The current reality has pushed users, applications, and data to the edge of the network where traditional perimeter security solutions have historically fallen short. Threat actors know this, of course, and have spent the past nine months targeting the weakest link in the security stack: the user. 

Email and web browsing continue to be popular attack vectors. Security vendors have beefed up web and email security, but issues with legacy architectures are letting some attacks slip through. Information and context derived from advanced threat intelligence remain the most powerful weapons in a security team’s arsenal. Advanced technologies such as artificial intelligence and machine learning can help scan, detect, and warn at scale, but they’re not bulletproof. Increasingly sophisticated threat actors, powered by AI and ML, are finding ways to evade threat detection.

Security professionals interested in learning more about the current state of advanced threat inspection, threat intelligence, and the emerging technologies that power these capabilities should check out the following sessions: 

The Promise and Peril of AI for Cybersecurity (ISNS2794) 

Artificial intelligence and machine learning are powerful, indeed essential, components of security in the face of today’s advanced threats. The attacks are simply too numerous, too sophisticated, and too good at evading detection by legacy defenses. Unfortunately, it is also true that AI is not a silver bullet. In this session, we will discuss the roles and importance of different types of AI, including expert systems and both supervised and unsupervised machine learning. We will give five examples of multi-faceted attacks that are designed to evade detection and that would be easy to miss without the help of AI. Finally, we will talk about five key issues that anyone needs to consider when choosing to introduce AI into the security stack. 

IDS/IPS with Workload Granularity at the Scale of the SDDC, with NSX (ISNS1931) 

VMware NSX-T 3.0 introduced VMware NSX Distributed IDS/IPS. What truly makes NSX Distributed IDS/IPS unique is its distributed architecture and deep contextual awareness. Now, it becomes operationally feasible to deploy IDS/IPS east-west in the data center without compromise and without complex network re-architecture. In this session, we will cover the key capabilities that makes NSX Distributed IDS/IPS unique and talk through use cases and best practices. 

How Threat Intelligence Can Help Your (Bad) Security Posture (ISNS2795)

Threat Intelligence provides information about malicious actors, and the tools and techniques they leverage to compromise the networks of governments, enterprises, and organizations. Amassing threat-related information, however, does not necessarily improve resiliency against sophisticated attacks. To provide effective support to the deployment and configuration of security measures, it’s necessary to process, connect, contextualize, and elevate threat information using automated and semi-automated approaches. It is only by composing an effective threat data processing tool chain, with in-depth visibility into both network and host events, that one can hope to stop sophisticated threats today (and tomorrow). 

Intelligence Goes Both Ways 

Organizations are getting better about monitoring, detecting, and thwarting advanced threats, but threat actors have access to the same technology and capabilities. It’s important enterprises stay one step ahead by ensuring visibility and control over the network. 

Explore the VMworld Network and Cloud security on-demand sessions today to learn how you can modernize your data center architecture.