AI does for security what APAC firms cannot

With a fast-expanding attack surface, enterprises will find it impossible to keep up with the onslaught of cyber attacks targeting their networks without the help of artificial intelligence.

Artificial intelligence (AI) will increasingly play a critical role in helping Asia-Pacific businesses cope with a fast-evolving threat landscape as well as an attack surface that is fast expanding amidst a hyperconnected environment.

Organisations today face several key issues brought on by the adoption of cloud, Internet of Things (IoT), Bring Your Own Device (BYOD), vulnerabilities in IT systems, and insider threats, said Matthew Kuan, Fortinet's Southeast Asia and Hong Kong director of solutions and marketing, at Fortinet's 361 Security 2019 in Singapore. The conference series wrapped up in the city-state following a nine-city roadshow across Asia that included Bangkok, Jakarta, Manila, Yangon, Kuala Lumpur, Ho Chi Minh City, Hanoi, and Hong Kong.

Matthew Kuan Fortinet

Matthew Kuan, Fortinet's Southeast Asia and Hong Kong director of solutions and marketing.

With three billion new devices expected to come online each year, through to 2020, businesses face mounting risks of suffering a security breach, said Kuan. He described the threat landscape as complex, sophisticated, and deceptive, with hackers launching attacks in multiple stages.

In fact, 51% of companies worldwide have been breached over the past 12 months, with 85% taking more than an hour to detect a breach, he said, citing research from FortiGuard Labs. A lot could happen in a single hour, he cautioned, particularly in today's hyperconnected world and the anticipated arrival of 5G networks.

With increased connectivity and the growing number of endpoints and partners across supply chains that need access to networks,

With increased connectivity and a growing number of endpoints and partners across supply chains, the attack surfaces of organisations have increased tremendously, exposing them to more threats of varying nature, he noted.

Enterprises also are adopting new technologies and expanding their businesses at a much faster pace, Kuan said.

He noted that FortiGuard Labs, in each minute, thwarts 57,000 botnet command-and-control attempts, neutralises 52,000 malware programmes, blocks 190,000 malicious websites, and fends off 12 million network intrusion attempts.

At such volumes, it would not be possible to cope and keep up without the necessary tools, he said. FortiGuard Labs, for one, uses AI and machine learning systems to gather and analyse more than 100 billion security events a day.

Kuan said: "It's important enterprises turn to AI and machine learning to enhance their security posture operationally, strategically, and tactically, to counter threats they face. This is also where Fortinet Security Fabric comes into play, providing the broad protection as well as clear visibility across the entire attack surface--including devices, applications, and cloud platforms -- so organisations can effectively identify and counter and mitigate all threats."

This needed to be integrated so different components of various security solutions can operate together in a cohesive and collaborative way to address the risks, he said. "It's also automated to provide better control across the solutions and relieve enterprises of the pressure they face in terms of skills and manpower shortage," he added.

Using AI to augment human capabilities

One Singapore-based company, Keppel Corporation, currently leverages AI across various industries to operate logistics, data centres, shipping, telecommunications, and funds management.

Speaking during a panel discussion at the 361 Security conference, Keppel Corporation's global CIO Jacob Tong said the company uses AI to predict when its equipment is due for maintenance as well as to power its service desk chatbot.

Keppel Corporation CIO Jacob Tong

Keppel Corporation's global CIO Jacob Tong.

He also underscored the importance of using AI to detect irregular movements or behaviours within the network -- a task that can be carried out more effectively by machines than humans.

"Machines are there to augment [human's performance] and take away functions that have less value-add," Tong said.

Fortinet also taps AI and machine learning to create an advanced neural network structure and new techniques for searching beyond known patterns in malware behaviour. This can help its team better identify and protect against new attack tactics and malicious behaviours, said Kuan.

For instance, Fortinet's threat management tools are able to help an organisation detect and stop a rogue employee from moving corporate files outside the network. Fortinet's capabilities in user behavior analysis, powered by AI and machine learning, can also prevent data loss and potential corporate espionage just days before an employee is due to leave the organisation.

Like Fortinet, Orange Business Services also apply AI and machine learning across several areas, according to its Asia-Pacific head of cyber defences, David Allot.

head of cyber defences, David Allot

Orange Business Services Asia-Pacific head of cyber defences, David Allot.

A panellist and speaker at the conference, he said Orange looked at data around communications, such as the kind of traffic passing through its network and the types of communication software service providers used. It then tapped the data to build predictive analytics around cyber attacks, Allot said, adding that the vendor also relied on threat data from its customers.

Such data supported the research carried out by its Computer Emergency Response Team, where it was used to build a holistic view of industry developments and the threat landscape.

Similar to Keppel, Orange also leveraged AI and machine learning to augment its workforce. Doing so enabled security alerts to be automatically analysed and prioritised, so security administrators could focus on alerts that were more critical, he said.

Kuan advised enterprises that might find the process of kickstarting their AI journey daunting to begin small, focusing on what they really need in terms of protecting their key assets. 

Allot added that they also should consider some key issues when looking at AI, including determining the number of machine learning models they need, how these models should be trained and validated, and how often they should be updated.  

Try out Fortinet's new SD-WAN Readiness Assessment Program using CTAP SD-WAN.