1. Emerging Technology (OBJ 1.8)
In this section of the course, we’re going to discuss some emerging technologies. Throughout this section, we’re going to be focused on domain one security architecture, and specifically objective one eight that states that you must explain the impact of emerging technologies on enterprise security and privacy. Your organization is constantly being exposed to new threats and technology trends every single day. As a cybersecurity professional, it is your job to keep up with them, understand how to address them, and understand how to get ahead of new and disruptive technologies that are constantly being released into the industry. It seems like not a single day goes by, though don’t see some news about a newly discovered threat or exploit that’s being used against our networks.
Whether it’s a new type of ransomware, a buffer overflow attack, or simply a different social engineering technique, threats are constantly evolving in an effort to get around our defenses. One way that we can keep up with all the latest emerging threats is to use threat intelligence. Now, threat intelligence helps organizations with gaining knowledge about new risks and exploits that are being used across the industry. Open source and commercial based threat intelligence are also going to be available in the marketplace. Now, threat intelligence organizations have been designed to find the trends in that data from a wide variety of sensors across the Internet and across the organizations that they’re contracted to help protect.
With this large amount of data at their disposal, these specialized threat intelligence organizations can usually spot the emerging threats and emerging trends before a single cybersecurity professional like you or I really could. Now, disruptive technologies are going to exist in every industry. For example, if we look back over the last ten years or so, we saw companies like Uber and Lyft that caused a huge disruption to the traditional taxicab marketplace. Online training is another disruptive technology, and it’s displaced many traditional certification boot camp style providers from the technical training industry. Many of these disruptive technologies, though, are really focused on being revolutionary and getting to the marketplace first.
Now, sometimes this can be at the detriment of security. Security takes time, effort, and resources to achieve. If your organization is looking at adopting a disruptive technology, you should first do a proper security assessment of that technology. Over the next couple of years, there’s going to be a lot of disruptive technologies out there affecting our organizations. For example, there’s the upgrading of our cellular networks from four G to five G, wireless with its increased speeds, and always on connections. We have machine learning, big data, and artificial intelligence that will all become commonplace throughout the organizations as well. A large movement has already begun to occur towards mobility, with the focus of bringing your own device initiatives taking place at many organizations. As we look towards these disruptive technologies and their impact, it’s important to identify security trends.
A few trends have already begun to emerge that are going to continue into the next several years and decades. This includes the use of blockchain technology and security, automated threat seeking, artificial intelligence, bots, behavioral analytics for system protection, and the move towards securing the Internet of things. Many organizations have also begun to adopt a zero trust model. This is where an organization has a highly defensible posture and essentially trusts no one, either internal or external to their organization. So in this section, we’re going to explore some of the newer, more modern technologies that are used in It and the cybersecurity industries, and how this can affect our organizations and our enterprise networks.
First, we’re going to explore artificial intelligence and machine learning, also known as AI and ML, and the differences between these two. Next we’re going to take a look at deep learning, which is a class of machine learning algorithms that use multiple layers to extract higherlevel features from different types of raw data input. Then we’ll move into big data, which is a term used to describe extremely large and hard to manage amounts of data. This data can either be structured or unstructured data that your organization needs to process and extract information from so that it can make sense of all the data it collects on a given topic area.
Next, we’ll move into our coverage of the blockchain and distributed consensus and their business applications. Then we’re going to jump into advanced authentication and advanced encryption. After that, we’ll explore virtual and augmented reality technologies, as well as 3D printing, nanotechnology, and finally, quantum computing. As you can see, we have a lot of different topics and technologies to cover in this section of the course. So let’s jump right into our discussion of the different emerging technologies that might be utilized within your security architectures.
2. Artificial Intelligence (AI) & Machine Learning (ML) (OBJ 1.8)
Lesson. We’re going to talk about artificial intelligence and machine learning. First, let’s talk about artificial intelligence. Artificial intelligence is the science of creating machines with the ability to develop problem solving and analysis strategies without significant human direction or intervention. Essentially, we want to have a machine that can think for itself and simulate the human decision making process. Now, there are a lot of great things that artificial intelligence can do, especially in the cybersecurity industry. Using artificial intelligence, we’re able to create expert systems. The earliest attempts at artificial intelligence really was more akin to automation, where the system was given a large set of if then else statements that told it exactly how to think based on a limited data set using knowledge basis and set rules.
But modern AI can actually think for itself and create its own rules, and this is where things get really interesting in terms of cybersecurity. With an artificial intelligence system, the AI uses an algorithm with some training data to learn how to respond to different situations over time. They learn by copying and adding more information to their own data sets, and they evolve and they grow. Artificial intelligence can learn from its past experiences as well, which can help it to identify incidents faster and lower your overall incident response times. Unlike our human analysts, AI can go through hundreds, thousands, or even millions of items every single day, making quick decisions to decide if something is malicious or benign. But the real benefit is that AI isn’t reliant on signaturebased indicators of compromise, but instead it learns over time, just like the bad actors do. AI is truly the future, but it won’t replace all of our human analysts.
