Connect with us

Artificial Intelligence

F5 Intros New AI-Powered App and API Security Capabilities

Published

on

F5 has announced new security capabilities to give customers comprehensive protection and control in managing apps and APIs across on-premises, cloud, and edge locations. “Specifically, new machine learning enhancements provide F5’s cloud security portfolio with advanced API endpoint discovery, anomaly detection, telemetry, and behavioral analysis. As more transactions and customer engagements occur through digital channels such as web and mobile apps, organizations are seeking better solutions to provide secure experiences for their end users and maintain their trust. With APIs as the building blocks of modern web and mobile experiences, protecting these assets is the cornerstone of securing digital services” the company announced.

“F5 customers can now strengthen their security posture with a continuously improving analysis engine and unified policy enforcement. These capabilities enable secure app-to-app communications through validated and monitored APIs, thereby reducing the time security teams spend correcting false positives and accelerating time-to-deployment for new services. The enhancements, as well as new managed service offerings for enterprises and service providers, accelerate the momentum of F5 Distributed Cloud Services, introduced in 2022 and bolstered by the recent launch of multi-cloud networking solutions,” the company said.

Modern organizations continue to demonstrate a clear preference for hybrid solutions. According to F5’s 2023 State of Application Strategy (SOAS) Report, 85% of respondents have deployed apps and APIs in distributed environments spanning multiple public clouds, as well as on-premises and edge locations. More than 20% of respondents are deploying apps and APIs in six different environments. At the same time, security teams struggle to provide consistent protection and visibility for a rapidly expanding attack surface area. This is primarily because many contemporary web application and API protection (WAAP) solutions rely on point products or offerings based on (and provided by) CDN vendor technologies that cannot adequately scale beyond cloud-based apps and lack the ability to be deployed on-premises, in public clouds, or in other edge locations.

“Applications and APIs are the building blocks of the digital experiences through which we all work, bank, shop, access healthcare, travel, and play,” said Kara Sprague, EVP and Chief Product Officer, F5. “And those experiences are only as secure as the most vulnerable app or API. With greater efficacy achieved via sophisticated profiling techniques and deployment options that span SaaS, packaged software, hardware appliances, and managed services, F5’s app and API security solutions are unmatched. Today’s announcement continues our mission to radically simplify app and API security, empowering customers to accelerate digital innovation with the confidence of comprehensive protection no matter how their apps are built or where they live.”

F5 offers a full suite of capabilities to provide robust protection for apps and APIs across on-premises, cloud, and edge locations. Moreover, F5’s end-to-end approach to security means that threat data can be gathered and analyzed across all deployed locations, including ongoing and emerging attack campaigns detected by the F5 Threat Campaigns service. As part of a larger hardware, software, SaaS, and managed services portfolio that also provides best-in-class application delivery capabilities, F5 security solutions protect a diverse mix of distributed apps and APIs in any environment without adding further operational complexity.

5 offerings are firmly in step with organizations’ desire to deploy security capabilities in the public cloud and as-a-service. Unlike API-only point product security providers, F5 delivers API auto-discovery, policy enforcement, and anomaly detection as part of a unified WAAP service, simplifying operations and enforcement through a single console for both app and API protection. Since static signature-based controls are insufficient for protecting API endpoints due to their dynamic, evolving nature, F5 Distributed Cloud API Security utilizes optimized machine learning for automatic API discovery, threat detection, and schema enforcement.

By observing normal behavior patterns across all endpoints, F5’s advanced analysis engine helps users detect anomalies and refine API schemas to improve their overall security posture. Additionally, F5 supports token identification to detect anomalous behavior accessing JWT tokens and prevent unauthorized usage. According to F5’s SOAS Report, nearly two-thirds of organizations are prioritizing the use of AI/machine learning, with security as a top use case. CISOs view such capabilities as a means to reduce the time between detection and response without compromising efficacy or requiring additional security staff.

In addition to AI-based enhancements for Distributed Cloud API Security, F5 is introducing AI-driven web application firewall (WAF) capabilities, including unique malicious user detection and mitigation capabilities that create a per-user threat score based on behavioral analysis that determines intent. This enables security operations to choose between alerting or automatic blocking to mitigate an attack that would otherwise go undetected by static signatures. With F5, all traffic is monitored and proactive defenses are applied based on malicious user behavior that can be correlated across Distributed Cloud WAAP deployments. New functionality also provides false positive suppression, making it easier to block bad traffic without accidentally blocking legitimate users, and streamlines operations by reducing the time necessary to enable specific app protections.

