What is your doctoral thesis about?

1. “It is about creating a security monitoring system for the
   ALICE computational
   grid. ALICE is one of the major LHC experiments. The grid is
   made up of computer centers interconnected around the world that
   allow scientists to run applications for analyzing data obtained
   from particle collisions inside ALICE. My project is composed of a
   software framework that isolates applications scientists use in a
   sandbox. Then, it collects information about the behavior those
   applications, classifying them as normal or malicious using Machine
   Learning (ML). And finally, it allows performing actions upon
   detection of malicious behavior, such as sending alerts or stopping
   their execution.”

That’s amazing. Researching protecting such a tremendous scientific
“device” is undoubtedly a huge challenge. Andrés has been featured
in the prestigious magazine Scientific American.
He told us that the CERN, owner of the LHC, is a constant target for
cyber attacks and that this is not surprising: many CERN systems are
exposed to the Internet. We wanted to know more about ML in his work…​

Tell us a bit about how ML contributes to the framework you
developed

1. “I used two ML models. The first performs a classification of
   applications into malicious and non-malicious. The other generates
   synthetic attacks to improve the training of the first.
   I used thousands of examples of typical applications as well as
   Linux malware for training and testing both models. My framework
   managed to identify malicious software with an accuracy of 99% and
   less than 0.06% of false positives.”

Impressive. We see a link to what we shared days ago on
antifragility and this cutting-edge work. By constant
training and exposure to stressors, the framework makes itself better
and better (just like lifting weights). According to Cybersecurity
Ventures,
by 2021 it is estimated that cybersecurity damages will add up to USD
6 trillion in the world, 3 trillion more than in 2015. These ML
designs, capable of detecting security weaknesses and responding are
seen as an answer for the rampant threats nowadays. If you want to dig
deeper into Andrés’ work, here is a
link of a recent paper.

Now, we turn to more general security-related issues with him.

In your opinion, what trends in cybersecurity we should pay
more attention to?

1. “I think of three relevant topics:

   • One is the use of Artificial Intelligence (AI) for both attack
     detection as well as for vulnerability detection. I focused on
     the former in my doctoral research.

   • Another is the implementation of cryptographic techniques to
     increase reliance in execution environments, so user privacy is
     improved. For example, by using something called homomorphic
     encryption, an end-user could cipher his/her sensitive
     information before sharing it with a third-party (i.e., a
     company). The third-party can then perform operations over the
     encrypted data and finally, the user deciphers the results. No
     one (especially potential attackers) has access to plain,
     actionable data. Homomorphic encryption is used, for instance,
     in blockchain-based applications.

   • The last trend is the emergence of computer systems designed
     from formal mathematical models which, in theory, are
     vulnerability-proof.”

An example of that vulnerability-proof software can be found
here.

As a company focused on proving security in an offensive way, AI is
definitely a focus of research for us. Although we haven’t yet got dirty
developing ML or AI artifacts, is something very likely to happen
soon.

What threats are worth “having on the radar”?

1. “In general, with the rise of AI, I believe we will start to see
   more attacks that learn automatically from the environment where
   they are carried out. Attacks on “Internet of Things” (IoT)
   devices have also wreaked havoc in recent months. Finally, the
   leakage of sensitive user data is becoming more problematic as time
   passes on.”

IoT weaknesses and leakage of sensitive information are well
under our scope.
We provide Continuous Hacking.
If you have IoT devices deployed on your premises,
we can help you identifying attack vectors,
as well as providing ways to increase their security.
We can help you to protect better your sensitive information.

Our services rely on highly-skilled security analysts as well as on
technology designed to deliver real value to your company. But, we go
further. Get in touch so we can discuss how we can
help you.

We continue our conversation with Andrés.

What do you think is a persistent problem within
organizations?

1. “I would say there are still many companies receiving well-intended
   warnings from third parties concerning security holes in their
   systems. But, instead of taking a good skill in fixing the problems
   and thanking the contributions, what they do is threaten or sue the
   guy pointing to the risk.”

This is a sensitive topic and a critique. We know that some companies
foster this kind of actions in what is called Big Bounty programs, with
clear rules and rewards. These companies, presumably, have reached an
understanding of the costs of a cybersecurity breach, so these programs
are a win-win. Is it a matter of rules? Is it a matter of incentives? It
is a topic worth discussing in more depth in the future.

We want to conclude this post with two quick questions to Andrés:

Where should companies focus their learning efforts to
improve their risk management?

1. “Organizations should adopt a data-driven strategy and invest in
   automation. They should also invest in research to stay relevant in
   a continuously changing field.”

Do you expect any further development based on your doctoral
thesis?

1. “I am exploring to go further with the framework. The idea is to
   push what has been developed so far in a research stage into a
   commercial product that can be put to work in different
   organizations.”