Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Attack Path Modelling at Deloitte Omnia AI

169 vues

Publié le

Melanie Somiah, Senior Manager, Omnia AI

Publié dans : Technologie
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Attack Path Modelling at Deloitte Omnia AI

  1. 1. Attack Path Modelling (APM) Melanie Somiah-Senior Manager, Omnia AI msomiah@deloitte.ca
  2. 2. 2 2 Advancements in tactics, techniques and procedures (TTPs) used by threat actors have required that organizations evolve how they approach threat management and ultimately the security of their organization. Threat actors are constantly breaching networks thought to be secure and increasingly organizations are viewed as reactionary. Attackers typically start by compromising an internet-facing host with lower levels of defenses. Upon successful compromise, an attacker uses their access to progressively exploit and compromise other, more critical systems until their target is reached, often sensitive data or crown jewels. As such, Omnia AI has developed Attack Path Modelling, a tool that enables proactive determination of potential methods of intrusion using a variety of data sets, not just vulnerability information. Attack Path Modelling A t t a c k P a t h M o d e l l i n g Opportunity Approach Attack Path Modelling (APM) will allow organizations to become more proactive in their strategy and increase their ability to stop attacks even before they occur. APM provides this in a visual manner, illustrating asset connectivity, vulnerability and risks to identified critical assets through current state and scenario- based analysis. Additionally, providing context to visual risk exposure, a view of asset specific and overall risk score which can aid in strategic decision making. APM leverages artificial intelligence to drive its recommendation engine which provides a variety of options for remediation and risk mitigation while showing how each action, if executed affects your risk score. Attack Path Modelling leverages data sets such as external threat data, vulnerability and network topology data to provide organizations: • Ability to quantify potential risks to assets based on contextual analysis of known vulnerabilities and system interdependencies • Identification of vulnerable entry points which might be used to gain access to a clients network • Prediction of an attack path an attacker might use to traverse the network • Prioritization of remediation strategy through risk ranking • Ability to develop simulated attack path models through scenario analysis
  3. 3. 3 3 Why Neo4J for APM? • Most APM functionality relies on extensive relationship traversing through the database. Neo4J makes these queries easy to express and provides superior performance in comparison to relational databases • Neo4J/cypher presents an intuitive approach to data storage and query, simplifying development time. • Proven performance in industrial environments, with documented capability on huge graph databases with over a billion nodes. • Rock-solid reliability for mission-critical production applications • Strong community support • Tools available to sync Neo4J with other databases such as MongoDb
  4. 4. 4 4 Neo4J Use Cases For APM • Risk Score Computation (via threat diffusion algorithm) • Topology Mapping • Attack Pattern Matching • Attack Path Computation • Vulnerability Prioritization • Attack Simulation
  5. 5. 5 5 Appendix – Screenshots
  6. 6. 6 6 Risk Scores Here the risk scores for assets are computed by a threat diffusion algorithm which is a cypher query in Neo4J
  7. 7. 7 7 Topology and Reachability The topology and the reachability graph is generated via Neo4j
  8. 8. 8 8 Attack routes and traversals Attack routes and traversals are generated via Neo4J
  9. 9. 9 9 End users can select recommendations and see the potential impact of recommendation to the attack paths. This functionality is implemented using Neo4J Recommendations
  10. 10. 10 10 Graph Simulation
  11. 11. 11 11 APM Product Sheet
  12. 12. Become more proactive in your strategy and increase the ability to stop attacks even before they occur. APM provides this in a visual manner, illustrating asset connectivitiy, vulnerabilitiy, and risks to identified critical assets through current state and scenario-based analysis. Leverage AI to to drive recommendations that provide a variety of options for remediation and risk mitigation while showing how each action affects your risk score. Attack Path Modelling APM Develop simulated attack path models through scenario analysis Prioritize a remediation strategy through risk ranking Visualize an attack path an atacker might use to traverse the network Automate remediation through integration with orchestration solution Identify vulnerable technology assets leading to increased risk exposure to an attack Predict vulnerable entry points which be mused to gain access to a network Discover a new level of cyber protection Protect your crown jewels
  13. 13. Omnia AI Smart. Informed. Nimble. Connected. OmniaOmnia AI, Deloitte’s Artificial Intelligence practice takes a holistic approach to the insider threat challenge, leveraging advanced analytics, machine learning and cognitive technologies to solve the most complex problems for organizations. Our approach is simple. We work with you to bring you the most value based on available data first, then take you on the journey to expand the capability. To do this, we bring industry context, experience and a unique skill set. Strengthen your Risk Profile For more information, Contact Dina Kamal (Partner, AI Risk) +1 (416) 775 - 7414 dkamal@deloitte.ca Leverage internal and external data of reactive and integrated risk-monitoring inputs to warn of emerging threats and  areas of vulnerability in near real-time Enable actionable intelligence by prioritizing follow-up actions such as pushing updates, patching, quarantining, etc. for vulnerable assets which fall on the path of least resistance Data analytics powered by advanced machine learning algorithms maps threat scenarios, attack signatures and vulnerabilities to recommended actions on security controls, with the ability to perform conditional what-if analyses.
  14. 14. Deloitte, one of Canada's leading professional services firms, provides audit, tax, consulting, and financial advisory services. Deloitte LLP, an Ontario limited liability partnership, is the Canadian member firm of Deloitte Touche Tohmatsu Limited. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. The information contained herein is not intended to substitute for competent professional advice. © Deloitte LLP and affiliated entities.