SASE vendor Aryaka is looking to alleviate network alert fatigue with a little help from AI.
Today Aryaka announced its Winter 2025 platform update, introducing its new AI Observe tool for advanced threat detection and prevention. The new update follows the company’s last update from 2024, which introduced cloud access security broker (CASB) capabilities and the AI Perform feature for optimizing network performance for AI applications.
Aryaka has had observability capabilities before this latest update, though in some cases users had to send network and security logs to existing SIEM or SOAR tools that an organization was already using.
“We have a lot of data, and this data is in addition to logs, including raw telemetry, which is an insane amount of data that we cannot export to any third-party vendor,” Renuka Nadkarni, chief product officer at Aryaka, told Network World. “So instead of exporting it to the third-party vendor, we are now building models on top of that data AI Observe.”
How Aryaka AI Observe works
The AI Observe capability is a complex system that integrates data processing as well as both unsupervised and supervised machine learning models to analyze Aryaka’s network and security data.
At the foundation is the data processing layer that deals with the raw data Aryaka collects, which includes network telemetry, logs and traffic patterns. At this layer, Aryaka performs tasks like deduplication, compression and other techniques to handle the massive scale of data.
Nadkarni explained that Aryaka runs unsupervised machine learning models on the data to identify anomalies and outliers in the data. For example, the models may detect a sudden spike in traffic to a domain that has not been seen before. This unsupervised analysis helps surface potential issues or areas of concern that require further investigation.
Once the unsupervised models identify anomalies, Aryaka then applies supervised machine learning techniques. The supervised models benefit from threat intelligence and security research to determine if the identified anomaly is actually indicative of a security threat. For example, the supervised models will check if the anomalous domain is known to be associated with malicious activity or a command-and-control server. This supervised analysis helps reduce false positives and provide more accurate threat detection.
Aryaka has partnered with a security research firm called Sequretek to help build out the AI Observe service to enhance the supervised models. Sequretek has a team of more than 130 security researchers who are actively tracking the latest threats and threat actor tactics.
Taking aim at SOAR (but just don’t call it that)
Beyond just helping to detect potential network security risks, Aryaka’s AI Observe also provides what it calls zero-touch automation. That feature can be used to enable automated threat mitigation at the network level.
That type of capability is not new to the industry and is often a core element of security orchestration, automation and response (SOAR) technologies. Nadkarni emphasized, however, that Aryaka really doesn’t want to position itself as a SOAR vendor.
She noted that Aryaka has a full unified SASE approach that integrates multiple controls and potential remediation. That includes the ability to create firewall rules to block certain IPs or even entire domains. “It’s actually just part of the unified-SASE-as-a-service workflow in our view,” Nadkarni said.
Single-pass architecture drives integration
Aryaka’s unified approach centers on its single-pass architecture, processing network traffic through multiple security engines simultaneously. “We built 14 different security engines in the path of the network,” Nadkarni said.
The different security engines include various forms of access control validation, including IP, user, application and destination. There is also intrusion prevention system (IPS) signature mapping, as well as degree of encrypted network packet inspection. Instead of having multiple siloed stacks that do the various forms of inspection, the single-pass system does all the inspection concurrently as part of one network flow.
Looking forward, Aryaka plans to introduce a new AI Secure tool to its unified SASE platform in the second half of this year. The new capability will help to ease AI adoption with the company’s SASE platform.
“The goal of our existence is to allow all kinds of users to go to all kinds of applications,” Nadkarni said. “AI is yet another traffic type for us, and we want to make sure that we make networking easy for AI adoption.”
Source:: Network World