Securing Tomorrow: Navigating the Future of Intelligence with AI & Emerging Tech | Predict 2023

Securing Tomorrow: Navigating the Future of Intelligence with AI & Emerging Tech | Predict 2023

Show Video

Good morning, my friends. Pretty incredible to see everybody here and and on behalf of everybody at recorded future. Thank you for making it here. We have people who have traveled from afar, and we've traveled when people have traveled through the London traffic, which I'm sure could be equally exciting. So I'm the co founder and CEO of recorder Future. As you can imagine, this is sort of the day of the year for us when when we sort of get to interact with you guys that we sort of otherwise all kinds of different places a part of, around the world, but being in a room together, it's quite special, quite special. So, in this room, we have some incredible people from across intelligence, across security, cyber security, of course, We've got journalists, we've got analysts, we've got we've got a lot of smart people here.

So I think we're gonna have a lot of good chances to both in this room, but also out in the breaks. To have some some pretty incredible discussion. So that makes me super excited. And and please, as part of that, gonna really do that.

Interact with the people you don't interact with on an everyday basis and and grab those recorded future people that you see. And ask us the most difficult questions and and challenges you can you can put in front of us. The, I want to sort of start off by saying thank you. For, for, the work you do. Obviously,

we're all trying to use intelligence in clever and ingenious ways. To try to secure the world. But, you know, really thank you for the work you do as as part of that. So That is for sure something that that we feel every day, and, and thank you.

I'll be talking about securing the world with intelligence. And I think maybe the part that sort of really stands out here for me in this age or this this day and age here, which the prior speaker spoke about, how artificial intelligence is influencing all of this. I sort of put it this way to reimagine intelligence in the age of artificial intelligence.

The guys that the company was making fun of me for not being able to spelled the word, re imagining. So now I'm all messed up on how to even say it. But that said, I do like the word because I do think that we as we think about intelligence, Imagine just like even, you know, we're already seeing a glimpse of where this is going, but assume and imagine that we have incredible artificial intelligence in front of us What does that make intelligence? What does that make intelligence in itself? Does the adversary win or do the good guys win? There's a lot to sort of unpack that. And I hope I'm unpack there, and I hope that this conference will be, have a good chance of sort of, you know, get, get your brains going in some, some good ways of that.

Our very good friend, Micahirov. He's, vice prime minister of Ukraine that sort of owns a lot of their cyber and, and IT and, and just like a broad remit there. He's sort of an up and coming ricer in, in the government. In Ukraine, again, really good friend of record of Future. He tweets here about, the army of drones that's his sort of making, I guess, It's sending to the front line, almost two thousand, blah, blah, drones here. These drones are equipped with AI.

Which automatically detects and tracks targets. And, you know, at some level, after two years, we're like, no, no big deal. It's like drone equipped drones equipped with AI, and they're gonna go killed not so smart Russian tanks. And, you know, but, man, five years ago, this would have sounded pretty wild. Wouldn't it?

And and it sort of tells us I think where the world is going, and and it's it's gonna happen fast in front of us. And and let alone the fact that you look at these and they look like they're out of some Star Wars movie or something. That's that's the other part. The the And then on top of that, when this government official is tweeting this, he's sort of doing psi ops at the same time versus an adversary. So this sort of mix, and I'll come back and talk more about this sort of mix of of different types of warfare that I think we have going on in in in front of us. So pretty, pretty interesting. For sure, we are in this sort of AI frenzy here. And

and I liked it when Time magazine sort of put all of this in front of us, and and instead of talking about the most clever algorithm, they put up the people behind it. And I think that's compelling because it there is a risk that we get too excited about AI in the sense that It's about the algorithms? No. It's people. We're shaping it. We we're proud of record future to be part about shaping our little part of this. And it's people.

It's humans. It's all you. And and let's not forget that because I think otherwise we might take us we might even help taking it to a, to a place, which is not so great. But it is interesting when you put this versus sort of the backdrop of what's going on in the world, where I sort of and and I'll take it two different ways.

