By Russell Tal, Alliance Marketing Manager
The first two blogposts in this series discussed how the cyber risks have changed in today’s cloud security landscape as organizations have increased their cloud adoption and remote workforce deployments. Cyber criminals have taken advantage of these new attack surfaces and are successfully exploiting them. We also discussed recommendations for defense-in-depth strategies, zero-trust security models and new approaches to secure cloud-enabled and remote workforce environments from advanced cyber threats. Check Point offers solutions that implement these strategies to defend organizations from modern day cyber attacks.
This final section focuses on how artificial intelligence (AI) and machine learning (ML) can augment cyber defense strategies in Microsoft Azure (and beyond) to protect against sophisticated and automated cyber-attacks. Organizations are able to respond to threats faster with greater efficiency and accuracy. We will discuss how Check Point leverages AI and ML in its solutions to secure the modern enterprise. With AI, security is an enabler to organizational change.
AI-enabled cybersecurity is increasingly necessary
While many security experts recommend a single security console to assure proper application of security policies, automation is needed minimize—or even eliminate–security gaps. There’s simply too much to keep track of in modern companies: organizations are now tasked to secure an interconnected, cloudified and distributed enterprise, with millions of data sets to analyze as the number of end-user devices, networks, and interfaces continues to grow. Cyber analysts are finding it increasingly difficult to effectively monitor current levels of data volume, velocity, and variety of firewalls—they’re already swamped with massive data logs and incident sheets. While cloud technologies like Microsoft Azure have many advantages, they also add many more virtual machines, applications, and systems into the mix.
Signature-based cyber security solutions usually can’t deliver the necessary performance to detect new attack vectors. Cyber analysts struggle to track down anomalies, thus resulting in more incidents and breaches. Also, cyber criminals use AI for sophisticated, machine-speed attacks, such as ransomware, that propagate or mutate rapidly. This means it’s virtually impossible to neutralize these threats using human-dependent response mechanisms.
AI must be at the center of any defense from such sophisticated and automated attacks. AI allows organizations to respond faster to cyber threats, thus lowering the cost to detect and respond to data breaches and raising the analysts’ efficiency and efficacy. Leveraging AI, cyber analysts can spend more time analyzing the incidents identified by the AI cybersecurity algorithms and less time digging through logs.
How Check Point uses AI in its security solutions
Many Check Point solutions are powered by AI. The Check Point CloudGuard suite leverages AI to scan applications and workloads for vulnerabilities, and has the power to both alert practitioners as well as block and remediate found vulnerabilities identified from Check Point ThreatCloud, external data sources, or learned user behavior. For instance, CloudGuard AppSec, an automated web application firewall available on Azure Marketplace, secures modern day web applications and APIs using contextual AI. This capability is fully automated and provides continuous learning of the application, content, and user behavior to precisely prevent cyber threats without generating false positives. By automatically identifying malicious and non-malicious requests, CloudGuard reduces operational overhead by providing a high level of threat prevention precision.
At the end of August 2021, Check Point acquired Avanan, the fastest growing cloud email and collaboration security company. Avanan developed a patented API solution, also available on Azure Marketplace, to stop email threats as an inline deployment, to scan both internal and external emails, preventing threats before they arrive in the inbox—and is purpose-built for tools like Microsoft 365 Email and Microsoft Teams. Avanan leverages over 300 AI and ML engines, and combines ML and static analysis to determine phishing attacks. These techniques include social graph and sender reputation, language processing using BERT (Bidirectional Encoder Representations from Transformers), anomaly detection and anti-impersonation/conversation. Avanan’s advanced AI and ML engines are supplemented by a large data set comprised of its 6,000+ customers. Its inline security is trained on blocking phishing emails that get past traditional secure email gateways (SEGs). By doing so, Avanan is best equipped to stop the newest, most sophisticated and evasive attacks. In a study of 360 million emails that included Microsoft 365 systems, Avanan was fifteen times more effective than legacy gateways.
Conclusion
Over the last 18 months, cyber threats have skyrocketed across the world, affecting organizations large and small. Supporting a distributed and cloud-enabled workforce and infrastructure within days often created systems susceptible to sophisticated (and now automated) cyber-attacks. Implementing a defense-in-depth strategy with a zero-trust model that is augmented with AI is more important than ever.
As organizations develop and innovate, security must be part of its design strategy. Check Point solutions and Microsoft Azure technologies complement each other to secure the modern day workforce and enterprise with scalability, agility, security effectiveness and operational efficiency in mind.
To learn more about on how to Microsoft and Check Point can enable a security-first strategy within your Microsoft investments, check out our sessions at Microsoft Ignite this year:
Managing the complex security of a remote workforce, Live Session on November 2nd