Glen Stacey - Artificial Intelligence in Cybersecurity

All

righty. Why is that showing? All righty. I'm going to get a little comfortable so this doesn't make noises in the in the thing. Uh, and we have a clicker. Does this work? Where is the thing?

Oh okay. Perfect. Thank you.

Perfect. All right. Hi everyone. Um, this event I travel a lot and I go to a lot of these events. This is by far the best bsides actually one of the best events I I go to anywhere. So not only from the organization and capabilities of the whole bides team and and the volunteers but also the turnout that you guys bring to the table here. It just goes to show how much cyber security is prevalent in everything that we do today. And it it just shows how much everyone wants to get involved and they see the importance of what is happening within the cyber security world and you want to be informed. I can't say that

about every location I go to. It's usually only key people that are driving it and it's a smaller attendance rate, but to see this amount of people is is amazing. So, I'm Glenn Stacy. I'm the regional director for Forinet for all of Atlantic Canada. Um, for the ones that don't know me, I'm from Newfoundland. I live in Newfaland, but I handle all of Atlantic Canada. This is my home. This is where anything that we do has a direct impact on our communities and I want to make sure that we're actually giving back. So, thank you for letting me have this this opportunity to chat. One thing about all the conversations that I have when I'm

traveling around is AI is a really hot topic. I was in Vegas and I'd say out of all of the sessions that were going on, AI was packed. Standing room only, the only thing that everyone has on their mind. And I'm going to be honest, there's a bunch of huge misconceptions around AI of what it actually does and what makes it up. And then then there's the whole political side of it. I'm going to lose my job because of it and so on and so forth. And robots are going to take over the world and all of this kind of stuff. So, we're going to go over some of that today. I'm going to define what AI is, what machine learning

is, and what deep learning is because there's three different components to to creating a true AI environment. Okay, so back to the whole the world is crumbling and so on. So, as a reference to anyone that's ever watched Jurassic Park, the whole conversation around just because you can create it doesn't mean you should. Um, just like anything that's created in it or anything in science, period, there's always a good and bad when you go to look at it. Just depends on how you deploy it within the environments that you want to use it in. So, I'm going to go over the history of AI, and you'll see that it wasn't it's not always for the good, but there is

always good in it. Just depends on how you want to use it. So, there's always the naysayers that say AI is going to kill the human race. Well, you know, we're not we're not doing iRoot stuff here, right? This is this is something very different. So, the technical definition of AI is really perform tasks. Now remember it's the task component that's in an AI description. So the tasks that require human intelligence. So and there's going to be a test on this after. So make sure that you understand this part. There's visual perception. So visual understanding of what's actually happening. Speech recognition decision- making and translation of language. Machine learning doesn't do any of that. Okay. So this is the AI

component. So again, human intelligence. Now I'm going to take a step back and put it in everyday words, which is artificial in just it's t making machines think like humans. And then I'm going to do big quotes around smart because not all humans are what I would call smart. And there's some people in this room know what I mean about that because I was going to have a different piece into this and I decided to move it out because it's just way too political. So, uh, AI can produce a large amount of data. It can. That's the beauty of AI. It's beauty of what computers have been doing ever since they were created, unlike humans. Difference is processing

power in the human brain is still way above what any computer on the planet can do. It's just that they can process tasks in a logical fashion without having any kind of human, you know, any anything that you've perceived or any of your history associated to something. So they can do it very logical where humans not necessarily can. Uh the goal of AI is to do things like recognize patterns, make decisions, and that's another word I'm contemplated putting in judge like humans, right? Because judging could be a good or a bad thing. So, it's about making the decision associated to it. Uh, and again, this whole Iroot, I don't know if anyone's watched this movie

before. Uh, I the the concept that a robot the size of a human is going to have enough compute power to act like a human today is nowhere close to being possible. It's not even in the realm of thought process because the computer to do that the processing power would be larger than this room just to handle one robot. So so the you know since all all it does is really is what they're putting into you know movies and stuff is all this is exactly what it is. It's fiction. It's it's a movie. It's not there yet. Now as we increase processing power, we increase cooling capabilities and we make things smaller, uh you'll see that change, right? So if you think

of it back in the the big I IBM mainframe that actually put someone into space and you look at the compute power of that then you look at the compute power of a chip that's inside of a greeting card today is the greeting card is 200 times the processing power of what that big massive freaking footballsiz computer did just to try and do the mathematical equations to put someone in space. So, we are getting smaller, but we're still nowhere close to what a human brain can do. So, I get a kick out of this because I talk to people all the time, right? Oh, AI is going to take over the world. Yet, first thing they do is they go out

