Never Mind “What’s on Your Network.” What’s it Doing There?

By Richard Leadbetter, Security Sales Specialist, EMEA
Share Post

In my last blog post, I was discussing how we should sensibly approach the visibility of devices that are connecting to our networks – based around identifying the device type and then the clarification of whether this device was compliant, managed etc.

Since then a secondary question came to mind.  The question was whether we have really entered the era of IoT….or actually have we just over simplistically compartmentalized “things” in a single container to create an easier understanding, and now we’re stuck with it?  My thinking was and is that describing a device as a device type isn’t granular enough – like people they are all different.

We’ve probably spent a good proportion of our lives being told that we shouldn’t judge people on such simplistic terms, although according to various psychologists this is pretty much impossible, with one side of the brain always giving the game away - we can’t help ourselves, we’re human after all.  However, that doesn’t mean we need to replicate this human flaw within our IT systems by judging devices in a similar way – we need to expand to an almost infinite number of compartments.  Instead, we should be able to judge on device behaviour and not appearance/gender/race/manufacturer or operating system.  Only once we get to grips with the concept of moving away from increasingly obsolete and broad policy compartments such as “PCs”, “Smartphones” and “IoT” can we perhaps have a better chance of managing security in a way that parallels real life.

Devices (and people) do stuff.  Let’s work out what they do, and how they can positively impact our business – and then create policies that reflect that.   Actually, let’s not do that…there’s too simply too much data to comprehend, let machines take this burden away from us.

That’s AI use case #1 – making sense of this behaviour to be able to classify access levels. I’ve spent 10 years looking at the person, the role, the device, the location, the enhanced context and then attempted to derive some kind of complex access policy based on these 4 or 5 arbitrary factors – none of which truly represent the risk that those devices present.  What if we could use AI to dynamically classify devices based on acceptable behaviour types?

For all the talk of the risks of AI to humanity, could it, in fact, be AI will be the thing to save us – saving us from our own blinkered thinking, and more importantly saving time that none of us has to spare?

This is something that I will be exploring in detail in the upcoming “Understanding Visibility” webinar.