So last year, when I was here, I think I talked about sort of the this theme that I've been on to, that the world is slowly migrating on to the internet. And over the next twenty five years, we can expect the world to sort of become a reflection of the internet, be it sort of profound parts of the, of of society being at power and currency and democracy and identity. And when these things, reflect off the internet onto society and off onto the world, we're in for a ride. And and if you take that plus the geopolitical tensions we we're seeing in the world, it could get pretty interesting. Just pretty interesting in some ways that I don't think we really have understood yet. And I also think that, you know, so even just a month ago, when I started putting together my about what I wanted to talk about here. I was like, okay.

So geopolitical tensions are high. But it's probably not much higher than it was a year ago. But now, obviously, after the last month with what's going on in the Middle East and in Israel and Gaza, things are at a whole different level.

And you yet another Tinder box that that's on fire, and it it's getting pretty uncomfortable. We'll come back and talk about that. Alright. So, this spring, I had the chance to to take the long train ride to Kiev, to meet our friends there.

We have a large deployment of recorded future in Ukraine. And, you know, for the, you know, sort of with my own eyes to be able to see very, very, very far from any front lines, but still having the chance to, to see how a country had been, you know, invaded brutally by a dictator who more or less woke up one morning and said, I want that country. I want to take it over. And and the way that that went about, and we've talked for years at recorded future about this idea that we're gonna see a confluence or a convergence, maybe it's the better word, of of cyber and geopolitics and disinformation. And here, it really became a convergence of war and cyber and disinformation. And now seeing the same thing repeated in Israel and Gaza, It is just pretty sort of amazing and the sort of a school book example of where, where that sort of convergence was going.

So they're in oh, let me see. There we go. So so again, we've been lucky being able to work with something credible people in Ukraine on the left. We have the guys from the SB. You might have seen Ili of the Took, the guy on the right in that picture to the left.

Incredible mountain in, in, in cyber on the right. We have their national cyber directorate, and there's a whole bunch of other authorities They've sort of also quickly just like many other countries in the west ended up with many cyber authorities. So it's a little bit to navigate. But we've had a good chance to work with them on some pretty incredible stuff.

You might have seen this piece where we worked with on taking down this blue delta, infrastructure that was targeting a set of let's call it, communications infrastructure both for the government, as well as the military. And, obviously, this sort of stuff is very identifying. This one was in particular satisfying because it used a particular part of our sourcing that we're very proud of, and it sort of was able to sort of get to something that the Ukraine Indians had not been able to see on their end, and then when we dove into collaboration that happened across like, some five days or something like that, where the data sharing was going on in a way that I've never seen in any country where recorded future has a good luck work in many countries around the world, and everybody's always talking about public private information sharing, and it seems like it's like moving in glue.

But here, where where things are happening at a pace of, I guess it's the pace of war. But, you know, pretty incredible, and you might have seen this also here. But but which was sort of the of the official report cover of that. But to be honest, that part is interesting, and it's, you know, when we we are part of doing the work, The part that it really has been sort of compelling, I think, in Ukraine is how we've been able to equip hundreds, not thousands, but hundreds of of cyber professionals, intelligence people, both in military and civilian agencies, as well as critical infrastructure, So equipping hundreds of people would record a future and and just seeing their work that they're they're able to do. So very, very, you know, compelling and And it is good.

