June 19th, 2019 by Brian Wakefield
Artificial Intelligence (AI) is becoming one of the cutting-edge tools in the Cyber Security arms race. Criminals are using AI to accelerate the pace of attacks and provide ever more complex campaigns. This adoption of AI by the criminals is mirrored by the emergence of cybersecurity solutions built on a foundation of AI. Our primary cybersecurity partner, WatchGuard, uses AI with the network security portfolio to automate security processes, and enhance your business's ability to respond to emerging threats.
The traditional approaches to protection rely on policies and "signatures" to identify and mitigate attacks. However, these policies and signatures can quickly become obsolete under the ever-increasing pace of changes in the type and frequency of attacks. This can cause a gap in your protection and put a significant burden on your management as the risks to your business increase. The problem only promises to get worse as the criminal adopt the use of more sophisticated approaches, including the use of AI, to circumvent your security.
The strength of AI is its ability to work through large amounts of complex data and perform repetitive tasks that would take a lot of human time and effort. WatchGuard can use AI to save you time, correlate large amounts of data across large data sets, make faster decisions based on the data, minimize human error, and predict future threat trends. This can be used to drastically improve your security posture.
In the past, advanced technologies, like AI, have been in the domain of the large enterprise. These tools have been too costly for the small business or midsize enterprise. WatchGuard has changed that with the inclusion of AI in the portfolio of security products and services they provide. WatchGuard now includes several technologies based on AI to enhance and augment the protection provided for your business. Some of these include the following:
IntelligentAV: This technology, based on AI capabilities from Cylance, allows Watchguard to speed up the detection of threat signatures, evaluate any potential threats, and anticipate how threats may look in the future. This eliminates the lag between detection and applied defense.
APT Blocker: Highly evasive malware strains, also known as Advanced Persistent Threats (APT), have wreaked havoc around the globe. These strains are designed to bypass your security by using polymorphic behavior which changes the malware to look completely unique on each endpoint. WatchGuard's APT Blocker, based on AI technology from lastline, uses self-learning AI throughout the deep inspection process to detect evasive malware by encouraging detonation via a full-system emulation, analyze and score dormant code before it is run, develop baselines and perform anomaly detection, and determine a files status based on a final analysis of behavioral patterns.
ThreatSync: Even with the tools above at your disposal, acting on the data takes precious time as the evaluation of each threat can be a highly manual process. WatchGuard used AI to automate the process by facilitating the threat triage process and accelerating the time to respond. When a threat is identified ThreatSync can automate the response to isolate the infected hosts, quarantine files, delete registry values, and kill any malicious processes. In essence, AI interacts with APT Blocker and ThreatSync to perform the role of a skilled security analyst 24 hours a day, 7 days a week, 365 days a year.
If you would like more information on our managed cybersecurity offerings, or would like to see how BTS can help with your cyber security, please reach out to one of our technical account representatives and they will be glad to help.
Posted in: Newsletter