Looking at popular fiction in books and cinema, we’ve all been expecting that by the 21st century AI will have advanced to the point of fully functioning self-aware machines. Reality, however, shows a different picture.

For every amazing Boston Dynamics robots video published, there are numerous videos and news articles showing epic failures of robots, image recognition algorithms and other AI based systems.

In this presentation, given during Voxxed Days Athens 2019, I survey the development of AI across multiple fields, see the progresses made, but more importantly, the problems scientists and engineers are still facing today, and how they are planning to solve them (if they can at all).

Last week I had the pleasure and honor to present at the first ever Haiti Cybercon conference, paving the path to a thriving infosec community in Haiti and the region.

Alongside many talented and notable guests, I talked about the rise of Machine Learning and Artificial Intelligence, how it’s used in cyber defense, but more importantly – how it’s being used by the adversaries.

Last week I was invited to appear on France24’s “The Debate”, as a part of a panel of experts talking about the recent NotPetya Ransomware attack.

You are welcome to watch the full episode here.

If you could take a look into the security playbook of most large companies in the world, it would probably say that in case of a serious infection, let’s say a ransomware, the first thing you should do is contain the problem – you want to disconnect the machine so the infection doesn’t spread, and rush it over to the experts that will do a forensic analysis to figure out what happened: when, how, why and hopefully who was behind the attack. The user, in most cases, will quickly get a replacement machine, and will forget all about the incident. Operations of the company, as a whole, will not be disrupted¹. This is how it works for large companies, but when it happens in smaller ones, the story is completely different.

One April morning we got an urgent call from one of our clients, telling us that one of their computers had a “very scary” notification on the screen, and that the employee using that computer could no longer work. Read more →

 One of the most frequently asked questions I get from our eCommerce clients is if they should install an SSL certificate on their website. The short answer I give them is yes. The long answer is: “Yes! Please do! The sooner the better!” More than that, it’s the same answer I would give any client, eCommerce or not, or for that matter, anyone running any website. Read more about it at https://www.linkedin.com/pulse/ssl-yourself-yul-bahat-cissp

One of the main stories the previous week in cyber security is the hacking and the leaking of information from the website vDos, leading to the arrest of its (alleged) operators – two Israeli teenagers – following an international warrant issued by the FBI.

vDos, for those of you who are not familiar with it, was a “booster” service, or in other words – A DDaaS – Distributed Denial of Service (DDoS) as a Service. For a certain fee, depending on your requirements in terms of attack length and volume, you could hire the service’s network of dummy machines to conduct a full scale denial of service attack.

Read more about it at https://www.linkedin.com/pulse/ready-here-i-come-you-ddos-yul-bahat-cissp

It has been said before, by me and by others, but apparently not loud enough and not clear enough. It is time somebody comes up and say it —

Detection is Dead.

If you rely solely on detection mechanisms, hoping that one of them detect malicious content before allowing it to enter your network — your network is compromised, and someone that is not supposed to is currently going through your corporate secrets.

It’s time you move on to a new way of thinking about cyber security — isolation.

Read more about it at https://www.linkedin.com/pulse/detection-dead-yul-bahat-cissp