There is almost nothing that occurs in IT that doesn’t in one form or another get logged. The problem is that sorting through log records to discover those events is like looking for the proverbial needle in the haystack. LogRhythm this week says it plans to make available a series of add-on modules infused with artificial intelligence (AI) capabilities to make it simpler to detect advanced security threats and ongoing attacks that have escaped the notice of internal IT organizations.
Chris Brazdziunas, vice president of products at LogRhythm, says the CloudAI service developed by LogRhythm will focus on enabling security operations centers to make use of both machine and deep learning algorithms on a subscription basis as a complement to the Entity and User Behavior Analytics (EUBA) software that LogRhythm already provides. Over time, those AI capabilities will then be extended across the rest of the company’s portfolio, says Brazdziunas.
Brazdziunas says that the algorithms that vendors are now applying to IT security have been around for years. What’s changing now is that the amount of data that vendors can collect via the cloud is creating a large enough pool of data to make it feasible to deploy AI services, says Brazdziunas.
“Machine learning algorithms have been around since the 1950s,” says Brazdziunas.
Brazdziunas says AI capabilities won’t replace IT security personnel as much as simply even the odds. Cybercriminals are increasingly launching sophisticated attacks that IT security teams are not going to be able to detect without relying more on AI technologies, says Brazdziunas.
Of course, AI in and of itself is not likely to deter many cybercriminals from launching attacks. But in the time between when a breach occurs and an effective response is narrowed using AI, the amount of damage that might be inflicted can be contained. The assumption these days, after all, isn’t so much whether an organization has been breached. Instead, IT organizations today need to focus on determining to what extent those breaches have already occurred.