Given organizations’ growing challenges in deploying consistent security across increasingly distributed infrastructures—as well as finding available personnel with the required security skillsets—F5 is expanding its managed service offerings:

  • Distributed Cloud WAAP Managed Services enable F5 customers to access the experience and expertise of the F5 SOC to manage WAF, bot defense, and DDoS protection. Through a shared console, customers have the ability to seamlessly move between a self-service or managed service model as the needs of their apps and approach app security change.
  • Distributed Cloud Managed Service Portal enables F5 service provider partners to build and tailor their own managed service offerings based on the leading security capabilities of F5 Distributed Cloud WAAP. This approach lets partners manage Distributed Cloud WAAP on behalf of their customers without sacrificing visibility, resulting in new revenue sources and value-added services while extending the overall reach of the solution.

Artificial Intelligence

Cybersecurity Defences Employing AI Can Combat Threats with Greater Speeds

Published

on

Emile Abou Saleh, the Senior Director for Middle East, Turkey and Africa at Proofpoint, says a proactive approach to cybersecurity robustly protects organizations against a wide range of threats in an increasingly complex digital landscape

What have we achieved so far in terms of use case scenarios of Gen AI in the realm of cybersecurity?
Generative AI has gained considerable attention in the news lately, and like any new technology, there’s a lot of excitement around it. Today’s Generative AI tools go beyond traditional chatbots; they are becoming more advanced. Generative AI’s potential reaches far and wide, benefiting professionals across different industries. Financial advisers can use it to analyze market trends, educators can tailor lessons to students’ needs, and it’s also proving useful in the field of cybersecurity. Security analysts can leverage Generative AI to examine user behaviour and detect patterns that could indicate potential data breaches.

One of the standout features of Generative AI in cybersecurity is its ability to quickly and accurately process vast amounts of data related to emerging threats. Security administrators can use these tools to run queries quickly, and in just a few minutes, these tools can summarize current credential compromise threats and highlight specific indicators to watch out for.

Why according to you should cybersecurity companies leverage generative AI?
Our lives and work cultures are forever changed, with so many people working and interacting digitally—and the velocity of business and the volume of corporate data we generate growing exponentially, across multiple digital platforms.

Many organizations across all industries have found that implementing artificial intelligence (AI) into business systems has helped them to ensure continuity, with one main aspect being increased productivity. When looking at this from a cybersecurity point of view, there are many ways AI and machine learning (ML) can bolster an organization’s overall cybersecurity posture.

Today’s threat landscape is characterized by attackers preying on human vulnerability. Proofpoint research shows that nearly 99% of all threats require some sort of human interaction. Whether it is malware-free threats such as the different types of Business Email Compromise (BEC) or Email Account Compromise (EAC) like payroll diversion, account takeover, and executive impersonation, or malware-based threats, people are falling victim to these attacks day-in and day-out. And all it takes is one click, from one employee for a threat actor to infiltrate an organization’s systems, no matter how complex the environment.

To stop these types of attacks, organizations need to deploy a security solution that can stay ahead of the ever-changing landscape and adapt to the way humans act. AI and ML are critical components in a robust cybersecurity detection strategy. It’s faster and more effective than manual analysis and can quickly adapt to new and evolving threats and trends. Cybersecurity defences that employ AI can combat such threats with greater speed, relying on data and learnings from previous, similar attacks to predict and prevent their spread.

What are the cybersecurity challenges facing companies with the adoption of AI and how can they be overcome?
With the adoption of AI, organizations face a set of cybersecurity challenges that need immediate attention. While AI has shown remarkable progress in defending against common threats, it has also opened doors for cybercriminals.

Take phishing: AI has the potential to supercharge this threat, increasing the speed and accuracy in which these phishing emails are sent to victims. However, it’s important to remember that many social engineering emails aren’t designed to be “perfect” – they are intentionally written poorly to find people who are more likely to engage.

That’s also only one part of the threat. Headers, senders, attachments, and URLs are among the many other threat indicators that are analyzed by robust detection technologies. Even where there would be a substantial benefit to having better-crafted emails, like many business email compromise scenarios, there is a lot of other information the threat actor needs to have access to. They need to know who is paying what money to whom and at what dates, which they probably have already accessed in a different way. They don’t necessarily need AI assistance when they already have access to that person’s inbox and they can merely copy an old email.

