April 17, 2023 • 22 mins
SD-WAN is never just a feature of SASE. It's the foundation of a successful SASE implementation. In today's Tech News This Week, EMA analyst Shamus McGillicuddy tells you why. Also, get an update from TechTarget Editorial reporters on AI in security and how U.S. states are taking the lead in AI regulation.
Watch Tech News this Week on the TechTarget News Bytes Channel:
Stories featured on Tech News this Week:
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Makenzie Holland (00:00):
By focusing it in the sense on your where the
(00:03):
impact is the NIC and reallyfocused on legislation on the
harms caused by this technology.
Antone Gonsalves (00:11):
Hi, and welcome to Tech News this week,
I'm your host techtargeteditorial news director Duncan's
office. On today's show, we'lldiscuss the difficulties. Many
of you experienced when movingfrom a software defined wan to a
secure access service edge andwill tell you how to ease the
(00:32):
pain. Also, we'll talk about thepros and cons of AI insecurity,
and we'll look at the state ofAI regulations, and how the
states are tackling the issuewithout the help of Congress.
First up is SD Wan. Manycompanies are in transition from
a software defined wan to asecure access service edge or
(00:54):
sassy. A new survey byEnterprise Management Associates
found many enterprisesstruggling with the transition,
the numbers speak forthemselves. 11% of the companies
surveyed are only 11% of thecompanies surveyed said the
transition was very easy, while30% described it as painful.
Here to tell us why is SeamusMcGillicuddy, the author of the
(01:18):
EMA report released this week.Okay, listen, before we before I
start, full disclosure, Seamusand I worked together for a
while as reporters fortechtarget before he left to
join EMA. Nevertheless, thisstudy is worthy of examination.
So the first thing we should dois set the stage Seamus, why are
(01:40):
so many companies migrating areplanning to migrate from SD wan
to sassy?
Shamus McGillicuddy (01:47):
Well, there's a lot of hype, so they
think it's the next big thing tobuy. But it's about the fact
that, you know, security remainsan ongoing challenge. It's
always hard. Integrating SD winwith secure service edge
solutions allows you to build anetwork where you can deliver
(02:08):
network and cybersecuritycapabilities closer to your
corporate sites and your endusers. That's one piece of it
like, because a lot of SDNimplementations started with
some security at the edge wherethe SD Wan edge devices were
deployed. But then a lot ofsecurity was applied through the
data center where the the headend devices have an SD win,
(02:31):
first generation SD winimplementation was so like all
the traffic had to go to thedata center where it would get
scan for security risk andmalware and whatever, and then
it would go on to itsdestination, right. So that
wasn't an efficient approach tosecurity, because it added
(02:53):
latency to the network. And soperformance is not would be an
ongoing issue. So when you moveto a sassy solution, you have
like all these points of thesassy solution providers have
all these points of presence,globally deployed that may be
closer to the origin of yourtraffic. And so it reduces
(03:16):
latency because you go to thatpop instead of your centralized
data center, and then you go onto the destination. Also, most
enterprises today are movingtowards multi cloud at this
point, well past 75% Or areprobably there by now like I've
talked to people all the timeare like, oh, yeah, we've been
AWS forever. But our DevOps teamwants me to start building a
(03:39):
network that incorporates Azure,Google, whatever, now it's
constantly expanding. So withthat, like you have, you don't
have central hubs on yournetwork anymore, you don't have
a core you like all yourapplications are in multiple
clouds and multiple regions andmultiple data centers all over
the world, you can't have like acentral place to send people's
traffic for security screening.So you got to you got to have
(04:02):
like these, these theseconsistently designed pubs that
sassy offers where no matterwhere you are, and what Poppy
gonna do, it's secure. Sosecurity
Antone Gonsalves (04:14):
is security is critical here for the use of
sassy and as you pointed outwith the multi cloud, so you
know what makes the move to SASthough? Difficult. What are the
roadblocks that companies arerunning up against?