and buy a a Roomba to do their floors. It's all about convenience, right? At the end of the day, there is AI built into Well, the early Roombas didn't have AI in it. There was more machine learning, but now there's AI built in. If there's a dog's tail lined across the floor, the Roomba won't ride over it anymore. It used to the dog wouldn't cat would run all over the house with a dragon on the behind them, but it won't do that anymore or run over your computer cable and chew it all up in the machine. But that's the AI component because it could actually visualize the cable or the dog's tail or whatever that's in the room. That's the AI

component. The machine learning component is learning the room, the size, the floor layouts. That's the machine learning piece. The AI is actually doing the visual recognition of what it's running over. You're going to see a pattern here. So, how does all this tie back to cyber security? So, cyber security itself, think of everything that we're logging today. It's a massive, massive amount of data. It's huge. No person is going to be able to actually go through that, recognize patterns within it because it's just too big. So really the shift to AI and machine learning and cyber security and where that's going is that we're moving from event-based cyber security strategies into predictive. So predictive cyber

security measures looking at the patterns looking at behavior. Behavior for most people is the same thing over and over and over and over and over. Your networks are the same. Your security is the same. It's the same thing over and over. If there's any deviation from what's normal, it should be flagged. Should be flagged so everyone can actually see it and see what's actually going on with it. So I'm going to do a little quick history lesson because I actually love history when it comes to to it. So we're going to go through something. So 1952 uh computer science uh Arthur Samuel actually developed program for a computer to learn how to play checkers. Okay. So he used machine

learning capabilities and AI capabilities to actually have a computer system learn how to play checkers and actually win at checkers. Everyone thought it was chess, but that's years down the line. This was actually introduced 1952. Uh 1955, John McCarthy at Dartmouth College actually coined the term of artificial intelligence. So again, in true IT fashion, we're back to a Wnjak and Jobs situation here where someone actually creates the technology, but someone else gets all the credit for it in 1955. But AI, machine learning actually happened way before that. Oh, by the way, first victim of artificial intelligence. I don't know if anyone's Tom and Jerry, seen Tom and Jerry cartoons and stuff. So, uh, Tom could never catch

Jerry the mouse. So, this this family goes and buy a cat robot to go catch the mouse because cuz, um, Tom could never get it. So, this is the first victim of artificial intelligence. This was also, and here's the cool fact, this cartoon came out in 1955 when artificial intelligence was actually the term was actually coined. That's when this particular cartoon came out. Now, I'm dating myself. I've actually seen this cartoon, but I am not that old. I'm just saying. So, we'll go through a little history. 1930 is actually when machine learning kind of came into concept. Back in 1930, so we're almost a hundred years talking about machine learning and and artificial intelligence. It's only now

that it's actually hitting mainstream for the last 10 years that people are talking about it even more. So uh Turing who was the main collaborator on it in the 1930s uh created a machine learning solution or proposed a a layout for it and then they used so two other people went and created a design associated to this artificial neurons and we'll talk about that a little bit more. uh AI research became a thing at Dartmouth College after someone used the term artificial intelligence. So they actually created research um formally at Dartmouth College a year after it was coined. This is where some other things come in. 1960, the US military, so again, we're talking four years uh

later, the US military puts gobs of money into trying to figure out artificial intelligence so they can try and get ahead of a whole bunch of things. Back in the 60s, remember, we're getting into the arms wars. We're getting into a whole bunch of other things. So 1960s, the US military put a bunch of stuff into it. 1974 there's still no real huge increase in anything in machine learning or AI. So there's a whole bunch of cutbacks within funding and US and Britain kind of pull out the the dollar values associated to it. Nothing then changed until the 80s and the only reason why it changed in the 80s is processing power changed in the 80s.

