| guide | SASE vendors have natural advantages in applying AI and machine learning. |
In recent years, Secure Access Service Edge (SASE) technology has developed rapidly and has been widely used in industries. SASE architecture usually includes core components such as SD-WAN, FWaaS, secure web gateway, cloud access security broker (CASB) and zero trust network access (ZTNA). Gartner's latest research predicts that artificial intelligence (AI) and automation technology will become another key technology for the new generation of SASE services, and it will play a more important role in multiple application scenarios such as reducing false positives and protecting data security.
Gartner analysts said: Since SASE vendors have a large amount of network and security threat data, they have a natural advantage in applying AI and machine learning. Enterprise organizations can consider the application performance of AI and automation from the following aspects when selecting a new generation of SASE services:
1. Reduce false alarms
Alert fatigue is a real problem, and security analysts are overwhelmed with the sheer volume of alerts they deal with every day. According to the survey, 60% of professionals said they received more than 500 cloud security alerts every day, and the huge workload caused 55% of respondents to miss important alerts every day or every week. The main benefit of using AI for security and incident anomaly detection and classification of incidents is faster detection while dramatically reducing false positives.
2. Network analysis and repair
Businesses are now turning to intelligent networks, using AI and machine learning to make decisions with as little human intervention as possible. In a SASE environment, this might manifest itself in the automated analysis of network traffic. SD-WAN leveraging AI can track traffic spikes to avoid performance issues. AI-based networks can shift workloads or divert user access if service levels are not met. According to Gartner research, in 2021, less than 5% of enterprises deploying SD-WAN will use AI functions to automate operations, and this proportion will reach 40% by 2025.
3. Intelligent operation and maintenance
Another important application scenario of AI is intelligent operation and maintenance. Through intelligent operation and maintenance, it is possible for security managers to better understand the operating status of network equipment, and to perceive equipment that may fail in advance, so that support personnel or maintenance personnel can make preparations in advance. Intelligent operation and maintenance has become the most mature application field of AI technology, especially in industrial scenarios such as intelligent manufacturing.
4. User behavior analysis and abnormal behavior detection
SASE vendors have access to vast amounts of data that they can use to establish a baseline of how people and devices should behave on the network, which can aid in authentication and spot suspicious activity. From a network perspective, there is a need to ensure that the identities of entities connected to the network are genuine and valid. AI models can quickly identify the types of endpoints connected to the network, analyze each client accessing the network, and give security experts insight into what's going on on the network.
5. Data leakage prevention
Data leakage prevention is not the core function of SASE, but it is a function that many SASE vendors have recently added or are launching. It prevents sensitive data from being exfiltrated from a company's systems by external attackers or malicious insiders. Combined with AI, data loss prevention tools can identify data that is intentionally obfuscated in an attempt to bypass simple keyword-based filters.
Insider threats are one of the biggest problems facing businesses today. Former employees often have access to sensitive information, such as design documents and code. Malicious insiders can steal company data and share it externally. AI can not only stop data from leaving a company, but also deny access to it. We're seeing SASE vendors adding data loss prevention features to stop malicious users from stealing and exfiltrating data.
6. Identify and prevent advanced threats
Traditional intrusion detection systems are good at detecting known vulnerabilities and can prevent the same attack from happening again, but can be slow to respond to new threats. By training an AI model with all known vulnerabilities, attacks that haven't yet occurred can be spotted and blocked immediately, and many new attacks are different versions of previously known threats. Some threats benefit from monitoring and automated mitigation mechanisms, while more sophisticated attacks still require dedicated security experts. False positives are bound to be encountered on the security side, and it will likely take some experienced technicians to analyze the false positives.
7. DDoS attack mitigation
The number of unsafe networked devices continues to increase, organizations switch to high-speed 5G networks, and the service-oriented distributed denial-of-attack industry is developing rapidly, making enterprises face more severe threats of DDoS attacks. For attacks like DDoS, organizations need to be able to respond very quickly. DDoS attack mitigation is a common function provided by SASE vendors, and it is also one of the easiest tasks that users trust AI to handle well.
8. Assist security analysts
If AI can handle repetitive, routine tasks, security analysts can spend their time on more complex issues. AI can greatly benefit the work of security analysts by learning about their habits and preferences and helping them perform their daily tasks more efficiently.
But AI is not currently ready to function independently without human involvement. AI is still in its early stages in nearly all SASE solutions. In the long run, despite the value of AI, organizations still need good engineers to make reliable human decisions on critical issues.
For more Linux information, please check: https://www.linuxprobe.com