Building a Serverless Security Framework on GCP

Transcript

1. © Okta, Inc. and/or its affiliates. All rights reserved. DATA

   CLASSIFICATION: OKTA, INC. PUBLIC Building a Serverless Security Framework on GCP Goran Minov Senior Technical Account Manager, Okta

2. © Okta, Inc. and/or its affiliates. All rights reserved. DATA

   CLASSIFICATION: OKTA, INC. PUBLIC Agenda 01 What is phishing? 02 Framework requirements 03 Framework design 04 Framework implementation

3. © Okta, Inc. and/or its affiliates. All rights reserved. DATA

   CLASSIFICATION: OKTA, INC. PUBLIC What is phishing? What is phishing? Framework requirements Framework design Framework implementation

4. © Okta, Inc. and/or its affiliates. All rights reserved. DATA

   CLASSIFICATION: OKTA, INC. PUBLIC Acquire sensitive personal data Pretend to be a known page Step-by-step attack Malicious purposes Phishing

5. © Okta, Inc. and/or its affiliates. All rights reserved. DATA

   CLASSIFICATION: OKTA, INC. PUBLIC There is a relationship between phishing and the presence of: ❏ Urgency ❏ Authority ❏ Very long URLs ❏ Unsolicited emails ❏ Incredible “deals” ❏ Financial information request Propositions

6. © Okta, Inc. and/or its affiliates. All rights reserved. DATA

   CLASSIFICATION: OKTA, INC. PUBLIC What is phishing? Framework requirements Framework requirements Framework design Framework implementation

7. © Okta, Inc. and/or its affiliates. All rights reserved. DATA

   CLASSIFICATION: OKTA, INC. PUBLIC Monitor for new emails within the user mailbox Label the newly received email Extract the email content Predict and check if the email content is safe Provide feedback Functional requirements

8. © Okta, Inc. and/or its affiliates. All rights reserved. DATA

   CLASSIFICATION: OKTA, INC. PUBLIC • Register for the Framework by following the instructions • Deployed on the Google Cloud Platform. • The user should provide access to their email account within a web browser • The email access request should clearly state the access scope needed • The initial email labelling should take a maximum of 2 seconds when a new email is received • The Phishing Email Framework should take no longer than 10 seconds to provide an outcome Non-functional requirements

9. © Okta, Inc. and/or its affiliates. All rights reserved. DATA

   CLASSIFICATION: OKTA, INC. PUBLIC What is phishing? Framework design Framework requirements Framework design Framework implementation

10. © Okta, Inc. and/or its affiliates. All rights reserved. DATA

    CLASSIFICATION: OKTA, INC. PUBLIC ➔ Gmail ➔ Pub/Sub ➔ Cloud Run Functions ➔ Auto ML Architecture

11. © Okta, Inc. and/or its affiliates. All rights reserved. DATA

    CLASSIFICATION: OKTA, INC. PUBLIC

12. © Okta, Inc. and/or its affiliates. All rights reserved. DATA

    CLASSIFICATION: OKTA, INC. PUBLIC What is phishing? Framework implementation Framework requirements Framework design Framework implementation

13. © Okta, Inc. and/or its affiliates. All rights reserved. DATA

    CLASSIFICATION: OKTA, INC. PUBLIC URLs 95,895 URLs dataset 48,007 legitimate 47,891 phishing Email 52,162 messages dataset 31,519 legitimate 20,643 phishing Natural Language Models

14. © Okta, Inc. and/or its affiliates. All rights reserved. DATA

    CLASSIFICATION: OKTA, INC. PUBLIC 99.58% precision and 95.09% recall URLs Model

15. © Okta, Inc. and/or its affiliates. All rights reserved. DATA

    CLASSIFICATION: OKTA, INC. PUBLIC 99.41% precision and 98.45% recall Messages Model

16. © Okta, Inc. and/or its affiliates. All rights reserved. DATA

    CLASSIFICATION: OKTA, INC. PUBLIC Authorisation Cloud Functions

17. © Okta, Inc. and/or its affiliates. All rights reserved. DATA

    CLASSIFICATION: OKTA, INC. PUBLIC Email Cloud Functions

18. © Okta, Inc. and/or its affiliates. All rights reserved. DATA

    CLASSIFICATION: OKTA, INC. PUBLIC newEmailWatch

19. © Okta, Inc. and/or its affiliates. All rights reserved. DATA

    CLASSIFICATION: OKTA, INC. PUBLIC emailDomain

20. © Okta, Inc. and/or its affiliates. All rights reserved. DATA

    CLASSIFICATION: OKTA, INC. PUBLIC emailBody

21. © Okta, Inc. and/or its affiliates. All rights reserved. DATA

    CLASSIFICATION: OKTA, INC. PUBLIC emailOutcome

22. © Okta, Inc. and/or its affiliates. All rights reserved. DATA

    CLASSIFICATION: OKTA, INC. PUBLIC

23. © Okta, Inc. and/or its affiliates. All rights reserved. DATA

    CLASSIFICATION: OKTA, INC. PUBLIC Labelled emails

24. © Okta, Inc. and/or its affiliates. All rights reserved. DATA

    CLASSIFICATION: OKTA, INC. PUBLIC Results and Analysis

25. © Okta, Inc. and/or its affiliates. All rights reserved. DATA

    CLASSIFICATION: OKTA, INC. PUBLIC Results and Analysis