It's good for everybody in this room too because as they're doing that, when they're uploading malware or when they are finding correlations on those data points come back to record a future through. I'll talk more about that, our collective insights set up, and you benefit of from that. So, you know, some some real goodness there. And I think that this invasion here demonstrated to all of us that we'd live in a new world, and where it is just very, very interconnected in a way that I sort of think might have sort of been surprising to to many And and if you think about it, sort of, whether it's sort of companies, you know, there are supply chains around the world, be it sort of, IT outsourcing that reaching to places that you might be surprised about food shipments, supply chain brit large, all kinds of interesting angles, companies doing business in Russia unwillingly or willingly seeing their goods showing up in in Russia. All kinds of inter things. And it's led, we we can notice this. It's led management teams or boardrooms to start asking

geopolitical questions in a way that I, at least for as long as I've done this, which now adds up to a bunch of years, have never seen. And I think probably true for many people here in the room, that geopolitics have sort of suddenly become a core part of cyber, which is, you know, very, very interesting. I'm a big fan of this picture because it sort of shows this interconnective interconnectivity between the world and the internet. And, and, and, again, this point that I was making about slowly the world sort of migrating on onto the internet. And I think we're sort of seeing maybe three things in all of this that are particularly interesting or, I don't know, compelling, maybe compelling, but depending on how you look at it.

So take a company like Record Future where I like to say that, you know, we have a lot of compute in our hands. We we take in a lot of data, and we process a lot of data. We do a lot of things with it. So we're a lot of compute,

on our on our hands. But at the same time, we own just about zero servers. We own no, no servers. Probably not really true. I'm sure of our engineers in the room will say, we do own a server, you know, whatever. More or less. And and it sort of pretty telling that be it

sort of the business systems or the technical systems, what have you, are of of all organizations are just being spread across the internet. Maybe I can say spread as marmite instead of spread as peanut butter here being in England. And and sort of, as that's happening, for sure, we, we started seeing this.

Everybody always talks about, you know, stronger than your most vulnerable part. And this is happening in in an an incredible fashion. Number two, these parts as they're being spread out, We do have a chance of collecting data from them. So, so that's compelling. That, that's exciting. And, and I think what we're gonna see here is sort of Instead of receiving security alerts from these systems as they're gonna be spread out, we need to sort of switch to a mindset We're we're actually collecting data. Data in a way the data streams data points, what have you.

And where we can actually think about this as something that we can do math on. You call it math stats, analytics, AI, whatever you want to call it, it doesn't really matter. But it can't be any more about consuming alerts and people sitting clicking on alerts. We're gonna transform this into math, and I'll just use that word without being pretentious about it And I think it actually promises sort of a world where that math can be used for both analysis.

It can drive automation But maybe that math on on what we're collecting could actually become controls, security controls themselves in in them, in themselves. Pretty exciting, I think. So Hopefully, we'll be able to keep that discussion. And then thirdly, of course, the the sort of the third observation here ends up being that in this sort of world where everything is spread out across the internet, spread out as Marmite, again, if you want.

In in that world, we, we're sort of seeing the, the difference between what's inside and outside just sort of goes away. There is, you know, the idea that there is a hard firewall between my the inside of my company, and the outside goes away. So now till internal telemetry and external data collection intelligence, the difference might go away. And, and, you know,

I'll come back and talk a little bit more about that here today. And and I would love to sort of have any discussions in the hallways around that. Because I think that that takes us to a very interesting place.

Now the good news in all of this is, of course, that, the internet in itself, it might be complicated. It might be spread out in all these different places. But the good news is we can collect data from it. And and that was obviously the sort of the the very reason we started recording future back in in depending on how you count two thousand seven or two thousand nine or, you know, whatever you want. A long time ago, in a galaxy very far away,

we started the company, it was sort of the, if you want, that we could collect data from the internet originally from what was sort of written at the top, and then every year drilling further and further down. And and there is a promise there to be able to do something very, very good. The internet is sort of becoming the sensor of of of things, which is quite, quite compelling. So Now, again, remember that I said the theme for the conference is securing tomorrow, the future of intelligence. So let me talk a little bit about where we're going.

Sort of set the stage for a few things here today. And then we're gonna have a couple of sessions, here this morning and and on sort of more detailed product roadmap. But I wanted to sort of lay out some points here. And and in general, I think we're both have been lucky at recorded future, but also are quite proud about how it's worked out for us to be able to, I call it just produce new stuff.

