YouTube
... Quora
...Google search
...Google News
...Bing News
- Cybersecurity ... OSINT ... Frameworks ... References ... Offense ... NIST ... DHS ... Screening ... Law Enforcement ... Government ... Defense ... Lifecycle Integration ... Products ... Evaluating
- Zero Trust
- Cybersecurity Conferences
- Risk, Compliance and Regulation ... Ethics ... Privacy ... Law ... AI Governance ... AI Verification and Validation
- Prompt Injection Attack
- (Artificial) Immune System
- 5G Security
- Time ... PNT ... GPS ... Retrocausality ... Delayed Choice Quantum Eraser ... Quantum
- Development ... Notebooks ... AI Pair Programming ... Codeless ... Hugging Face ... AIOps/MLOps ... AIaaS/MLaaS
- Games - Security
- Useful Models ...find outliers:
- Physical Layer Security (PLS)
- Time ... Retrocausality ... Delayed Choice Quantum Eraser ... Quantum
- Government’s AI Odyssey - A Candid Poll on AI and Machine Learning in the Federal Government | Government Business Council - AWS
- Bayesian Poisoning is a technique used by e-mail spammers to attempt to degrade the effectiveness of spam filters that rely on Bayesian spam filtering
- Detecting Malicious Requests with Keras & TensorFlow | Adam Kusey - Medium
- Best security software: How 12 cutting-edge tools tackle today's threats | CSO
- Excel ... Documents ... Database; Vector & Relational ... Graph ... LlamaIndex
- Intelligence Advanced Research Projects Activity (IARPA)Is Trying Keep Adversaries From Corrupting AI Tools ... Could cyber adversaries be training the government’s artificial intelligence tools to fail? | Jack Corrigan - Nextgov
- Adversarial Attacks on Graph Convolutional Network (GCN), Graph Neural Networks (Graph Nets), Geometric Deep Learning
- Breaking Down the Tencent 2018 Cybersecurity Report
- Chronicle combines all the best parts of Google and X culture
- Fraud and Anomaly Detection | Chris Nicholson - A.I. Wiki pathmind
- The Cyber Security Evaluation Tool (CSET®) | National Cybersecurity and Communications Integration Center ...provides a systematic, disciplined, and repeatable approach for evaluating an organization’s security posture
- Cyber Command, Microsoft take action against Trickbot botnet before Election Day | Shannon Vavra - cyberscoop
- Cybersecurity as we know it will be 'a thing of the past in the next decade,' says Cloudflare's COO, as security moves towards a 'water treatment' model | Rosalie Chan - Business Insider ... cybersecurity systems will weed out bad actors earlier in their attacks
- Watch me Build a Cybersecurity Startup | Siraj Raval
- Machine-Learning Capabilities within Network Detection & Response (NDR) - Podcast | Fidelis Cybersecurity - COO, Craig Harber, and Data Science Manager, Abhishek Sharma ...Extended Detection & Response (NDR)
- A new AI-based tool to detect DDoS attacks | Ingrid Fadelli - TechXplore
- Cybersecurity Information Sheet - Best Practices for Securing Your Home Network | US National Security Agency (NSA)
- AI can identify passwords by sound of keys being pressed, study suggests | Nicola Davis - The Guardian ... with more than 90% accuracy
- The Untold Story of the Boldest Supply-Chain Hack Ever | Kim Zetter - Wired ... The attackers were in thousands of corporate and government networks. They might still be there now. Behind the scenes of the SolarWinds investigation.
- SolarWinds ... AIOps-powered Anomaly-Based Alerts... AIOps-powered observability provides predictive intelligence to help manage complex hybrid IT environments and enables a shift toward autonomous operations
- Applications:
- BigBear.AI ... AI-powered analytics and cyber solutions
- New Cyber ... supporting Risk Management Framework (RMF) & Zero Trust and Insider Threat
- GATE | Gate CyberTech ... defeat wiretapping, peeking, keylogging, phishing, and dictionary attacks ... Demo
- CyFormer AI/ML Cybersecurity Toolkit ... Data is analyzed and then translated through CyFormer’s natural language processing engine resulting in actionable anomaly reports. The CyFormer model can identify events outside of the normal baseline, tag those events, and then send JSON alerts to analysts.
- Generative AI
- ChatGPT is enabling script kiddies to write functional malware | Dan Goodwin - ARS Technica ...For a beta, ChatGPT isn't all that bad at writing fairly decent malware.