Shamus McGillicuddy (04:29):
Well, about 40% of companies today are
multivendor SD win. So if you'regoing to integrate if you're
going to evolve SD win intosassy, ideally, you want your SD
win solution to be kind ofuniform, right so that like you
just plug it into whatever sassydirection you're going whether
that's adding Sassiecapabilities from your chosen SD
(04:50):
Wan vendor because mostenterprise class SD Wan vendors
at this point are offering theSecure Access Service edge stuff
and pops or you integrate yourSD win solution with a third
party secure access servicesolution that brings the sassy
pops to the picture. Now if youhave two SD Wan vendors, that's
(05:11):
two projects. Some people tellme they got three or more SD Wan
vendors. That's too muchcomplexity. And why do they have
multiple vendors? Well, maybethey got multiple business units
and making their own decisions.And they've been told, well, we
need Sqn to be sassy now, andthey and the net ops in their
network engineering team says,Well, I got to tell you like we
(05:31):
have two different SDN vendorsor three different SEO and
vendors because you let yourbusiness you let the business
units make their own decisionson that, like I talked to, you
might you might even have like,Well, you got mergers and
acquisitions too, as well,because like I've talked to
someone the other day, who saidthat he's his company is
constantly swelling up othercompanies and all those
companies have their own SDNvendors, you know. And actually,
(05:54):
like this week, I talked to avery big company, all over the
world. They are everywhere, theyhave 900 branches. They they
have factories in every country,every continent distribution
centers, and he said he'sstandardize on one SD Wan
vendor, but he wanted it as amanaged service, which is very
common, but he couldn't find amanaged service provider that
could deliver it globally acrossall of his regions. So he has
(06:17):
eight MSPs, managing one vendor.So each each MSP is has like a
an SD win controller that'smanaging maybe like 1015 20% of
his global operations. So thenif he wants to go from SD wan to
sassy, he's got to work with alleight of those MSPs to get it
done.
Antone Gonsalves (06:36):
Sure. So the complexity is mind boggling in
some in some cases. And thenthere's also think you listed in
the study, you know, people whohave done it themselves with SD
win. That's that's a roadblockthat's a difficulty Poor, poor
wind visit observability. So howdo you what do you recommend
(06:59):
that companies do to deal withthese multiple, multiple
problems? Well, you
Shamus McGillicuddy (07:04):
need one unified SD Wan solution, if
you're going to turn your SD Waninto a sase, it can't be like
five or 623456 solutions thatyou're going to migrate to SAS
you need. You need you need aunified a unified foundation on
the SD Wan level. Now, thereason why I did this research
is because every time I hearpeople talk about sassi, a lot
(07:26):
of times it's they make it soundlike the SD Wan piece of sassi
is just a feature that you turnon the flick of a switch and it
just like okay, let's now we'llmove on from the network layer
to the security layer, you know,no, no, not never. Like, there's
a reason why, I don't know, it'slike 65% of enterprises tell us
(07:46):
that they no longer do DIY SDWan is because it's complex to
set up all the tunnels acrossyour WAN underlay. It's hard to
find people that can that canmanage this thing. Like it's
hard to hire people that knowthe technology, it's hard to
build, to integrate it into yoursecurity architecture. And so
you need to deploy one managedservice a managed SD win
(08:11):
solution, find a man a provider,maybe it's like an 18 T or
Verizon maybe it's like an MSPwhoever that can deliver your
SEO and as a global service,then you need to make sure that
you have good visibility intothat because the nature of your
traffic patterns change when yougo from just sto and assassin
(08:32):
because because now you have allthese pops that are in between
your end users and applications,right and between, like your
site to site connections, thesassy pops. And so you need to
make sure that you have theability to monitor that. So if
you see if like a sassy pop goesdown and your managed service
(08:53):
provider doesn't have goodvisibility into it. You can say
oh yeah, I'm having an issuewith this assay pop, let's route
this traffic. I'm gonna call upmy MSP and say we gotta route
this traffic to this other sassypop on the west coast because
the one in Chicago's like downfor some reason, or, Hey, my ISP
(09:13):
in Miami is having problemsreaching this sassy pop, can we
can we failover to the MPLSnetwork that um, that I usually
reserved for this you know, sothat you can make sure that that
your your sassy solutionperforms properly. And it's not
(09:33):
just like keeping an eye onthings and day to operations
perspective, you're probablygoing to want that good
observability upfront whenyou're designing the network to
make sure that that you'reyou're not like making bad
traffic engineering decisions,
Antone Gonsalves (09:45):
you know, operating blindly. I mean, you
also recommended that thatcompanies have don't just hand
over management and monitoringto the MSP share the
responsibility which isimportant ASP, they have to,
they have to be involved, youknow?
