News

AI Cloud Security Tools Explode

• By David Ramel
• 03/05/2024

Advanced AI is being put to all kinds of enterprise use these days, but there's probably no better use case than cloud security.

With the cloud being a natural fit for advanced AI systems spearheaded by the likes of AWS, Google Cloud and Microsoft Azure, a bevy of third-party security vendors have been releasing AI-powered cloud security tools at a remarkable rate. It looks like one of the hottest trends in the industry based on these announcements from just yesterday and today:

Cloudflare
This connectivity cloud specialist announced a bunch of new offerings in this space yesterday, including:

Firewall for AI: This is described as "a protection layer that can be deployed in front of Large Language Models (LLMs) to identify abuses before they reach the models." It works with models hosted on the Cloudflare Workers AI platform or on any other third-party infrastructure. It can also work with Cloudflare AI Gateway, and customers will be able to control and set up Firewall for AI using the Web Application Firewall (WAF) control plane. Read more about it here.



• Defensive AI: This is described as "a personalized approach to securing organizations against the new wave of risks presented by emerging technology." It works by looking at specific customer traffic patterns to provide an organization with a tailored defense strategy unique to its environment, allowing users to:

  • Protect the Modern Web: APIs comprise 57 percent of all dynamic traffic on the web and underpin the most popular apps and services for businesses. Cloudflare is developing API Anomaly Detection, which will help prevent attacks designed to damage applications, take over accounts or exfiltrate data.
  • Secure the Number One Threat Vector -- Email: Nine out of every ten cyber attacks begin with a phishing scam, so reducing the risk presented by email is pivotal to upholding cyber resilience.
  • Mitigate threats posed by employees -- whether accidental or on purpose: Almost half of insider threat incidents involve an employee with privileged access to company assets -- underscoring the importance of a Zero Trust approach.

  You can learn more about Defensive AI here and here.

• AI Assistant: "Today, we are introducing an AI assistant to help you query your security event data, enabling you to more quickly discover anomalies and potential security attacks," the company said. "You can now use plain language to interrogate Cloudflare analytics and let us do the magic." It can be used to:

  • Identify the source of a spike in attack traffic by asking: "Compare attack traffic between US and UK"
  • Identify root cause of 5xx errors by asking: "Compare origin and edge 5xx errors"
  • See which browsers are most commonly used by your users by asking:"Compare traffic across major web browsers"
  • For an ecommerce site, understand what percentage of users visit vs add items to their shopping cart by asking: "Compare traffic between /api/login and /api/basket"
  • Identify bot attacks against your ecommerce site by asking: "Show requests to /api/basket with a bot score less than 20"
  • Identify the HTTP versions used by clients by asking: "Compare traffic by each HTTP version"
  • Identify unwanted automated traffic to specific endpoints by asking: "Show POST requests to /admin with a Bot Score over 30"

  You can learn more about AI Assistant here

Sentra
This cloud-native data security specialist just today announced Sentra Jagger, claimed to be the industry's first LLM-assistant for cloud data security.

"This new capability enhances the functionality of Sentra's core Data Security Posture Management (DSPM) and Data Detection and Response (DDR) platform by enabling users to promptly address emerging threats and vulnerabilities with real-time insights, as well as extending its usability to other governance roles such as audit, compliance and privacy," the company said. "This expansion advances the holistic visibility into an organization's security posture, ensuring alignment, effective communication and improved risk management."

The company said that in addition to real-time security insights, AI-assisted remediation guidelines, streamlined workflows and an intuitive, easy-to-use dashboard, it also offers:

• Simplified interpretation of intricate security queries, offering clear and concise explanations in plain language to empower users across different levels of expertise to make informed decisions and take appropriate actions with confidence;
• Enhanced incident response capabilities that provide users with actionable steps to identify and remediate to streamline the incident response process while minimizing downtime, reducing damage, and quickly restoring normal operations; and,
• Integration with existing tools for a unified security management experience to present a holistic view of the organization's data security posture.

A blog post provides more information, including a list of benefits:

• Accessible Security Insights: Simplified interpretation of complex security queries, offering clear and concise explanations in plain language to empower users across different levels of expertise. This helps users make informed decisions swiftly, and confidently take appropriate actions.
• Enhanced Incident Response: Clear steps to identify and fix issues, offering users clear steps to identify and fix issues, making the process faster and minimizing downtime, damage, and restoring normal operations promptly.
• Unified Security Management: Integration with existing tools, creating a unified security management experience and providing a complete view of the organization's data security posture. Jagger also speeds solution customization and tuning.

It's in limited preview this month with general availability expected in the second quarter of 2024. You can learn more about Sentra Jagger here.

NetApp
This intelligent data infrastructure specialist, claiming to be one of the first companies to integrate AI and ML directly into enterprise primary storage to protect against ransomware in real-time, today announced cyber-resiliency capability updates including:

• ONTAP Autonomous Ransomware Protection with Artificial Intelligence (ARP/AI) will spearhead the next generation of real-time enterprise storage ransomware protection, giving increased accuracy and performance required to detect and mitigate new, more sophisticated cyber threats. NetApp will be offering the first technology preview of ARP/AI within the next quarter.
• NetApp BlueXP Ransomware Protection, now in public preview, provides a single control plane to intelligently coordinate and execute an end-to-end, workload-centric ransomware defense. Customers can now identify and protect critical workload data with a single click, accurately and automatically detect and respond to a potential attack, and recover workloads within minutes, safeguarding their valuable data and minimizing costly disruption.
• Application-Aware Ransomware Protection via NetApp SnapCenter 5.0 offers immutable ransomware protection for applications. SnapCenter will now apply NetApp's leading ransomware protection technologies, previously used with unstructured data, to application-consistent backup. SnapCenter 5.0 includes support for key ONTAP features like tamperproof Snapshot copy locking, SnapLock protected volumes, and SnapMirror Business Continuity to enable more robust data protection for applications and virtual machines. SnapCenter 5.0 supports protection of applications on-premises with NetApp AFF, ASA, and FAS, as well as in the cloud.
• NetApp BlueXP Disaster Recovery, now generally available, offers seamless integration with VMware infrastructure and provides storage options for both on-premises and major public cloud environments. This comprehensive solution eliminates the need for separate standby disaster recovery (DR) infrastructure, reducing costs. With NetApp BlueXP disaster recovery, failover and failback processes are simplified, allowing smooth transitions from on-premises VMware infrastructure to the public cloud or to an on-premises data center.
• NetApp Keystone Ransomware Recovery Guarantee extends NetApp's current Ransomware Recovery Guarantee to our leading storage-as-a-service offering, NetApp Keystone. With this guarantee, NetApp will warrant snapshot data recovery in the event of a ransomware attack. If snapshot data copies can't be recovered through NetApp, we will offer compensation.

A separate blog post provides more details The next generation of ONTAP autonomous ransomware protection delivers the following benefits:

• Near real-time AI-powered threat detection to reduce your liability and enable faster recovery. This capability improves on the previous implementation, which relied on a set of heuristics created during a "learning period."
• Greater than 99 percent planned precision and recall—an industry first that relies on the new machine learning models.
• Enhanced detection of a wide variety of ransomware attacks.
• Nondisruptive updates to model parameters that are seamless and can be done at any time, independent of ONTAP release cycles.

The company said ARP/AI, complementing the company's portfolio of AI-powered protection, detection, and recovery solutions, is planned to be available as a technology preview in the second quarter of this year.

With the above all being announced in basically the last 24 hours, the AI-powered cloud security space is obviously supercharged right now, so stay tuned for more.