23247-ExtremeAI-for-Security-SB v9 English · supervised training on big data lakes, and models the device using zero-footprint modeling techniques (

W W W.EXTREMENETWORKS.COM 1

Solut ion Brief

Ext remeAI? Securit y Defend Against IoT Cyber A t tacks w ith Advanced Behavioral Analysis, Automated Remediat ion and Containment

Cyber at tacks are on the rise. Accenture?s 20 18 State of Cyber Resilience Report found that 83 percent of respondents believe they need advanced technologies to secure their future, but just 2 in 5 had invested in art if icial intelligence and machine learning (A I/ ML) technologies. Today?s cyber threats seek to penet rate perimeter defenses and move laterally across networks, often undetected, unt il t hey reach their targets.

Tradit ional approaches to cyber securit y are proving to be ineffect ive against these increasingly sophist icated and automated cyber at tacks. Telecommut ing, outsourcing and remote worker scenarios are skew ing the lines between the t rusted and unt rusted zone.

The volume and sophist icat ion of these at tacks requires a new approach to network securit y in the modern enterprise.

The Network Visib ilit y Prob lem The network is crit ical to d ig ital t ransformat ion, and yet comprehensive visib ilit y into it s very operat ion is lim ited at best , and non-existent in many cases. Today networks are ever more complex. The explosion of IoT, outsourcing and cont ract ing, cloud comput ing and BYOD pervasiveness, have changed the shape and the role of the t radit ional network perimeter. The network perimeter as we knew it , barely exists and the d isparate securit y devices only

provide a slice of visib ilit y into what is happening inside the network. Once a threat is inside, w ithout the visib ilit y and collaborat ion between securit y devices, it is hard to detect . Trying to f ind the threat is like looking for a needle in a haystack. There is an urgent need for bet ter monitoring and collaborat ion across all subsystems.

A New Approach to Securit y Businesses are now turning to emerging technologies, such as Securit y Analyt ics to improve the securit y posture of their network. They demand solut ions that go beyond the t radit ional securit y informat ion and event management (SIEM) tools to provide bet ter, more granular visib ilit y of the network to help detect and remediate cyber threats.

Securit y Analyt ics provides the abilit y to link d iversetypes of data points and securit y event informat ion to gain a more comprehensive view of the t raff ic t raversing the network. Securit y analyt ics help provide deep visib ilit y of what 's going on across a network. By working in conjunct ion and collaborat ion w ith exist ing securit y solut ions, securit y analyt ics can help to ident ify malicious act ivit y that may be undetected by t radit ional or siloed detect ion methods.

Securit y analyt ics tools analyze and correlate log

W W W.EXTREMENETWORKS.COM 2

and event data from exist ing securit y cont rols and applicat ions, to provide a more granular view of what is passing through the network to determine if it is an anomaly or malicious.

There are three components to a securit y analyt ics solut ion:

- Data Gather ? Comprehensive data collect ion: it ?s important to begin w ith the right data set . Securit y analyt ics solut ion derives context from mult ip le sources for advanced threat detect ion, network performance, applicat ion performance and response. For example, threat intelligence feeds, applicat ion data, network t raff ic are fed into Securit y Analyt ics.

- Analyt ics ? Apply advanced securit y analyt ics to the rich network telemet ry and other contextual data, to catch threats lurking in your environment in real-t ime. This includes behavioral modeling and anomaly detect ion using machine learning and g lobal threat intelligence.

- Take Act ion ? Rapid Incident Response. Securit y Analyt ics provides the contextual informat ion to p inpoint the source of the threat easily and integrates w ith your rapid incident response workflows provid ing the informat ion to: quarant ine the suspicious host instant ly, cont inue invest igat ing the threat , and determine where it m ight have propagated. Securit y Analyt ics w ill t hen store enterprise telemet ry for a certain period of t ime to be used as a valuable forensic tool.

Faster Resolut ion Time and Greater Insights Securit y Analyt ics can accelerate the t ime to resolut ion and provide granular details on the breach and what it m ight have touched.

1. Proact ive securit y incident detect ion and response. Securit y analyt ics tools analyze data from a range of sources, connect ing the dots between various events and alert s to detect threats or securit y incidents in real t ime. In order to do so, securit y analyt ics software analyzes log data, combines it w ith data from other sources, and p inpoints correlat ions between events.

2. Maintaining regulatory compliance. One major driver for securit y analyt ics tools is compliance w ith government and indust ry regulat ions. Regulat ions like HIPAA and PCI-DSS require measures such as data act ivit y monitoring or log collect ion for audit ing and forensics, and securit y analysis tools can integrate a w ide swath of data t ypes to g ive companies a single, unif ied view of all data events across devices. This enables compliance managers to closely monitor regulated data and ident ify potent ial non-compliance.

3. Improved forensics capabilit ies. Securit y analyt ics solut ions are highly valuable for conduct ing forensic invest igat ions into incidents. Securit y analyt ics tools can provide insights into where an at tack orig inated, how a compromise happened, what resources were compromised, what data was lost , and more, along w ith a t imeline of the incident . Being able to reconst ruct and analyze an incident helps to inform and improve organizat ional defenses to ensure that similar incidents do not happen in the future.

