Page 18 - Cyber Defense Magazine RSA Edition for 2021
P. 18
packets quickly and easily - the time it takes to investigate and resolve issues can be drastically reduced,
dramatically increasing analyst productivity.
The right architectural approach is not one where AI/ML threat detection tools replace existing tools like
IDS, firewalls and endpoint protection tools: it’s one where they supplement them.
Alerts from your monitoring tools and other relevant evidence sources such as network flow data, log file
data should all feed into a SIM/SIEM/Data Lake and SOAR tools so that analysts can operate from a
“single-pane-of-glass” rather than having to bounce from tool to tool to see things. Packet evidence
should be easily accessible from SIM/SIEM/Data Lake, SOAR tools and security tools such as IDS/IPS
and firewalls to provide quick access for analysts and enable packet data to be accessed by automated
processes such as SOAR playbooks.
With this architecture in place, companies can realize the promise of AI/ML technology to identify and
remediate previously unknown threats at the earliest possible stage, with less noise and greater
efficiency. Providing teams with integrated access to full network packet data is critical to ensure the
accuracy and efficiency of AI/ML security tools and to ensure tools are properly tuned to match the
environment in which it is deployed.
About the Author
Since 2017, Cary Wright has been Vice President of Product
Management at Endace. With more than 25 years' experience
in the telecommunications and networking industries at
companies like Ixia and Agilent Technologies, he has been
pivotal in creating market-defining products. Cary has an
innate understanding of customers’ needs and is instrumental
in continuing the evolution of network recording and playback
solutions and driving the growth of the Endace Fusion Partner
program. www.endace.com
18