- ChatGPT Used to Develop New Malicious Tools | Check Point Research
- ChatGPT Creates Polymorphic Malware | Alessandro Mascellino - InfoSecurity ... researchers at CyberArk
- Hackers are selling a service that bypasses ChatGPT restrictions on malware ChatGPT | Dan Goodin - ARS Technica... restrictions on the creation of illicit content are easy to circumvent.
- AI Can Crack Most Common Passwords In Less Than A Minute | Zhiye Liu - Tom's Hardware
- Integrating ChatGPT & Generative AI Within Cybersecurity Best Practices | Mani Nagothu - Sentinel One
- Google brings generative AI to cybersecurity | Kyle Wiggers - TechCrunch ...Google's Cloud Security AI Workbench, a cybersecurity suite powered by a specialized “security” AI language model called Sec-PaLM. An offshoot of Google’s PaLM
- After WormGPT, FraudGPT Emerges to Help Scammers Steal Your Data | Michael Kan - PC Magazine ... hackers are seizing the opportunity to create AI-powered chatbots to facilitate cybercrime and scams.
- Fifty minutes to hack ChatGPT: Inside the DEF CON competition to break AI | Elias Groll - Cyberscoop ... More than 2,000 hackers attacked cutting-edge chatbots to discover vulnerabilities — and demonstrated the challenges for red-teaming AI -- Anthropic, Cohere, Google, Hugging Face, Microsoft, Meta, NVIDIA, OpenAI and Stability AI
AI can assist with cybersecurity functions in many ways. It can reinforce cyber threat intelligence by searching for characteristics of cyberattacks, strengthening defenses, analyzing data to authenticate users, and discovering clues as to the identity of specific cyberattackers. AI can also analyze massive quantities of risk data to speed up response times and augment under-resourced security operations. AI technologies like machine learning and Natural Language Processing (NLP) can provide rapid insights to cut through the noise of daily alerts, drastically reducing response times.
AI can explain the behavior of malicious scripts
AI can help address many challenges in cybersecurity, such as the massive amounts of data that no amount of humans can help protect and the hundreds and thousands of devices to protect a single organization. AI improves its knowledge to “understand” cybersecurity threats and cyber risk by consuming billions of data artifacts. It analyzes relationships between threats like malicious files, suspicious IP addresses or insiders in seconds or minutes. In addition, experts can learn a lot about vulnerabilities in their network or software and the threat actors who try to attack it by using AI to set up honeypots on decoy servers.
AI is being used in a variety of ways to improve cybersecurity. Some of the most common applications of AI in cybersecurity include:
- Malware detection: AI can be used to detect malware by analyzing its behavior and comparing it to known malware signatures.
- Network intrusion detection: AI can be used to monitor network traffic for suspicious activity, such as unauthorized access or data exfiltration.
- User behavior analytics: AI can be used to track user behavior and identify suspicious activity, such as clicking on phishing links or downloading malicious files.
- Vulnerability scanning: AI can be used to scan systems for known vulnerabilities.
- Security orchestration, automation, and response (SOAR): AI can be used to automate security tasks, such as incident response and remediation.
Risk-based Vulnerability Management (RBVM)
AI-Based, Real-Time Threat Detection at Scale
Cybersecurity remains one of the top sources of risk in the enterprise. This has been exacerbated by the global pandemic, which has forced companies to accelerate digitization initiatives to better support a remote workforce. NVIDIA Morpheus lets cybersecurity developers and independent software vendors build high-performance pipelines for security workflows with minimal development effort. With Morpheus, enterprises can observe all their data across their entire network and apply Al inferencing and real-time monitoring to all necessary packets and data streams - at a scale previously impossible to achieve. For more information, visit the Morpheus web page.
|
|
|
Back in Black Hat: The 7th Annual Black Hat USA NOC Report
With the world going virtual, and Black Hat being no exception, come find out how we've spent the last two years changing, adapting, and preparing for an event that's both in person, and broadcast to the world. We'll share what we're using to stabilize and secure one of the most notorious networks in the world, what worked, what didn't, and all the shenanigans in between. By: Neil Wyler (Grifter) & Bart Stump
|
|
How to Plan for and Implement a Cybersecurity Strategy
Planning and implementing a security strategy to protect a hybrid of on-premises and cloud assets against advanced cybersecurity threats is one of the greatest challenges facing information security organizations today. Join Lex Thomas as he welcomes back Mark Simos to the show as they discuss how Microsoft has built a robust set of strategies and integrated capabilities to help you solve these challenges so that you can build a better understanding how to build an identity security perimeter around your assets. What does a Cybersecurity architecture guide look like? What does the Cybersecurity landscape look like? What does the evolution of IT and Microsoft Security look like? What does a platform security approach look like? Can you describe the benefits of an Integrated Security Experience? How do you measure security success?
