HOW ARTIFICIAL INTELLIGENCE

TECHNOLOGIES HELPS IN CYBER SECURITY

LANTEL Shield 2024

Przemysław Ciołak
Regional Channel Sales Engineer

© 2023 BlackBerry. All Rights Reserved. 1

BlackBerry Legacy Along Side The Hardware

First Wave of Cyber Threats.

Operating System

Consumerization BlackBerry Pivots

of IT “BYO” to Software

Apps & Workloads BlackBerry

“Then”
FIRST WAVE
Unorganized analog grade attacks
begin to originate early in the
millennium and slowly claim Encrypted Data
victims.

BlackBerry Creates and Native end-to-end security

Dominates The Secure of a trusted ecosystem
Mobility Market Network & Comms

User Identity & Behavior

1999

2010

2015

Fleet Management

© 2023 BlackBerry. All Rights Reserved. 2

Consumerization of IT Fuels Second Hardware

Wave of Success For Threat Actors

Operating System

AI emerges as
BlackBerry mainstream
offensive tool
acquires
Apps & Workloads BlackBerry
“Now”
SECOND WAVE
Consumerization of IT drives an
increased attack surface at the Encrypted Data
same time as increased adversary
reward.
“24 of the top
25 EV makers”

AI-driven security for

Network & Comms heterogenous infrastructure

User Identity & Behavior

Present
2015

2019

Fleet Management

© 2023 BlackBerry. All Rights Reserved. 3

The Third Wave: AI Becomes An
Overpowering Offensive Threat
AI emerges as
mainstream THIRD WAVE
offensive tool Consumerization of AI leads to
mainstream offensive cyber
weaponry. Force multiplies the
impact of social engineering,
fuzzing and polymorphic payloads.
70% increase in the
development of novel malware
YTD – BlackBerry Global Threat
Report
BlackMamba – chatGPT-
powered polymorphic
keylogger

ChattyCat – provides POC

to build polymorphic
including ransomware and
infostealers
Present
2015

2019

© 2023 BlackBerry. All Rights Reserved. 4

 You WILL NOT succeed
without AI-driven defense
2 key components are required:

Predictive Automated
Shielding Sense-Making

© 2023 BlackBerry. All Rights Reserved. 5

The Role of AI in Defensive Cybersecurity

Predictive
(Machine Learning / Deep Learning)
Generative
(Large Language Models like ChatGPT)

Stops attacks automatically. Interacts with people to speed up work.

Doesn’t chat with people. Doesn’t stop attacks.

Good for automating Good for helping make sense of

defense early in killchain incidents that have already occurred
Prevents zero-day attacks | Stops lateral movement | Organizes alerts Product assistance | Threat intelligence context | Incident summarization

© 2023 BlackBerry. All Rights Reserved. 6

Cylance® AI - Human Intuition at Machine Speed
Conviction at a speed, scale and accuracy beyond human capacity

Entities & Attributes Train | Cluster | Classify Automated Use Cases

Static PEs & productivity files • Stop attacks before

they execute
• Identify and block
Run-time process behavior malicious behavior
• Detect lateral movement
User access events & C2 beaconing
• Enforce authorized
Network packets access / ZTNA
• Organize alerts for
situation awareness
Scripts

© 2023 BlackBerry. All Rights Reserved. 7

AI That Can Anticipate Attacks

Learn the correct diversity To accurately stop threats

of known attack features that have not yet emerged Emotet 20 months

BoratRat 76 months

PAST FUTURE Conti 67 months

WannaCry 20 months

DarkSide 62 months
minutes
days
months
Petya-Like 25 months
years

LokiLocker 70 months

Yashma Ransom 78 months

Cylance Temporal Predictive Advantage (TPA)

© 2023 BlackBerry. All Rights Reserved. 8

Delivering Outcomes that Matter

Windows 10 Endpoint Protection Efficacy & Response Utilization

Scanning Two Collections of 1,000 Recent VirusTotal Samples Stops More Attacks
(Detection % determined by number of files remaining in folder after scan)
18% more than Microsoft
100,0
35% more than Trellix
98,9 98,9
90,0
57% more than Sophos
80,0
89,3
81,0 84,5
70,0
Faster Detection
Threats Detected (%)

60,0 65,4
1.9x faster than Microsoft
64,0
50,0 13x faster than Trellix
40,0 2.5x faster than Sophos
42,4
30,0
90% Less CPU Utilization
20,0 ~5% CPU ~5% ~100% ~100% ~100% ~100% ~100% ~100% than other vendors in the same
10,0 ~42 min. ~27 ~73 ~52 ~130 ~68 ~172 ~360 comparative test
0,0
BlackBerry Microsoft Defender AV Sophos Intercept X Trellix Endpoint
Without Depending on
CylanceENDPOINT for Business Adv. w/XDR Protection Platform Internet Connection
Offline (no Internet connection) Online (with Internet connection)

© 2023 BlackBerry. All Rights Reserved. 9

Unpacking the Whitespace – What Does This Difference Mean?

