Manage AI Threats with the Right Technology Architecture

For enterprises, AI poses big cybersecurity risks.

AI tools enable cybercriminals to launch sophisticated attacks at scale. AI-driven malware exploits vulnerabilities in real time and evades even the most complex security deployments. Powerful algorithms make phishing attacks more targeted, precise, and hard to detect.

Conventional approaches to cyber security no longer work to ward off these AI-powered threats.

Security teams must take an integrated approach and work at the architecture level to counter AI-based threats. Here, they can choose between the “best of breed” or platform approaches.

What is the Best of Breed Approach

The best-of-breed approach involves selecting the best suite for different types of protection. The security team may deploy one application for endpoint protection and another to monitor network traffic.

This approach allows more flexibility, agility, and scalability. The security team can add or change security apps. If a new app shows promise, they can easily co-opt it. Or if some app does not work, they can replace it without major architectural-level changes.

But the best-in-breed approach can cause interoperability issues. These issues arise when different apps belonging to different vendors try to communicate and exchange data.

Different apps may store information in different file formats or data structures. This may cause data exchanges to fail. Different API commands make it hard for apps to understand each other’s requests. Also, the lack of compatibility may expose sensitive information.

Gaps between applications can also exist. Integrating products from different providers is technically challenging and time-consuming. Despite the best efforts, shortcomings are common. Threat actors using AI can easily exploit such shortcomings and breach the network.

What is the Platform Approach?

The platform architecture is a reliable alternative for securing networks against AI-powered threats. A single vendor manages the entire network security through a single, integrated platform.

For instance, a functional platform may feature the following integrations:

The firewall, IPS, and sandbox products into a single next-generation firewall (NGFW). Antivirus, intrusion detection, and response systems into a comprehensive endpoint protection platform (EPP).
Proxy, antivirus, cloud access security broker (CASB), and data loss prevention (DLP) into security service edge (SSE).

At a deeper level, in the platform suite, the NGFW and cloud-native firewalls integrate into hybrid mesh firewalls. EPP and SoC capabilities integrate into extended detection and response (XDR) functionalities. SD-WAN and SSE become components of a single-vendor secure access service edge (SASE.)

All platform components remain aligned from the ground up. The integrated platform tools collect data from various security deployments and endpoints. They correlate events across different areas and prepare a real-time threat assessment. The system works seamlessly without interoperability or integration issues.

The platform architecture delivers a comprehensive, unified view of the enterprise security posture. The platform becomes a central hub that collects information from all sources. The integrated views make it easy to identify gaps, misconfigurations, and blind spots. The system makes explicit how threats move across different security controls. Threat detection and response become lightning-fast. The security team has fewer technical issues to solve. They get more time to focus on the security strategy and pre-emptive measures.

The Need for Security Process Automation

Threat actors using AI automate their attacks. As such, effective protection against these AI-based threats requires extensive automation.

Automated workflows execute tasks quickly and consistently. These workflows may, for instance, automate user provisioning and access control. If a network scan identifies vulnerabilities, it could download and deploy the latest security patches. A suspicious login attempt could block the IP address with escalation to a human agent.

Less reliance on human interventions makes threat detection more accurate and responses faster. Operational efficiency and security team productivity improve.

Automation is not a magic bullet, though. The trick is to design workflows well and conduct extensive tests to cover all scenarios.

Also, automated actions based on false positives can disrupt operations. Striking an optimal balance between security and convenience is an art. The enterprise security strategy determines the extent to which security impedes convenience.

The best-in-breed approach allows tailoring automation scripts to match each tool’s unique functionalities. But this requires custom scripting or relying on third-party integrations. Custom scripting requires technical expertise, and third-party integrations are not always reliable. The platform approach makes it easy to automate security controls and processes. Incident response also becomes streamlined.

The Question of Costs

Security is often a function of costs. Many enterprises understand the threats to their networks. But the high costs associated with security make them take risks. The platform approach reduces costs, making security more viable for enterprises.

The best-of-breed approach involves integrating many applications. Such integrations need huge resources and licences. Keeping all apps updated and ensuring everything works together takes time and resources. The heterogeneous security infrastructure mix requires specialised expertise and continuous training. All these increase costs.

The platform approach involves only one vendor, so licensing and maintenance costs are lower. However, optimal performance may require custom processors capable of handling increased compute loads.

The Integration Challenge

The industry trend is towards platform architecture. AI-powered attacks can exploit vulnerabilities arising from any interoperability issues. Even small security gaps can cause huge damage. The integrated platform approach closes all gaps, making it best suited for today’s AI era.

However, the platform approach is less resilient. Making changes requires rejigging the architecture. This is when the dynamic nature of cyber-security, with fast-paced changes, may require fast changes.

As such, new point products remain relevant for newer defences and better risk management.

Over time, as these new point products become stable, they become components of a functional platform. But in the short term, platforms may co-opt them without proper integration. Many vendors resort to such shortcuts as a workaround to extensive platform changes.

As such, some products labelled as platforms may actually be a mix of best-of-breed products. The vendor may bolt these products together into a superficial platform.

Robust integration depends on everything running on a common OS and a single management console. Also, everything has to run on a common analytics engine and connect to one data lake. Consistent data structures and uniform APIs underpin the platform.

Effective security depends on selecting a reliable platform with a vendor capable of walking their talk.

Durjoy

Durjoy is a hands-on expert in Software Automation, Infrastructure and Fintech at DigiLeap Technologies, a specialist solutions provider for Chatbots, RPA, Process Automation and Financial Compliance. He has previously worked in the mobile payments sector and before that has had a long stint at Citibank across multiple roles in their operations and technology division. He loves picking on business processes in various sectors and transforming them through automation. Durjoy can be contacted at durjoyb@digileap.net.