Shamus McGillicuddy (10:04):
Yeah, day to day to like, you see, like
60 70% of enterprises consumingSD Wan and and by extension sase
as a managed service, you think,well, they're going to outsource
operations. They don't themajority, the vast majority of
enterprises want a hybridoperating model where, yes,
their their SD win or sassyprovider is monitoring things
(10:29):
with the native SD winvisibility capabilities of the
platform, but but you want tosee what's happening too,
because, you know, it's your,you're the one responsible for
supporting the business, I wastalking to someone the other day
who said that, like he had aconnection to a factory go down.
And his, his managed SD WANprovider in that region where
(10:51):
the factory was, was notproactively aware of it. He was
aware of it because you know, hewas getting user complaints, he
had it on site, go and check hishis edge SDN devices to see if
there's something wrong withthem. Nothing was wrong with
them. So then, he used a thirdparty monitoring tool to just
look at the nature of trafficgoing from that factory into the
(11:13):
the WAN. And he knows thatsomething had changed with how
his ISP for that factory had wasrouting traffic from his factory
to AWS. And it completely wipedout connectivity to Apple, the
applications at the factoryneeded access to so he was able
to go to his SD WAN provider andhis ISP and say this is the
(11:37):
problem routing change was made.We need you to do something
about it.
Antone Gonsalves (11:44):
Alright, security pros are overwhelmed
with data. So it's not unusualfor them to miss reports on
software vulnerabilities,leaving a company open to attack
until the problem is discoveredand patched. But guess what
surprise AI is coming to therescue. security vendors are
adding artificial intelligenceto their software to help
(12:07):
customers sort through vastamounts of data. Several
automated AI security offeringsuse chat GPT to help with threat
detection. This week, RecordedFuture added to its software and
AI engine based on the company'sthreat intelligence and private
(12:27):
data. Here to discuss thedifferences in the two
approaches is techtargeteditorial security reporter
Arielle Waldman. So let's startwith how AI could help security
pros deal with data overload
Unknown (12:42):
security pros, like you said they have an overwhelming
amount of data to sort throughmy variety of sources. Another
problem is a cyber skillshortage. There's not enough
people to even sort through allthat data. So it seems like open
AI GPT in general, is the nextstep in helping companies gather
threat intelligence, and helpsort of offset the cyber skill
(13:05):
shortage we automated in realtime functions of AI are really
important, especially ingathering threat intelligence,
it can also be difficult forenterprises to understand how
much or even if a certain threatthreat will affect them. So AI
can maybe add some specificityto about those searches and
finding out how that threat willaffect them. Another area,
(13:29):
threat actors and cybercriminals are becoming
increasingly sophisticated andinnovative. So it's difficult to
keep up with current andemerging trends. security pros
can use AI to help gatheradversary group intelligence,
which is really important.Another AI. Another area can
further assist in isvulnerability patch management,
(13:49):
which is a big problem forenterprises. As you said,
there's so many flaws and threatactors are exploiting them at
increasing speeds. So it canhelp them to know which flaws
may be impacting them and how toprioritize those flaws.
Antone Gonsalves (14:03):
Yeah, I the vulnerability management piece
is is a real painful area forfor security pros did the chat
GPT is you know, is a subset ofthis open AI large language
model. So Recorded Future, youknow, trains the open AI model
(14:24):
using its own private data.What's the is there's a I would
assume there's an advantage tothat right, less chance of of
errors and getting on onsurprising results.
Unknown (14:37):
Hopefully, yeah, I mean, some I mean concerns with,
like chat GPT for instance, wasthat around security and
accuracy of the information thatprovided can sometimes make up
answers if it doesn't knowsomething for sure. And yeah, it
depends with data sets beentrained on and everything. So
(14:58):
Recorded Future they you To openAPI's, GPT models specifically
that that GPT has a differenttype and not what Recorded
Future incorporated into theirmodel. There's uses the open
API's GPT and the languageskills, but Recorded Future is
known for its threatintelligence. So that is a big
advantage. The model was trainedon more than 40,000 analyst
(15:21):
notes from the company's threatResearch Division. It also
includes information from openopen web, dark web forums,
technical indicators. Yeah, soit's very vast.
Antone Gonsalves (15:35):
In those those organizations that use chat GPT,
these you described him asseveral automated AI security
offerings. I mean, are theysufficiently reliable? Do they
claim to be reliable? Or what'swhat's the status with that?
Unknown (15:54):
I mean, I think the hope is that they be reliable,
but I think it really dependswith what data they're trained
on, how current that is. Theaccuracy of it, and just knowing
having a fact base knowing it'sfact ace and being sure about
that. I think that's a bigproblem. A big concern.
