Artificial intelligence in the service of security
To counter attacks that are increasingly sophisticated, the actions of a lone wolf or the impact of simple negligence that might fall through the cracks, artificial intelligence detects in real time changes in the behaviour of users and assets that constitute a potential threat.
Aruba IntroSpect’s UEBA (User and Entity Behavior Analytics) technology uses machine learning and artificial intelligence to detect abnormal signs, sometimes in subtle sequence, that diverge from the usual patterns of individuals or devices to identify attacks that conventional perimeter intrusion detection tools would not unmask. The objective is simple: to block attacks before they can have disastrous consequences.
The IntroSpect system functions in five stages:
- Collection – IntroSpect collects the data from various sources: firewall logs, AD, VPN, Proxy, DNS, security alerts from other sources, and optionally from traffic in all its forms.
- Structuring – The system organizes the data and matches it to users, systems or hosts.
- Analysis – The functions of machine learning and artificial intelligence analyze the data in order to identify any signs of suspicious activity in the data set.
- Measurement – On an ongoing basis, the system generates risk indicators using a self learning system that uses the output from the analysts and rich markers.
- Action – IntroSpect offers various intervention modes, at the device, user and host levels, in order to isolate the compomised asset and conduct investigations.
IntroSpect in action – A case study
With 21,000 students and 3,500 employees on 23 campuses and 27 different sites, the Pearland Independent School District, in Texas is confronted, like many other educational organizations of its size, with the need to protect a complex and heterogeneous network.
Students and teachers alike are constantly utilising mobile devices with a broad and unpredictable variety of configurations and uses − any cybersecurity manager’s nightmare.
In this context, the school board's IT department decided to deploy Aruba's IntroSpect to detect early warning signs of cyber attacks.
Shortly after being configured for a simple proof of concept (Proof of concept - POC), IntroSpect detected a Trojan horse attempt to break into the network.
The problem was solved in 90 minutes. Other school boards, which had not been able to detect the malware in time, took six weeks to remove it from their networks.
Read a testimonial on the Aruba blog.
IntroSpect is therefore hailed as one of the leading Network Traffic Analysis (NTA) and Network based Intrusion Detection Systems (NIDS) solutions. Gartner considers these types of network analysis systems as the most promising security solutions for detecting risks.
NETsatori’s experts consider that Aruba IntroSpect’s UEBA (User and Entity Behavior Analytics) technology stands out from the competition in the following manners:
- True use of machine learning to conduct threat hunting
- Series of defence playbooks natively integrated in the system
- Automatic generation of target packages to facilitate the work of analysts
- Usable results obtained after only a few days after the deployment of the solution on the network
- Very fast deployment with minimal change requirements to your network
As cybercrime is becoming a strategic challenge, NETsatori is proud to be able to offer this state of the art artificial intelligence cyberdefence solution that is already being used by major organizations across the globe.
NETsatori’s security experts can help you assess this unique solution to protect your digital assets. Contact us today.