FeatureDigital transformation and technology trends have shaped how we live, communicate, and do business. Organisations have become more agile and are embracing technologies like artificial intelligence, machine learning to scale efficiency and profitability, while remaining competitive at the same time. Many high-tech datacentres now employ the use of machine learning and cognitive computing to learn from real-time data and adjust their performance on the fly.
The organisations are no longer relying solely on the traditional engines which will leave them exposed to the most damaging attacks. The modern datacentre and network require the flexibility of a hybrid cloud security architecture that uses automation and artificial intelligence to scale threat prevention performance on demand on-premise and in the cloud, with a simplified and unified management system.
Modern datacentre architecture has evolved from an on-premises infrastructure to one that connects on-premise systems with cloud infrastructures where networks, applications and workloads are virtualised in multiple private and public clouds. This evolution has influenced how datacentres are architected as all of the components of a datacentre are no longer co-located and may only be accessible to one another over the public Internet.
ROI measurement for artificial intelligence will be different for different verticals
Most solutions are based on one or several detection engines which are built on human-made logic such as signatures or rule-based analysis. Those methods are important as they can deter many known threats and some unknown one, but the velocity of malware evolution, the increasing number of devices and technologies and the huge amount of data make it challenging to keep the human made models comprehensive and up to date.
Generic best practices for implementation of AI+ML are as follows:
- Define clear scope of implementation
- Align the implementation with the business goals
- Determine the use cases for AI+ML
- Involve the right stake holders for the implementation
- Involve human expertise to steer the learning process
- Train the machine learning system with rich and lots of data
- Track the implementation and define metrics to measure the progress
ROI measurement for artificial intelligence will be different for different verticals and scopes. The right metrics has to be selected for calculating the return on investment. Generic metrics of measurement will be increase in quality of the service upgraded by artificial intelligence and reduction in total cost of ownership. The key metrics for cyber will be reduction in threat detection time, accuracy of detection and reduction in human involvement in making the decisions.
In CloudGuard Sandblast Mobile, Check Point Software Technologies performs an artificial intelligence-based analysis using various techniques and analyses the reputation of the application, its behavior, metadata and its similarity to malicious applications. The models are based on the data of tens of millions of applications, collected since 2013 which results in an excellent detection rate that allows damage prevention and quick remediation.
Metrics will be reduction in threat detection time, accuracy of detection, reduction in human involvement
Half of the applications blocked by Check Point Sandblast Mobile Agent were detected by the Mobile machine learning model and unknown to other antivirus vendors. The Check Point Sandblast Agent Behavioral Guard is a prediction engine which leverages Check Point Cloud Guard Sand Blast Agent forensics to effectively and uniquely identify unknown malware behavior. It combines generic behavioral signatures with artificial intelligence and ensures a low false positives rate and a high detection rate.
Velocity of malware evolution, increasing number of devices, huge amount of data, makes it challenging to keep human-made models up to date.