|
|
|
Nicolas Papernot - Private Machine Learning with PATE - Cybersecurity With The Best 2017
Cybersecurity With The Best hosted over 40 speakers and hundreds of attendees from all over the world on a single platform on October 14-15, 2017. Nicolas Papernot is a PhD student in Computer Science and Engineering advised by Dr. Patrick McDaniel at the Pennsylvania State University. His research interests lie at the intersection of computer security and deep learning. He is supported by a Google PhD Fellowship in Security.
|
|
Confessions of a cyber spy hunter | Eric Winsborrow | TEDxVancouver
With over 20 years of experience leading high technology companies out of Silicon Valley, Eric has played a part in shaping the industry as an executive at heavyweights like McAfee, Symantec, and Cisco. Today, he is the CEO of ZanttZ, a company that is developing stealth cyber security technology solutions. Eric and his company are at the forefront of the latest developments in the world of global espionage, and the merging of man and machine. He attests that the Hollywood-created image of the daring secret [[Agents|agent] sneaking into a foreign government's laser protected server room to steal top secret information couldn't be further from modern reality. In fact, the "James Bond" of the 21st century doesn't just use a computer, he is the computer. This talk was given at a TEDx event using the TED conference format but independently organized by a local community. Learn more at https://www.ted.com/tedx
|
|
|
Wiretapping the Secret Service can be easy and fun | Bryan Seely | TEDxKirkland
In 2014, Bryan Seely hacked the Secret Service and the FBI, and then turned himself in to alert authorities to the problem. He'll tell you what you can do about it in his very entertaining talk. Bryan Seely has garnered a great deal of national attention in the last year. He recognized there were some critical problems with the websites we use most often. He learned that not only is our personal security threatened, but so is our national security. To prove his point, Seely hacked the Secret Service and the FBI last year, and then turned himself in to alert authorities to the problem. He'll tell you what you can do about it in his very entertaining talk. This talk was given at a TEDx event using the TED conference format but independently organized by a local community. Learn more at https://ted.com/tedx
|
|
Evolution of AI Bots for Real-Time Adaptive Security
Thomas Caldwell, Sr. Director, WEBROOT AI bots historically emerged as chatbots. Early versions were rule-based, adding NLP and machine learning turned them into AI-based bots to be used in sales and support. Thousands of times faster than humans without fatigue, these AI bots have arrived. They are now being applied to Real-Time Adaptive Security. Analyzing cross domain context, events and weeding out false positives in milliseconds.
|
|
|
|
|
|
Machine Learning Techniques for Cyber Security
An introduction to machine learning and its applications in cyber-security. Presented by Vahid Behzadan for the OWASP Nettacker team.
|
|
Semi Supervised Learning In An Adversarial Environment
DataWorks Summit
|
|
|
How the Future of Cybersecurity Depends on AI/ML
SparkCognition's Director of Cybersecurity, Rick Pither, discusses the role of artificial intelligence and machine learning in the cyber security landscape. For more information on AI in cybersecurity visit: https://bit.ly/2Vdzj0j
|
|
How big data and AI saved the day: critical IP almost walked out the door
Cybersecurity threats have evolved beyond what traditional SIEMs and firewalls can detect. We present case studies highlighting how: An advanced manufacturer was able to identify new insider threats, enabling them to protect their IP A media company’s security operations center was able to verify they weren’t the source of a high-profile media leak. The common thread across these real-world case studies is how businesses can expand their threat analysis using security analytics powered by artificial intelligence in a big data environment. Cybersecurity threats increasingly require the aggregation and analysis of multiple data sources. Siloed tools and technologies serve their purpose, but can’t be applied to look across the ever-growing variety and volume of traffic. Big data technologies are a proven solution to aggregating and analyzing data across enormous volumes and varieties of data in a scalable way. However, as security professionals well know, more data doesn’t mean more leads or detection. In fact, all too often more data means slower threat hunting and more missed incidents. The solution is to leverage advanced analytical methods like machine learning. Machine learning is a powerful mathematical approach that can learn patterns in data to identify relevant areas to focus. By applying these methods, we can automatically learn baseline activity and detect deviations across all data sources to flag high-risk entities that behave differently from their peers or past activity. Speaker Roy Wilds Principal Data Scientist Interset
|
|
|
Introduction to Graphistry
Graphistry transforms the speed and depth of modern investigations. This unique investigation platform allows analysts to bring together all of their tools and data into a single environment where they can see connections, outliers, progression, and scope of security events. Key capabilities include: - Automatically connects and queries across any and all data sources including SIEMs, Spark, Hadoop, threat feeds, or any source with an API. - Displays data as interactive and intuitive graphs that allow analysts to quickly see important connections, follow leads, and pivot to new data sources on the fly. - Allows analysts to save and share complete investigation workflows as Visual Playbooks that can be reused and embedded wherever they are needed. Learn more at https://www.graphistry.com
