Ingram Micro New Zealand

Ingram Micro helps businesses fully realize the promise of technology™—helping them maximize the value of the technology that they make, sell or use. With its vast global infrastructure and focus on cloud, mobility, supply chain and technology solutions, Ingram Micro enables business partners to operate more efficiently and successfully in the markets they serve.

No other company delivers as broad and deep a spectrum of technology and supply chain services to businesses around the world. Founded in 1979, Ingram Micro’s role as a leader and innovator in technology and supply chain services has fueled its rise to the 69th ranked corporation in the FORTUNE 500®

AI and Machine Learning is Integrated into Cybersecurity

AI and Machine Learning is Integrated into Cybersecurity

There isn't a security professional on the planet who thinks defending against cyber-criminals, nation-state attackers and other hackers is getting easier. The tools available to attackers are easier to access through online marketplaces on the dark web and corporate networks are increasingly interconnected and rely on third parties through cloud services. 

As the network perimeter dissolves and new attack vectors appear, being able to protect, defend and respond to attacks is becoming more complex and requires a change from the traditional block and defend posture to a more proactive approach. 

While the proliferation of end-points and external services we use has made our systems more complex, it has also delivered an opportunity. We can now collect data about what's happening from more sources, giving us the potential to learn more about the threats we are facing and how bad actors work.

This is critical. In the past, the first sign of an attack came when something went wrong. For example, if we look at a relatively common ransomware attack, the first sign of something untoward was a user reporting their system had been compromised – or a request to the help desk to help set up a Bitcoin account so the user can send the ransom to the attacker and unlock the infected computer. 

But such an attack is prefaced by a series of other events. If those events can be captured, from the moment the threat is received through to the moment before it is executed then it becomes possible to stop the attack from causing damage.

That time from infiltration to execution is the dwell time. Attackers have learned to be patient, often waiting months from when they first breach a perimeter until they execute a malicious action. In the recently reported attack on Asus' update servers, the attackers stayed quiet for more than six months before detection. 

How do we detect stealthy and intelligent attackers?  

There are three key elements.

You need a lot of data. That helps establish a baseline level of activity that can be considered "normal" and the ability to detect anomalies that could indicate some sort of compromise. 

For instance, an example of normal behaviour could be an accounts receivable team member logging into the network and the accounts system between 8am and 9am each morning. They work from home once or twice a week and occasionally, during peak periods, work on the weekend.

When the same user account logs in at 4:00am from Kazakhstan and tries to look in the HR system, that could be an indicator of a compromised account. Multiply that scenario across an entire workforce that may be distributed globally and the challenge of understanding "normal" becomes significant. 

You need data science expertise to create models from that data. While humans are good at identifying potential unusual patterns, when the volume and velocity of data coming from hundreds, or even thousands, of end-points is aggregated specific expertise is needed to process the data and build artificial intelligence (AI) models.

Finally, all that data and those models need significant computing power. Once a threat is detected it is essential to move quickly to limit the damage and mitigate the risk of further attacks. That requires even more computing power. 

We are at a tipping point where security information and event management (SIEM) systems are no longer enough. Although they do a good job of collecting log data from multiple sources, that data is only valuable if it can be used. That takes AI and computing power with algorithms created by data science experts. 

The ability to collect that data, use it to automatically detect anomalies and react without waiting for human intervention is critical. It means you can channel your limited human resources to more challenging problems and not threats that have known patterns of behaviour and understood response actions. 

Detection and reaction need to be part of the network design. AI systems need to learn as they work and focus on real malicious activity and not false positives in a way that doesn't impose operational and system overheads that impede business operations. 

Very few businesses have the expertise to do this themselves. This means finding an integrated solution from a trusted partner that will work with your internal security and technology teams to determine where the real risks lie and focus on developing a solution that mitigates those risks without throwing up the distraction of false positives. 

FortiInsight and FortiWeb use AI to detect anomalous behaviour and react to the threat. Systems such as these can analyse what's happening and alert you when something unusual is detected.

So when a local user account is suddenly used at an unexpected time from an unusual location, the system can detect the anomaly, lock the account and alert the requisite person so it can be followed up before a malicious act can take place.

Being able to do all this in a way that protects your business requires the right tools, expertise, computing platform and a trusted partner. Fortinet can be that partner. 

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags integrationmalwareautomationmachine learningcybersecuritydataartificial intelligencespecialists



Reseller News Platinum Club celebrates leading partners in 2019

Reseller News Platinum Club celebrates leading partners in 2019

The leading players of the New Zealand channel came together to celebrate a year of achievement at the annual Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months.

Reseller News Platinum Club celebrates leading partners in 2019
Reseller News hosts alumnae breakfast for Women in ICT Awards

Reseller News hosts alumnae breakfast for Women in ICT Awards

Reseller News hosted its second annual alumnae breakfast for the Women in ICT Awards in New Zealand, designed to showcase the leading female leaders in the industry. Held at The Cordis in Auckland, attendees came together to hear inspiring keynotes and panel discussions, alongside high-level networking among peers. Photos by Gino Demeer.

Reseller News hosts alumnae breakfast for Women in ICT Awards
Reseller News Innovation Awards 2019: meet the winners

Reseller News Innovation Awards 2019: meet the winners

Reseller News honoured the standout players of the New Zealand channel in front of more than 480 technology leaders in Auckland on 23 October, recognising the achievements of top partners, emerging entrants and innovative start-ups.

Reseller News Innovation Awards 2019: meet the winners
Show Comments