INTELLIGENT BRANDS // Data Centres
also been talk about machine learning,
artificial intelligence (AI) and security
orchestration. The problem is it hasn’t
been clear how these work together to
improve a company’s security.
surface out anomalies. Automation and
orchestration then provide the ability to
act on these.
Organisations are at different phases
of the security cycle. Many are in
the first stage of providing firewalls,
segmentation and multi-factor
authentication. Some have moved
beyond this and are beginning to build
a baseline, leveraging machine learning
techniques, big data and open source
and commercial tools. Only a few are in
the automation phase.
Another problem is organisations
need a model that addresses practical
challenges, including a shortage of
skilled personnel, growth in attacks,
and manual, siloed processes. People
are asking questions such as how can
we automate, how do we deal with the
API explosion, and what’s the role of
machine learning and AI?
Automate and accelerate
threat mitigation
Organisations that have started to build
their infrastructure have tended to do
so in an ad hoc manner, which may or
may not take them where they want to
be. But one example of the ‘integrated
and automated security architectures’
cited by Gartner is Gigamon’s new
Defender Lifecycle Model, which is
about providing a structured approach
organisations can use to get to their
desired outcome.
Focused on a layer of pervasive visibility
and four key pillars - prevention,
detection, prediction and containment
- the model utilises a security delivery
platform to deliver security services that
can learn, detect, predict and contain
threats. This integrates machine learning,
AI and security workflow automation
to address the speed, volume and
polymorphic nature of network threats,
and automate and accelerate threat
identification and mitigation.
The model provides the intelligence,
scale and flexibility to integrate
with security tools such as firewalls
and intrusion prevention systems
60
INTELLIGENTCIO
powered by
Adrian Rowley is the Technical
Director EMEA for Gigamon
to automate and accelerate threat
containment and mitigation. With it
security professionals can map the role
of technologies involved in the threat
‘kill chain’, gain a better understanding
of security, and understand how to
automate and eliminate human and
process bottlenecks.
How your organisation can benefit
In moving to an automation model you
can begin to address two key challenges:
the skills shortage and responding to
prevent attacks from propagating.
Another advantage is easy data access.
Organisations can get data from routers,
firewalls, endpoints, domain controllers
etc. but the challenge is getting hold of
it. Each of these entities is controlled
by different parts of IT organisations,
and coordinating across these siloed
departments is challenging. Many of
these approaches also add load on the
devices, impacting performance. So,
leveraging network traffic becomes a
shortcut to getting access to content-
rich information.
Machine learning addresses the big data
challenge of security, which is gathering
context from across an infrastructure
and building a baseline; while AI applies
algorithmic techniques on top of that to
There are multiple aspects in which
Gigamon plays into the machine
learning, automation and containment,
and initial hygiene phases. For
example, as machine learning is all
about big data and providing ways to
assimilate volumes of data and build
a baseline, Gigamon provides easy
access to content-rich data allowing
companies to build that baseline. In
terms of automation, the platform
offers an alternative to dealing with
the API explosion by providing a
default API to orchestrate solutions.
If you want to deploy a basic hygiene
technique like firewalls, Gigamon
makes it easy without having to deal
with network maintenance windows
or outages. Gigamon is not only an
enabler of the machine learning, AI,
automation and containment layers;
it’s a foundation upon which enterprise
network defences can be layered and
efficiently leveraged. n
“Another
problem is
organisations
need a model
that addresses
practical
challenges,
including
a shortage
of skilled
personnel,
growth in
attacks, and
manual, siloed
processes.”
www.intelligentcio.com