|
|
"Security: Computing in an Adversarial Environment," Carrie Gates
Apr. 12, 2012: "Security: Computing in an Adversarial Environment," presented by Carrie Gates, CA Labs; moderated by Christopher W. Clifton, Purdue University. Security is inherently different from other aspects of computing due to the presence of an adversary. As a result, identifying and addressing security vulnerabilities requires a different mindset from traditional engineering. Proper security engineering—or the lack of it!—affects everything from website scripts to supply chain management to electronic health records to social networks to mobile phones...and the list goes on. Security is further complicated by the translation of social notions—such as identity and trust— into an online world. Worse, security itself is often viewed by both developers and users as the adversary! This learning webinar will introduce the fundamentals of security, describe the security mindset, and highlight why achieving security is difficult. What you'll learn: The security mindset what it is, why it's needed The social side of security usability, adoption, identity, trust A deeper dive on insider threat as a case study what it is, how to detect it, how to prevent it Presenter: Carrie Gates, Senior Vice President and Director of Research, CA Labs Dr. Gates has opened new avenues for collaboration in the field of cyber security for CA Technologies by leveraging government programs that further research between CA Labs and academia. She has given over 20 invited talks internationally, authored more than 40 peer-reviewed publications related to information security, and co-authored an amendment on cloud security research for the America Competes Act that was signed into law in December 2010. In October 2010, Dr. Gates was recognized for her work with a Women of Influence award from CSO magazine. Moderator: Christopher W. Clifton, Associate Professor of Computer Science, Purdue University Dr. Clifton works on data privacy, particularly with respect to analysis of private data.
|
|
|
Deep Learning For Realtime Malware Detection - Domenic Puzio and Kate Highnam
Domain generation algorithm (DGA) malware makes callouts to unique web addresses to avoid detection by static rules engines. To counter this type of malware, we created an ensemble model that analyzes domains and evaluates if they were generated by a machine and thus potentially malicious. The ensemble consists of two deep learning models – a convolutional neural network and a long short-term memory network, both which were built using Keras and Tensorflow. These deep networks are flexible enough to learn complex patterns and do not require manual feature engineering. Deep learning models are also very difficult for malicious actors to reverse engineer, which makes them an ideal fit for cyber security use cases. The last piece of the ensemble is a natural-language processing model to assess whether the words in the domain make sense together. These three models are able to capture the structure and content of a domain, determining whether or not it comes from DGA malware with very high accuracy. These models have already been used to catch malware that vendor tools did not detect. Our system analyzes enterprise-scale network traffic in real time, renders predictions, and raises alerts for cyber security analysts to evaluate. Domenic Puzio is a Data Engineer with Capital One. He graduated from the University of Virginia with degrees in Mathematics and Computer Science. On his current project he is a core developer of a custom platform for ingesting, processing, and analyzing Capital One’s cyber-security data sources. Built entirely from opensource tools (NiFi, Kafka, Storm, Elasticsearch, Kibana), this framework processes hundreds of millions of events per hour. Currently, his focus is on the creation and productionization of machine learning models that provide enrichment to the data being streamed through the system. He is a contributor to two Apache projects. Kate Highnam has a background in Computer Science and Business, focusing on security, embedded devices, and accounting. At the University of Virginia, her thesis was a published industrial research paper containing an attack scenario and repair algorithm for drones deployed on missions with limited ground control contact. After joining Capital One as a Data Engineer, Kate has developed features within an internal DevOps Pipeline and Data Lake governance system. Currently, she builds machine learning models to assist cybersecurity experts and enhance defenses.
|
|
Fraud Detection
Thwart Fraud Using Graph Enhanced Artificial Intelligence
Amy Hodler, Analytics Program Manager at Neo4j and Scott Heath, Graph Practice Lead at Expero: This webinar will help you understand how successful financial services, banks and retailers are using graph technology and embedding intelligence to quickly identify risk and fraud patterns as they evolve. Fraudsters are now using more sophisticated and dynamic methods for credit card, money laundering and other types of fraud. Leveraging graph technology will allow you to see beyond individual data points and uncover difficult-to-detect patterns. Hear how to maximize time and resources with graph technology vs. traditional approaches.
