{"id":36031,"date":"2018-11-13T19:40:42","date_gmt":"2018-11-14T00:40:42","guid":{"rendered":"https:\/\/digital.hbs.edu\/platform-rctom\/submission\/machine-learning-in-cybersecurity-cyberark\/"},"modified":"2018-11-13T19:40:42","modified_gmt":"2018-11-14T00:40:42","slug":"machine-learning-in-cybersecurity-cyberark","status":"publish","type":"hck-submission","link":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/machine-learning-in-cybersecurity-cyberark\/","title":{"rendered":"Machine Learning in Cybersecurity: CyberArk"},"content":{"rendered":"

Machine Learning in Cybersecurity: CyberArk<\/strong><\/p>\n

Eric Levine<\/p>\n

11\/13\/2018<\/em><\/p>\n

Cyberark is an Israeli cybersecurity company that specializes in Privileged Account Management. Among their customers are 50% of the Global Fortune 100 [1]<\/em>. CyberArk helps to protect organizations from external actors who have acquired insider credentials, and malicious insiders themselves [1]<\/em>. In both instances, attacks have penetrated the perimeter of an organization. Cyberark helps organizations construct the design of a castle such that the most critical pieces of information are housed within multiple sets of walls. They also help organizations with the systems and processes \u2013 like guard patrols \u2013 to catch bad behavior early. Cyberark locks up and encrypts credentials in \u201cdigital vaults.\u201d<\/p>\n

Cyberark helps companies navigate the tradeoff between convenience and security. The more people with local \u201cadmin rights\u201d to install software, malware, add users, etc, the riskier the status of the organization. Cyberark\u2019s traditional value prop was focused in laying out the architectural infrastructure maximize these tradeoffs.<\/p>\n

Machine learning comes into play in using analysis to detect cyber threats and zero-day attacks (industry lingo for right away) automatically. You can use machine learning to monitor behavior like a referee of a soccer game. Because there are so many simultaneous \u201cplayers\u201d generating vast amounts of data simultaneously, machine learning is paramount to learning what sort of behavior is normal vs. risky. With this backstop in place, an organization can allow more users convenient access, with the capability to identify immediately when an employee or attacker with stolen credentials is behaving in a very strange manner.<\/p>\n

An example will help illustrate. \u00a0Edward Snowden was a malicious insider. He managed to download NSA documents as an inside contractor and leak confidential documents. Had the NSA used machine learning protections, their algorithms would have identified that Snowden was engaging in very unusual behavior on endpoints in downloading a massive amount of data unrelated to his assigned work. The algorithm would have flagged this right away, and perhaps automatically revoked Snowden\u2019s credentials and thus his ability to access the network.<\/p>\n

Cyberark is continuing to evolve its offering to keep up with the bad guys. \u00a0Learning what behavior is \u201cnormal\u201d vs. abnormal requires monitoring thousands of employees, sifting through millions and millions of bytes of data, and \u201cknowing\u201d what type of behavior is abnormal and riskiest is also a prediction challenge best suited for machine learning. As the company expands its client base and coverage, the algorithms will improve over time.<\/p>\n

In the short term, Cyberark is further building out the capabilities of its machine learning algorithms to identify threats. It has made several acquisitions in the space over the past few years, including (1) CyberIntel, which specializes in threat detection (2) Viewfinity, which simplifies the processes involved in privilege management (better suited for smaller customers). [2 and 3]<\/em><\/p>\n

Currently, Cyberark uses 13 different indicators to help \u201cscore\u201d threats [Exhibit 1] [4]<\/em>. They must continue to build out their threat scoring capabilities \u2013 improving accuracy and updating the indicators as the bad guys evolve \u2013 to improve the accuracy and adapt to a dynamically changing enemy.<\/p>\n

The future of IT security is that the volume of applications and other software programs is exploding exponentially, as the process of developing and deploying software is getting much faster thanks to the cloud and an increasingly available off-the-shelf toolbox that can be used by developers. CyberArk should continue to focus its R&D and acquisitions on protecting not just against individuals, but against managing software applications and machines. The future of hacking will increasingly come from attacking machines who improve via machine learning by predicting what techniques are most efficient and effective at evading attention.<\/p>\n

