AI Security Podcast

ZK Research Podcast with Forescout and Keysight: Can AI Turn Security into an Accelerator for Business? 

Zeus Kerravala, Founder and Principal Analyst at ZK Research recently led an insightful discussion about AI trends in cybersecurity. The analyst hosted Forescout’s VP of Security Intelligence Rik Ferguson and Keysight Technologies’ VP and General Manager of Network Visibility Recep Ozdag for an exchange that covered what customers want from their security vendors, the challenges around visibility gaps, and how integrated AI-powered solutions can overcome them to let companies take full advantage.

AI in Security discussion highlights:

• “What customers are asking for boils down to 3 things”
• “Customers are shocked by their visibility gaps”
• “AI helps you find the needle—in a stack of needles”
• “All the software has to run somewhere”
• “Here’s what you should be doing today”

To watch the full session click here

“What customers are asking for boils down to 3 things”

Forescout’s Rik Ferguson said most companies are taking their lead from what their strategic vendors are doing to leverage AI but mostly asking for the same three things:

• “Accelerators” that make their technologies work faster and better together
• “Simplifiers” to make complex operations more simple
• “Automators” of workflows across their entire cybersecurity estate

“For us at Forescout that means using AI to summarize data about assets, about risks, about threats, about recommendations we can make,” Ferguson summarizes, adding it boils down to reporting. “How do we humanize the machine data and turn it into narrative reports for a specific audience like the board or the SOC.”

Recep Ozdag added that virtually all Keysight visibility customers have embarked on AI initiatives to help scale and accelerate automation and ultimately “do more with less.” The VP points out that, while the number of attacks and connected devices are on the rise, most IT budgets are not.

The participants agreed that achieving improved efficiencies and higher ROI on security and AI initiatives hinges on and starts with complete visibility.ptimization engine for monitoring provides a core business enabler for the mobile operator that, according to one configuration manager, “consistently delivers high-performance and reliability allowing us to manage and secure our data traffic without compromise.”

“Customers are shocked by the visibility gaps”

“When we talk to customers, the first big shock is that they can’t even see all of the devices they thought they could manage.” Rik Ferguson, Forescout

Enterprises understand the need for complete, unified visibility across their entire network ecosystems – IT, OT, IoT, network attached storage (NAS), building management systems, VOIP, medical devices, and other connected devices — and for the ability to visualize how things communicate so they can implement better policies. Adopting AI helps many see what they’ve been missing.

According to Ferguson, “Customers’ first shock is their visibility and security coverage gaps, that they can’t even see all of the things they thought they could manage.” The ‘second shock,’ he says, comes from discovering unmanaged or unmanageable devices in their environment, including AI-equipped devices.

On the plus side, AI-powered defenses help turn the tables on risk on both counts.

AI helps correlate assets, threats, and controls

“We find the cup of water in the ocean that’s really interesting and we pass it onto cybersecurity leaders like Forescout to pinpoint the source of issues. We apply the ‘AI magic’ to reduce the amount of data our partners need to focus on.” Recep Ozdag, Keysight Technologies

Keysight’s Recep Ozdag notes most enterprises work with multiple vendors whose products contribute data to the company’s AI databases. Implementing an AI-enabled network visibility platform helps streamline and centralize the flow and management of all the data to accelerate the detection and mitigation of incidents and vulnerabilities.

“When you have a lot of data, that’s where AI really shines,” the VP explains. “You can essentially deploy a solution, run a baseline algorithm for 30 days and then ‘turn on the AI magic’ to detect the anomalies.”

Recep Ozdag explains that applications “talk to each other through packets — the single source of truth,” and that the right visibility platform looks inside all the packets to find what matters. That in turn reduces the volume of data from the network that gets sent to analysis tools from industry-leading partners and providers like Forescout.

AI helps teams find “a needle in a stack of needles”

“Having the feed from Keysight and the added value of being on that platform taken with the native capabilities of Forescout in terms of understanding assets, risk, threats, and attack path and lateral movement and you sit down, log in, and you have an agent saying, ‘here’s what you should be doing today’. That’s the question in a SOC that you just wanted answered straightaway.” Rik Ferguson

Zeus Kerravala speculated that the scale achieved through AI and multi-vendor integrations has the potential to help security infrastructures automate and perform threat detection and mitigation at an unprecedented scale.

The vice president says AI initially helps in a number of places:

• Train hardware to create a baseline of what normal looks like to help automatically detect anomalies
• Generate metadata in a vector database format to help with customers’ “AI factory”
• Improve usability to help security teams realize maximum value from tools’ advanced features

Ferguson adds that AI should help security analysts answer their perennial first question: What should they do first and at any given time? But he questions the wisdom of ramping up too quickly.

“We’ve got this great new technology, it hallucinates, it makes mistakes, it gets things wrong; let’s set it free by itself,” he says noting AI has been around since the 1950s and cautioning stating the need to be mindful of the fact that AI gets wrong.

“It’s been an iterative process of finding the right solutions to solve right problem; it was slow, and in my mind, that was very healthy,” Ferguson explains. “With LLMs exploding, everyone suddenly became an expert in AI and suddenly there were a lot of use cases looking to find a user.”

One possibility may be allowing modern AI-powered monitoring solutions to evolve toward highly integrated and automated delivery models. With many vendors moving toward pure software solutions, enterprises have to buy and manage less hardware, which reduces overhead and operational complexity.

But at the end of the day:

“At the end of the day, that software has to run somewhere”

“Our AppFusion program lets us run our partners’ apps on our packet brokers rather than deploy multiple hardware and severs.” Recep Ozdag

Here, the speakers agreed, a Keysight network packet broker provides an ideal foundation. “We love hardware and because of that we’ve developed packet brokers that use FPGAs so we can look at all the packets without ever dropping them,” Recep Ozdag says, noting the approach proves more reliable than relying on CPU.

For this reason, it makes sense to integrate multiple software monitoring agents onboard the company’s Vision network packet brokers through Keysight’s new third-party AI integration program.  “Rather than deploy multiple hardware and severs you can run everything on one device and everything integrates seamlessly,” he explains. “All the data comes from the network, and we send it to our partners on the packet brokers. The integration saves on power, cooling, rack space . . .”

Related

Resources