|
|
|
AI has helped us prevent billions in fraud: Mastercard’s Ed McLaughlin
Mastercard President of Operations and Technology Ed McLaughlin discusses the upcoming artificial intelligence conference at the White House and how his company is utilizing AI.
|
|
Build A Complete Project In Machine Learning | Credit Card Fraud Detection 2019 | Eduonix
Look what we have for you! Another complete project in Machine Learning! In today's tutorial, we will be building a Credit Card Fraud Detection System from scratch! It is going to be a very interesting project to learn! It is one of the 10 projects from our course For this project, we will be using the several methods of Anomaly detection with Probability Densities. Artificial Intelligence and Machine Learning E-degree - https://bit.ly/34tCH6S We will be implementing the two major algorithms namely, 1. A local out wire factor to calculate anomaly scores.
2. Isolation forced algorithm. To get started we will first build a dataset of over 280,000 credit card transactions to work on! Get access similar 5 more projects here in this with certification- https://bit.ly/2Q2dX3Q You can access the source code of this tutorial here: https://github.com/eduonix/creditcardML You can even check FREE course on Predict Board Game Reviews with Machine Learning on https://bit.ly/2Wm2uKW Learn Machine Learning By Building Projects -https://bit.ly/2ZNkK5T Machine Learning For Absolute Beginners -https://bit.ly/2Q2pNe7
|
|
|
Leveraging Machine Learning for Fraud Analytics (Cloud Next '18)
We will showcase how we can build advance accelerators for Fraud Analytics solutions leveraging Google Stack. We will demonstrate how these accelerators fill the gaps that exists within other Fraud Analytics solutions currently available in the market today and how it can offer several benefits including real-time processing, increased accuracy, scalable database and high performance. MLAI102 Event schedule https://g.co/next18 Watch more Machine Learning & AI sessions here → https://bit.ly/2zGKfcg Next ‘18 All Sessions playlist https://bit.ly/Allsessions Subscribe to the Google Cloud channel! → https://bit.ly/NextSub
|
|
MITRE ATT&CK™
Youtube search...
...Google search
knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK™ knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
Putting MITRE ATT&CK™ into Action with What You Have, Where You Are presented by Katie Nickels
MITRE ATT&CK™ has become widely adopted in the community as a way to frame adversary behaviors and improve defenses. But how can you use it for your team with what you have, where you are? Katie Nickels will break down the ATT&CK knowledge base so you understand how you can put it into action. She will explain the philosophy and approach behind ATT&CK™, then dive into how you can use it, whether you’re a one-person shop or an advanced security operations center. Katie will cover how you can use ATT&CK™ for detection, threat intelligence, assessments, and red teaming, with a focus on actionable takeaways to help your team move toward a threat-informed defense. Speaker: Katie Nickels, ATT&CK™ Threat Intelligence Lead at The MITRE Corporation Katie Nickels is the ATT&CK™ Threat Intelligence Lead at The MITRE Corporation, where she focuses on applying cyber threat intelligence to ATT&CK™ and sharing why that’s useful. She has worked in Security Operations Centers and cyber threat intelligence for nearly a decade, hailing from a liberal arts background with degrees from Smith College and Georgetown University. With more than a dozen publications to her name, Katie has shared her expertise with presentations at BSides LV, the FIRST CTI Symposium, multiple SANS Summits, and other events. She is also a SANS instructor for FOR578: Cyber Threat Intelligence and was a member of the 2019 SANS CTI Summit Advisory Board. Katie was the 2018 recipient of the President's Award from the Women's Society of Cyberjutsu and serves as the Program Manager for the Cyberjutsu Girls Academy.
|
|
|
Measuring and Improving Cyber Defense Using the MITRE ATT&CK™ Framework
Through the ATT&CK™ framework, MITRE has generated a gold mine of information about the most important tactics and techniques used by attackers and how the blue team can detect and prevent these actions. Blocking atomic attack indicators such as domain names and IP addresses might work in the short term, but understanding the higher-level tactics in ATT&CK™ helps the blue team identify and anticipate attacker activity at a higher level of abstraction, slowing attackers down and giving defenders a fighting chance. Attendees at this webcast will learn: -Why the framework is so important to security teams -How the matrix is evolving -What challenges users need to address to use the ATT&CK™ framework -How to use ATT&CK™ to improve operations -What best practices and tools are key to successfully using the framework John Hubbard is a certified SANS instructor and the author of two courses: SEC450: Blue Team Fundamentals: Security Operations and Analysis and SEC455: SIEM Design & Implementation. As a security operations center (SOC) consultant and speaker, John specializes in security operations, threat hunting, network security monitoring, SIEM design and defensive process optimization. His mission to improve blue teams led him to partner with SANS to help develop the next generation of defensive talent around the world.
