In today’s cybersecurity world, data provides us with visibility into what’s going on in our networks so we can make educated decisions when addressing issues. Unfortunately, all of those data points can be construed as potential threats in some security systems, leaving security admins to filter out what is important and what isn’t, eating away at their precious time. At March’s Security Field Day event, Juniper Networks offered a solution to the problem of alert fatigue in risk assessment through their new, AI-driven security solution.
Filtering Out the Noise in Security
With security threats hitting the news on a weekly basis, many organizations are seeking out ways to maintain visibility over their data and operations, ensuring bad actors stay out. As these tools ingest data at high rates, however, they can go from being helpful to being somewhat of a headache.
After all, with more data being collected and analyzed, security personnel begin receiving multiple notifications a day, even an hour, resulting in alert fatigue. How can security staff keep track of what data points are important without being constantly harangued by their systems?
Leveraging AI in Security Systems
Today’s security departments can take advantage of advances in artificial intelligence/machine learning technology with Juniper Networks to streamline their operations. Specifically, Juniper’s Advanced Threat Protection (ATP) Cloud uses their Mist AI system to provide actionable insights on risk detection and profiling.
In practice, Juniper ATP Cloud intakes data from compilers or SIEMs and analyzes it with the Mist AI system. Mist then identifies and profiles data points based on behaviors — both bad and good — using statistical analysis to pinpoint the potential outcomes of an event. That way, instead of overwhelming security staff with a barrage of notifications, ATP Cloud presents data in an easy-to-digest format, only setting off the alarms when an issue needs to be analyzed/addressed.
Then, armed with this contextual insight, admins can make educated decisions to best address those issues. For example, ATP Cloud can help distinguish between a high-level malware event and a minor incident like an unsuccessful login attempt, allowing security teams to better prioritize their time.
ATP Cloud in Action
In their appearance at Security Field Day in March, Juniper Network’s ATP Cloud Product Manager, Krystle Portocarrero, detailed an example scenario of the ATP Cloud product at play in an organization.
In her example, an iPad is infected with a malicious malware designed to work its way into core infrastructure. The infected host is passed along to the firewall, which instantly submits it to the ATP Cloud for analysis. There, the threat is identified as such, and in return, ATP Cloud notifies the firewall, as well as the database through Mist AI for future identification. The host is then isolated and flagged for the admin to come through afterwards and safely address the issue.
In a typical security scenario, an example such as this one could end in a myriad of ways. One way that’s unfortunately growing in frequency is that, amidst all the other alerts security staff receive, the red flag that is raised by the detection of malware is lost, and subsequently unaddressed. With ATP Cloud and Mist AI, admins have greater visibility over their network without being bombarded by every individual data point.
I love when a product not only helps a company improve their security posture, but streamline it as well. When every alert could mean a potential breach or intrusion, having the tooling in place to filter out the fluff from the real stuff means the difference between hours of wasted time and slick, enviable security operations. With Juniper Network’s ATP Cloud and Mist AI, SecOps can keep themselves running at a high pace without letting anything slip through the cracks.
Learn more about how ATP Cloud and Mist AI help you to better address your security data by watching the rest of Juniper’s Security Field Day presentation, or by checking out their website for deeper technical resources and documentation.