Security intelligence needs AI, machine learning-powered data protection and risk response

Lourens Sanders, Senior Sales Engineer at Commvault.

---

From retail to government, private sector to financial services, organisations of all types and sizes are vulnerable to constantly evolving threats. The consequences of a breach have also become increasingly dire, with exfiltration of sensitive information potentially causing compliance challenges along with business disruption. Attacks themselves have become increasingly sophisticated, leveraging artificial intelligence (AI) and machine learning (ML) to infiltrate networks and avoid detection. This means that to counter the threat, data protection must leverage these technologies too, otherwise it cannot possibly hope to effectively mitigate the growing risk.

Data has become arguably the most important asset a business holds, which means it is a valuable commodity for those with criminal intent. Sensitive or personal information is often the target workload of cyber criminals because of the value this data holds. However, attackers are not simply out to steal the information, they are also trying to prevent businesses from being able to recover, and so they no longer target only production data, but the data protection infrastructure as well.

The way attacks are perpetrated has also changed and is constantly evolving, as malicious actors use ever more sophisticated means to breach networks. Attackers make use of AI and ML not only to create the breach, but also to avoid detection, and once they are inside, they can learn and see the usual behaviour patterns and then mimic them, making threats even harder to detect. There is also a growing trend towards insider threats, both intentional and accidental, which needs to be mitigated.

With attackers leveraging AI and ML to breach networks and wreak havoc on businesses, it has become critical that data protection solutions also use these technologies to detect breaches and mitigate risks. However, data protection is not just about blocking external threats. It is also imperative to ensure that access to data is built on a foundation of zero trust principles, so that the right people have access to the right data for the right purpose, and that role-based access is enforced.

AI and ML assist from an automation perspective, for example, to automatically identify data sets such as sensitive data, and to identify if they are stored in the wrong place or inadequately protected. These technologies can also learn patterns of behaviour to identify and flag anomalies, both in live and backup data. This is imperative for identifying potential threats and can provide active insights and actionable tasks – for example, if a help desk analyst can open a shared file that contains credit card information, this needs to be flagged and corrected.

Data protection driven by AI and ML gives you the visibility into your data to be able to understand it and protect it better. It can also offer root cause analysis – for example, if data is moved or deleted, it can help businesses to identify if this action is legitimate or a threat. It can flag potentially sensitive data as well as suspicious activities, alerting and reporting this so that necessary action can be taken. Essentially, AI and ML automate multiple complex processes, improving the visibility and actionability of massive volumes of data, which cannot be achieved manually. It can also be used to identify redundant data and optimise storage while facilitating compliance.

Saying all of this, you still need backup and recovery to protect your data – just because the threat has evolved, it does not mean the basics do not need to be taken care of. Best practices like isolated copies of data, and immutable copies of data to virtual air gapped areas, are still important, as are flexible recovery options to recover to a place or point in time. It is also essential to have an effective data governance strategy so that critical resources are identified and can be recovered in order of priority should an incident occur.

Implementing data protection with AI and ML on top of this aids in developing a proactive approach with automated data protection, predictive analytics, intelligent workflows and automation and greater insight. This all adds up to a better understanding of risk, readiness for handling this risk and the ability to create a more intelligent and actionable response plan to mitigate it.