Today Nozomi Networks is excited for the public launch of our newest component, Vantage IQ. It’s an AI-based analytics and query engine designed to increase efficiency for Vantage platform users by focusing on the most urgent issues. Vantage IQ is available now to all Vantage customers as a pre-release beta trial version for free until General Availability in early July. We encourage everyone to try it out and see what new security insights it provides in your environment.
The recent advancements in generative AI solutions like ChatGPT have opened many eyes to the capabilities and use cases that AI-based systems can now achieve. Similarly, Nozomi Networks has been working on enhancing our own AI-based threat detection and analytics capabilities for the last few years and are now ready to launch this new analytics engine as part of our Vantage SaaS-based platform.
As required by mission critical environments, the goal is not to let AI take over the response to security threats, but to provide assistance in identifying prioritized alerts, correlating activity to identify root cause, and assisting security teams to be more efficient with the platform.
Vantage IQ Is Designed for User Efficiency
As most users know, Nozomi Networks has carved out a massive market share in large enterprise organizations globally due to our advantages in scalability, throughput and cloud-hosted multi-tier architecture. With customer deployments spanning multiple sites and tens of thousands to over a million active sensors and devices, it’s challenging for small security teams to stay on top of asset and vulnerability management, alert prioritization, suggested remediation steps, and platform management.
In response to customer priorities, we designed Vantage IQ to help them get more efficient with the platform, focus their attention on real actionable items, and provide even deeper insights into what’s going on across their entire network. In other words, they were looking for more correlation and ways to make better use of the data collected by the platform. As we often say, “doing more with less.”
Your Cybersecurity Assistant
As an intelligent cybersecurity assistant, what are the primary use cases for Vantage IQ? The first main use case is the new ability to ask the system a series of standard and customizable queries about broad associations across the whole environment. Users can ask questions about their specific environment such as:
- What are the common characteristics of high-risk vulnerabilities?
- How are my identified vulnerabilities clustered into groups?
- How do asset attributes correlate with each other?
- How do my alert sources correlate with risk?
These powerful customizable queries are used to answer common questions and provide users with a better understanding of their environment. Today we have the capability for semi-supervised preparation of ad-hoc queries that can guide users to better identify anomalies. The longer-term vision is to allow completely natural language interaction with the system to build queries and gain deeper insights, such as how to optimize processes or what trends or maintenance requirements may be required in the future, all based on the platform’s learned understanding of the physical process and data.
Deeper Insights, More Actionable Intelligence
Optimally, customers just really want to be told what they need to do now and spend less time analyzing alerts themselves. Perhaps the greatest efficiency evolves from correlating alerts and other data to singular incidents or root causes that can be effectively explained through the system to part-time users.
Vantage IQ includes a new “Insights” dashboard that provides this higher level of actionable intelligence and focuses on key priorities. Activity patterns in network data are identified via deep neural networks. Data is correlated across Vantage to streamline forensic analysis, tuning and security enhancements.
A common example would be identifying a sudden influx of unusual traffic, often to external sites, from multiple sources. While not sufficiently significant as a single event, the combined increase should be taken as a more serious issue. In one customer’s case it was due to a newly connect laptop system that was misconfigured to allow external traffic and was used as a gateway for a number of other systems. Vantage IQ can correlate the alerts, help identify the root cause, and suggest steps to repair.
Another example that we recently added was the ability to detect where Nozomi Guardian sensors could be more optimally placed in the network to have better visibility to parts of the network and more individual endpoint assets. As networks and deployments expand, this can be a time-intensive platform management task to research and design. But now Vantage IQ can make this type of suggestion easily through our enhanced analysis to always provide you with maximum visibility.
Customers Can Try Vantage IQ Now
All Nozomi Vantage customers can be enabled with Vantage IQ in their environments. This is a pre-release version, with more features and capabilities planned for the GA version by the end of this quarter. Customers will not be charged until GA is available, so we encourage customers to try it over the next few weeks. If you have questions or need assistance, reach out to your account team, channel partner or Nozomi support.
We will also be adding some demo and training videos to help you get up to speed. As our Co-founder and Chief Product Officer, Andrea Carcano, noted, “Artificial intelligence has always been part of our DNA. While ChatGPT has sparked the world’s imagination around the potential of AI, it’s really just a small example of the emerging use cases for advancing neural network technologies. In the case of critical infrastructure security, Vantage IQ is a game changer, leveraging artificial intelligence to fundamentally change the way security professionals understand and respond to operational risk. We believe it’s the future of how cybersecurity data will be queried, analyzed and acted on going forward.”
Learn more about how Vantage IQ helps users focus on the cyber and operational risks that matter most.