Looking at the immense potential of AI, ManageEngine has increased investments in AI to help organizations tackle security threats. It has formed a 150-member R&D team work closely to implement AI across products. Ramprakash Ramamoorthy, Director of Research at ManageEngine (Zoho Corp), shares his perspective on the rising relevance of AI in security
Some edited excerpts:
From an operational perspective, how challenging is it for a security operations team to tackle threats? Can you give us some statistics that explain the scale and complexity of protecting organisations?
Organisations can no longer enforce security by limiting access to data. As a result of work-from-home policies and increased cloud adoption, data can, and needs to be, accessed anywhere from any device. Traditionally, security has relied on static thresholds—say, a rule in a monitoring system that would raise an alert when 10 failed logins occur per minute. However, modern-day attackers use superior techniques to bypass these thresholds, leading to increased fatigue in IT teams who find it difficult to isolate and identify critical breaches. Furthermore, with the advent of AI, even attackers have access to powerful AI techniques to increase the scope of their attacks.
In which specific areas can AI be used for ensuring security?
In general, AI helps organisations be more proactive than reactive in responding to threats. A few specific use cases include:
• Continuously monitoring user and entity behavior to identify threats early.
• Preventing users from inadvertently providing their credentials to phishing sites posing as legitimate ones.
• Identifying any aberrations in monitored metrics and forecasting potential security threats like low and slow DDoS attacks that can be difficult to identify via traditional methods and could negatively disrupt IT infrastructure.
Please compare the traditional methods of ensuring security and explain how AI is advantageous?
Traditional security takes a deterministic approach to managing security incidents, whereas AI takes a probabilistic approach. While the latter can help mitigate threats early and aid in building a security-aware organisational culture, traditional security looks at security data in silos—for example, Windows security events, network flow packets, or monitoring metrics. But AI is good at breaking these silos and can effortlessly cross-correlate multi-dimensional data and bring in valuable insights. Traditional security isn’t very flexible with timelines, but AI-based security has the flexibility to accommodate seasonal and trend patterns in data. After all, the same security threshold cannot work both on a Monday morning at 9 am and on a Saturday morning at 3 am.
In which products has ManageEngine used AI with respect to security?
We have multiple use cases of AI in our security information and event management solution, Log360. Log360’s user and entity behaviour analytics (UEBA) feature is our flagship AI security offering. Going forward, we plan to leverage AI to solve more IT security challenges faced by customers, including mitigating malware threats.
What has been the market reaction for these products?
We’ve seen an increase in AI adoption—our AI feature usage graph has been continuously ticking upward as AI awareness spreads to enterprise IT. Post-pandemic data security challenges have also increased, and that’s one reason a lot of organisations prefer to use AI to enhance their IT security.
Today’s AI is very much based on correlation. We endeavour to move to a causation-based AI infrastructure to better understand and mitigate security threats.
Other initiatives include:
• Moving from black box AI to explainable AI to help teams better organise their threat response.
• Bringing in better models that can be trained with a limited amount of training data and low computing power compared to current models.
Do you believe AI will be integral to every infrastructure related product in the future? From your company perspective, what percentage of AI has been embedded in your product portfolio?
I strongly believe AI will be an integral part of every software product in the near future. AI will become inevitable in such a way that it will play a key role in every piece of digital tech, much like databases have. Presently, over a dozen ManageEngine products built from scratch by our team of engineers have AI capabilities to secure networks and ensure uptime. Roughly 60 percent of our AI experiments have seen the light of day in our products, and that number is steadily rising.
If you have an interesting article / experience / case study to share, please get in touch with us at email@example.com