While some financial institutions have the resources required to hire and retain legions of IT professionals the bulk of the financial services industry is still made up of smaller institutions that address the needs of their local communities. The IT staffs that work for the typical small bank handle everything from application support to security. The challenge they face as IT generalists is they don’t have a lot of time to spend support complex platforms that they need to first set up and then maintain. That core issue is why so many organizations now rely on a wide variety of software-as-a-service (SaaS) platforms that are accessed via the cloud.
Network security should not be an exception to that larger trend, which explains why organizations such as Superior National Bank have adopted the CyGlass Network Defense as a Service (NDaaS) platform to detect anomalous behavior on its networks using machine learning algorithms and other forms of artificial intelligence (AI).
Headquartered in Hancock Michigan, the bank serves the needs of a community located in the northernmost city in Michigan near the shores of Lake Superior. Like a lot of smaller municipalities, the pool of IT talent in the local area is somewhat limited. As such, the first thing that gets evaluated by these types of organizations when considering any IT solution is how difficult is it to set up and maintain. As the only provider of an NDaaS platform, Cyglass enables the bank to take advantage of advanced AI capabilities to secure their network without having to hire additional IT staff or recruit a small army of expensive consultants that most likely live in another time zone.
The Cyglass NDaaS platform collects data from sources such as NetFlow, Syslog, AD Logs, Microsoft 365 Logs, that is then fed into an AI engine. Using a combination of unsupervised machine and self-learning algorithms, the CyGlass engine continuously learns normal activity from the flows of data ingested to set up baselines of activity. Once normal activity is ascertained, the AI engine continuously watches for anomalies. To define which anomalies are risks and threats, the AI outputs are integrated with a rules engine that identifies risks and threats such as unsecured ports or the presence of ransomware. Its policy engine can also be employed to define regulatory compliance controls that financial service companies are always required to implement.
The capabilities enabled by the Cyglass platform have shown themselves to be especially critical during the COVID-19 pandemic. With many professionals working from home to help contain the spread of the pandemic the need to secure home networks is crucial. Many employees are relying on devices they own to access sensitive data via a wireless access point that is also employed by members of the same household to access a wide range of Websites. Chances are the systems employees being employed to access corporate applications are infected with malware are high.
In the case of financial institutions, more customers than ever are also remotely accessing accounts from home or anywhere they happen to be able to connect to a network. Those institutions have no idea what Web sites those customers might have been visiting before logging into their account. The only way for a small team of IT professionals to thwart potential threats is to apply AI to the traffic flowing across its networks.
IT teams of all sizes will soon be applying AI to almost every IT management task The challenge smaller organizations face is they don’t have the resources required to hire the data science professionals required to build an AI model capable of analyzing network traffic. Most of them don’t even have to ability to aggregate all the data required to train those AI models. As AI continues to evolve it’s already apparent smaller organizations will need to rely on providers of SaaS platforms to absorb the cost of AI on their behalf. The investments in AI made by Cyglass, as such, benefit, regardless of size, all our customers.
The myriad benefits derived from those AI investments span both the tangible and intangible. Almost immediately the security posture of an organization improves. The more those algorithms learn about the environment the more hat security posture continues to improve even as the network itself evolves and adapts. Best of all, once those algorithms learn something they never forget it. Nor do they call in sick or suddenly quit to take another job.
Those same algorithms over time also substantially improve the quality of the work experience for the IT staff. Most IT professionals spend an inordinate amount of time chasing down security alerts generated by all the tools an organization has adopted in the hopes of making their IT environment secure. The challenge is that each of those tools and platforms generates a massive number of false-positive alerts that over time make IT tasks tedious to the point where most of the alerts are ignored. Machine learning algorithms are trained to aggregate all those alerts in a way that surfaces the threats that are most lethal and immediate to the organization.
In fact, most IT professionals going forward are not going to want to work for organizations that don’t augment with AI-infused tools. Life is simply too short to put up with the current level of aggravation IT professionals regularly tolerate today.
They say the future is already here; it’s just unevenly distributed. There’s no better example of that than AI. Large companies already make extensive use of AI to improve security. The issue at this point is not so much whether to embrace AI but rather how best to implement it in the simplest and, just as critically important, the most economical way possible.