It’s crucial for organizations to note that no matter the attack vector, or how complex it is, the majority of cyberattacks require human interaction to be successful. By tricking just one employee, threat actors can circumvent security tools and siphon sensitive corporate data. Organizations must implement a people-centric cybersecurity strategy, consistently training employees at all levels of the business, in cybersecurity best practices so they are aware of the latest cyber threats and are able to detect them, report them, and not fall victim to them.

How can organizations use their resources effectively to leverage Gen AI to gain a competitive edge in the cybersecurity landscape?
To effectively leverage Generative AI and gain a competitive advantage in the cybersecurity landscape, organizations should focus on two vital aspects. It is firstly essential to embrace a people-centric security model for data loss prevention, acknowledging that individuals often play a pivotal role in the movement of data. This approach encompasses content awareness, behavioural analysis, and threat awareness, granting in-depth insights into how employees interact with sensitive data.

Increased visibility facilitates real-time detection and prevention of data loss incidents. Secondly, organizations should integrate artificial intelligence (AI) and machine learning (ML) technologies into their cybersecurity practices. For instance, in email security solutions, AI and ML swiftly identify and thwart phishing campaigns, malicious URLs, imposter messages, and unusual user activity in cloud accounts. A proactive approach to cybersecurity robustly protects organizations against a wide range of threats in an increasingly complex digital landscape.

Continue Reading

Artificial Intelligence

AI Technology’s Potential for Misuse Necessitates Robust Security Policies

Published

on

Ram Narayanan, the Country Manager at Check Point Software Technologies, Middle East, says collaborating with AI providers and researchers is essential to remain current with AI advancements

What have we achieved so far in terms of use case scenarios of Gen AI?
Generative AI tools like ChatGPT and Google Bard have witnessed remarkable growth in their use case scenarios, showcasing their versatility and potential across various applications. These AI tools have proven to be valuable assets in enhancing productivity and creativity. However, they also present significant challenges, primarily related to their vulnerability to misuse in cyber-attacks.

Instances of Generative AI being exploited to create malicious content, such as malware, phishing emails, and deceptive videos, have raised concerns in the cybersecurity domain. Organizations have had to proactively address these issues to protect their digital assets and sensitive data. While Generative AI continues to offer substantial benefits, organizations must remain vigilant in their efforts to protect against emerging AI threats, ensuring that AI and machine learning-based defences become essential components of their cybersecurity strategies.

Why according to you should companies leverage generative AI?
Companies should leverage generative AI for a multitude of reasons that promise transformative benefits. Generative AI streamlines content creation processes, allowing for efficient, cost-effective production of customized content at scale. Moreover, the scalability of generative AI ensures that businesses can adapt effortlessly to varying audience sizes without compromising content quality. Generative AI extends its utility to customer support through AI-powered chatbots, offering round-the-clock assistance while freeing up human teams for more complex tasks.

Furthermore, its flexibility to generate content in diverse formats, from text to images and audio-visual content, enables companies to diversify their content offerings and reach audiences across multiple platforms. Embracing generative AI grants companies a competitive edge in a dynamic business landscape, fostering agility and innovation. However, responsible AI use is paramount.

The technology’s potential for misuse, including cyber threats and malicious content creation, necessitates robust security policies, especially for mobile devices. Advanced technology, including AI and machine learning, is crucial to effectively detect and mitigate these risks. Companies must also uphold ethical standards in AI deployment, ensuring responsible use that aligns with societal values while reaping the myriad benefits generative AI offers.

What are the challenges companies face in terms of adopting and using Gen AI and how can they be overcome?
Companies face several challenges when adopting and using Generative AI. A primary concern is the potential for misuse, as Gen AI can be exploited for cyber-attacks, including the creation of malware, phishing emails, and deceptive content. This poses significant security risks that must be addressed. Firstly, robust security policies should be established and enforced, governing the use of AI tools on corporate devices and networks.

Employee education is crucial to raise awareness and empower staff to recognize AI-generated threats. Advanced threat detection technologies, utilizing behavioural analysis and machine learning, enhance security measures. Access control to AI tools helps mitigate misuse risks, and regular security updates are essential. Mobile devices, often entry points to organizations, require special attention with robust mobile security solutions.