So don’t worry about losing your job just quite yet. After all, machines make mistakes just like people do. The best AI deployments are the ones where AI is being used in conjunction with our human analysts. So the AI can take care of all the obvious malicious things and all the obvious benign things, but it leaves the difficult cases to a human to actually analyze and make the right decision on. There are some limitations and drawbacks of using AI in your security architectures, though, that you have to be aware of. First, there are resource issues involved when you’re dealing with AI, because companies need to invest a ton of time and money to get a workable AI system that is properly trained and tuned and ready for production level work. Second, the data sets used for training can be a huge limitation for you. Your AI is only going to be as good as the training it receives from your data sets.
To properly train the AI, your team needs to have a wide variety of data sets, including malicious codes, malware, anomalies insider threat examples, and more. Third, AI is not just used by the defenders, but it’s also beginning to be used by the attackers too. As AI continues to develop there are now AI hackers on the loose that are developing more and more advanced attacks against our enterprise networks. So you need to be aware of this. And fourth, neural fuzzing is also used for both attack and defense. Fuzzing is a process of testing large amounts of random data as an input to a piece of software to identify its vulnerabilities. Now, when you use neural fuzzing, defenders and attackers can leverage AI to test large amounts of randomized inputs to find zero day vulnerabilities within your code. So like most things in life, AI can be a great thing or it can become your worst nightmare depending on how much you invest into it and if you’re ready to defend against it as well.
The second thing we’re going to talk about is machine learning. Now, machine learning is really a subset of artificial intelligence. Machine learning is an application or subset of AI that allows machines to learn from data without being explicitly programmed. This is really a cool thing because we can give the machine learning algorithm a huge data set and it’s going to begin to find its own patterns to match the dataset’s existing labels. To use machine learning, you’re first going to need to provide it with a labeled dataset where you’ve already labeled things into categories. Over time, the machine learning application is going to modify itself to identify things based on patterns it determines from our existing training data set. Now, as we feed it new data, it can label and categorize that data by itself based upon the patterns it already taught itself in the previous examples.
So this makes machine learning really adept at labeling and categorizing things. If I wanted to go through a data set and say this is malware and this isn’t, and this is malware and this isn’t, I can train the machine with a data set to do that for me. The machine can then take over using its behavioral engine and its machine learning to identify on its own what is and is not malware as it sees new code. Now, this is not a rule based instruction set, but instead it’s a pattern algorithm that the machine taught itself based upon the large data set we provided and trained it on. And then it learned that on its own to create its own rules.
Moving forward, let’s take a moment and look at a real world example of machine learning so you can get an idea of how these things work and why they can be really good or they can lead us astray. Now, one of the earlier machine learning experiments that was performed was focused on training a machine to identify what was a party and what was not. So the researchers began showing the machine learning application a lot of different images and they labeled those and properly categorized them as a party or not a party. So for example, if I showed the computer an image like this one, I would categorize it and say this is a party. There’s a bunch of people there, they’re having a good time and they’re playing with some confetti. Looking at it as a human, I can clearly see, yes, this is a party.
Then the researchers showed it another image and this one was categorized to show the computer what a party doesn’t look like. So here you can see what looks like people at the office working. So, no, that’s not really a party. Now, as a human, this is really easy to see, but the computer needs to start making its own assumptions based on what it’s seeing in these images. Maybe the computer decided because there were people smiling, it was a party. Or maybe because there was people who were frowning, it wasn’t a party. We didn’t tell the computer how to decide which is and is not a party. We just told it the first image was a party, the second image wasn’t a party. But we left the machine with the task of creating its own patterns to decide how it makes its decision, just like we do with kids in the real world. So the researchers kept doing this with images.
They did four or 5000 images. So, for example, here’s another one. Is this one a party? No, it looks like they’re at a conference. They look like they’re at a work event. They’re smiling, which is usually a good sign of a party, but they’re obviously not at a party. And so I, as a human, will say, no, this is not a party. Then we go on to the next one. What about this one? Do you think this is a party? Well, there’s a couple of ladies dancing. That looks like a party to me, right? So they’re probably having a good time, either at a club or at a friend’s house. And they have a drink in their hand and they’re smiling and having a good time at what looks to be a party. So I would say, yes, that’s a party. And we keep going this way. Right? Here’s another one. Here’s one where people are sitting around a table, they’re eating, they’re having a good time.