|
|
DeTT&CT: Mapping Your Blue Team To MITRE ATT&CK™ - Ruben Bouman and Marcus Bakker
Cooper
|
|
|
MITRE ATT&CK™ Framework
MITRE ATT&CK™ is a knowledge base that helps model cyber adversaries' tactics and techniques – and then shows how to detect or stop them. Updated February 5, 2019
|
|
Building MITRE ATT&CK™ Technique Detection into Your Security Monitoring Environment
Randy Franklin Smith of Ultimate Windows Security and Brian Coulson of LogRhythm introduce viewers to MITRE ATT&CK™, which is a knowledge base that features adversary tactics and techniques. In this webinar, you will: - Learn about various ways to use ATT&CK, specifically in relation to designing, enhancing, assessing, and maintaining your security monitoring efforts. - Hear Brian discuss LogRhythm Labs’ project that includes aligning the ATT&CK™ matrix with log sources. - Walk through an example of the MITRE attack process from start to finish while focusing on rule development and alignment in the LogRhythm NextGen SIEM Platform.
|
|
|
Mapping Your Network to Mitre ATT&CK™ to Visualize Threats, Logging, and Detection w/ Wade Wells
Wild West Hackin' Fest Find out about upcoming Hackin' Casts, training, and in-person & virtual infosec conferences at https://www.wildwesthackinfest.com 0:00 - Hotel California
0:42 - The Mitre ATT&CK™ Map 3:21 - Three Tools 3:52 - OK But Why? 4:40 - So Hot Right Now
5:26 - Challenge Accepted 7:00 - Mitre ATT&CK™ Navigator 9:14 - DeTT&CT 18:23 - My Network's Setup Example 20:34 - Atomic Red Team 23:43 - End Credits 24:12 - Q&A Extended Edition Using open-source tools, Wade will describe how to map, test and display your network logging/detections to the Mitre ATT&CK™ framework while also comparing it to threat actors TTP’s.
|
|
Open Source Tools
Youtube search...
...Google search
Ghidra - Journey from Classified NSA Tool to Open Source
Ghidra - Journey from Classified NSA Tool to Open Source
Brian Knighton | Senior Researcher, National Security Agency
Chris Delikat | Technical Lead, CNE Research, National Security Agency
This year was a momentous one for the National Security Agency (NSA) as we released our game-changing software reverse engineering (SRE) framework to the open source community: Ghidra. This was a long and arduous process and we want to give Black Hat attendees a chance to hear from two of our experts on how we developed Ghidra, what the tool does, and the process to release it to the public. We will also share some of the insight into what it is like for NSA researchers to interact with the dynamic nature of an open source tool… and the social media attention that it attracts. Black Hat - USA - 2019 Hacking conference
|
|
|
AI Driven Cybersecurity in 4 Easy Pieces
ALEX COMERFORD | DATA SCIENTIST AT BLOOMBERG The Anaconda distribution is particularly valuable for crafting threat-detection strategies in cybersecurity. In this talk, Alex will demonstrate four key workflows for AI-driven cybersecurity — data exploration in Jupyter notebooks, data preparation in Python, training in TensorFlow, and operationalization using microservices. He will also show how Anaconda facilitates effortless orchestration among them, which streamlines the development of AI-based cybersecurity threat-detection solutions, from prototyping all the way to deploying models to production.
|
|
AI-Driven Patch Management
YouTube
... Quora
...Google search
...Google News
...Bing News
Also, AI models help in the automatic analysis of patch risk and carry out the complete life-cycle of each version release. AI-driven patch management helps in automatically identifying new patch or application release with the help of AI-models. Based on this automated discovery of the new patch, the new version update will take place across all servers and applications. AI-based patch management relies in part on algorithms that need a continual stream of data in order to keep “learning” and assessing patch vulnerabilities. There are several benefits of using AI in patch management. AI-driven patch management enables you to automate your entire application version change management. This automation is made possible with the use of advanced artificial intelligence and machine learning technologies. Also, AI models help in the automatic analysis of patch risk and carry out the complete life-cycle of each version release. Automating patch management while capitalizing on diverse datasets and integrating it into an RBVM platform is a perfect use case of AI in cybersecurity. Leading AI-based patch management systems can interpret vulnerability assessment telemetry and prioritize risks by patch type, system and endpoint.