Maybe I should call it innovate, but I don't sort of cringe on that word always, but, just, you know, cook up new stuff. And, and in many ways, we did some good sort of architectural choices that record a future way back. We were, you know, we got on some good bandwagon in two thousand and nine. I'm sure there would have been good ways to end up on the wrong bandwagon as well. But when you interact with recorded future, at the core is our intelligence graph. That's where we are trying to connect the world.

So Here are these threat actors, be it criminals or nation states or activists. Here are the tool sets that they're using. The TTPs they're trying to take advantage of. Here are the vulnerabilities that they're, you know, taking advantage of.

This is the infrastructure they're running. This is the communicate these are the communication patterns we can observe in network intelligence from these bad guys operating the said sort of, command and control infrastructure and have you. And then finally, here are the potential targets they're going after. Here are the companies. We mapped out five million companies.

We would like to think that we have pretty good handle and what are the IP space and the domains and the products running at these companies. In that graph, in which we don't necessarily talk a whole lot about it, quarter future, but that is sort of the underpinning of everything. And, and, yeah, maybe we should talk more about it. But The key point maybe is that the way that we get to that is sort of two things. We built an API on that, and you, you guys have access to that, and sometimes we do hard built sort of integrations, be it splunk and the like that builds on that.

And when you access that graph, through our API. It's the same APIs that we use, powerful choice where we sort of make that symmetrical. We'll come back and talk more about collective insights, which is sort of how how we're finding a new way of of building interesting data. But then on top of that, whether it's recorded future AI or the data visualizations you worked on for a long time or worked with for a long time, or the playbooks is on them feeding this into the various modules and applications, this all connects together in a way where things can flow up and down. Now, some of the choices we made here was was already back in two thousand and nine. We thought about this as a graph,

and there, you know, There's other classes for sure of, of problems and, and, and companies where people think about their problem as a graph. But I think that is the way to think about intelligence. We put this on AWS. It could've been another, multi tenant architecture, but this fundamental idea that Everybody in this room interacting with the recorded future and beyond would be on the same instance. And that was controversial. I remember in two thousand twelve, two thousand thirteen, being both large banks and government, clients of ours who would be like, I will never, ever.

And people use whenever it's always exciting when people say never, because never is a long time. So they say, I will never use some, you know, sort of a shared or multi tenancy sort of cloud infrastructure and, you know, low and behold, they did, eventually. And it sort of built it, you know, in a very interesting way that, in in that sort of way. The fact that we've sort of built on elastic and a couple of other sort of core data structures that we've sort of been able to build around, Another point to interesting point is this pipeline piece here and without getting too much into it, recorded future originally sort of consumed mostly text data in a bunch of different languages. Now we

consume everything from sort of malware and in network sort of Netflow type data to images to video So sort of truly, sort of from all kinds of different data that goes through one pipeline. And again, the choice there to think about that is one pipeline. Ended up being very, very powerful. And then maybe one more point that I will make is that being willing to then both think about it as one big database, but than having specialized data stores when we have data that is unique to a particular domain. So this without, you know, and and and in most cases, you don't even really you really shouldn't even have to hear hear about all these details, but I think it's sort of maybe compelling just to think about it as sort of like, this is wide works.

And so this year, there are sort of two things that have sort of stood out in what we've been doing. So, so one side is, of course, on AI and, you know, be crazy if we weren't doing AI, and we were, in fact, proud. So Stefan, where are you sitting, here, stuff on my cofounder here, and our CTO, go talk to him. He's the real smart guy,

by the way, here. So, the, the, so in, in, I think right at the, the beginning of the year, like Jan three or something. He was like, we've gotta get on this, these large language models and figure out how we can put that to work. And I'm like, okay. Let's let's figure it out. And and, So we built this part that many of you have seen where we can sort of, in this case, post a query to record a future and say, look, I want to know about the Russian, black see fleet. And, and, but only from Russian sources.