Antone Gonsalves (16:16):
Do you have any, do you have any sense of
what how security crows arelooking at AI?
Unknown (16:23):
I think one aspect is feedback from a quarter future
at least they found it as a timesaving tool. Executives are
inundated with questionssecurity questions all the time.
And if they try to, you know,ask an analyst their opinion
that could take days or hoursand this using these functions,
(16:46):
it could it generates a summaryor analysis within minutes.
Antone Gonsalves (16:54):
Okay, I also has the potential to improve
business operations, rightdriving efficiencies and
profitability, but it has flawsas we just discussed, that can
lead to trouble. In California,people in favor of AI
regulations point to examples ofthe harm is done in healthcare,
(17:14):
housing and hiring. Congress hasyet to take up legislation
focusing on AI as potentialharm. But that doesn't mean
nothing is happening. Here todiscuss the state of AI
regulation is techtarget.Tutorials government reporter
MacKenzie Holland. Alright, somost of the regulatory action is
(17:37):
happening in the States. Youknow, places like California,
Connecticut, Illinois, andTexas, there, what are they
doing? What is their approach toto provide protection, when AI,
you know, makes the decisionsthat affect and sometimes bad
decisions affect people's livesand their livelihoods?
Makenzie Holland (17:57):
Sure, yeah. The legislation introduced in
the states really aims to applycertain protections for
consumers around the use of AIaround automated decision tools.
Colorado, for example, issueddraft rules in February, to
prohibit life insurancecompanies from using external
data, like credit scores, socialmedia habits, educational
(18:20):
background, which they considerdiscriminatory data in their AI
models. So those companies wouldhave to undergo a rigorous
examination of the data thatthey use in their AI models to
impact the company's decisions.And it's absolutely true that
the momentum on AI regulation ishappening in the States. Similar
to what we've seen with dataprivacy, California is a leading
(18:42):
example of that, while thefederal government has yet to
advance legislation around dataprivacy or AI states are working
on this, though the White Housethis week did issue a request
for comment around AIaccountability. So that's a
measure that they've takenoutside of last year, they
issued a blueprint for an AIBill of Rights. But other than
(19:04):
providing government comments orseeking guidance, they really
haven't made any advancementtowards AI legislation.
Antone Gonsalves (19:11):
Legislation right in the States, in the
states do vary, right, in thesense that some states are the
regulations they're looking atwould include government use of
AI and commercial, but then someare just focused on on
government also. Right. Why thatthat patchwork?
Makenzie Holland (19:33):
Sure. So by focusing it on, I think kind of
focusing on the impact of thesetools and on especially when
it's government's makingdecisions or using these tools
for housing decisions oremployment opportunities, like
it's particularly impact oneducation. Sure. And so, you
(19:56):
know, by focusing it in thesense on your where the impact
Act is the NIC and reallyfocused on legislation on the
harms caused by this technology.
Antone Gonsalves (20:05):
Yeah, I mean, I could see over time when
eventually you have thispatchwork of legislation, I
remember the way back in thedays when they were talking
about taxing a sales tax forthe, for the internet for, you
know, for Amazon has evolved inthat it heavily, you ended up
with states taxing and differenttax laws, you know. So this is
(20:28):
the same same situation, we endup with this patchwork, and I
guess for the for business. Anyideas? What is anybody talked
anybody you talked about?Discuss the impact on business
and how they're going to be ableto navigate this shore. And
Makenzie Holland (20:45):
it's gonna be, you know, similar to what
businesses have had to do withdata privacy laws, currently,
just kind of being aware of whatyou know, because there's only a
handful of states that haveenacted these laws so far. So I
think ideally, businesses arewaiting for the federal
government to catch up andimplement a comprehensive
(21:06):
approach, not only to dataprivacy, but to artificial
intelligence, because as moreand more states do adopt their
own regulations, it will make itmore difficult for businesses to
adhere to this patchwork systemof laws and regulations. So I
think it's a kind of wait andsee, you know, you know, really
make sure you do try to complywith the regulations that states
(21:27):
have, but hopefully hoping for amore overarching law to kind of
bring that all together,
Antone Gonsalves (21:34):
eventually. Sure. And in the meantime, you
know, which is a whole otherside of this that we don't have
time to get to, but there'sEurope, you know, Europe is
doing their own thing. So that'sif you're an international
company. That's gonna besomething else to navigate.