came out with new chipsets that allowed you to actually do more things because AI just couldn't AI can't exist without the processing power for it and the storage for the data mining associated to it. Then 10 years later after new chips come out there's another increase in CPU power but there's also now we're starting to get into data mining. So they're actually doing going through all the vast amounts of data to try and get more information out of it. 1997, seven years later, IBM uh Deep Blue wins a chess match. Now, I want to take a point here. Think of all the money that's been spent from 1930 to 1997. So, 67 years for someone to win a game of

chess. Like, that's a long time for some for a computer to learn how to play chess. That's all I'm saying. Seeing in 1952, a computer learned how to play checkers. It's a it's a long difference, but this is where it starts changing rapidly. Two 2003, deep learning is achieved um for large data structures. 2011, IBM Watson defeats Jeopardy champions. Uh 2012, the only reason why I have two things in here that have Fortnite logo on it. And the only reason is is because this is actually history. So Fordinet is actually the first ones to look researching AI and machine learning technology in a cyber security world and applying that using using their OS. 2013 uh Watson actually starts

doing uh deep analytics associated to things to make decisions for treatments for lung cancer. So again huge benefit in the environments that can actually help human beings. By 2015, there's 2700 plus AI projects in place at Google. So now Google, because they have craploads processing power and they see the value in AI, they put a big push on it. 2015, 2016, see how fast these things are happening now. 2016, machine learning is utilized in malware detection and cyber security. 2017, Eli Musk calls for regulations around AI. It brings me back to when they tried to do regulations on internet. It's going to be very tough to do it. Um I also think there's financial benefits

associated to people that want to put forms of regulations depending on how they roll out the regulations on AI because again AI can be a good thing. It can be a bad thing depending on the hands it's in. AI was also introduced into web application firewalls and and sandboxes and everything else from a cyber security standpoint. And then another big thing is that forinet actually came out with a well we we call it NDR today but 40 AI in a box. It's it's a analyst in a box. Again, it's it's first time that it was ever introduced into a cyber security for a standalone to work with any product on the planet. And that's the only reason why I got it in

there. Okay. So, we're going to cover machine learning a little bit. So, we're going to play a little game. So, and I want to make sure everyone understands what this is. So, objective. So, what is it that you're going to input into the system? Uh then we're going to then features. And this is by the way is for every AI machine learning platform on the planet. You need to have an objective to start off. Then you have to have the features associated and features could be against your, you know, your face. Do you have a pothole in your face or warts or what color eyes? What how big your lashes are? Like everything is a feature and

then what's the end result associated to it. Okay. So objective is we're going to identify an animal based on their features or characteristics. So features are has to be a mammal. Has to walk on all fours. It has slightly rounded ears. It's got a long and fluffy tail associated to it, dark fur around the eyes gray fur, and then nocturnal. So, let's say that these are the features. So, based on those features, so we have our objective, now we have our features that we're going to use, and then the result ends up being a raccoon. That's what should happen. If the data sets that you're putting in along with the features that you're actually doing, you should

actually get a recon. Makes sense. But it doesn't always work that way. So again, fear that AI is taking over. Again, it depends on how you use your data sets and put it into your infrastructure. So in this case, face analyzed. Yeah, it's a cat. Well, it's really not. It's really not but and and there's multiple options around this. I see this this all the time. It depends on what's going in. So where we have a lot of people getting into the cyber security space trying to understand where AI is going and what it's doing. If you are interested at all in AI, machine learning or whatever which is all falls under predictive analytics that's what you should be

researching. If you're researching or want to be part of predictive analytics then you should be looking at AI machine learning and deep learning because that's it's the future. There's a lot of jobs for that right now. So what is artificial intelligence? Again we covered it's require you know human intelligence you know making decisions recognize human speech visual elements translating languages but I want to point out it's the task AI does the task component of AI or of of deep learning machine learning doesn't do tasks machine learning just goes through the information and puts it in and labels it and picks the features and puts it in a consumable form. There's no tasks in machine learning. It just puts it in an order of

which people, programs and everything else can actually understand it. So machine learning actually feeds what goes into AI. And then deep learning is the combination of both. Deep learning is the combination of AI and machine learning. So the actual task component associated to the data component which is the machine learning side. It's key to understand where those break, right? Because AI is very different than what machine learning actually brings to the table, but ne both have a a reason for existing. Um, but they don't work without each other. Cool. Machine learning usually falls into four different database sets. So supervised learning, which means you're actually labeling everything. So everything is labeled. So you've already gone through and every single feature of

all the data sets that are come in are all labeled. So it makes it easy for a program to actually use it. Uh unsupervised learning means that there's no labels on anything. Semi-supervised you're only labeling certain portions of the data set that's coming in. Letting machine learning use figure out the rest. And then reinforcement learning means you're going to take those data sets, you're just going to put them through with no real knowledge of what the outcome's going to be. So it's a trial and error to try and get the algorithms to learn from each other. Okay. So human brain so human brain is more than anything else uh than anything else ever created. The amount of research that goes into