Ethical concerns, regulatory compliance, quality control, bias mitigation, and public perception challenges also need to be addressed through collaboration, self-regulation, responsible AI development, and continuous monitoring. Striking a balance between AI’s potential and ethical considerations is key for successful Gen AI adoption.

Are companies aware of regional and global policies surrounding the use of Gen AI? 
The awareness among companies regarding regional and global policies surrounding the use of Generative AI can vary significantly. Some companies are well-informed and proactive in understanding and adhering to these policies, especially if they operate in highly regulated industries or have a global presence. These companies often invest in compliance efforts to ensure they align with regional and international regulations related to AI.

However, many companies, particularly smaller or newer ones, may have limited awareness of the full scope of regional and global policies concerning Gen AI. It’s worth noting that the awareness of Gen AI policies can also be influenced by the region in which a company operates. The United Arab Emirates has been actively embracing AI technology in various sectors, including healthcare, transportation, finance, and government services.

To ensure responsible and ethical use of AI, the UAE government has developed regulatory frameworks and policies. For instance, the UAE AI Strategy 2031 focuses on creating a conducive environment for AI innovation while also addressing the ethics and legal aspects of AI implementation. Given the substantial investment in AI technology and the government’s commitment to AI governance, it is likely that UAE companies are well-informed about the regional and global policies surrounding the use of Gen AI. Companies operating in sensitive sectors, such as healthcare or finance, may have a higher level of awareness and compliance with AI regulations due to the potential impact on individuals’ privacy and security.

How can companies use their resources on using Gen AI to create a competitive advantage?
Companies can utilize their resources to harness Generative AI strategically, thereby gaining a competitive edge in various aspects. Gen AI enables swift innovation by automating product development, reducing time-to-market, and ensuring companies stay ahead in dynamic industries. Gen AI’s data analysis capabilities facilitate data-driven decision-making, enabling informed strategic choices, rapid response to market trends, and optimized supply chains, leading to cost savings and operational efficiency.

It also plays a vital role in cybersecurity, effectively detecting and mitigating advanced threats to safeguard digital assets and reputation. Automated market research with Gen AI identifies trends and consumer preferences, guiding product development and marketing strategies. Task automation enhances employee productivity, freeing up time for innovation, while Gen AI assists in compliance and risk management efforts.

To maintain a competitive edge, companies should integrate Gen AI strategically, invest in workforce training, ensure ethical use, and implement robust cybersecurity measures. Collaboration with AI providers and researchers is essential to stay current with AI advancements and maintain responsible practices.

What factors do companies need to consider before adopting Gen AI such as having a centralised data strategy?
Before adopting Generative AI, companies must carefully consider several critical factors, one of which is the establishment of a centralized data strategy. Security is of utmost concern, as Gen AI tools have the potential to be exploited in cyber-attacks, exemplified by instances of AI-generated malware and phishing campaigns. To mitigate these risks, robust security policies and measures should be implemented to safeguard sensitive data and prevent data breaches. Mobile devices, commonly used for Gen AI interactions, present unique vulnerabilities, necessitating a focused approach to mobile security that encompasses both prevention and detection, ideally utilizing AI and machine learning in security solutions.

A centralized data strategy should incorporate these security measures to protect against potential AI threats during Gen AI adoption. Additionally, it should encompass data governance practices, data quality assessment, privacy compliance, ethical guidelines, transparency, scalability, cross-functional collaboration, and continuous monitoring to ensure responsible and secure Gen AI integration. Building and maintaining customer trust and preparing for crisis management are integral aspects of a comprehensive Gen AI strategy.

How can companies experiment with Gen AI to predict the future of strategic workforce planning?
Companies can gain a competitive edge by strategically allocating resources to harness Generative AI in various ways. Generative AI accelerates innovation by automating product development processes, leading to faster time-to-market and a competitive advantage in rapidly evolving industries.

It also streamlines content creation, reducing costs, and delivering personalized content to enhance customer engagement and loyalty. With the deployment of AI-powered chatbots and virtual assistants, companies can improve customer support, providing efficient round-the-clock assistance while optimizing the supply chain, ultimately increasing customer satisfaction and operational efficiency.

Generative AI’s role in cybersecurity is crucial, as it effectively detects and mitigates advanced threats. Additionally, it aids in automated market research, identifying trends and consumer preferences to guide product development and marketing strategies. Lastly, it contributes to compliance and risk management efforts.

