Tech Insights

How AI technology has become a key solution to secure digital business

Security breaches are consistently making headlines, and legacy monitoring tools are ill-equipped to deal with the problem. AI technology can help.

How AI technology has become a security solution_Bob-Moore_Blog_685198462.jpgWith the number of security breaches on the rise and making headlines, comprehensive security monitoring systems are becoming increasingly important. Yet the adoption of distributed networks, workloads shifting on and off public clouds and the burgeoning Internet of Things have made security monitoring increasingly complex and difficult. Traditional security-monitoring tools simply can't meet the challenges they present.

We are also seeing a rise in the complexity of hacks that are super-charged by AI-enabled algorithms and machine learning techniques. There is a clear requirement for security solutions to incorporate AI and machine learning to stay one step ahead of the attackers. This is why many enterprises have begun turning to AI-enabled technologies and machine learning for help.

The shortcomings of legacy monitoring tools

Legacy security monitoring tools are largely based around triggers and alerts. Triggers are mapped to specific types of events, such as an elevation of privileges or the disabling of a firewall. When a trigger is activated, the security software alerts the IT staff. Depending on the nature of the incident, the software might also run a script designed to prevent further penetration.

But it can be difficult to differentiate between a condition that is worthy of an alert and a benign condition that does not warrant bothering an administrator. If a legacy security tool is overly zealous, it will generate frequent alerts that may eventually go unnoticed as the administrative staff succumbs to alert fatigue especially when trying to filter out the ‘false positive’ alerts. Conversely, a tool that minimizes alerts and that doesn’t identify subtle user and entity behavioral changes indicative of an active attack might overlook a legitimate security incident in process.

Legacy security tools are often unable to detect new never before seen malware variants or new types of advanced cyberattacks so the early stages of an attack may go completely unnoticed. These legacy tools still have an important place yet incorporating AI-based security monitoring tools will help to modernize cyber defenses with sophisticated solutions that close security gaps.

AI technology as a security solution

AI technology can monitor usage patterns and learn what is normal and what isn't. It might be normal, for example, for a particular employee to periodically log into the payroll or industrial control system over a remote VPN. However, if that same employee connects at 3:00 a.m. from a new or unusual location, that might be an indication that a security incident is in process. A monitoring solution that triggers alerts based only on previously known threats might ignore this incident if the intruder had logged in with valid security credentials and did not try to access anything they did not have permissions to view. An attack might not be detected until it is well underway.

An AI-based solution, however, would recognize that this is not normal behavior, and could proactively enact counter measures. Early detection is both critical and a priority. A recent Ponemon Institute study surveyed more than 3,500 IT professionals and found that 70 percent of them place a high value on the ability to detect an attack before it can do damage.

The dangers of IoT

Another reason legacy security monitoring is inadequate for today's complex environments is that such systems generally have little—if any—support for monitoring the increasing number and diversity of IoT devices. Over the past several years, there has been a number of high-profile attacks targeting IoT devices that clearly demonstrate the vulnerabilities introduced by these network connected devices. The Ponemon study found that IT professionals are concerned about the security risks posed by IoT devices with 60 percent of respondents stating that IoT devices are a threat and less than 25 percent assessing that IoT is secure.

Although the Ponemon study paints a concerning picture of the state of IoT security, it also identifies AI as a potential solution to modern security challenges.

Stop attacks before they happen

There are solutions that can monitor vast distributed networks, secure IoT devices, and detect gestating attacks before they can do significant damage. One such leading solution for performing AI-based security monitoring is Aruba IntroSpect.

Using AI-based machine learning (ML), IntroSpect monitors user and entity behavior and network traffic to detect, prioritize, investigate and respond to stealthy attacks. It establishes a baseline of normal behavior, then monitors activity to detect behavior that might indicate malicious intent. If anomalous activity is detected, a risk-based assessment is made using ML-based threat models and contextual alerts are prioritized so that the security team can deal with the most significant threats first.

With our networks becoming more complex and attackers becoming more sophisticated, with some even using AI themselves, it is necessary to adopt a security monitoring solution that is equipped to cope with modern threats.

AI and machine learning–based security solutions, such as Aruba IntroSpect, are a necessary tool to secure complex modern environments. To learn more about what your peers think about addressing modern cybersecurity challenges, check out the Ponemon "Closing the IT security gap" survey and report.

Featured articles

Bob Moore
Hewlett Packard Enterprise

0 Kudos
About the Author


Bob leads the partner software organization for the server division. His team is also responsible for productizing the new HPE security technologies and delivering a comprehensive approach to security across all solutions.

HPE Webinars
Find out about the latest live broadcasts and on-demand webinars
Read more
Online Expert Days
Visit this forum and get the schedules for online Expert Days where you can talk to HPE product experts, R&D and support team members and get answers...
Read more
View all