Next-generation cybersecurity via data fusion, AI, and big data: Pragmatic lessons from the front lines in financial services
Who is this presentation for?
- CISOs, CDOs, CIOs, and CEOs and anyone interested in making advanced technologies work for everyday problems
What you’ll learn
- Learn the power of combining big data with AI/ML in the context of real cybersecurity, how to make this work well with humans in the new SOC, and the power of collaboration to address daunting unsolvable problems
At the center of the global financial institution is trust. Trust is a differentiator for the modern customer, and in a hyperconnected world, customers demand that their most sensitive personal information (i.e., identity, address, salary, mortgage, credit card spending, pension, travel, and shopping habits) are kept safe. Usama Fayyad and Troels Oerting share outcomes and lessons learned from building and deploying a global data fusion, incident analysis/visualization, and effective cybersecurity defense based on big data and AI at Barclays, in collaboration with several financial services institutions.
Barclays recently rebuilt its Global Information Security Division to be strategic, intelligence led, and future-proof by implementing new capabilities and developing a new “fusion cell” concept that is able to utilize big data, AI, and machine learning. This enables a truly strategic view for the bank’s operations and has already led to new and enhanced functions, including cyberintelligence, insider threats, red teaming, threat hunting, cyberinnovation, and outreach. At the heart of the system is a context cloud, as the change from big data is powered by the context and focus. Context, generated by analytical judgements, reference data and historical understanding is pushed into the stream enriching new data automatically. This means a human-led, machine-driven SOC with highly trained and skilled analysts at its heart. It is also supported by next-generation technology and expanded insight. Analysis and response requires the ability to create inference based on machine learning, statistics, and other matching techniques. Machine-generated inference needs to communicate the uncertainty around its validity to SOC staff and decision makers. Communicating uncertainty and the relative likelihood false positives will be key. Success is dependent on the ability to harness autonomous agents that have the ability to analyze large volumes of data automatically and in real time.
Partnership is the new unique selling proposition. Each hub is interconnected, with shared infrastructure, offering a two-way connected exchange and collaboration on response. These hubs are integrated with the geographically disparate centres of excellence and promote innovation and capability through “share by default” alerts to external events and changes in environment. This new cooperation philosophy must rest on existing or future data privacy and data protection legislation that regulates what can be exchanged, by whom, and how. This is part of the trust at the center of public-private partnerships.
We need to improve cooperation between financial institutions and other companies holding big digital assets. It’s not enough to share outdated incomplete information with limited value. We need to share much more detailed information on how adversaries have tried or succeeded in breaching us to help our colleagues either patch or change procedures. If a company is hacked on Monday, a neighboring company is sure to be hacked or DDoSed on Tuesday. An ideal solution would be to establish a regional SOC of SOCs. The second-best solution would be to develop a secure platform that could be accessed only by approved platform members to upload indicators of compromise, malware, and other actionable information. The information would be searchable through advanced tools and utilization of AI and would provide advance alerts and flag selected dangerous new tools or modus. Such an entity should of course be supervised according to privacy and data protection
Absolute security does not exist in the physical world; neither does it exist in the virtual world. If we invest in next-generation security and cooperate, we will, at least, be able to provide the same—and hopefully acceptable—level of security in both worlds.