At a time when companies face increasingly frequent and sophisticated cyber attacks, artificial intelligence (AI) offers a level of protection that neither humans nor conventional systems can achieve.
Besides Jean-François Vaillancourt, the founding president of NETsatori, the NETsatori team boasts global experts in cybersecurity technologies, including Maxime Mourand, the only specialist in Quebec and one of the few in Canada to hold the ACCX certification (see our interview with Maxime).
When you talk about security and artificial intelligence with these experts, the conversation quickly turns to IntroSpect, Aruba’s User and Entity Behavior Analytics (UEBA) solution.
“There are a few very good UEBA-type cybersecurity solutions on the market that can offer excellent cyber defence in certain contexts,” explains Jean-François Vaillancourt. “There is no question, however, that IntroSpect presently stands out from the crowd. The speed and efficiency of its Machine Learning analyses are simply breathtaking.”
Now how does this type of solution work, in the real world?
A concrete example
Take Pierre, for example, who works as a junior broker for a large insurance company. In the last few days, he’s been consulting documents from the marketing department on a regular basis – outside of working hours. He has also downloaded several meeting minutes from the product design team.
With conventional security systems such activities, on the part of an apparently irreproachable and highly motivated employee, go completely unnoticed.
IntroSpect, however, will detect an anomaly and immediately raise a red flag.
There are three possible scenarios here.
- Pierre’s new director has asked him to gather background information for a sales meeting on new product sales techniques.
- His account has been hacked and someone is using it to break into the intranet and retrieve company secrets.
- He is involved in industrial espionage for a competitor.
Once alerted by IntroSpect, an analyst from the company’s security department will review the case the solution has built in real time, pursue further investigation and take immediate action if necessary.
Reading subtle signs
IntroSpect uses artificial intelligence to spot very faint signals which – much like the tiny vibrations that precede an earthquake – may indicate that an unauthorized operation is taking place way below the surface.
This involves analysing and combining the data [PDF] from multiple sources: end-points, traffic, bandwidth, IP addresses, user activities, etc. “The Machine Learning system uses this data to create a dynamic portrait of each user, each piece of equipment, each IP address, etc., thus developing a clear understanding of what constitutes ’normal’ behaviour for each source,” says Jean-François Vaillancourt.
“It compares each person’s activities over time, but also in relation to their peers and their group,” explains Jean-François Vaillancourt. “For example, if several of Pierre’s direct colleagues have viewed the same marketing documents during the same period, IntroSpect is unlikely to react, even if it is an unusual activity.”
Aruba’s AI uses over 100 algorithms that are enriched and refined as new risks are identified, resulting in highly sophisticated analyses.
Clearpass, a tool to complement Introspect
Finally, Jean-François Vaillancourt believes that any organization that wants to have an in-depth 360° view of its network’s activities should use both IntroSpect and ClearPass: “We can detect the very first signs of an attack, sometimes even before it takes place, then accelerate the investigation process in the event of an alert, and finally step in immediately – and automatically, in certain cases – to block a user or quarantine him or her.”
Contact us for more information about IntroSpect.