Network managers are about to add a powerful new security technology to their toolbox: artificial intelligence.
AI promises the ability to analyze vast volumes of data without having a human around, says Shing-hon Lau, senior AI security researcher at Carnegie Mellon University’s Software Engineering Institute, in an email interview. “AI can be targeted toward automating routine processes, freeing humans to analyze complex threats, or by trying to detect novel threats by rapidly analyzing large quantities of data.”
The primary differentiator AI brings to the table is the ability to analyze large amounts of data and identify event patterns and correlations of that simply aren’t feasible for a human, says Marc Herren, a director at technology advisory and research firm ISG, via email. “Over time, AI can recognize the start of a pattern and provide predictive alerts allowing network and security administrators to take corrective actions before an incident happens.”
Why AI is a good fit
Due to the fact that network security involves lots of data, AI is particularly well-suited for vital infrastructure protection. “When you have large amounts of data, you can have a high rate of false positives,” says Sushila Nair, vice president and head of the North American cybersecurity practice at business advisory firm Capgemini, in an email interview.
AI can also be used in network segmentation, isolating critical networks and decreasing an attack’s the overall blast radius. “This approach is an important step in a zero-trust framework,” Nair says. AI-powered micro-segmentation provides organizations with segmentation recommendations based on network traffic. It accomplishes this task by detecting overly permissive rules so that companies can segment based on application usage and asset criticality, which helps in limiting an attack’s scope.
AI at the edge
AI can analyze network traffic using deep packet inspection at a speed that human analysts simply can’t match. “AI can crunch through the volumes of data rapidly to identify both external and internal threats,” Nair says. “Since network data tends to be especially voluminous, AI is pivotal for this use case.”
Understanding network traffic helps network managers detect threats. “It allows you to establish governance over the type of traffic that’s going through your network,” Nair says. “A cloud access security broker (CASB), for instance, allows you to understand if there’s traffic going to high-risk SaaS applications or if there’s data exfiltration.” Meanwhile, AI-powered micro-segmentation tools allow network changes to be made easily and quickly.
A growing number of security and network technology vendors are now incorporating AI into their products to provide anomaly and threat detection capabilities. Enterprises should take advantage of such features, Herren says. “For a holistic solution, organizations should also consider independent AI tools that can integrate across multiple vendor solutions and network layers and segments.”
An integrated solution
AI-powered network detection and response (NDR) solutions are particularly useful since they can detect malware, hidden attacks, and anomalies across networks, Nair says. Combined with security information and event management (SIEM) and security orchestration, automation, and response (SOAR), an NDR can be part of an integrated solution powered by AI that not only detects attacks but can enable automated responses.
Dynamic microsegmentation is critical for containing cyberattacks by preventing attackers from moving laterally, Nair says. “CASBs can use network-driven AI to enable visibility and control over data as well as users in cloud applications,” she explains. “You can, therefore, gain an understanding of who is using what SaaS application and if that application is high risk or unsanctioned by the organization.”
Getting started with AI network security
The best way to get started with AI network security is by using the technology to supplement existing tools and processes. “AI takes time and lots of data to become effective, and engineers need to refine and validate AI models before an organization can be confident in the accuracy of the analytics,” Herren says.
Understand your key assets and your risks, Nair advises. “Set the goals for what you want to achieve with AI-driven network security so you understand how it will add value to the business,” she recommends. “Is it being used for faster detection times, faster response times, or is there another business driver?”
Nair suggests beginning with a pilot project. “Integrate it with your cybersecurity ecosystem,” she says. “Depending on the use case, you may wish to integrate it with your SIEM and SOAR solution or other cybersecurity tools,” Nair suggests. AI-powered tools often require some fine-tuning. “Review the results against your project goals and plan for expansion if the pilot outcomes achieved the stated goals.”
The human touch
AI isn’t foolproof, and human judgment will continue to complement AI technology in network management, Nair says. In its current state, AI still requires a human to monitor and fine-tune operations. “The AI model consumes large amounts of data, some of it with privacy implications, so ensure you have a good governance and assurance process for introducing AI into your environment,” she recommends. “As your network grows, you may need to upgrade your AI system since the amount of data requiring analysis will increase.”
A fundamental understanding of AI technology is critical to help dispel the hype and fanfare, Lau says. “AI isn’t magic—it’s a tool that’s suitable for use in some circumstances,” he observes. “Figuring out whether your specific circumstance is one where AI can help requires at least a base level of understanding about how AI works.”
Related articles:
Leave a Reply