Their latest major acquisition in March 2017 of Conjur ($42M) hints at where the future is heading and is a step in the right direction. Conjur provides software that automates tasks in managing machine identities, and managing connections between machines [5]<\/em>. But Cyberark needs to be investing more in this area to defend against the sophisticated attacks of tomorrow.<\/p>\n

One more radical idea would be to hire reformed ex-hackers (ideally from the Israeli \/ US military so that they can be trusted) to get into the mind of the criminals, test and build out more solutions.<\/p>\n

As companies prepare for a world in which attacks are enhanced by machine learning and carried out by machines, and the defenses are provided by machines, what are the risks that the arms race of cybersecurity will accelerate out of our control? From a societal standpoint, is investing more and more in defenses creating stronger and more sophisticated attackers? A parallel would be the way that antibiotics lead to stronger diseases, forcing the entire human population into an arms race against bacteria.\u00a0 What role should regulation play in this arms race?<\/p>\n

(774 words)<\/em><\/p>\n

 <\/p>\n

Bibliography<\/u><\/strong><\/p>\n

1. “Cyberark September Investor Presentation.\u201d Cyberark Investor Relations. 11\/12\/2018.<\/p>\n

https:\/\/s22.q4cdn.com\/395203516\/files\/doc_presentations\/2018\/cyberark-investor-deck_sept-2018.pdf<\/a><\/p>\n

 <\/p>\n

2. \u201cCybertinel acquired by CyberArk Software.\u201d Crunchbase. <\/em>11\/11\/2018. https:\/\/www.crunchbase.com\/acquisition\/cyber-ark-software-acquires-cybertinel–4d1e30b3<\/a><\/p>\n

 <\/p>\n

3. \u201cCyberark Completes Acquisition of Viewfinity, Inc.\u201d Cyberark Website. 11\/11\/2018. https:\/\/www.cyberark.com\/press\/cyberark-completes-acquisition-of-viewfinity-inc\/<\/a><\/p>\n

 <\/p>\n

4. \u201cWebinar: Machine Learning Prevents Privilege Attacks at the Endpoint.\u201d Viewed 11\/13\/2018.<\/p>\n

https:\/\/www.cyberark.com\/blog\/resource-type\/webinar\/page\/2\/<\/a><\/p>\n

5. \u201cConjur, Inc. Acquired by Cyberark Software.\u201d Crunchbase. <\/em>11\/11\/2018. https:\/\/www.crunchbase.com\/acquisition\/cyber-ark-software-acquires-conjur–d920145b#section-locked-marketplace<\/a><\/p>\n

6. \u201cCyberArk Investor Calls for Q4\u201917 \u2013 Q3\u201918.\u201d S&P Capital IQ.<\/p>\n

7. \u201cPass the Hash.\u201d CyberArk Website. 11\/11\/2018.<\/p>\n

https:\/\/lp.cyberark.com\/rs\/316-CZP-275\/images\/sb-Pass-the-Hash-05-2018.pdf<\/a><\/p>\n