There are several companies that use AI-driven patch management technology. Some of these companies include Atera, Automox, BMC Client Management Patch powered by Ivanti, Canonical, ConnectWise, Flexera, GFI, ITarian, Ivanti, Jamf, Kaseya, ManageEngine, N-able, NinjaOne, SecPod, SysWard, Syxsense and Tanium
Asset Risk Management (ARM): Physical Layer
The Sepio solution compares an asset’s DNA profile and Asset Risk Factor (ARF) score with your preset rules and directly connects it to an enforced policy. Any changes to an asset are accounted for, and the appropriate policy applied. Assets that breach the preset rules or get recognized as known attack tools by Sepio’s are immediately blocked, enabling instant and automated risk mitigation.Sepio’s patented machine learning technology revolutionizes asset visibility across your enterprise network and endpoints, providing effortless and continuous monitoring down to the peripherals. Sepio’s Asset DNA accurately identifies all assets based on their physical nature, ensuring that your organization can trust each device’s identity and detect any unauthorized or rogue devices. From unseen and actively evasive assets to spoofed devices, compromised hardware, and unauthorized assets connected to your network, Sepio’s improved asset visibility feature eliminates blind spots and provides comprehensive visibility into your IT/OT/IoT/peripheral assets. In addition to enhancing security, asset visibility is crucial for compliance with cybersecurity regulations. With Asset DNA, organizations can quickly identify any non-compliant devices throughout their network, down to the endpoint’s peripherals.
eMail
YouTube
... Quora
...Google search
...Google News
...Bing News
RETVec is short for Resilient and Efficient Text Vectorizer, with vectorization being a “methodology in natural language processing to map words or phrases from a corresponding vector of real numbers” and then using those to run further analysis, predictions, and word similarities Understanding NLP Word Embeddings — Text Vectorization | Prabhu - Toward Data Science
With RETVec, Gmail will be better at spotting spam emails hiding invisible characters, LEET substitution (3xpl4in3d instead of explained, for example), intentional typos, and more. Harmful email messages will have a tough time making it into inboxes. Leet speak, also known as hackspeak or simply leet, is the substitution of a word's letters with numbers or special characters. "Leet" is derived from the word "elite"
RETVec's character encoding scheme is based on the idea that words can be represented by their constituent characters. This allows RETVec to handle out-of-vocabulary (OOV) words and typos, which are common challenges for traditional word-based vectorizers. RETVec's character encoder first maps each character to a unique identifier. Then, it applies a series of transformations to these identifiers to capture local context and word-level information. The resulting character-level representation is then used to generate the word embedding.
Optional Embedding Model - In addition to the character encoding scheme, RETVec can also incorporate a small embedding model to learn more sophisticated word representations. This embedding model is trained using pairwise metric learning, which helps to improve the resilience of the word embeddings to typos and adversarial attacks.
Pipeline - the overall RETVec pipeline can be summarized as follows:
- Input text is preprocessed to remove punctuation, whitespace, and other non-alphanumeric characters.
- The text is segmented into individual words.
- For each word, its constituent characters are encoded using RETVec's character encoder.
- Optionally, the character-level representation is passed through a small embedding model to generate a more sophisticated word embedding.
- The resulting word embeddings are used as input for downstream NLP tasks.
Out-Of-Vocabulary (OOV)
YouTube
... Quora
...Google search
Out-of-vocabulary (OOV) refers to words or phrases that are not found in a predefined vocabulary or lexicon. These words can pose challenges for natural language processing (NLP) tasks, as the model may not be able to recognize or interpret them correctly. To handle OOV words, NLP systems can employ various techniques, such as:
- Word embedding: Representing words as vectors in a high-dimensional space, where similar words are located closer together. This allows the system to infer the meaning of OOV words based on their context and similarity to known words.
- Morphological analysis: Breaking down words into their constituent morphemes (the smallest meaningful units of language), which can provide clues about the meaning of OOV words.
- Unsupervised learning: Using unlabeled data to learn patterns and representations of words, including OOV words, without the need for explicit labeled examples.
- Context-based prediction: Utilizing the surrounding words and context to predict the meaning or part of speech of an OOV word.
The handling of OOV words is an ongoing area of research in NLP, as it is crucial for developing robust and versatile language processing systems that can operate effectively in real-world scenarios.
