- Integrated Systems
- About Us
- Integrated Systems
- About Us
The new, critical role of hybrid HPC and AI in cybersecurity
As cybersecurity analysts get overloaded with security alerts and workflows, hybrid HPC can power AI- and ML-driven security tools that speed risk-mitigation efforts.
Cybersecurity is becoming a superhuman endeavor. The human mind is incapable of tracking, or even noticing, the vast daily volume of cyberattacks. Acknowledging this limitation, security operations (SecOps) teams have started running tools that leverage artificial intelligence (AI) and machine learning (ML) in hybrid high-performance computing (HPC) environments. AI- and ML-driven security tools can spot anomalies and other evidence of attacks invisible to human beings—and to a variety of standalone detection tools.
Unfortunately, attackers are also leveraging AI and ML to enhance their malicious acts. It's an arms race in cyberspace—and hybrid HPC offers a critical advantage to defend your data.
Dealing with security alert overload
SecOps teams must routinely process vast volumes of security alerts. The alerts come from intrusion detection systems (IDSs), security incident event monitoring (SIEM) solutions, and similar tools. The numbers are striking. According to CSO, a FireEye survey of C-level security executives at large enterprises revealed that 37 percent of respondents handle over 10,000 alerts each month. Of these, CSO reported, 52 percent turn out to be false positives. Sixty-four percent are redundant.
Dealing with this deluge of often unhelpful alerts causes stress for SecOps team members. As a Gartner analyst explains: "Many security programs are still overloaded with alerts, and significantly understaffed to deal with them, and [they are] looking for options to lower the noise."
As the threat environment grows more grave and attacks increase, the reality is that human beings simply cannot keep up. People can only give their full attention to a few pieces of information in any one time period. They take breaks. They resign. Unlike AI-driven attacks, they need to sleep once in a while.
Strengthening cybersecurity with AI and ML
Given the obstacles of alert overloads and resource limitations, cybersecurity has turned to automation. Through the use of AI and ML, a new generation of cybersecurity solutions can now let machines do a lot of the heavy lifting of alert processing, among other aspects of SecOps. Unlike people, machines can soldier on continuously.
Gartner highlights AI and ML as a top security trend this year. The firm reported: "By 2025, machine learning (ML) will be a normal part of security practice and will offset some skills and staffing shortfalls." Gartner further states: "We can't escape the fact that humans and machines complement each other, and together they can outperform each alone. Machine learning reaches out to humans for assistance to address uncertainty and aids them by presenting relevant information."
AI and ML help improve security by assessing and correlating the immense amounts of data related to threats, alerts, and other factors. For example, an AI-driven threat intelligence system can quickly identify a threat signature and compare it to other known threats. If the threat is new or deemed to be serious, the system can escalate it to a SecOps analyst. If it's nothing special, it can be relegated to the archive for future comparative analysis.
Machine learning helps analytics-driven cybersecurity solutions become better at spotting and managing threats. As Gartner notes: "ML is better at addressing narrow and well-defined problem sets, such as classifying executable files."
Detecting suspicious data exfiltration is another scenario where ML shines. Anomalies in data transfers can hint at malicious activity. Why, for instance, is an employee uploading files to a cloud drive on the weekend? That might suggest something suspicious. Or, it might not. To determine if the file transfer is part of an attack, the cybersecurity solution must learn the organization and know its patterns before it can spot an anomaly worth highlighting as a potential security incident.
Winning the arms race in cyberspace
Fortunate as SecOps teams may be to have AI- and ML-driven tools to help them protect digital assets, the uncomfortable truth is that the bad guys have all the same advantages—and more. For every innovation in the use of data analytics and ML for security, there's a breakthrough in the use of the technologies for doing harm.
Criminals employ AI and ML to make their attacks as effective as possible. Equipped with advanced analytics and automation, their attack systems scan the globe for exposed digital assets and unleash malware accordingly. AI helps phishing attacks target the right victims, for example. Plus, malicious actors don't have to worry about pleasing customers, patent laws, adhering to maintenance schedules, and a host of other constraints that affect normal organizations. Their bad deeds fund their continuing development efforts and investments in computing infrastructure.
The cybersecurity field is now in the early stages of an arms race between AI-driven security solutions and AI-driven threat vectors. Things don't appear to be getting any easier going forward, either. The explosion of data in the enterprise has made security all the more challenging. As CIO reports, "The growth in the amount and variety of data has led to a concurrent growth in the infrastructure that generates and supports that data. This in turn means a much larger attack surface . . . Intelligent devices that belong to the growing Internet of Things (IoT) expand this attack surface even further." The CIO author then adds: "The continuous digitization of systems and processes exposing enterprise 'surfaces' to the external world exacerbates the risks."
With these increasingly complex challenges, how can the defenders win the cyberarms race? One compelling answer is to amp up the computing power behind the AI- and ML-driven security solutions using HPC environments.
Powering security with hybrid HPC
HPC unlocks the power of AI- and ML-driven security tools through sheer speed. Faster processing translates into more effective threat analysis and security event correlation. Anomaly detection becomes faster and more precise as HPC powers ML processes.
Hybrid HPC will also deliver security advantages as enterprises deal with ever-worsening advanced persistent threats (APTs). APTs are long-term attacks comprising stealthy, continuous computer hacking. They can linger undetected inside systems for months, moving laterally across infrastructure and getting past existing security controls. Highly accurate and rapid event correlation and anomaly detection can help uncover evidence of an active APT.
Security tools running in HPC environments have the potential to shift the long-term advantage to organizations defending against cyberattacks. With carefully architected hybrid HPC environments that often include storage for HPC, AI- and ML-driven cybersecurity tools can scale and adapt to an evolving threat landscape. Implemented the right way, hybrid HPC tilts the cyberarms race against the attacker.
Meet Server Experts blogger Hugh Taylor, president of Taylor Communications, LLC. Hugh has created marketing content for such clients as Microsoft, IBM, SAP, Oracle, Google, and Advanced Micro Devices. While at the IBM Software Group, he developed a unique financial payback model to quantify ROI for social software in the corporate environment, for which he received the Marcom Platinum Award for Whitepaper Writing. As the PR manager for Microsoft's SharePoint Technologies, Hugh was also responsible for generating the "Billion-Dollar Juggernaut" story that helped make SharePoint a high-profile product for the company, generating over 800 pieces of press coverage in one year. Hugh is a certified information security manager (CISM) and lecturer at the University of California, Berkeley's Law School and Graduate School of Information and has authored four books as well as more than a dozen articles on business and technology.
Hewlett Packard Enterprise