the human brain that we still don't know about is massive. Like absolutely massive. So for anyone to say that we're actually going to make computer systems that can interact the way a human brain can is I just can't see it. And that's my own personal opinion. I just can't see it. Now can I make certain systems act like the human brain for that component only? 100%. But if I try to take all the experiences of every human on the planet and then map them out in some neural network of to match computers to a brain and the way that it calculates stuff, it's never going to get there 100%. Right? It's just like, you know,

generative AI and you put in a bunch of words and you copy someone's voice. It's really good, but it's not quite there. Right? So deep learning is a little different, right? So machine learning you're doing the data sets you're labeling it and it's very hierarchal. Deep deep learning is different. So in this case and this is where I prove my point of where it's not going to think as fast as you. You see three helmets you automatically see that it's two football helmets and a motorcycle helmet. You do that in subsecond response time. When we're talking about deep learning you actually have to put an input layer. So we're going to put three helmets and throw it in there.

difference is is that we're going to have all of these features to try and define what those three things are, but all of them are going to talk to each other. So each one of these blue round dots that are in the middle, their different algorithms and feature sets, and all of them will talk to each other. So that's that neural network trying to match out to a human brain. Think of how much processing power that's going to need to actually come out to the same conclusions. um and the cost associated to it and then you'll get your output layer. Is it a football helmet? Is it not a football helmet? That's a lot of work to actually

get to a point to recognize if it's a football helmet or not. So, it's a very easy way or light-hearted way of talking about what deep learning is, but it all comes down to the neural networks that you create. So, let's just do a small little idea through it. So, I take a 67 Mustang fastback and I actually that's my input. So, I'm going to put it in for a feature extraction. So, I'm going to label what all my features are already in to figure out what that input is. And then it's going to go through a very hierarchal classification on where it falls. And then at the output, it's just going to tell you if it's a car or it's

not a car. Deep learning again goes a whole lot deeper than what that's why they call it that way than machine learning. It's not hierarchal. Everything talks to everything multiple times. So it could start in the top lefthand corner, go down to the bottom right, back up to the top left over. So it pops around multiple algorithms to give you a better idea of what it is that you're getting. And I'll show this to you in a sec. So this is just a wordy slide. I don't need you to read it. It's just more covering what we already talked about except the bottom. The bottom lines on both of these slides are the ones that are

important. AI can work with structured, semistructured, and unstructured data. Where machine learning can only work with structured or semi. You cannot throw unstructured data, massive databases that are completely unstructured into a machine learning and hope that it comes out with anything that's worth looking at. It just doesn't exist. So, we're going to do a little game, try and figure out what falls under artificial versus machine learning. So, translating a text. So, remember what I said at the start with the test. Anything that's considered human, you're going to make a decision on. So, translating a text voice side. So, translating voice would fall under artificial intelligence. Ident identifying bank fraud. Well, that's machine learning. There's no human

element into that. It's just going to go through all the data and figure things out and then tell you if you they think there's um bank fraud or not. Making a medical diagnostic that takes decision humanlike decision making process associated to it. Controlling a vacuum. Well, you should already know the answer to that one because we had a picture on that already. Predicting a system failure again that's machine learning. There is no real human element needed into it. playing a game would also fall under artificial or finding cat pictures on the internet. Yeah, that's actually machine learning, not and everyone goes, well, how? Because there's there's pictures of cats. Well, again, it depends on how you actually look at

it. So, I'm going to give you an example of that. So, in Google, if I just go to traditional Google, we did this. Show me feline pictures that are not cats. Google did nothing but give me pictures of cats. Right? Because that's machine learning. That's all that is is machine learning. AI takes it a little bit further because it actually does the visual component associated to it. And we popped it in Gemini. And Gemini actually gave me fel or gave me large cats, right? Well, lions, tigers, jaguars, whatever it is that you want. That's the difference between the two. just having a data set that doesn't look at all of the human aspects associated to it.