Sure,
Makenzie Holland (21:51):
Europe's very far ahead on the AI regulation
with their AI act.
Antone Gonsalves (21:59):
All right, that wraps up this week's show.
Thanks for watching and enjoythe weekend.
By focusing it in the sense on your where the
(00:03):
impact is the NIC and reallyfocused on legislation on the
harms caused by this technology.
Antone Gonsalves (00:11):
Hi, and welcome to Tech News this week,
I'm your host techtargeteditorial news director Duncan's
office. On today's show, we'lldiscuss the difficulties. Many
of you experienced when movingfrom a software defined wan to a
secure access service edge andwill tell you how to ease the
(00:32):
pain. Also, we'll talk about thepros and cons of AI insecurity,
and we'll look at the state ofAI regulations, and how the
states are tackling the issuewithout the help of Congress.
First up is SD Wan. Manycompanies are in transition from
a software defined wan to asecure access service edge or
(00:54):
sassy. A new survey byEnterprise Management Associates
found many enterprisesstruggling with the transition,
the numbers speak forthemselves. 11% of the companies
surveyed are only 11% of thecompanies surveyed said the
transition was very easy, while30% described it as painful.
Here to tell us why is SeamusMcGillicuddy, the author of the
(01:18):
EMA report released this week.Okay, listen, before we before I
start, full disclosure, Seamusand I worked together for a
while as reporters fortechtarget before he left to
join EMA. Nevertheless, thisstudy is worthy of examination.
So the first thing we should dois set the stage Seamus, why are
(01:40):
so many companies migrating areplanning to migrate from SD wan
to sassy?
Shamus McGillicuddy (01:47):
Well, there's a lot of hype, so they
think it's the next big thing tobuy. But it's about the fact
that, you know, security remainsan ongoing challenge. It's
always hard. Integrating SD winwith secure service edge
solutions allows you to build anetwork where you can deliver
(02:08):
network and cybersecuritycapabilities closer to your
corporate sites and your endusers. That's one piece of it
like, because a lot of SDNimplementations started with
some security at the edge wherethe SD Wan edge devices were
deployed. But then a lot ofsecurity was applied through the
data center where the the headend devices have an SD win,
(02:31):
first generation SD winimplementation was so like all
the traffic had to go to thedata center where it would get
scan for security risk andmalware and whatever, and then
it would go on to itsdestination, right. So that
wasn't an efficient approach tosecurity, because it added
(02:53):
latency to the network. And soperformance is not would be an
ongoing issue. So when you moveto a sassy solution, you have
like all these points of thesassy solution providers have
all these points of presence,globally deployed that may be
closer to the origin of yourtraffic. And so it reduces
(03:16):
latency because you go to thatpop instead of your centralized
data center, and then you go onto the destination. Also, most
enterprises today are movingtowards multi cloud at this
point, well past 75% Or areprobably there by now like I've
talked to people all the timeare like, oh, yeah, we've been
AWS forever. But our DevOps teamwants me to start building a
(03:39):
network that incorporates Azure,Google, whatever, now it's
constantly expanding. So withthat, like you have, you don't
have central hubs on yournetwork anymore, you don't have
a core you like all yourapplications are in multiple
clouds and multiple regions andmultiple data centers all over
the world, you can't have like acentral place to send people's
traffic for security screening.So you got to you got to have
(04:02):
like these, these theseconsistently designed pubs that
sassy offers where no matterwhere you are, and what Poppy
gonna do, it's secure. Sosecurity
Antone Gonsalves (04:14):
is security is critical here for the use of
sassy and as you pointed outwith the multi cloud, so you
know what makes the move to SASthough? Difficult. What are the
roadblocks that companies arerunning up against?