And, you know, boom, the system writes an intelligence report And I was hesitant to say that in the beginning, but it it writes the report. It's sort of remarkable that it does. And it does actually a pretty good job. It footnotes to report. It pulls in the right images. It's tagged with entities, whether you click COM Black C Fleet or FSB or what have you, or Sebastianpoll or I can barely say.

But, you know, you click on any of these. You, you sort of can drill into the data. In this idea that a large language model, can write reports. And I think this is just the beginning of that, is is pretty compelling.

I was nervous about this. We put this out right before the RSA conference, and we were proud because we were sort of maybe the first to put, put out something like this. And so I was a little bit nervous about doing that because I worried that Intel analysts would be like it's my job to write the reports. Don't don't get into that.

And but lo and behold, I guess it turns out that, you know, we've done all this work on collecting data, on processing data, and all of those sort of things, and with the idea of letting the analysts focus on analysis. But then the writing part know, for sure. There are many analysts who who who wants to write and likes to write, but getting help on this, especially when you're gonna do quick turnaround things, turns out that there is a room for for for AI there. I have no illusions that the prime minister's daily brief for the PDB in the US is gonna be written by a machine next five years or whatever.

Again, no no illusions by that. But it is something pretty compelling. And so that, that was sort of step one, where you sort of summarize, and I guess it just turns out that all his work would done over a long time. On collecting data, you know, where we have

decades of Russian hacker forums and what have you, and you can just sort of get the system to summarize it was was sort of a very natural thing to go after. The second then is, and we'll be back up here and talk more about that is how, so sort of won't do too much with it, but where you instead say, look, can't we use AI to interact with? Because many of you, you know, who are recorded future users in the room, you know, you might be like, oh, it's too complicated. There's a lot of clicks and da da da. It's just it's complicated to get started.

But so why wouldn't you be able to just ask questions sort of like in natural language. And again, it turns out there it is, and and we launched the first version of this a couple of weeks ago. I'm sure some of you have had your hands on that.

It's still early. There's a big beta sort of thing on it. So so we're sort of being low key about it. But I think this is gonna take us, first of all, just to make it sort of easier to get started. But the other question here, and and I think about this as sort of the This is maybe a what question. You know, give me a summary. Like,

computers have always been very good about, like, this. Show me what, like, or a select statement in SQL or whatever way wanna think about it. But I wanna ask questions like, why is recorded future developing artificial intelligence technology? Or what's the implication of recorded future developing, or, you know, where you what are the second order implications? Those are questions that we typically haven't sort of pushed computers to do.

My favorite example was when Prigosin got shut down or whatever happened, bomb shut down, you know, they were smoking too much on the plane or whatever happened. The the but three hours afterwards or two and a half hours afterwards, I asked to the query to our AI, and I said, you know, what what are the implications or second order implications of Progyzian dying? And And very rapidly, before anybody have written long papers about it and so on, get a pretty incredible answer back. In fact, this is actually pretty good. Pretty good answer too. And then they,

I actually suggest questions for the potential risks of, putting AI chat bots into intelligence. How are Microsoft and Google competing against recorded future here? And what are the implications of cyber vulnerabilities in, in putting that in intelligence? So I don't know. I think, yeah, you can hear my enthusiasm here and it's it's it's it's pretty cool. So we'll see. We're being open minded about where it takes us, and we'd love to hear your sort of thoughts on on that as we, as we go through this here, here today. The other side of things, is on sourcing and collecting data. If you're an intelligence, you know,

you can imagine how this referred to our data science team had this wonderful t shirt at some point where it said, like, must have all the data. And sort of the the mindset here at the recorded future must have all the data. And and, I guess, as long as it's legal, as maybe another sort of add on to the, you know, just to does to be clear. But, so every year, you know, look, we, as I said before, we start off with wood written on the top of the internet.