Okay, so let's look at it from a security standpoint. So I showed this last year, this slide last year. It's cyber security's changed. The realm of cyber security's changed. People have changed. This is massive business. This isn't a guy with a black hoodie sitting out in a single light on like they show on television. It's just not the way it works. You have crimeware producers. They just write crimeware and there there's different comp different groups that do exploits versus pack packaging of stuff special platforms mobile. They write stuff different. They're all different groups. They just produce software and they sell it. Now, they could sell it to bad people. So, they'll give that to senior developers. They'll

create a source code. They'll sell that to criminal organizations. Or in some cases, they actually do a subscription to the criminal organization. Believe it or not, same as you guys buy subscriptions today. Oh yeah, we'll buy a subscription to that. Any update to this hacking software or your code? Yeah, give us a copy of it. We'll we'll do it for a year and see how things go. They also then sell it to a um affiliate programmers. So these are brokers, right? So these are people that also buy it and they'll add their pieces onto it. They'll sell it. Anyway, it's just this is all big business. They drive around in their Mercedes. They have boards meetings like

everybody every other company on it. It's just it's it's massive massive business today. And until, and this is my own personal opinion, until until the risk and reward get kind of level, uh you're only going to see it even even more and more. Right now, the risk and reward are very very different from each other. If you get caught doing something bad, at least in North America, you go to a tennis club prison for a little while and you just make craploads of money. So if you do that in Russia, it's a different story. So until we actually do things different, it's going to be the same. So how can it help in cyber security? So what we're going to do is

what what it does is it can discover new new cyber security issues, new things that are happening. We can allow organizations to automate things, massive threats that are massive data mounts that are coming in and we can automate it. Automation, and I'm going to say this until I'm no longer doing this. Automation is your friend. There's a lot of people in this room and every other customer I talk to that have the capabilities of automation and they won't automate it. I had one person call me and say, "But Glenn, if I automate it and I take something down, I'm going to get in trouble." I said, "Well, if you don't automate and your whole infrastructure gets hacked, you're

also going to be in trouble. Probably a bigger trouble because now we actually have a dollar value associated to it." So automation is key. We're not hiring more people. No, there's not a company in here that's hiring more people. They're trying to do more with less. You already own the automation capabilities in the most cases. And you should be looking at it to make your life easier so you can spend more time on designing better capacity planning and everything else. Automation is key. uh applications, password protection, using PAM or whatever you want to fishing detection, prevention, control, network security. Next big one I think is behavior analysis. Again, behavior is very normal. It's very it's very

stagnant most of the time. If there's a change in behavior, your tool set should be able to show you that the behavior has changed and you should be able to go and look at it. Benefits is that if you're using AI and machine learning, it's constantly learning. It's constantly learning new things, new new discoveries, new ransomware, new malware, new threats, everything helps in vulnerability management, enhances overall security posture, which is at the end of the day, that's why everyone's in this room is to increase security posture. So, I'm not going to go super deep into this. Uh this is just killchain and there is products out there that have AI and machine learning out there

that helps you with your killchain. The faster you break uh any kind of attack, the better off you're going to be. So if you can get it at the reconnaissance level and and the by the way, this is a standard kill chain. The faster you get there, the better off you are. And again, each of these products use different database structures. So it will give you a different outcome. Just like you know, just just like using the frog, if you have the wrong database infrastructure because you're using a single tool set to do all of it, you're you're you're not going to get to the place that you want. Uh again, there's a whole bunch of

products. So just as some ideas, right? So you could use EDR for exploitation, for instance. EDR most EDR either has machine learning has machine learning or AI or both associated to it. Use the tools that you need to to get to actually stop the kill chain as quickly as possible because if it goes past the command and control, you're you're in a different place. You're going to have problems from there. So, just to end off, uh AI is a tool. That's all it is, right? It's a tool. everyone in this room, everyone on the planet can use, but you choose how you want to use it. It's not something that everybody should be afraid of. It's

actually a really good thing. It's a massively good thing. Does it have potential to do some bad things? Sure. But anytime new technology comes out, new capabilities come out, roles change, jobs change, everything changes. It's just the nature of being a human. So don't be afraid of AI. AI is actually our friend and it can do a serious amount of good in the world including cyber security. So just to end off um the more data compliance policies that you have using AI can automate and automate again is your friend. It is use automation as much as possible in your environments from a security standpoint. It will make your life easier and it will make you more secure. Um, it will

help you with unknown threat detection, vulnerability management, response time capabilities. It will just allow you to sleep at night better because I guarantee you all the security in this people in this room at some point in time have a hard time going to sleep because they're wondering what is going to happen next inside their infrastructure. And thank you. Appreciate it.