Self-driving cars may be getting all the attention, but the big impact of artificial intelligence and machine learning in the enterprise is in cybersecurity, and especially in securing data center networks. And given all the threats data centers are facing this year the help is much needed.
According to a recent survey of 400 security professionals by Wakefield Research and Webroot, a cybersecurity vendor, 99 percent of US respondents believe AI overall could improve their organizations’ cybersecurity. And 87 percent report their organizations are already using AI as part of their cybersecurity strategy. In fact, 74 percent of cybersecurity professionals in the US believe that within the next three years their companies will not be able to safeguard digital assets without AI.
AI and machine learning are being used to spot never before seen malware, recognize suspicious user behaviors, and detect anomalous network traffic.
According to the survey, 82 percent of US respondents said AI could spot threats that would otherwise be missed. But finding problems is just the first brick in the defensive wall. Intelligent systems can also spot indicators that pose the biggest threats, suggest actions such as re-imaging servers or isolating network segments, and even carry out remediation actions automatically.
AI can also collect and analyze forensic data, scan code and infrastructure for vulnerabilities, potential weaknesses, and configuration errors, make security tools more powerful easier to use, and learn from experience in order to adapt quickly to changing conditions.
All that has the potential to dramatically improve security and user experience, said David Vergara, head of global product marketing at VASCO Data Security, which provides identity and authentication solutions to more than half of the world's top 100 banks and financial institutions.
Human Security Pros Overwhelmed by Data
There is hype around AI in data centers, he said, but it’s based on real benefits. "It is centered on compelling use cases, ranging from improved situational awareness via trends analysis that drive recommended actions to predicting failures and spotting intrusions through anomalous pattern detection."
One of the biggest strengths of AI and machine learning is its ability to handle large volumes of data very quickly.
"The number of physical and virtual assets in the data center continues to grow," said Manoj Asnani, VP of product and design at Balbix. "Without AI, it is not possible for enterprises to be prepared for continuously evolving attack surfaces."
Humans cannot handle all the information fast enough or react fast enough to address the risks, he said.
Take, for example, manually changing firewall rules when things change in a data center, said Josh Mayfield, director at cybersecurity vendor FireMon. With virtual machines, microsegmentation, and on-demand computing, a data center's configuration can shift faster than humans can keep up.
"The ML and AI capabilities do this on our behalf," he said. "They recognize compliance drifting in the data center, then adjust and write a new firewall rule to pull it back. They pick up a new application that needs to be secured under a set of conditions and automatically write the firewall rule needed to fortify the new app. Something moves from one data center to another -- or within the same data center – [and] they write the new firewall rule."
Measuring Server Heat to Spot Trouble
Intelligent systems can also spot behaviors that are too subtle for humans, said Terry Ray, CTO at cybersecurity vendor Imperva.
For example, AI and machine learning can be used to model hardware temperatures and compare them to typical activities or compare individual users' access times to their peers to spot suspicious anomalies.
The largest and most forward-looking companies will invest heavily in AI expertise in order to get an AI-powered advantage. But even smaller data center operators will benefit because most, if not all, of the top cybersecurity vendors are adding AI to their products.
"If vendors have not yet adopted some form of machine learning into their offerings, they’re likely behind the curve of their peers," said Ray.
This is resulting in a rapid spread of embedded AI and machine learning in security technologies used by data centers. "The IT application of AI and machine learning is growing at a much faster rate than what we have seen previously," he said.