Categories
Articles

How to Phish, and how to stop it

Wout Debaenst’s FIRST talk described the preparatory steps an adversary must take before conducting a targeted phishing campaign, and the opportunities each of these presents for defenders to detect and prevent the attack before it happens. The talk was supposed to be accompanied by live demos, but these were sufficiently realistic that the hosting provider […]

Categories
Articles

The future of automated incident response

My post about automating incident response prompted a fascinating chat with a long-standing friend-colleague who knows far more about Incident Response technology than I ever did. With many thanks to Aaron Kaplan (AK), here’s a summary of our discussion… Developments in automated defence AK: Using Machine Learning (“AI”) in cyber-defence will be a gradual journey. […]

Categories
Articles

Effective Threat Hunting

Threat hunting is perhaps the least mechanical of security activities: according to Joe Slowik’s FIRST presentation the whole point is to find things that made it past our automated defences. But that doesn’t mean it should rely entirely on human intuition. Our hunting will be much more effective if we think first about which threats […]

Categories
Articles

Does the AI Act allow automated network defence?

In response to my posts about the relevance of the draft EU AI Act to automated network management one concern was raised: would falling within scope of this law slow down our response to attacks? From the text of the Act, I was pretty sure it wouldn’t, so I’m grateful to Lilian Edwards for the […]

Categories
Articles

Thinking about automation

To help me think about automated systems in network and security management, I’ve put what seem to be the key points into a picture. In the middle is my automated network management or security robot: to the left are the systems the robot can observe and control, to the right its human partner and the […]

Categories
Articles

Getting a Feel for AI Terrain

Decisions whether or not to use Artificial Intelligence (AI) should involve considering several factors, including the institution’s objectives, purpose and culture, readiness, and issues relating to the particular application. Jisc’s Pathway Towards Responsible, Ethical AI is designed to help you with that detailed investigation and decision-making. But I wondered whether there might be a check […]

Categories
Articles

Data Protection expectations on Vulnerability Management

Legal cases aren’t often a source for guidance on system management but, thanks to the cooperation of the victims of a ransomware attack, a recent Monetary Penalty Notice (MPN) from the Information Commissioner (ICO) is an exception. Vulnerability management was mentioned in previous MPNs (e.g. Carphone Warehouse, Cathay Pacific, and DSG), but they don’t go […]

Categories
Articles

Change: A Feature, not a Bug

Reading the Machine Learning literature, you could get the impression that the aim is to develop a perfect model of the real world. That may be true when you are trying to distinguish between dogs and muffins, but for a lot of applications in education, I suspect that a model that achieved perfection would be […]

Categories
Articles

Swaddling AI

I’ve been reading a fascinating paper on “System Safety and Artificial Intelligence”, applying ways of thinking about safety-critical software to Artificial Intelligence (AI). Following is very much my interpretation: I hope it’s accurate but do read the paper as there’s lots more to think about. AI is a world of probabilities, statistics and data. That […]

Categories
Articles

Visualising the Draft EU AI Act

I’m hoping to use the EU’s draft AI Act as a way to think about how we can safely use Artificial Intelligence. The Commission’s draft sets a number of obligations on both providers and users of AI; formally these only apply when AI is used in “high-risk” contexts, but they seem like a useful “have […]