There’s a lot of different people at this table, so it looks like they’re maybe having a dinner party, which is a type of party, but not one that we’re dancing at. So, again, I can categorize this as a human and very clearly say this is a party. Now, in this example, I went through just five images, which is a very limited data set. But let’s say I continue to do this, and I did this with four or 5000 images, that would be enough for the computer to start making decisions on what is and is not a party. Now, there is a slight problem with this, though, and this is what happens when you train the computer poorly. Do you see what we just did? In our five images, we poorly train this computer. The problem here is that we just use these five images or even if we use 5000 images that look similar, the computer would have made some unsafe assumptions about what a party is and what a party isn’t.
And this is accidentally what happened in this machine learning experiment when they did it at scale with thousands of images. So what was the problem? Well, the problem is with the training data we just gave this computer, we just trained it to be racist. That’s right. If you look back at the five images we just went through, you can pause the video, rewind it and go and watch them again. You’re going to see that all the people who are at parties were white men and women. That’s what we said was a party. In fact, the only image that had somebody who was of a darker complexion happened to be at the business conference, which we said was not a party. So this computer has now learned that for a party to exist, it has to have white people there. Now, this is one of the major problems with machine learning because if you give it a bad data set that contains these type of overtones, you can train these machines to be racist, to be discriminatory, or simply to misclassify things and miss really important things in the data set.
Therefore, you have to be very careful with the data sets you’re providing your machines so they can learn and properly teach themselves. This is the big danger with machine learning. Machine learning is only as good as the data sets that are used to train it. So you have to keep this in mind when you’re going through and building up your data sets that you’re going to use for machine learning. If you’re trying to train a machine learning application to understand what malware looks like, you need to make sure you identify properly what is and what is not malware when you feed that into the data data set. Because this is what the machine is going to train itself on and it’s going to make its conclusions based on the data set you give it.
3. Deep Learning (OBJ 1.8)
So now at this point we’ve already talked about artificial intelligence and machine learning. But now we’re going to dive a little bit deeper and go into the concept of deep learning. Now deep learning is a refinement of machine learning and it enables a machine to develop strategies for solving a task given a labeled dataset just like we talked about. Now all of that so far sounds a lot like machine learning but here’s the key difference we’re going to do it without further explicit instructions. Now, this is accomplished by creating an artificial neural network or an. This is an architecture of input hidden layers and then output layers that can perform an algorithmic analysis of a data set to achieve an outcome’s objectives.
Now, essentially when you have an artificial neural network this is the pathways that are being created based on the learning that it’s going to be doing inside of this algorithm. So as it’s learning it starts making its own feedback loops of what is right in terms of if then decisions. This neural network is being developed on the fly by the computer based upon what it’s learning from the datasets that you provided during your training and what it starts to see as it experiences things in the real world. With regular machine learning you may need to categorize and label some real world events to help modify and approve what the machine thinks it has learned. But with deep learning this is all handled by the system without any intervention from you. This allows a machine learning system to adjust its neural networks over time and get smarter.
They do this to try to reduce errors and optimize its objectives because they’re trying to always get better at identifying whatever it is you’re trying to get them to properly identify such as what is a party or what is malware. Essentially with deep learning I can just hand it a data set and it’s going to start making its own determinations. I don’t have to do all the categorization for it or all the labeling. That’s the difference between deep learning and machine learning. Now, deep learning uses complex classes of knowledge to find in relation to simpler classes of knowledge to make more informed determinations about an environment. At the beginning we might give the machines a simple data set and say this is malware, this isn’t malware.
But then I turn it over to the machine and it can learn from there much better on its own based on what it sees and what it doesn’t see of what is malicious code and what it isn’t based on its observations over time. Basically the system starts out like a child and it doesn’t know much. But as it learns and grows it creates deeper and deeper connections inside its neural networks to make better decisions over time to help solidify what the differences are between machine learning and deep learning let me give you an example that applies to the cybersecurity world. Let’s say I have network traffic, and I’m going to take that as my input to the system. Then I want to be able to categorize that traffic and say, this packet is benign, it’s not dangerous. But this other one over here, it’s malicious.
This next packet, it’s okay. And this one, this is something that’s bad and needs to be flagged. Now, if I’m dealing with regular machine learning, I would have to have somebody sit there and determine which ones are the malicious factors in order to start training the system on what a malicious packet looks like. Your organization might train your system for a week period or a month or even a six month period where there are going to be cybersecurity analysts who are actually going through and categorizing that traffic that they’re seeing as either malicious or benign. And then based on that, the system starts to go and learn and train itself based on those things and what you categorize. So now it knows what malicious looks like, and eventually the computer can take over using its newly learned algorithm.