Shamus McGillicuddy (04:29):
Well, about 40% of companies today are
multivendor SD win. So if you'regoing to integrate if you're
going to evolve SD win intosassy, ideally, you want your SD
win solution to be kind ofuniform, right so that like you
just plug it into whatever sassydirection you're going whether
that's adding Sassiecapabilities from your chosen SD
(04:50):
Wan vendor because mostenterprise class SD Wan vendors
at this point are offering theSecure Access Service edge stuff
and pops or you integrate yourSD win solution with a third
party secure access servicesolution that brings the sassy
pops to the picture. Now if youhave two SD Wan vendors, that's
(05:11):
two projects. Some people tellme they got three or more SD Wan
vendors. That's too muchcomplexity. And why do they have
multiple vendors? Well, maybethey got multiple business units
and making their own decisions.And they've been told, well, we
need Sqn to be sassy now, andthey and the net ops in their
network engineering team says,Well, I got to tell you like we
(05:31):
have two different SDN vendorsor three different SEO and
vendors because you let yourbusiness you let the business
units make their own decisionson that, like I talked to, you
might you might even have like,Well, you got mergers and
acquisitions too, as well,because like I've talked to
someone the other day, who saidthat he's his company is
constantly swelling up othercompanies and all those
companies have their own SDNvendors, you know. And actually,
(05:54):
like this week, I talked to avery big company, all over the
world. They are everywhere, theyhave 900 branches. They they
have factories in every country,every continent distribution
centers, and he said he'sstandardize on one SD Wan
vendor, but he wanted it as amanaged service, which is very
common, but he couldn't find amanaged service provider that
could deliver it globally acrossall of his regions. So he has
(06:17):
eight MSPs, managing one vendor.So each each MSP is has like a
an SD win controller that'smanaging maybe like 1015 20% of
his global operations. So thenif he wants to go from SD wan to
sassy, he's got to work with alleight of those MSPs to get it
done.
Antone Gonsalves (06:36):
Sure. So the complexity is mind boggling in
some in some cases. And thenthere's also think you listed in
the study, you know, people whohave done it themselves with SD
win. That's that's a roadblockthat's a difficulty Poor, poor
wind visit observability. So howdo you what do you recommend
(06:59):
that companies do to deal withthese multiple, multiple
problems? Well, you
Shamus McGillicuddy (07:04):
need one unified SD Wan solution, if
you're going to turn your SD Waninto a sase, it can't be like
five or 623456 solutions thatyou're going to migrate to SAS
you need. You need you need aunified a unified foundation on
the SD Wan level. Now, thereason why I did this research
is because every time I hearpeople talk about sassi, a lot
(07:26):
of times it's they make it soundlike the SD Wan piece of sassi
is just a feature that you turnon the flick of a switch and it
just like okay, let's now we'llmove on from the network layer
to the security layer, you know,no, no, not never. Like, there's
a reason why, I don't know, it'slike 65% of enterprises tell us
(07:46):
that they no longer do DIY SDWan is because it's complex to
set up all the tunnels acrossyour WAN underlay. It's hard to
find people that can that canmanage this thing. Like it's
hard to hire people that knowthe technology, it's hard to
build, to integrate it into yoursecurity architecture. And so
you need to deploy one managedservice a managed SD win
(08:11):
solution, find a man a provider,maybe it's like an 18 T or
Verizon maybe it's like an MSPwhoever that can deliver your
SEO and as a global service,then you need to make sure that
you have good visibility intothat because the nature of your
traffic patterns change when yougo from just sto and assassin
(08:32):
because because now you have allthese pops that are in between
your end users and applications,right and between, like your
site to site connections, thesassy pops. And so you need to
make sure that you have theability to monitor that. So if
you see if like a sassy pop goesdown and your managed service
(08:53):
provider doesn't have goodvisibility into it. You can say
oh yeah, I'm having an issuewith this assay pop, let's route
this traffic. I'm gonna call upmy MSP and say we gotta route
this traffic to this other sassypop on the west coast because
the one in Chicago's like downfor some reason, or, Hey, my ISP
(09:13):
in Miami is having problemsreaching this sassy pop, can we
can we failover to the MPLSnetwork that um, that I usually
reserved for this you know, sothat you can make sure that that
your your sassy solutionperforms properly. And it's not
(09:33):
just like keeping an eye onthings and day to operations
perspective, you're probablygoing to want that good
observability upfront whenyou're designing the network to
make sure that that you'reyou're not like making bad
traffic engineering decisions,
Antone Gonsalves (09:45):
you know, operating blindly. I mean, you
also recommended that thatcompanies have don't just hand
over management and monitoringto the MSP share the
responsibility which isimportant ASP, they have to,
they have to be involved, youknow?
Shamus McGillicuddy (10:04):
Yeah, day to day to like, you see, like
60 70% of enterprises consumingSD Wan and and by extension sase
as a managed service, you think,well, they're going to outsource
operations. They don't themajority, the vast majority of
enterprises want a hybridoperating model where, yes,
their their SD win or sassyprovider is monitoring things
(10:29):
with the native SD winvisibility capabilities of the
platform, but but you want tosee what's happening too,
because, you know, it's your,you're the one responsible for
supporting the business, I wastalking to someone the other day
who said that, like he had aconnection to a factory go down.
