Security breaches are consistently making headlines, and legacy monitoring tools are ill-equipped to deal with the problem. AI technology can help.
We are also seeing a rise in the complexity of hacks that are super-charged by AI-enabled algorithms and machine learning techniques. There is a clear requirement for security solutions to incorporate AI and machine learning to stay one step ahead of the attackers. This is why many enterprises have begun turning to AI-enabled technologies and machine learning for help.
The shortcomings of legacy monitoring tools
Legacy security monitoring tools are largely based around triggers and alerts. Triggers are mapped to specific types of events, such as an elevation of privileges or the disabling of a firewall. When a trigger is activated, the security software alerts the IT staff. Depending on the nature of the incident, the software might also run a script designed to prevent further penetration.
But it can be difficult to differentiate between a condition that is worthy of an alert and a benign condition that does not warrant bothering an administrator. If a legacy security tool is overly zealous, it will generate frequent alerts that may eventually go unnoticed as the administrative staff succumbs to alert fatigue especially when trying to filter out the โfalse positiveโ alerts. Conversely, a tool that minimizes alerts and that doesnโt identify subtle user and entity behavioral changes indicative of an active attack might overlook a legitimate security incident in process.
Legacy security tools are often unable to detect new never before seen malware variants or new types of advanced cyberattacks so the early stages of an attack may go completely unnoticed. These legacy tools still have an important place yet incorporating AI-based security monitoring tools will help to modernize cyber defenses with sophisticated solutions that close security gaps.
AI technology as a security solution
AI technology can monitor usage patterns and learn what is normal and what isn't. It might be normal, for example, for a particular employee to periodically log into the payroll or industrial control system over a remote VPN. However, if that same employee connects at 3:00 a.m. from a new or unusual location, that might be an indication that a security incident is in process. A monitoring solution that triggers alerts based only on previously known threats might ignore this incident if the intruder had logged in with valid security credentials and did not try to access anything they did not have permissions to view. An attack might not be detected until it is well underway.
An AI-based solution, however, would recognize that this is not normal behavior, and could proactively enact counter measures. Early detection is both critical and a priority. A recent Ponemon Institute study surveyed more than 3,500 IT professionals and found that 70 percent of them place a high value on the ability to detect an attack before it can do damage.
The dangers of IoT
Another reason legacy security monitoring is inadequate for today's complex environments is that such systems generally have littleโif anyโsupport for monitoring the increasing number and diversity of IoT devices. Over the past several years, there has been a number of high-profile attacks targeting IoT devices that clearly demonstrate the vulnerabilities introduced by these network connected devices. The Ponemon study found that IT professionals are concerned about the security risks posed by IoT devices with 60 percent of respondents stating that IoT devices are a threat and less than 25 percent assessing that IoT is secure.
Although the Ponemon study paints a concerning picture of the state of IoT security, it also identifies AI as a potential solution to modern security challenges.
Stop attacks before they happen
There are solutions that can monitor vast distributed networks, secure IoT devices, and detect gestating attacks before they can do significant damage. One such leading solution for performing AI-based security monitoring is Aruba IntroSpect.
Using AI-based machine learning (ML), IntroSpect monitors user and entity behavior and network traffic to detect, prioritize, investigate and respond to stealthy attacks. It establishes a baseline of normal behavior, then monitors activity to detect behavior that might indicate malicious intent. If anomalous activity is detected, a risk-based assessment is made using ML-based threat models and contextual alerts are prioritized so that the security team can deal with the most significant threats first.
With our networks becoming more complex and attackers becoming more sophisticated, with some even using AI themselves, it is necessary to adopt a security monitoring solution that is equipped to cope with modern threats.
AI and machine learningโbased security solutions, such as Aruba IntroSpect, are a necessary tool to secure complex modern environments. To learn more about what your peers think about addressing modern cybersecurity challenges, check out the Ponemon "Closing the IT security gap" survey and report.
Featured articles
- AI by the numbers
- Want to know the future of technology? Sign up for weekly insights and resources
Bob Moore
Hewlett Packard Enterprise
twitter.com/HPE_Servers
linkedin.com/showcase/hpe-servers-and-systems/
hpe.com/servers
Bob_Moore
Bob leads the partner software organization for the server division. His team is also responsible for productizing the new HPE security technologies and delivering a comprehensive approach to security across all solutions.
