Artificial intelligence is used to apply advanced analysis and logic-based techniques, including machine learning, to interpret events, support and automate decision making and help admins take sound and effective action to respond to threats and attacks. Hillstone’s AI-driven security solution offers a powerful suite of tools to help detect and prevent both known and unknown cyberattacks.
Digital transformation has led to information and data increasing at explosive rates, and as a result, data and network security can no longer be performed with traditional threat detection and prevention techniques, whether manual or automated.
In addition, today’s Advanced Persistent Threat (APT) attacks usually involve a targeted, sophisticated and multi-stage process, known as the cyberattack kill chain. A typical APT involves multiple phases using different behavior and the attack tools, which are constantly modified to avoid static or signature-based detection.
Because of all these dynamics, security and IT teams are turning to AI and ML technologies to address threat defense battles that otherwise would be impossible by human or manual processes alone.
Statistics Source: Varonis /blog/cybersecurity-statistics
Percentage of business leaders feel their cybersecurity risks are increasing
Data breaches exposed 36 billion records in the first half of 2020
Percentage of cybersecurity breaches are caused by human error
Hillstone’s AI and ML technologies work effectively across the entire attack detection, analysis and response phases. These techniques monitor behaviors along the attack path, then build models for standard profiles or baselines of behavior for users and other entities. Anomalous activity is flagged as suspicious, and security admins are alerted for further analysis. The AI engines also automatically ingest other forensic information from sources, such as threat intelligence and reputation, to reduce noise and enhance accuracy.
Traffic analysis is another area where Hillstone’s AI-driven security shines. Given that the volume of network traffic is massive, it is impossible for a human alone to conduct real-time monitoring and analytics. AI or ML-based techniques can help establish normal traffic baselines, with comprehensive visibility, and abnormal or suspicious behavior can be identified, analyzed, and alerted.
AI or ML-based data modeling for malware detection provides superior protection even against zero-day exploits. Hillstone’s AI-driven security learns the characteristics of malware families and models them to detect both known and mutated threats, and presents the data to admins with enriched forensic information.
SOAR (Security Orchestration, Automation and Response) in the Security Operation Platform, or SOP, is another important function of AI-driven security. With AI and ML, many routine and repetitive tasks can be defined and built into playbooks. The playbooks then can be initiated when a given event or data access occurs, relieving SOC staff and others from lower-level tasks.
Hillstone Server Breach Detection System (sBDS) I-Series product line detects and helps mitigate advanced multi-stage, multi-layer, threats that target critical servers and hosts. Hillstone’s breach detection solution can analyze, detect and block advanced threats targeting critical servers and hosts.