3 Reasons Why Companies Are Adopting AI/ML for Threat Intelligence

AI and ML increasingly are being considered in security solutions as a real value-add

There are potential dangers lurking behind every digital corner and, increasingly, each threat becoming more sophisticated and difficult to tackle. Security solutions from the past—which were largely siloed around specific tasks—are no longer strong enough to fight off modern day attacks.

Companies today are also facing other challenges, notably the different types of endpoints being used to access their information. Gone are the days when company data was accessed solely from a desktop computer in a controlled networking environment. Today, files can be stored on the cloud, which are accessed by smartphones, laptops, tablets and smart “things.” In many cases, those devices belong to the end user, not the company, further elevating the risk. As the internet of things (IoT) continues to evolve, so too, will the number of devices that potentially can knowingly or unknowingly provide an open backdoor to a company’s network.

As organizations are forced to face the realities about the shortcomings of their existing security solutions, an evolving set of technologies, notably artificial intelligence (AI) and machine learning (ML), are moving beyond “buzzwords” in industry spaces and are starting to show real potential value around endpoint security processes.

Certainly, these technologies will enable companies to provide a stronger defense against potential attacks. But more importantly, they’ll help companies implement processes that are increasingly more proactive in nature by enabling organizations to identify and stop potential threats before they gain any traction. The sooner companies start building their own databases of intelligence, the better off they’ll be in the long run.

AI/ML in Security

Here are three reasons AI/ML technologies are smart investments for companies looking to strengthen their security practices:

Identify User Behaviors and Patterns for Proactive Detection and Response

Through machine learning, companies are able to identify a set of behavioral patterns for their end users, which allows detection of unusual activity to be flagged early. And while detection itself isn’t all that revolutionary, the ability to automate processes around that detection creates new opportunities in safeguarding.

For example, a U.S.-based employee logging into the corporate network from two distant locations on a Saturday night, such as Asia and South America, could be a red flag for IT administrators, especially if that employee has shown a pattern of mostly logging in from the San Francisco office leading up to Saturday night. Before ML, someone in IT might manually send an email to the end user, inquiring about the incident. But through the power of ML, communications with the end user could happen automatically and instantaneously via email, mobile or text as soon as the flag is raised. Likewise, the network could be designed to take action—a shutdown of access, for example—if the employee doesn’t authenticate within a set amount of time.

The key is that the technology takes security beyond the detection stage and introduces the abilities to respond and remediate before a vulnerability becomes a threat. What’s important to note is that the intelligence around these decisions is hybrid—both human and artificial. Because humans can evaluate the severity of different types of scenarios, as well as the magnitude of the responses, they remain a core part of the ML/AI equation.

Fight Fire with Fire

Just as IT administrators have the opportunity to gain insight into user behaviors by utilizing machine learning and artificial intelligence technologies, so do malicious attackers. Security experts last year reported that phishing attacks are becoming more sophisticated, as well as increasingly targeted and harder to detect. With an estimated 1.4 million new phishing sites created each month, the opportunities for attackers to successfully gain access or otherwise create havoc increases.

Last year’s WannaCry global ransomware attack hit about 300,000 computers around the globe and had a notable impact on Britain’s National Health Service (NHS), as well as Russia’s interior ministry, Chinese universities, Germany’s state railways and other large networks. While it wasn’t even the largest cyberattack in scale, it illustrated the magnitude of the risks around technology security.

As companies begin to recognize that security isn’t just about reacting to the latest attack vector or installing the latest patch, the power of machine learning and its ability to identify, isolate and hopefully eliminate the risks of sophisticated phishing attacks becomes more business critical. Likewise, the ability to implement automated processes as a means of maintaining business continuity becomes a very valuable talking point not just in IT circles but in the C-suites, as well.

The Business Impact

At a forum of CEOs last year, one of the takeaways from the event was the impact of technology on the decisions that business leaders face. Specifically, technology changes were identified by many as the biggest, most disruptive forces facing today’s corporations—and not just on the IT side, but in operations, product development, materials and more.

More often than before, the conversations about technologies and security solutions were held at the IT levels of an organization. Today, those conversations happen across the company, including among executives and board members. They no longer revolve just around technology performance but instead look at dollars and cents, as well as hours and minutes.

That’s where tools and technologies such as analytics come into play. Executives want to see how these products are impacting the company’s bottom line and the visibility they’re providing into the operations. They need to know if their business was targeted in the latest cybersecurity attacks and, more importantly, when the technology did its job and kept the company from becoming a victim of the attack.

Looking Ahead

Traditionally, security has been managed in silos where single solutions managed single issues. Today, security needs to be addressed from a more inclusive approach, one that looks at the entire environment. As the number of end user devices continues to grow and cyberattacks get more sophisticated, companies need to adopt the technologies that allow them to protect themselves without having to constantly deal with tech crises.

Machine learning and artificial intelligence solutions are, admittedly, still in their early stages. But already, they’re highlighting added value by pointing to the power of data, of being able to identify irregularities, address potential pitfalls before any human and show how automated reactions can keep a potential risk from turning into a full-fledged crisis.

Gartner predicts that the use of machine learning in business security will be a normal thing in less than 10 years. It seems fair to say that technologies like ML and AI will continue to add value to businesses in many ways, with information security being one of the biggest.

Sachin Sharma

Avatar photo

Sachin Sharma

Sachin Sharma is a Sr. Product Line Marketing Manager at VMware, where he leads go-to-market efforts for security and analytics in the End-User Computing business unit. He has over 15 years of experience in various pre-sales and IT consulting and systems management roles. He holds degrees in Bachelor of Science in Computer Science and Engineering, and Economics from the University of California at Davis.

sachin-sharma has 1 posts and counting.See all posts by sachin-sharma