 <\/p>\n

 <\/p>\n

\"\"<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Exploring the role of machine learning in improving cyber defenses in Privileged Account Management<\/p>\n","protected":false},"author":11907,"featured_media":0,"comment_status":"open","ping_status":"closed","template":"","categories":[845],"class_list":["post-36031","hck-submission","type-hck-submission","status-publish","hentry","category-cybersecurity","hck-taxonomy-industry-information-technology","hck-taxonomy-country-united-states"],"connected_submission_link":"https:\/\/d3.harvard.edu\/platform-rctom\/assignment\/rc-tom-challenge-2018\/","yoast_head":"\nMachine Learning in Cybersecurity: CyberArk - Technology and Operations Management<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/machine-learning-in-cybersecurity-cyberark\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Machine Learning in Cybersecurity: CyberArk - Technology and Operations Management\" \/>\n<meta property=\"og:description\" content=\"Exploring the role of machine learning in improving cyber defenses in Privileged Account Management\" \/>\n<meta property=\"og:url\" content=\"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/machine-learning-in-cybersecurity-cyberark\/\" \/>\n<meta property=\"og:site_name\" content=\"Technology and Operations Management\" \/>\n<meta property=\"og:image\" content=\"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2018\/11\/Exhibit-1-Screen-Shot-of-Threat-Scoring-1024x483.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/machine-learning-in-cybersecurity-cyberark\\\/\",\"url\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/machine-learning-in-cybersecurity-cyberark\\\/\",\"name\":\"Machine Learning in Cybersecurity: CyberArk - Technology and Operations Management\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/machine-learning-in-cybersecurity-cyberark\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/machine-learning-in-cybersecurity-cyberark\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/wp-content\\\/uploads\\\/sites\\\/4\\\/2018\\\/11\\\/Exhibit-1-Screen-Shot-of-Threat-Scoring-1024x483.png\",\"datePublished\":\"2018-11-14T00:40:42+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/machine-learning-in-cybersecurity-cyberark\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/machine-learning-in-cybersecurity-cyberark\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/machine-learning-in-cybersecurity-cyberark\\\/#primaryimage\",\"url\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/wp-content\\\/uploads\\\/sites\\\/4\\\/2018\\\/11\\\/Exhibit-1-Screen-Shot-of-Threat-Scoring.png\",\"contentUrl\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/wp-content\\\/uploads\\\/sites\\\/4\\\/2018\\\/11\\\/Exhibit-1-Screen-Shot-of-Threat-Scoring.png\",\"width\":1429,\"height\":674},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/machine-learning-in-cybersecurity-cyberark\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Submissions\",\"item\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Machine Learning in Cybersecurity: CyberArk\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/#website\",\"url\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/\",\"name\":\"Technology and Operations Management\",\"description\":\"MBA Student Perspectives\",\"potentialAction\":[{\"@type\":\"性视界Action\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Machine Learning in Cybersecurity: CyberArk - Technology and Operations Management","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/machine-learning-in-cybersecurity-cyberark\/","og_locale":"en_US","og_type":"article","og_title":"Machine Learning in Cybersecurity: CyberArk - Technology and Operations Management","og_description":"Exploring the role of machine learning in improving cyber defenses in Privileged Account Management","og_url":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/machine-learning-in-cybersecurity-cyberark\/","og_site_name":"Technology and Operations Management","og_image":[{"url":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2018\/11\/Exhibit-1-Screen-Shot-of-Threat-Scoring-1024x483.png","type":"","width":"","height":""}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/machine-learning-in-cybersecurity-cyberark\/","url":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/machine-learning-in-cybersecurity-cyberark\/","name":"Machine Learning in Cybersecurity: CyberArk - Technology and Operations Management","isPartOf":{"@id":"https:\/\/d3.harvard.edu\/platform-rctom\/#website"},"primaryImageOfPage":{"@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/machine-learning-in-cybersecurity-cyberark\/#primaryimage"},"image":{"@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/machine-learning-in-cybersecurity-cyberark\/#primaryimage"},"thumbnailUrl":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2018\/11\/Exhibit-1-Screen-Shot-of-Threat-Scoring-1024x483.png","datePublished":"2018-11-14T00:40:42+00:00","breadcrumb":{"@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/machine-learning-in-cybersecurity-cyberark\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/d3.harvard.edu\/platform-rctom\/submission\/machine-learning-in-cybersecurity-cyberark\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/machine-learning-in-cybersecurity-cyberark\/#primaryimage","url":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2018\/11\/Exhibit-1-Screen-Shot-of-Threat-Scoring.png","contentUrl":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2018\/11\/Exhibit-1-Screen-Shot-of-Threat-Scoring.png","width":1429,"height":674},{"@type":"BreadcrumbList","@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/machine-learning-in-cybersecurity-cyberark\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/d3.harvard.edu\/platform-rctom\/"},{"@type":"ListItem","position":2,"name":"Submissions","item":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/"},{"@type":"ListItem","position":3,"name":"Machine Learning in Cybersecurity: CyberArk"}]},{"@type":"WebSite","@id":"https:\/\/d3.harvard.edu\/platform-rctom\/#website","url":"https:\/\/d3.harvard.edu\/platform-rctom\/","name":"Technology and Operations Management","description":"MBA Student Perspectives","potentialAction":[{"@type":"性视界Action","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/d3.harvard.edu\/platform-rctom\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/hck-submission\/36031","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/hck-submission"}],"about":[{"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/types\/hck-submission"}],"author":[{"embeddable":true,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/users\/11907"}],"replies":[{"embeddable":true,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/comments?post=36031"}],"version-history":[{"count":0,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/hck-submission\/36031\/revisions"}],"wp:attachment":[{"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/media?parent=36031"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/categories?post=36031"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}