Intelligent automation and predictive analytics will be integral to all security frameworks in large enterprises. But SMBs need not be left out.
Despite the huge inroads made through computer-aided automation through the decades, the demands of incessant technological progress have outpaced how businesses have coped with efficiency. It used to be that many functions and responsibilities could only be performed and handled by human hands and limbs. Now, with robotics driven by artificial intelligence and IoT, efficiency has taken on new meaning.
Similarly, the same technological progress has created new opportunities for tightening network security. No doubt, human oversight will still be needed to ensure infrastructural planning and maintenance, but people like Jeff Yeo, Regional Security Category Manager, at Aruba APJ, see the human-AI bridge as the key to enhancing network security in large organizations, while also preserving the personal touch in providing quality services and customer experiences.
Here are some network security insights that CybersecAsia gleaned from an interview with Yeo:
Q. Where does machine learning stand in network security?
Yeo: In general, networking has come a long way, and naturally, so has security. In the past, security technologies were designed for yesterday’s threats, but in today’s environment where sophisticated and targeted attacks happen frequently, there is a need for advanced technology and robust networking solutions to not just deal with the volatile threat landscape but to future proof networks.
The use of machine learning for network security is today’s life saver and will continue to be the future of security operations. Machine learning is not a new technology, however its application is new in the security environment, and is quickly becoming a best practice for many enterprise security teams.
In the modern context, machine learning is a fresh approach that gives security and IT teams an integrated way to gain visibility into the precursor of an impending cybersecurity incident, and advanced threat defense, and it should be viewed as an integral part of the enterprise security framework.
Q. Where are the blind spots in today’s IoT-driven networks?
Yeo: With the growing number of IoT devices and cloud services, the common question asked is whether networks can be advanced enough to connect all types of devices and users, given that many legacy wired and wireless networks were created without business-critical mobility, IoT access or security in mind. As such security and network professionals might not be able to have full visibility over what’s inside their networks, often creating bottlenecks that can degrade network performance.
Take the healthcare sector for example. With companies gearing to improve operational efficiency and customer experience in institutions, the healthcare technology market alone is estimated to be worth US$612 billion in 2024. In the area of healthcare, innovations that rely on hyper-connectivity help ensure that patients receive continued monitoring and care to avoid re-admission after they’ve been discharged. For instance, critical applications like Epocrates that rely on wireless technology are moved to the 5 GHz band, away from the noisier 2.4 GHz band, for enhanced coverage and capacity.
It also speaks volumes about how far healthcare has come that the mobile opportunity is not just in the area of clinical and administrative care, but in the area of patient experience, where enterprise-grade networks are providing a mobile-first experience commensurate with the best in hospitality. Epworth Healthcare, a not-for-profit healthcare group in Victoria, Australia, deployed advanced solutions to administer both wired and wireless systems, enabling the performance of more than 78,000 operations across seven facilities. Meanwhile, the group’s patients are no longer consigned to craning their necks at the TV set suspended in one corner of the room. Instead, patients (and their families) waiting their turn can enjoy their favorite streaming or entertainment service, or even get some work done.
Q. What do CISOs need to look out for in machine learning and user and entity behavioral analytics (UEBA)? And how can machine learning be a force multiplier in the effort to detect and secure the network, amplifying the capabilities of security, reducing risk, while increasing efficiency and productivity?
Yeo: Decision makers are now confronted by a new wave of UEBA products featuring machine learning and other analytics techniques to find and respond to attacks that have evaded their defenses. While the underlying technology is complex and mathematically arcane, there is an expanding set of successful ML/UEBA installations that point to an increasing mainstream role for these new products.
User behavior analytics look at data inside your organization and essentially, CISOs need to successfully protect their organizations. What this means for CISOs is ensuring their analyst teams are empowered with new threat hunting capabilities.
However, the trouble today lies with the fact that IoT adoption is outpacing critical security and compliance best practices in favor of short-term business outcomes. This presents a huge challenge when many such devices are produced by a diverse field of vendors that feature generic hardware and software (for instance, Raspberry Pi), making them hard to decipher, essentially becoming blind spots that are hard to identify and accurately profile.
Through machine learning, for instance, in Aruba ClearPass Device Insight, the solutions we are enacting are aligned with the IoT Cyber Security foundational concepts outlined by Singapore’s Infocomm Media Development Authority (IMDA). Through this technology, we are enabling both active and passive discovery methods in order to identify and profile a wider range of device types to help CISOs gain the kind of network visibility they need. Furthermore, increasingly, we have the ability to enhance this through the use of Deep Packet Inspection (DPI) to provide additional context and behavioral information to accurately identify hard-to-detect devices.
In terms of threat identification, we need a more nuanced approach versus the traditional (and binary) way of identifying traffic as good or bad, and whether users are blocked or authorized. This approach acknowledges that most attackers are aware of the arsenal of tools used to detect their telltale attack signatures. As such, it will be able to deal with a world of “gray” so that small signals are detected and put in context over time to determine the kind of harm posed by these signals—whether these are “low and slow” threats, for instance.
In Singapore, the Singapore Management University (SMU) campus uses this technology for network policy management and guest access to augment the Mobile-Defined Networks architecture deployed to enhance wireless network support across 99% of its entire city campus. The network not only serves more than 8,000 students, faculty members, and guests, but hosts the world-class research (including complex simulations) being carried out there.
With such solutions in place, SMU can easily prevent unauthorized network access and also ensure devices that are on its network are compliant with the university’s policies. Meanwhile, this has also allowed SMU to launch eduroam, a secured, global roaming wireless internet access service developed for the international education community. Visiting staff and students from the program can easily use their own institution’s student ID and password for easy access on the network.
Q. What are the latest breakthroughs/best practices in secure connectivity are available to SMBs?
Yeo: Typically, when small medium business (SMB) owners are in the decision-making phase to set up an ideal Wi-Fi solution, they are often torn between investing a significant amount of their budget to install a business-grade Wi-Fi solution, or making do with a much more limited home network solution.
Understanding business needs unique to SMBs, earlier this year, the market has seen Aruba’s first-ever business grade Wi-Fi product for the SMB market. This is a breakthrough as what we have essentially done is take the core feature set built for our existing enterprise audience and translated it into a more accessible package for SMBs. That is the enterprise-grade security and analytics that small businesses increasingly desire. All this, plus simple management and set-up, mobile-first product design, and a flexible pricing model.