And his, his managed SD WANprovider in that region where
(10:51):
the factory was, was notproactively aware of it. He was
aware of it because you know, hewas getting user complaints, he
had it on site, go and check hishis edge SDN devices to see if
there's something wrong withthem. Nothing was wrong with
them. So then, he used a thirdparty monitoring tool to just
look at the nature of trafficgoing from that factory into the
(11:13):
the WAN. And he knows thatsomething had changed with how
his ISP for that factory had wasrouting traffic from his factory
to AWS. And it completely wipedout connectivity to Apple, the
applications at the factoryneeded access to so he was able
to go to his SD WAN provider andhis ISP and say this is the
(11:37):
problem routing change was made.We need you to do something
about it.
Antone Gonsalves (11:44):
Alright, security pros are overwhelmed
with data. So it's not unusualfor them to miss reports on
software vulnerabilities,leaving a company open to attack
until the problem is discoveredand patched. But guess what
surprise AI is coming to therescue. security vendors are
adding artificial intelligenceto their software to help
(12:07):
customers sort through vastamounts of data. Several
automated AI security offeringsuse chat GPT to help with threat
detection. This week, RecordedFuture added to its software and
AI engine based on the company'sthreat intelligence and private
(12:27):
data. Here to discuss thedifferences in the two
approaches is techtargeteditorial security reporter
Arielle Waldman. So let's startwith how AI could help security
pros deal with data overload
Unknown (12:42):
security pros, like you said they have an overwhelming
amount of data to sort throughmy variety of sources. Another
problem is a cyber skillshortage. There's not enough
people to even sort through allthat data. So it seems like open
AI GPT in general, is the nextstep in helping companies gather
threat intelligence, and helpsort of offset the cyber skill
(13:05):
shortage we automated in realtime functions of AI are really
important, especially ingathering threat intelligence,
it can also be difficult forenterprises to understand how
much or even if a certain threatthreat will affect them. So AI
can maybe add some specificityto about those searches and
finding out how that threat willaffect them. Another area,
(13:29):
threat actors and cybercriminals are becoming
increasingly sophisticated andinnovative. So it's difficult to
keep up with current andemerging trends. security pros
can use AI to help gatheradversary group intelligence,
which is really important.Another AI. Another area can
further assist in isvulnerability patch management,
(13:49):
which is a big problem forenterprises. As you said,
there's so many flaws and threatactors are exploiting them at
increasing speeds. So it canhelp them to know which flaws
may be impacting them and how toprioritize those flaws.
Antone Gonsalves (14:03):
Yeah, I the vulnerability management piece
is is a real painful area forfor security pros did the chat
GPT is you know, is a subset ofthis open AI large language
model. So Recorded Future, youknow, trains the open AI model
(14:24):
using its own private data.What's the is there's a I would
assume there's an advantage tothat right, less chance of of
errors and getting on onsurprising results.
Unknown (14:37):
Hopefully, yeah, I mean, some I mean concerns with,
like chat GPT for instance, wasthat around security and
accuracy of the information thatprovided can sometimes make up
answers if it doesn't knowsomething for sure. And yeah, it
depends with data sets beentrained on and everything. So
(14:58):
Recorded Future they you To openAPI's, GPT models specifically
that that GPT has a differenttype and not what Recorded
Future incorporated into theirmodel. There's uses the open
API's GPT and the languageskills, but Recorded Future is
known for its threatintelligence. So that is a big
advantage. The model was trainedon more than 40,000 analyst
(15:21):
notes from the company's threatResearch Division. It also
includes information from openopen web, dark web forums,
technical indicators. Yeah, soit's very vast.
Antone Gonsalves (15:35):
In those those organizations that use chat GPT,
these you described him asseveral automated AI security
offerings. I mean, are theysufficiently reliable? Do they
claim to be reliable? Or what'swhat's the status with that?
Unknown (15:54):
I mean, I think the hope is that they be reliable,
but I think it really dependswith what data they're trained
on, how current that is. Theaccuracy of it, and just knowing
having a fact base knowing it'sfact ace and being sure about
that. I think that's a bigproblem. A big concern.
Antone Gonsalves (16:16):
Do you have any, do you have any sense of
what how security crows arelooking at AI?