And then you have sort of the whole messaging world telegram. We get like a hundred million telegram posts every day into record a future. Dark web type stuff, you know, all the stuff that was written in many different languages that made it sense, all the machine data, malware, DNS, Net flow, these types of things, images, video. There's obviously an infinite amount of information or infinite is a big word, but there's a lot of information to go or we're thinking a lot about how we actually intersect or or connect those whole collections. How do we take recorder feature now gets an ridiculous amount of images every day.

How do we make it so that that's intrinsically connected to the text collections? In ways that you can very naturally jump back and forth through text and imagery in a way where the two there shouldn't even really be a difference. System modality. Still information. So how do we get those two things to be intrinsically interconnected? But I think the question that we really have been asked, though, by, by people like yourself in the room and around the world, has been more of, okay, that's all great with this, all this intelligence that I'm thrilled that you got ten billion data points, but how's that relevant to me? That's sort of like, if I think back to two thousand nine with recorded future when we were barely started, That was always the question. How's this stuff do you're showing me relevant to me? And and, you know, we would would have do things where we would set up so you'd have a watch list and this is my tech stacks.

And now I can give you the stuff that's relevant to your tech stack and so on. But the bigger sort of thing to go after, obviously, has been What about if I could actually make this relevant to what you're seeing in your EDR in Crobs Strike, or in what you're seeing in Splunk, or what you're seeing in Oxta or what you're seeing in cloudflare. What have you? Any proof point, any of your, sort of security architecture. Now, service now, whatever it now may be. That gets compelling. So, again, many of you have seen these sort of visualizations that we put out earlier this year.

It's our threat map and what threat actors, in this case, coming out sort of a generic software company. I see them prioritized by the intent of these threat actors to go after this industry and on the ax the x axis of their sort of ability to come after specifically me. So that that's good. But why shouldn't this be informed

why by my own telemetry? What I'm seeing in my systems? So that's sort of what we call, collective insights at Record of Future, where we can now connect to, and here's just a small set of the examples here. I think we're connecting to ten or eleven systems by now, and we're gonna aggressively go after that to be able to sort of connect to all kinds of different things. And and what that then allows us is to make that threat map, not just be generic, but actually generic not just sort of in theory map map to your world, but actually based on what's who's actually knocking on your door. And if we now know who's knocking on your door, and we can see that in the context of a threat landscape, now we can click on them and say, now go hunt. For those. And so the sort of you've seen our Sigma rules and our yaw rules and those sort of things that we have in the recorded future.

And we wanna make it so that not just be able to download the those sort of Sigma, your rules, but actually deploy them straight into the operational system. And now I think we can sort of really truly be intelligence led about how we actually sort of not just sort of be informed about what these guys are doing and trying to come into our systems, but actually nail them and and and really eradicate them out of the out of the system. So, Yeah. Pretty exciting. And, and, oh, and then, of course, the other sort of question that we can then do is to look at that from an anonymized or a non attributable sort of way to say, what are other companies in my industry seeing, or what are other people in this particular geography see? Seeing. So, you know,

there are some pretty incredible questions that we can come after like that. Anyway, so so with that, I'm gonna wrap up by saying that, you know, we've done a lot of progress at recruiting future. We're just bypassed three hundred million dollars of, of sales super exciting. There's a thousand of us who work on nothing but doing intelligence.

I always like to make that point. You can feel confident that we're not gonna suddenly come along and say, let's create a, firewall, or here's the recorded future, EDR, or here's the recorded future. I don't know what you're gonna, you know, confidently know that we're gonna focus on intelligence and, and keep doing that. We're gonna drill intel into sort of what we can do in tell it is in every way there is. And and we're not gonna be very lazy as you can get the sense from what I'm talking about here.

We're gonna very aggressively go after it. But it's still a hundred percent intelligence. And finally, I'll just say, remember, put us to work that is, my has become my rally cry whenever I meet a client or whenever it's sort of in front of a room like this. We're here to help you. And so, put us to work and with that, thank you very much.

2024-03-05 14:06

Show Video

Other news