Express Computer

Home  »  Security  »  We see AI as an integral part of cyber security strategies: Ajay Biyani, Securonix

We see AI as an integral part of cyber security strategies: Ajay Biyani, Securonix

SecurityArtificial Intelligence AIInterviews
By Srikanth RP
0 226

As the enterprise security space becomes increasingly crowded, Securonix, is trying to transforming the industry with its innovative approach to threat detection, response, and automation, says Ajay Biyani, Vice President, APJ, India, Middle East & Africa · Securonix, in a detailed interview with Express Computer

Some edited excerpts:

What is your key differentiator?
The SIEM market is packed with big and small players, some of whom have acquired multiple companies to patch together their solutions. However, our differentiator is that we built our UEBA and SIEM platforms from scratch and integrated them with the same code base. This approach ensures that our platforms work seamlessly together, unlike those of our competitors who experience breakages when they upgrade their systems. Another key difference is that we offer a comprehensive solution to the many attacks that businesses face daily. We take pride in providing our customers with the ability to correlate compromised firewalls with the machine and identity used in the breach, making it easier for analysts to visualize the threat chain. This visualization is crucial in helping businesses understand the attack path and make informed decisions.

We are pioneers in the SIEM market, having introduced UEBA as a category in 2008-2009 and implementing SIEM or SaaS in the right way. In the coming months, we will take the next step in enhancing our platform by developing a data lake which can be searchable in milliseconds. This innovation will be cloud-based and offer seamless affiliation with industry-leading data providers, making it all the more efficient. Additionally, we are investing in enhancing our platform with next-gen solutions, such as automating threat detection, with our autonomous threat sweep solution. This feature sweeps through the environment and historical logs to detect exposure, automating the response through our SOAR component.

Overall, our approach to building our platforms from scratch, offering a comprehensive solution, pioneering new ideas, and investing in next-gen solutions, sets us apart in the crowded SIEM market.

Is there a plan for building playbooks which automate responses?
So we are at 50+ playbooks at this stage and our aim is to get to 200 by the end of the year and one part is the playbook, the other part is the integration with the system like ServiceNow, JIRA and active directories. But now we are doing phase two where we are trying to build connectors that is able to cover the environment and not just specifics. We started with high priority areas such as Active Directory and Office 365, ServiceNow, JIRA, which are used by 8 out of 10 companies today.

We are providing out-of-the-box playbooks now which you can enable and you can get going. The only thing you need to do is configure the connectivity, like, an Active Directory account is found to be compromised or impacting the environment, we have a playbook in place which can go to the Active Directory environment and disable or delete the account. Now, we’re trying to come up with a marketplace model where third parties or communities can come build a playbook and a connector and contribute back and forth. Our CEO is working on a model in the second-half of this year where we can certify some of these connectors. So you come in, you build a connector, you contribute back. We will use our own process to go through the details and certify it.

How do you see the future? While AI is used to improve security, but there’s also the other side where they say that the AI is itself a black box because you’re not sure on what has gone into building the algorithm. So, for example, if it generates false positives, how do you take action? What do you believe is the trade off or the balance?
With AI & ML maturing, we had the first wave where people were trying different combinations and building different types of systems. Right now, there’s a faster way of computing things like ChatGPT, which was unheard of in the past. We see AI as an integral part of cyber security strategy. Now, whether we were more from a UEBA perspective using machine learning and implementing automation primarily, but what we see now it’s going to be across the board. So, whether it’s your log management, log analysis in correlation using contextual information and data point as well as automation, all three will have AI and ML paying its partner. Whether it’s going to be ChatGPT or something else, we clearly see that that will take over a lot of automation, a lot of analysis and correlation in the very near future.

We look at a future where we will be able to provide dashboards to our executive customers who can click and drill down on a certain segment and the aim is that we will have different domains. That’s likely going to happen next year. But that’s the way we want and again that’s the theme of making it easy for the execs to understand and consume information and take action. It’s something we see as a base requirement and this has come out of a survey we did with our top 40 customers globally. Every single one of those have highlighted these three things. They want to see more of the AI/ML marketplace model and essentially have a dashboard. These were the top three things they identified and we are basing our future on the basis of what our customers want.

So similar to what analytics was a decade back or visual analytics has come more into play, do you see a similar future security moving in?
Absolutely, because it’s too much to consume and understand and we don’t expect CXOs to learn everything, they might have their own domain which they are very good at. But for them to know everything and every area is just too much and then every CXO has to sit on the board and provide a security view of the company. It’s just too much to explain in writing and a visualization will make it much easier.

So, do you believe we are at a stage where AI/ML has really matured to the level where it can prevent zero attacks?
Yes and No. AI is an abused term. ChatGPT aside, I don’t think any security solution would include only implementing artificial intelligence. It’s more of machine learning, at best, statistical analytics. AI still is not as prevalent as much. Also there are a lot of regulatory restrictions around artificial intelligence because every cutting edge technology has two sides to it. It’s like a double edged sword. So, I think it would be good to understand how governments across the world are regulating the use of artificial intelligence so that it’s only used for benefits and not for destruction. And we as protectors have to make sure about it more so because we cannot be seen as an industry which is exploiting AI for bad news.

So, that is one aspect. Second, human intervention is not going to go anywhere. It’s still going to be around no matter how efficiently a system detects a threat. There needs to be a human being to really validate whether that is real or not. We cannot just exploit AI to automate everything because we will have a huge job crisis in the country. So there are regulatory aspects, there are regional, cultural aspects. Today what we are seeing is that enterprises and businesses want to set up a chief data officer where their key objective is to collect everything that they have on a database and have peripheral solutions like a SIEM. They connect to the database and run analytics as per their way. And as we want to be interoperable with all data links out there not only looking at security data but also non security data. So that’s the beauty of how modular our structure is going to become.

Get real time updates directly on you device, subscribe now.

Srikanth RP

Srikanth is an award winning journalist with more than 16 years of experience. In 2010 and 2013, Srikanth received the Polestar award for Excellence in IT Journalism, from the PoleStar Foundation, an independent trust established in 1998 to recognize Excellence in Business and IT Journalism.

In the past, Srikanth has led the editorial operations for InformationWeek (UBM) and Dataquest (CyberMedia). Srikanth has also been associated with Patni Computer Systems and Capgemini India, in marketing and communications roles. He can be reached at [email protected]

You might also like More from author
Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 
Powered by Convert Plus
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image