Unknown (16:23):
I think one aspect is feedback from a quarter future
at least they found it as a timesaving tool. Executives are
inundated with questionssecurity questions all the time.
And if they try to, you know,ask an analyst their opinion
that could take days or hoursand this using these functions,
(16:46):
it could it generates a summaryor analysis within minutes.
Antone Gonsalves (16:54):
Okay, I also has the potential to improve
business operations, rightdriving efficiencies and
profitability, but it has flawsas we just discussed, that can
lead to trouble. In California,people in favor of AI
regulations point to examples ofthe harm is done in healthcare,
(17:14):
housing and hiring. Congress hasyet to take up legislation
focusing on AI as potentialharm. But that doesn't mean
nothing is happening. Here todiscuss the state of AI
regulation is techtarget.Tutorials government reporter
MacKenzie Holland. Alright, somost of the regulatory action is
(17:37):
happening in the States. Youknow, places like California,
Connecticut, Illinois, andTexas, there, what are they
doing? What is their approach toto provide protection, when AI,
you know, makes the decisionsthat affect and sometimes bad
decisions affect people's livesand their livelihoods?
Makenzie Holland (17:57):
Sure, yeah. The legislation introduced in
the states really aims to applycertain protections for
consumers around the use of AIaround automated decision tools.
Colorado, for example, issueddraft rules in February, to
prohibit life insurancecompanies from using external
data, like credit scores, socialmedia habits, educational
(18:20):
background, which they considerdiscriminatory data in their AI
models. So those companies wouldhave to undergo a rigorous
examination of the data thatthey use in their AI models to
impact the company's decisions.And it's absolutely true that
the momentum on AI regulation ishappening in the States. Similar
to what we've seen with dataprivacy, California is a leading
(18:42):
example of that, while thefederal government has yet to
advance legislation around dataprivacy or AI states are working
on this, though the White Housethis week did issue a request
for comment around AIaccountability. So that's a
measure that they've takenoutside of last year, they
issued a blueprint for an AIBill of Rights. But other than
(19:04):
providing government comments orseeking guidance, they really
haven't made any advancementtowards AI legislation.
Antone Gonsalves (19:11):
Legislation right in the States, in the
states do vary, right, in thesense that some states are the
regulations they're looking atwould include government use of
AI and commercial, but then someare just focused on on
government also. Right. Why thatthat patchwork?
Makenzie Holland (19:33):
Sure. So by focusing it on, I think kind of
focusing on the impact of thesetools and on especially when
it's government's makingdecisions or using these tools
for housing decisions oremployment opportunities, like
it's particularly impact oneducation. Sure. And so, you
(19:56):
know, by focusing it in thesense on your where the impact
Act is the NIC and reallyfocused on legislation on the
harms caused by this technology.
Antone Gonsalves (20:05):
Yeah, I mean, I could see over time when
eventually you have thispatchwork of legislation, I
remember the way back in thedays when they were talking
about taxing a sales tax forthe, for the internet for, you
know, for Amazon has evolved inthat it heavily, you ended up
with states taxing and differenttax laws, you know. So this is
(20:28):
the same same situation, we endup with this patchwork, and I
guess for the for business. Anyideas? What is anybody talked
anybody you talked about?Discuss the impact on business
and how they're going to be ableto navigate this shore. And
Makenzie Holland (20:45):
it's gonna be, you know, similar to what
businesses have had to do withdata privacy laws, currently,
just kind of being aware of whatyou know, because there's only a
handful of states that haveenacted these laws so far. So I
think ideally, businesses arewaiting for the federal
government to catch up andimplement a comprehensive
(21:06):
approach, not only to dataprivacy, but to artificial
intelligence, because as moreand more states do adopt their
own regulations, it will make itmore difficult for businesses to
adhere to this patchwork systemof laws and regulations. So I
think it's a kind of wait andsee, you know, you know, really
make sure you do try to complywith the regulations that states
(21:27):
have, but hopefully hoping for amore overarching law to kind of
bring that all together,
Antone Gonsalves (21:34):
eventually. Sure. And in the meantime, you
know, which is a whole otherside of this that we don't have
time to get to, but there'sEurope, you know, Europe is
doing their own thing. So that'sif you're an international
company. That's gonna besomething else to navigate.
Sure,
Makenzie Holland (21:51):
Europe's very far ahead on the AI regulation
with their AI act.
Antone Gonsalves (21:59):
All right, that wraps up this week's show.
Thanks for watching and enjoythe weekend.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com