Data Center Security
YouTube
... Quora
...Google search
...Google News
...Bing News
Inside Azure datacenter architecture with Mark Russinovich | BRK3097
Join Mark Russinovich, Azure CTO, to learn how Microsoft Azure enables intelligent, modern, and innovative applications at scale in the cloud, on-premises, and on the edge. Microsoft Azure has achieved massive, global scale, with more than 50 announced regions consisting of over 100 datacenters, and it is growing fast. It delivers the promise of cloud computing, including high-availability, extreme performance, and security, by custom designing software and hardware to work best together. Mark takes you on a tour of Azure datacenter architecture and implementation innovations, describing everything from Azure global infrastructure, to how we enable large-scale enterprise scenarios on both cloud and edge, and more. Microsoft Learn for Azure -- https://aka.ms/IntrotoAzure Find your Tech Community https://aka.ms/FindyourTechCommunity Fast Track -- https://aka.ms/FastrackforAzure
|
|
|
Google Data Center Security: 6 Layers Deep
Security is one of the most critical elements of our data centers’ DNA. With dozens of data centers globally, security operations means managing a massively complex network. Follow Stephanie Wong, as she journeys to the core of a data center, to show you the six layers of physical security designed to thwart unauthorized access. She’ll meet experts along the way to explore the inner workings of the technology and systems that make Google Cloud one of the most robust enterprise risk management platforms. Data Centers (Data & Security) → https://goo.gle/2LmkzF3
Google Cloud (Trust & Security)→ https://goo.gle/3dFDQNT Follow Stephanie on Twitter→ @swongful Subscribe to Google Cloud Platform → https://goo.gle/GCP Product: Data Center
|
|
Inside a Google data center
Watch our newest 2020 Data Center Tour → https://goo.gle/CloudData Joe Kava, VP of Google's Data Center Operations, gives a tour inside a Google data center, and shares details about the security, sustainability and the core architecture of Google's infrastructure.
|
|
|
The MOST SECURE data center in the world (The underground cloud)
The most protected data center in the world is located 150 feet below Kansas City, in the caves known as Subtropolis. Everyone seems to know of a unique location for us to explore next. Let us know YOURS at: https://www.offthecuf.com A Flutter Brothers Production Music by Robert Pirogovsky, https://www.robertpirogovsky.com/ Created by Chris and Harris With help from Eric Ford #Technology #thecloud #tech Subscribe to our newsletter: https://www.offthecuf.com/joinus
|
|
The World’s Most Secure Buildings
From underground military bunkers and gold reserves to historic and rarely accessed religious archives, we've unlocked the world’s most secure buildings. For more by The B1M subscribe now: https://ow.ly/GxW7y Go Behind The B1M. Click "JOIN" here - https://bit.ly/2Ru3M6O The B1M Merch store - teespring.com/stores/theb1m Footage and images courtesy of Sarah Scoles, U.S. Air Force, Google Earth,United States Department of Defence, Trevor Hughes, Senior Sergeant Bob Simons of the United States Air Force, Centro Televisivo Vaticano Archivio, John Coffman, Travis Good, Scott Holmes, Federal Reserve Bank of New York, Emil Nordin, Jonathan Nackstrand, Jonas Krantz, Roger Schederin, Ake E-Son Lindman, United States National Parks Services, Official White House Photos by Chuck Kennedy, Andrea Hanks and Pete Souza View this video and more at - https://www.TheB1M.com Like us on Facebook - https://www.facebook.com/TheB1M
|
|
|
Top 5 Biggest Data Centres in the World
With over five billion people connected to the internet, as of 2019, and the need for data storage and processing growing at an exponential rate, the past decade has seen data centres grow to the size of small cities. Here are the five biggest data centres in the world. WATCH AND ENJOY !!!
|
|
Data Vault
Solutions:
- VectorZero's cloud-based cybersecurity solution, Active Data Vault, uses AI to provide high-assurance, secure confidential computing. The AI-enabled security solution encrypts data in transit, at rest, and during use while data is active, ensuring that even the company's software service providers do not have keys to the data. VectorZero Technologies LLC has pioneered a new class of AI-enabled security-as-a-service software. The solution uses thousands of security controls integrated into one software solution. VectorZero is a company that provides a high-assurance, high-utility data vault powered by advanced key management, post-quantum encryption, and edge-to-cloud chain of trust.
- Skyflow offers a Generative AI data privacy solution with their Large Language Model (LLM) Privacy Vault. It provides comprehensive privacy-preserving solutions that let companies prevent the leakage of sensitive data into LLMs. The LLM Privacy Vault is designed to protect sensitive data by using Generative AI to create synthetic data that can be used for testing and development purposes.
Concept