To maintain this competitive edge, companies must strategically integrate Generative AI, invest in workforce training, ensure ethical use, and implement robust cybersecurity measures to safeguard against AI-related threats. Collaborating with AI providers and researchers is essential to remain current with AI advancements, allowing companies to effectively harness these technologies while upholding responsible practices.

Continue Reading

Artificial Intelligence

Snowflake to Highlight the Limitless Potential of Gen AI and LLMs at GITEX

Published

on

Mohamed Zouari, General Manager for Middle East, Turkey and Africa at Snowflake, speaks about his company’s participation at GITEX 2023

Tell us about your participation at GITEX 2023. Which products and solutions will you be showcasing at the event?
At GITEX 2023, Snowflake is set to highlight the limitless potential of generative AI and LLMs. We will discuss how Snowflake’s platform connects organisations to the Data Cloud, and securely leverages generative AI and Large Language Model (LLM) innovations. We have recently made strategic investments to fast-track these technologies for our customers, including acquisitions of Neeva, Applica, Streamlit, and Reka.

In line with this, Snowflake has rolled out Document AI (private preview), which utilizes its in-house large language model to gather deeper insights from documents more quickly, accurately, and easily. Additionally, the introduction of Snowpark Container Services, also in private preview, broadens Snowflake’s computing capabilities to accommodate diverse workloads, such as full-stack apps, secure hosting of large language models, efficient model training, and more—all within the secure environment of Snowflake.
Snowflake will also highlight its solutions to tackle vertical-specific challenges and opportunities in various sectors like finance, retail, and advertising.

What are your expectations from the event this year?
We are incredibly excited about this year’s event as it aligns perfectly with Snowflake’s mission to eliminate data silos and mobilize enterprise data. Our expectations are twofold:

  1. Showcase Advancements: We look forward to demonstrating the significant strides Snowflake has made in AI-driven functionality. Our platform now not only enables secure AI/ML workloads on enterprise data but also reimagines the developer and administrative experience through AI.
  2. Collaboration and Learning: We anticipate engaging in discussions and collaboration with industry leaders, potential clients, and partners. These interactions will provide valuable insights into how businesses can achieve unparalleled governance over their data, access first and third-party AI models, and benefit from a self-managing, elastic infrastructure.

What will be your theme of participation at GITEX 2023?
As AI allows companies to embrace new capabilities, our theme at GITEX is focused on delivering a great product experience and removing complexity for our customers in successfully leveraging this new technology. Our AI-driven user experience is designed to delight, ensuring that our customers can fully embrace AI’s potential and confidently make data-driven decisions.

Attendees will get an exclusive look at how Snowflake enables businesses to create and monetize data-intensive applications and deploy them directly in the Data Cloud. Utilizing Snowflake as the core platform for application development can transform data sharing and collaboration across an entire organization, setting a new standard in the data-sharing economy.

Do you plan to run any online engagements such as webinars and offline engagements such as tech talks, demos, keynotes, and so on, alongside GITEX 2023?
We will be hosting an array of compelling sessions showcasing our cutting-edge product portfolio, and a panel discussion with Mohammed Zouari, General Manager – Middle East, Turkey & Africa along with some of our esteemed customers to share insights on unlocking the power of data for organizations.

How have your regional strategies changed in recent months?
In recent months, Snowflake has been focusing on helping companies in the UAE capitalize on the burgeoning growth and interest in AI and LLMs. Our regional strategy has evolved to address the unique needs and opportunities in this market. Here are some key aspects:

  1. Secure and Governed Platform: One of our unique selling points is providing a secure and governed platform that allows businesses to maximize their AI potential. We offer consistent protection across data and models, safeguarding data from unintended use through role-based access definitions. This ensures a unified approach to security and governance across data, computing, models, and apps.
  2. Infrastructure for LLM Apps: We’ve simplified the process of developing Language Learning Model (LLM) applications. Our platform enables companies to focus on customizing LLMs and building apps that unlock new experiences. This is made possible through our container-based, GPU-powered compute provisioned with auto-scaling definitions, all achievable in under 10 lines of code.
  3. LLM-Powered Analytics & Development: To further accelerate development and analytics, we offer built-in tools and functions that leverage Snowflake-managed LLMs. This allows for quicker analysis of unstructured data and the use of AI assistants to speed up development cycles.
Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.