AI Revolutionizes Network Security: Insights from Black Hat USA 2024

AI transforms network security amid remote work challenges - SiliconANGLE

AI transforms network security amid remote work challenges The world of network security is being greatly impacted by artificial intelligence, the rise of the data lake and the ramifications of a pandemic that forced companies to adopt a remote work model. Hewlett Packard Enterprise Co. recently acquired Juniper Networks to meet this tough transition in cybersecurity, with an emphasis on deploying AI. "It's a tough life to be a CISA right now ... our thesis is that it's really about AI. It's really about taking the things that we can do as HPE Aruba Networking, leverage our network background, the switches we have, the APs we have, the intelligence that we have put into these devices," said John Spiegel (pictured), SASE field chief technology officer at HPE. "How do we leverage those and take the telemetry from those devices, put it into our central platform, and then start to provide insights, recommendations, understand what the device does, what is its meaning, what is its purpose, what's the why behind it, and then start to apply policy or at least recommend policy based on that?" Spiegel spoke with theCUBE Research's John Furrier at the Black Hat USA event, during an exclusive broadcast on theCUBE, SiliconANGLE Media's livestreaming studio. They discussed how AI is changing cybersecurity and network architecture. (* Disclosure below.) The cybersecurity space is experiencing a workforce shortage due to the rise of AI and the expansion of the Internet of Things. This IoT network encompasses connections between devices embedded in everyday objects and the cloud. "We're seeing a proliferation of devices. And it's not just within the factories or manufacturing, it's actually in the office itself ... that is one of the biggest challenges right now in my mind," Spiegel. "We can start to leverage AI to target, understand, profile these devices but then make sense of it. The humans have a hard time at scale, and I think that's really where the opportunity is." Since the pandemic, many workers have continued to stay remote, prompting a shift in network security. Team members have to be protected on their devices and when they visit a campus, but figuring out how to construct a network that is fully secured is a complex task. "Network's all about optimizing, making things faster, moving those packets as quickly as possible from point A to point. B. Security, on the other hand, is all about looking at it, inspecting it, understanding the risk ... you got to really kind of bring them together," Spiegel said. "And inserting what I call legacy devices inside there that basically inspect them all the time, I think is the wrong approach. We got to work together. And that's really where we feel there's an opportunity and an advantage to leverage tools like AI." HPE has developed a Network Detection Response technology that uses telemetry from its network's data lake to train AI models for securing edge devices. This innovation enhances coverage across a campus and its branches. "There's a huge opportunity right now to rethink the network from a data center layer perspective. You need low latency, you need non-blocking to make AI successful, and then you start to see what happens next. The AI co-pilots are now moving over to laptops and those PC devices," he said. "Then tying it together with a centralized control mechanism like we have with HPE Aruba Networking. And it also starts to address some of the challenges with the workforce."

Darktrace AI: Leading the charge in advanced cybersecurity defense - SiliconANGLE

Darktrace AI: The vanguard of cyber defense based on continuous learning and advanced threat detection Even though artificial intelligence has incredible potential to augment the current cyber workforce and expand situational awareness, comprehensive integrations are needed for enhanced visibility, as evidenced by Darktrace AI, that continuously learns daily business operations. As the speed, efficacy, sophistication and scale of cyber attacks continues to grow, Darktrace AI easily spots abnormality by boosting incident detection, cyber resilience and threat vulnerability prioritization since it continuously learns the unique digital fingerprint of a business in real time, according to Nicole Carignan (pictured), vice president of strategic cyber AI at Darktrace Holdings Ltd. "We already have an incredible unsupervised machine learning engine that understands the entire digital estate across multiple domains," Carignan said. "We use graph theory with infection-based modeling to understand which assets are the most exposed, vulnerable, damaging or critical, and prioritizing that to nest hardening mitigations. We had two customers who were observing anomalous activity on their Palo Alto firewalls because we had such a great technical integration with them." Carignan spoke with theCUBE Research's Savannah Peterson at the Black Hat USA event, during an exclusive broadcast on theCUBE, SiliconANGLE Media's livestreaming studio. They discussed why continuous learning is crucial for enhanced cyber resilience, as evidenced by Darktrace AI. It is fundamental to recognize that humans cannot be the last line of defense when it comes to deepfakes. This is because a National Institutes of Health study showed that humans have a 50% accuracy of detecting deepfake imagery, presenting a strong case for machine-learning tools, such as Darktrace AI, Carignan stated. "We really need to facilitate the use of targeted machine learning techniques that could be accomplished at detecting anomalous behavior," she said. "There are RNNs and CNNs, neural networks that can be trained on pattern recognition of facial signals and biological signals that could help facilitate the detection of deepfakes. We can't rely on humans to be that defense, we need to augment them with machine learning techniques and detection." Cyber crime as a service continues to explode as showcased by Darktrace's latest threat report. As a result, it will take a growing arsenal of defensive AI to effectively protect organizations in the age of offensive AI, making Darktrace AI important, according to Carignan. "Third year in a row, cyber crime-as-a-service, ransomware-as-a-service, malware-as-a-service were the highest," she stated. "We're starting to see this global shift across different countries, where they're starting to regulate whether or not you can pay ransoms anymore. This is going to drastically impact the economic ecosystem for financially motivated threat actors." Phishing attacks' efficacy and volume are growing exponentially. This is because threat actors are using more sophisticated tactics, techniques and procedures designed to evade traditional security parameters, Carignan pointed out. "We saw in the first six months of this year over 17 million phishing emails across our customer fleet," she explained. "Thirty three percent of them had very sophisticated social engineering to include multiple types of phishing that go well beyond the inbox-like teams phishing, dropbox phishing, QR phishing."