Intelligent CIO Middle East Issue 24 | Page 60

INTELLIGENT BRANDS // Data Centres also been talk about machine learning, artificial intelligence (AI) and security orchestration. The problem is it hasn’t been clear how these work together to improve a company’s security. surface out anomalies. Automation and orchestration then provide the ability to act on these. Organisations are at different phases of the security cycle. Many are in the first stage of providing firewalls, segmentation and multi-factor authentication. Some have moved beyond this and are beginning to build a baseline, leveraging machine learning techniques, big data and open source and commercial tools. Only a few are in the automation phase. Another problem is organisations need a model that addresses practical challenges, including a shortage of skilled personnel, growth in attacks, and manual, siloed processes. People are asking questions such as how can we automate, how do we deal with the API explosion, and what’s the role of machine learning and AI? Automate and accelerate threat mitigation Organisations that have started to build their infrastructure have tended to do so in an ad hoc manner, which may or may not take them where they want to be. But one example of the ‘integrated and automated security architectures’ cited by Gartner is Gigamon’s new Defender Lifecycle Model, which is about providing a structured approach organisations can use to get to their desired outcome. Focused on a layer of pervasive visibility and four key pillars - prevention, detection, prediction and containment - the model utilises a security delivery platform to deliver security services that can learn, detect, predict and contain threats. This integrates machine learning, AI and security workflow automation to address the speed, volume and polymorphic nature of network threats, and automate and accelerate threat identification and mitigation. The model provides the intelligence, scale and flexibility to integrate with security tools such as firewalls and intrusion prevention systems 60 INTELLIGENTCIO powered by Adrian Rowley is the Technical Director EMEA for Gigamon to automate and accelerate threat containment and mitigation. With it security professionals can map the role of technologies involved in the threat ‘kill chain’, gain a better understanding of security, and understand how to automate and eliminate human and process bottlenecks. How your organisation can benefit In moving to an automation model you can begin to address two key challenges: the skills shortage and responding to prevent attacks from propagating. Another advantage is easy data access. Organisations can get data from routers, firewalls, endpoints, domain controllers etc. but the challenge is getting hold of it. Each of these entities is controlled by different parts of IT organisations, and coordinating across these siloed departments is challenging. Many of these approaches also add load on the devices, impacting performance. So, leveraging network traffic becomes a shortcut to getting access to content- rich information. Machine learning addresses the big data challenge of security, which is gathering context from across an infrastructure and building a baseline; while AI applies algorithmic techniques on top of that to There are multiple aspects in which Gigamon plays into the machine learning, automation and containment, and initial hygiene phases. For example, as machine learning is all about big data and providing ways to assimilate volumes of data and build a baseline, Gigamon provides easy access to content-rich data allowing companies to build that baseline. In terms of automation, the platform offers an alternative to dealing with the API explosion by providing a default API to orchestrate solutions. If you want to deploy a basic hygiene technique like firewalls, Gigamon makes it easy without having to deal with network maintenance windows or outages. Gigamon is not only an enabler of the machine learning, AI, automation and containment layers; it’s a foundation upon which enterprise network defences can be layered and efficiently leveraged. n “Another problem is organisations need a model that addresses practical challenges, including a shortage of skilled personnel, growth in attacks, and manual, siloed processes.” www.intelligentcio.com