But if we’re dealing with deep learning, we don’t have to have a human there training it the whole time. Instead, we simply send it to network traffic, and over time, it’s going to make its own decisions on what is benign and what is malicious, effectively training itself. Those deeper connections are going to be made by figuring out other things that it sees in the network to figure out what makes something malicious. So how would the computer know this? Well, maybe it’s able to see your whole network and it sees one computer that you took offline Reimaged, and then you put it back online. And so now it knows there is something bad on that system.
Based on that, it can go back and look into the logs and figure out what it was that may have been an indicator of that malicious traffic that made you want to take that system offline. Over time, these systems can learn, adapt, and train themselves, which makes them very adept at finding new patterns and new indicators of compromise that we as humans may miss. Now, are we there yet with these systems? And are they working 100% of the time with deep learning and all that goes with it, for us to be able to do all of this on its own without any people? No, of course not. We’re not quite there yet, but we’re getting better and better all the time. Now, many of my students get worried when they hear about this type of deep learning, and they think it’s going to put us, as humans out of a job.
But I’m going to tell you this, that’s not going to be the case, because we still need people to make decisions. We still need people to look at those things and make decisions based on business operations and the threat and the myriad of other factors that exist that computers just aren’t good at. In fact, in the scenario I just went through, I never said that the system would take any response actions. I only told you that it was going to use deep learning to label each piece of network traffic as either malicious or benign. Instead, we’re going to rely on a human analyst to decide what response action to take based on the traffic and its label that the system has given it. Now, some of the newer systems are trying to take the human out of the loop completely, but that is a really dangerous thing to do, because now you’re relying solely on the computer’s decision.
And then it could take follow on actions like removing your system from the network, reimaging that machine and other things without your knowledge or consent. Yes, using machine learning and deep learning can help automate and gain efficiencies. But if you rely on it solely, you are adding considerable risk to your business operations. Now, two other areas that we need to consider when it comes to enterprise security and privacy that’s going to be involved with this deep learning are natural language processing and deep fakes. Natural language processing, or NLP, is considered a subset of deep learning, and it’s focused on giving computers the ability to understand text and spoken words in a way that matches human behavior.
For example, if you have a smart speaker in your home, like an Amazon Echo, you can simply say, alexa, please play me some music. And the speaker will begin to play you some songs that it thinks you might enjoy based on the previous types of music that you’ve listened to before. Now, the issue with natural language processing applications such as these smart speakers is that they’re often not designed in a way that would maintain a user’s privacy. One privacy concern, especially with devices like a smart speaker, is the fact that they are constantly listening for that keyword to begin processing your request. Going back to my Amazon Echo example, there’s a built in microphone into that speaker, and it’s listening all the time, and it hears everything that’s being said around it so that it can respond when it hears its keyword. In the case of Amazon, that keyword is Alexa by default.
Now, once it hears the word Alexa, it then sends the audio sample that it records of you talking to its cloud based infrastructure to process it using deep learning and natural language processing. Once it does that, it can carry out the request that you gave it from the user. So this open mic that’s sitting there in your home is really a privacy concern in a home use environment. But when you’re using these things in a business area, it’s an even bigger concern for us. This is because these devices could be hacked and they could be used to eavesdrop on our corporate planning and operation sessions. The second major privacy issue we have with NOP applications is that they have to gather and process a ton of data from their systems users.
If you work for one of these organizations that collects large amounts of customer data for the purposes of performing natural language processing, you really have to think about how you’re going to maintain your users privacy. Amazon has recently proposed a way to anonymize their customer supply data by rephrasing samples and basing their analysis on that new phrasing in an effort to increase the privacy. According to their researchers, this new approach would create a twentyfold increase in the level of privacy for Amazon’s end users. Now, another deep learning privacy concern that’s become big news in recent years is the use of deep fakes. Now, a deep fake is a synthetic media in which a person in an existing image or video is replaced with somebody else’s likeness.
Using deep learning, machine learning, and artificial intelligence, these deep fakes can allow an attacker to make it appear that the original person is doing or saying things that they never really did or said. Deep fake technology has rapidly grown in Sophistication in recent years, and many security researchers believe this technology will begin to be used in business, email compromises, and other social engineering attacks. As this technology continues to spread and becomes more accessible, deepfakes can be used by attackers to spread fake news, false executive orders to request transfers of money, and they can be used to breach and subsequently exfiltrate data from your corporate networks.
This is also a privacy concern because the persons whose image, voice, or persona is being fake is ultimately having their privacy and persona compromised by these attackers. So remember, when it comes to deep learning, natural language processing, and deep fakes, these are great technology and they can be used for a lot of good things, but they can also be used for evil. And you have to account for both as you’re building out your security architecture in your enterprise networks.