Value of Machine Learning and Art if icial Intelligence (A I/ ML)Machine Learning and Art if icial Intelligence can help ident ify and respond to securit y breaches faster and more eff icient ly than humans. Unlike humans who can only react to problems once they have occurred, machines can automate processes and pro-act ively help f ind anomalies before they become major issues.

By gathering and analyzing data in real t ime, machines can correlate informat ion, ident ify pat terns, ?learn? to predict what may happen next , and act on that informat ion.

Securit y analyt ics w ith automated remediat ion remove the burden for securit y analysts by priorit izing the alert s, gathering the necessary data, and using automated remediat ion to stop the breach. Securit y analyt ics allow the securit y analyst more t ime to focus on items that require their in-depth at tent ion, rather than ?fire-f ight ing,? while help ing contain the onset of a breach.

W W W.EXTREMENETWORKS.COM 3

Int roducing Ext remeAI Securit y Ext remeAI Securit y delivers an innovat ive, A I powered solut ion for IoT device securit y coupled w ith automated threat remediat ion and containment . It delivers deep visib ilit y and detect ion of malicious t raff ic and real-t ime monitoring of IoT devices for behavioral anomalies, illuminat ing enterprise networks and g iving at tackers now here to hide. Through fully automated remediat ion of suspicious devices and t raff ic, Ext remeAI Securit y ensures threats are contained, prevent ing them from moving across the network.

Key benefit s of Ext remeAI Securit y include:

- Behavioral monitoring and baselining: Massively scalable behavioral anomaly detect ion leverages machine learning to understand typ ical behavior of IoT endpoints based on a variety of data points, and automat ically t rigger alert s when endpoints act in unusual or unexpected ways.

- Unsupervised learning: A zero-touch, zero-configurat ion approach makes Ext remeAI

Securit y easy to implement . The advanced machine learning algorithm automat ically learns the IoT device behavior from mult ip le perspect ives w ithout requiring supervised t raining on b ig data lakes, and models the device using zero-footprint modeling techniques (<5K of storage required per device). This major innovat ion is inspired by advancements in the f ield of Natural Language Processing, and Ext reme has several patents pending in this area.

- Insights and granular analyt ics: By leveraging Ext remeAnalyt ics? - the company's f lagship, end-to-end, analyt ics applicat ion - customers can get deep visib ilit y into the lateral movement of malicious t raff ic.

- Mult i-vendor interoperabilit y and integrat ion: Our securit y solut ion works well on a mult i-vendor network and complements customers exist ing securit y toolsets, including next generat ion f irewalls and SIEM tools. The automated remediat ion features integrate w ith a variety of popular IT tools like Slack, JIRA, ServiceNow, and more.

Ext remeAI for Securit y: Securit y Analyt ics Dashboard

W W W.EXTREMENETWORKS.COM 4

ht tp:// www.ext remenetworks.com/ contact

©20 19 Ext reme Networks, Inc. A ll rights reserved. Ext reme Networks and the Ext reme Networks logo are t rademarks or registered t rademarks of Ext reme Networks, Inc. in the United States and/ or other count ries. A ll other names are the property of their respect ive owners. For addit ional informat ion on Ext reme Networks Trademarks p lease see ht tp:// www.ext remenetworks.com/ company/ legal/ t rademarks. Specif icat ions and product availab ilit y are subject to change w ithout not ice. 23247-0 519-0 6

Ext remeAI for Securit y: 3D Visualizat ion of Network End-points

The system cont inuously gathers informat ion. Once enough data has been gathered, usually w ithin a week or so, the endpoint behavioral models are updated. Their corresponding 3D points w ill shif t around accord ingly. If an IoT endpoint start s act ing in an unusual way, compared to it s habitual behavior, an alert is raised, and an automated response can occur, For example, once the threat ind icator has been ident if ied, the system could carry out a packet capture to gather more informat ion, generate a JIRA t icket to inform the securit y operator of the threat and automat ically quarant ine the network endpoint to lim it exposure to the rest of the network.

A key value of the Ext remeAI Securit y solut ion is it s unsupervised approach to enforce network securit y. It is zero touch and zero configurat ion. It is this t ype of intelligence and autonomy that w ill be crucial as businesses embark on the era of the Autonomous Enterprise.

To learn more about Ext remeAI Securit y, visit ext remenetworks.com/ product / ext remeai-securit y

Use Case Example: IoT Behavioral Anomaly Detect ion An emerging area of securit y analyt ics is behavioral anomaly detect ion, where a securit y solut ion leverages machine learning to baseline the expected behavior of the network endpoints, and automat ically t rigger alert s when an endpoint acts in an unusual or unexpected way.

Ext remeAI Securit y leverages ML to learn the expected behavior of the IoT endpoints, and t rigger alert s when an endpoint acts outside the norm. As illust rated in the f igure below, Ext reme offers an intuit ive, 3D visualizat ion of the current behavior of every IoT endpoint being t racked. Each colored dot corresponds to an IoT end point . W hen an IoT endpoint comes online for the f irst t ime, the ML algorithm start s build ing informat ion on it s behavior. If two endpoints regularly behave alike, their corresponding points are shown close to each other. Normally, devices of the same category (e.g. temperature sensors, CCTV surveillance cameras or indust rial automat ion devices) which exhib it comparable act ivit y on the network w ill tend to "cluster" in small groups.