Windows 10 Endpoint Protection Efficacy & Response Utilization

Scanning Two Collections of 1,000 Recent VirusTotal Samples Ç More security incidents
(Detection % determined by number of files remaining in folder after scan)

100,0
98,9 98,9
90,0
Ç More SOC burden
80,0
89,3
81,0 84,5
70,0
Threats Detected (%)

60,0 65,4 64,0 Ç More IT burden

50,0

40,0
42,4
30,0
Ç More wasted end-user time
20,0 ~5% CPU ~5% ~100% ~100% ~100% ~100% ~100% ~100%

10,0 ~42 min. ~27 ~73 ~52 ~130 ~68 ~172 ~360

0,0
BlackBerry Microsoft Defender AV Sophos Intercept X Trellix Endpoint Ç More energy consumption
CylanceENDPOINT for Business Adv. w/XDR Protection Platform
Offline (no Internet connection) Online (with Internet connection)

© 2023 BlackBerry. All Rights Reserved. 10

More SOC Burden Without Cylance® AI
5K employee org

Ç Ç
# Increased Alert
Incidents Investigation

Microsoft
Defender 728 364 hrs

Sophos
Intercept X 2,539 1,270 hrs

Trellix Endpoint
Protection 1,092 546 hrs

compromised Hours/week
28 endpoints/week
on average 14 investigating
endpoint alerts

Calculated using validated datapoints from BlackBerry production telemetry, Tolly, Forrester, EMA, EnergyStar, EPA, ICAO

© 2023 BlackBerry. All Rights Reserved. 11

More IT and End User Lost Time Without Cylance® AI
5K employee org

Ç Ç Ç Ç
# Increased Alert Re-imaging Time waiting
Incidents Investigation Burden for scans

Microsoft
Defender 728 364 hrs 8,732 hrs 4,563 hrs

Sophos
Intercept X 2,539 1,270 hrs 30,471 hrs 7,483 hrs

Trellix Endpoint
Protection 1,092 546 hrs 13,098 hrs 60,773 hrs

FTE
compromised Hours/week FTE equivalent
28 endpoints/week
on average 14 investigating
endpoint alerts 14.6 equivalent
lost to
re-imaging
29 waiting for file
access

Calculated using validated datapoints from BlackBerry production telemetry, Tolly, Forrester, EMA, EnergyStar, EPA, ICAO

© 2023 BlackBerry. All Rights Reserved. 12

More Energy & CO2 Without Cylance® AI
5K employee org

Ç Ç Ç Ç Ç
# Increased Alert Re-imaging Time waiting Energy CO2
Incidents Investigation Burden for scans consumption Equivalent

Microsoft 24,138
Defender 728 364 hrs 8,732 hrs 4,563 hrs 280 KwH smartphones
charged

Sophos
2,539 1,270 hrs 30,471 hrs 7,483 hrs 459 KwH 364 pounds of
Intercept X coal burned

Trellix Endpoint 4.2 roundtrip

Protection 1,092 546 hrs 13,098 hrs 60,773 hrs 3,731 KwH flights from London
to New York

FTE
compromised Hours/week FTE equivalent
28 endpoints/week
on average 14 investigating
endpoint alerts 14.6 equivalent
lost to
re-imaging
29 waiting for file
access

Calculated using validated datapoints from BlackBerry production telemetry, Tolly, Forrester, EMA, EnergyStar, EPA, ICAO

© 2023 BlackBerry. All Rights Reserved. 13

Pervasive Automatically prevents zero-day
threats before damage can occur
Throughout
The Entire
Defense
Lifecycle
Critical for an Effective
Cybersecurity Framework

Accelerates investigation Accurately detects

& response with coherently lateral movement to stop
organized alert threads adversarial maneuvering

© 2023 BlackBerry. All Rights Reserved. 14

Customer Validated. Proven Outcomes.

“Exceptional cybersecurity
solution. BlackBerry Cylance
Endpoint Unified Endpoint delivered unmatched protection”
Protection Platforms Management

“Revolutionary AI cybersecurity.
Cylance delivers proactive
defense and stellar UX”

“Hands Down One of

The Best Tools in
Today’s Market”

Excellent Product.
Has Helped Us to
Eliminate Ransomware

© 2023 BlackBerry. All Rights Reserved. 15

 US government and BlackBerry examples

DEPARTMENT
OF HOMELAND
SECURITY

DEPARTMENT
OF DEFENSE

FEDERAL
CIVILIAN
How Can We Malware

Help You? SBOM

Integrity
Prevention

Cyber
Readiness

Critical Managed
Comms SOC

Zero Trust
Data Network
Protection Access
Secure
Mobility

© 2023 BlackBerry. All Rights Reserved. 17

 Real attack demo
&
How to survive using proper
Endpoint Protection

© 2023 BlackBerry. All Rights Reserved. 18

Thank you
©2023 BlackBerry Limited. Trademarks, including but not limited to BLACKBERRY, EMBLEM Design and
CYLANCE are trademarks or registered trademarks of BlackBerry Limited, its subsidiaries and/or affiliates, used
under license, and the exclusive rights to such trademarks are expressly reserved. All other trademarks are the
property of their respective owners. BlackBerry is not responsible for any third-party products or services.

© 2023 BlackBerry. All Rights Reserved. 19