the time wasted on malware containment Calculus
Extrapolated hours per week 395; Extrapolated hours per year 20,533
Fully loaded wage rate*$62.00
Extrapolated cost per year$1,273,061
--------------------
Hereâs a REAL WORLD Example â client
People: Operates with 30% fewer Staff
Process: Lowered Risk by examining more and previously ignored alerts
Technology: Increased Internal Rate of Return (IRR) for existing multi-million dollar investments in security appliances and systems.
On left-- In a typical SOC without DarkLight, an analyst must consider each incoming alert. Due to the volume of these alerts, not all can be addressed. As you saw in the previous slide, itâs not uncommon for only 4% or so of the alerts that hit a given organization to even be analyzed.
On right â With DarkLight, each and every alert is analyzed â 24x7x365, eliminating the false positives. For those deemed to be true positives, DarkLight enhances the alert with actionable intelligence and notifies the analyst.
DarkLight is force multiplier where fewer analysts are needed for mundane tasks or to weed out false positives. More importantly, those analysts can be reassigned to more urgent activities like incident response, or hunting for the âone-percentersâ â those threats that will do your organization the most harm.
Cyberseurity
L1: Data Collection: Sensors protecting perimeter, making sense of raw data. Can give you evidence that something has occurred.
L2: Forensics/Threat Intelligence in structured form to defend, respond to attacks.
L3: Explosion of tools: Breach Analytics, Entity & User-based Analytics and Automation to try to make sense of the Data/Information are now measuring. Most take a data-centric (Machine-Learning) approach. Great for what the algorithm/data knows, but requires human âin the loopâ for advanced reasoning.
L4: Humans analyzing data are most effective--but canât scale. DarkLight leverages Knowledge Representation & Reasoning to put human âON THE LOOPâ (vs. IN the loop). It taps into their knowledge and experience but without the scaling limits.
Darklight is methodology taps into the KNOWLEDGE & EXPERIENCE of the analyst to intelligently interpret sensors. DL is application of your intelligence.
Analytics and automation software platform powered by the logic, knowledge, and experience of cyber analysts. Applies Artificial Intelligence to generate human-quality results at scale.
First and foremost â DarkLight is a force Multiplier, enhancing human reasoning. How? Because itâs the human analyst who has encoded the logic through a visual, easily understandable manner. While DL can infer conclusions about the data it analyzes, one of the most powerful capabilities is a reduction of false positives.
Second â DL helps to capture the analystâs knowledge and reasoning process. We call this a PRO (a programmable reasoning object) and itâs what even a junior analysts or one new to the org can look at DL to see how the system uses knowledge to reason. Most importantly, when the inevitable âbrain drainâ does occur - the analyst walks out the door but the knowledge heâs developed stays behind.
Finally â I noted in the first slide that the tech behind DLâs is applicable to multiple domains. In part, this is because itâs sensor-agnostic and collects the output of any other sensor to build a graph from this output. DarkLight fuses this information from all different sources (including network, threat intel and knowledge specific to the enterprise and correlates separate sensor events. Normally this is a tedious and time-intensive activity done by the organizationâs cyber-analysts. As a result, both the human and product investments the organization has made, work more effectively.
Hereâs how it works:
DarkLight INGESTS and NORMALIZES real-time streams of network sensors + threat intelligence + sources of enterprise knowledge like directories, HRIS and any other, even legacy sources.
Data can come from your existing network security, monitoring and threat feeds (internal/external, commercial & public), intrusion protection and detection systems, either directly or through any collector like a SIEM.
DL can ingest data in CSV, JSON or by directly querying sources such as Splunk.
Remember: sensor agnostic
Next, DL Automates analysis of the ingested sensor and the other enterprise data sources -- Independent and separate of time, sequence or volume. Remember the PROs I mentioned earlier? Think of these like little data scientists, examining data and inferring conclusions about the results.
Once DL weeds out the false positives from the actionable threats, it can:
Feed an IR system for further investigation. With a significantly lower number of False positives and detailed, attributed and correlated information about the alert, the Analysts can now investigate more effectively.
Can also feed a HelpDesk/Ticketing system for an automated or manual response according to the orgs policies
Notify an analyst for direct investigation
OR trigger Orchestration or or action by another product (eg. Programmatically informs the firewall to blacklist a malicious IP).
Identifies and Documents activities, patterns and anomalies, in the context of your enterprise, as defined by your analyst
About: 100K alerts per day from security appliances; Using Splunk to collect 2.5B. Tried, didnât like Splunk application for enterprise security.
Timeline
April 2015: Began co-development with PNNL; âAnalystâs Assistantâ
Jan 2016: Identified need to expand analytics between collector and analysts
May 2016: DarkLight analyzes enterprise alerts ahead of IR system; Deployed to Production
Results: Example: 4636 to one (FEYE IPS alerts, matched to Nessus scan, elim false positives) FE IPS:
Expanding to other programs, based on initial success
6 Senior analysts (3 senior) down to 4 analysts
Deputy CISO: âIncreased effectiveness from 5-15% to 90-95%â âEffectivenessâ= # total alerts promoted to IR / #total alerts. Major improvement in time previously wasted by staff chasing FP reduction.
Once data is ingested into DarkLight, the Programmable Reasoning Objects (PROs) go to work â in real time â analyzing thousands or tens of thousands of events in seconds.
The purpose of these are to make inferences on sets of data whether contextual, working, or both. To put their use into perspective, each PRO acts something like an analyst assigned to finding correlations between different data sets and records ranging from thousands if not tens of thousands of logs.
In order to find any disruptive or dangerous activity analysts must spend hours or days searching for these patterns. DarkLight alleviates this by incorporating PRO reasoners to do this daunting task for the analysts, leaving them with a condensed data set to work with.
Several views work together to provide the full picture about a single event. The Working Memory view contains lists of PRO Output Types and indicates how many items are in each type. Clicking on a working memory type loads those events into the Events view where they can be sorted by date. Clicking on a single event populates the tabular Results view, the graphical Results Graph view, and the Processors View.
The Results Graph view is a node/link graph that describes the selected item in the Events view. It contains all of the properties and objects that have been attached to the event as it works its way through ingestors and PROs. Each new object gets a different color.
The incoming event is always blue in the graph. The other objects receive colors dynamically as they are drawn so objects of the same type (e.g., Employees) are not always the same color each time a new graph is drawn. Nodes that are connected to more than one object are colored black. This helps them stand out as they are typically of interest.
Lines between nodes in the graph have a label on them indicating what kind of a link they are (data property, object property, or type).
PROs do the heavy lifting to analyze events, and can also:
Notify by email or Publish reports or
Orchestrate other security devices to take action (eg. Add malicious IP address to firewall black list or call any script
Done through scripts or JSON (not shown)
1. Trigger (Subscribed data-object activates the PRO)
2. Collect (PRO gathers up all the facts the PRO author has pointed it to)
3. Reason (PRO invokes the Description Logic reasoner)
4. Publish (PRO publishes what the PRO author specifies)