Cyber Threat Intelligence

Interview: Kumar Ramachandran On How AI Is Transforming Network Security

Expert Insights interviews Kumar Ramachandran, SVP for SASE at Palo Alto Networks.

KumarRamachandran-PaloAlto-Interview

“If you look at network security, the landscape of how we work has changed dramatically. Through the pandemic, working from home became necessary. Now we are seeing most companies revert to a hybrid work model. Simultaneously, we are seeing the rise of digitization, adoption of the cloud, adoption of SaaS services. And aligned to that, we’re also seeing the threat vectors increase. Bad actors are increasing not only in size, but in scope. We’re seeing the dramatic rise of organized ransomware and the rise of tools that bad actors are able to use. We are seeing threat vectors increase dramatically.”

Kumar Ramachandran is the SVP for SASE at Palo Alto Networks, a market leading cybersecurity provider that is used by thousands of organizations globally. Ramachandran is responsible for managing Palo Alto Networks’ Prisma Access solution, a security service edge (SSE) solution, recognized as a leader in both the SSE and SD-WAN Gartner Magic Quadrant. Ramachandran has been at Palo Alto Networks for three years, joining the company after their 2020 acquisition of CloudGenix, an SD-WAN provider founded and led by Ramachandran, which became Prisma SD-WAN and has been integrated into Prisma Access for a unified SASE solution called Prisma SASE. Expert Insights met with Ramachandran at the 2023 RSA Conference – you can listen to our full conversation on the Expert Insights Podcast

While the last few years in network security have been tumultuous, the adoption of artificial intelligence (AI) and machine learning (ML) systems will bring about even bigger change. Historically, a new piece of malware would emerge, and there would then be a delay before signatures were generated and published to defend against it, Ramachandran explains. But with AI technologies, this process can be radically improved. 

“If we use data science, and technologies such as AI and ML, we can actually change how we react to zero-day threats. Palo Alto Networks operates at a tremendous scale. Every day, we see 236 billion threats and we stop them. In a week, we see and stop over a trillion threats. So, we said, ‘Hey, why don’t we use that data to start training our internal AI and ML systems?”

“Based off of that, today 95% of [the] zero-day threats that we stop [is through] using inline ML that is absolutely unique, and absolutely transformative. They still publish 4.3 million security updates every day, because you want to account for that 5% and act as a backstop. The reality is you need this kind of transformative approach. If you look at the bad actors, from the time a vulnerability is disclosed, in less than 15-minutes you start seeing scans exploiting that vulnerability. You can’t wait for vendors that are operating with the technologies and approaches of yesterday, you have to react in real-time to be able to react and intercept these threats.” 

How Cyber-Criminals Are Utilizing AI

As adoption of these transformative AI models continues to rise, so too does the effectiveness of cyber attackers. “It continues to be a battle with the bad guys – both in terms of scale and in terms of capabilities – and the rest of us,” Ramachandran says. “Our job is that we have to stay ahead to serve and protect our customers.”

“You will absolutely see bad actors take advantage of AI and ML tools to introduce malicious vectors. We are seeing various meddler-in-the-middle attacks and increasing sophistication in terms of using known “good” SaaS websites to initiate phishing attacks. So, you have to react and respond to all of this… in every use case, we’re making sure that we’re utilizing AI and ML.”

Many security analysts have highlighted that AI models and LLMs (large language models) could be used by cyber-criminal groups to initiate highly realistic phishing emails, with potential for utilizing voice and video deep faking technology which is increasingly cheap and accessible. Is this likely to become a significant concern for security teams?

“Definitely,” Ramachandran says. “This is a seminal moment… We’re absolutely seeing these highly customized, penetrative threats.” Phishing scams that use contextual understanding of events and use AI technologies to deepfake voices are already taking place, he explains. The response to these sophisticated attacks is the implementation of Zero Trust solutions.

“You have to eliminate trusting anything. Just because a device is company issued, you can’t trust it. Just because a person is ‘in the corporate network’ you don’t want to trust them…. The reality is that every breach in the last 15 years is against allowed access, so it doesn’t trigger alarm bells in the system. So, once someone has been granted access, you still have to absolutely verify trust and do continuous inspections.”This conversation should also extend to data.

Improving Network Security – Developing AI Tools

ML tools are improving detection and remediation rates of risks today. How will they continue to develop, and continue to improve network security for IT admins? “All of data science starts with data. There’s not much that ML or LLMs can do if your data is bad. So, some of our biggest investments have been around what we call the ‘Three C’s of data,” Ramachandran says. 

“The data for any problem set you’re trying to solve has to be complete – you need all the data set. The data set has to be consistent – all the elements from where you’re gathering the data have to be correlated and aligned with each other. And third, the data has to be correct. Oftentimes, infrastructure systems gather data. They apply algorithmic smoothing of the curves, such that is processed data, not the raw input data.”

“We have invested very heavily in ensuring that across all parts of network security…we gather telemetry from a network standpoint, from a user experience standpoint, from a security standpoint and put them in a centralized data lake. Then we’re able to ensure that the three Cs are met, [the data is] complete, it’s consistent, it’s correct. We have been doing both traditional statistics as well as AI and ML for the last five-to-ten-years. Now, like many parts of the industry we are absolutely investing in LLMs (Large Language Models), and the results are pretty eye-opening.”

“We have been engaging with customers on some of the operational use-cases, where, let’s say, someone is having a poor user experience with an application at home. We have the telemetry, and now we have the LLM with the ability to actually allow you to interrogate the system and say, “Hey, what’s going on with my application?” And you can see globally what’s happening. Where the pockets are with performance that’s not great, and you’re able to apply correlations across multiple domains. I think attack troubleshooting, Day 2 operations, are going to see a 70-90% productivity increase within the next 6-12 months.” 

The Future Of AI And Network Security

“We’re at a very, very interesting inflection point in the network security space,” Ramachandran says. “If you accept the thesis that AI, ML, LLMs, [and] data science are going to be absolutely transformative, then the question really goes back to: ‘which vendor has the most complete data, the most consistent data, and the most correct data?’”

“Oftentimes, customers have highly fragmented deployments. They have an SD-WAN from vendor A. They have a secure web gateway from vendor B, a VPN from vendor C, a CASB from vendor D, and then you might have some firewalls from a different vendor. You have somewhere between five to ten different vendors, each of those vendors is limited in the data that they collect. It is almost impossible to try to rationalize that data and run interesting data science.”

In the past, customers would choose products based on which was best-in-class; which solution was the most highly regarded for each set of functions required. But AI is “changing that paradigm on its head,” Ramachandran explains. “If the best products can only be built with the most complete, consistent, and correct data, then vendors that have a platform approach, a unified approach that solves all of these use cases, is gathering data from all of those locations, and applying algorithms so that you are getting the best security, the best user experience, the easiest operational models – those vendors are going to be best of breed.”

“The age-old conundrum that customers used to face – best of breed versus platform – we’ve just broken it completely on its face. We have said, ‘to get best of breed, you need a unified product’. I think that’s the transformative moment we’re seeing in the industry right now.”

You can listen to our full conversation with Kumar Ramachandran on the Expert Insights Podcast. 

Listen On Spotify:

Listen On Apple Podcasts

About Expert Insights

Expert Insights provides leading research, reviews, and interviews to help organizations make the right IT purchasing decisions. You can find all of our podcasts here.