WootCloud Blog

AI/ML Series: The Opportunities for Using AI/ML in Security

This is the part 4 in a 5-part series covering the situation, challenges and opportunities to address the sharp increase in cyberattacks due to IoT, 5G, and remote life using AI/ML. Check out part 1 covering, “How AI and Machine Learning helps customers power True Zero Trust Device security at scale“, part 2, “The Current State of AI/ML in Cybersecurity, or part 3, “The Challenges of AI/ML in Cybersecurity.

We have discussed the basics, the current state, and some of the challenges with standing up an AI/ML for cybersecurity program in your organization.

This post covers the many opportunities to apply powerful machine learning into cybersecurity programs these days. We will discuss a few areas we and our customers have found more valuable in the context of decisions made along the way.

We have found a few decision points in talking with hundreds of organizations trying to solve device security challenges from modern cyberthreats over our four year pre and post-launch lifetime. 

The Build vs Buy Decision and Opportunity

The impact of open source software (OSS) options in cybersecurity is remarkable. They have evolved significantly since the early days of Snort with some options having AI/ML components.

If you are a builder, you may have reached a satisfactory level of IDS functionality in your OSS project. If you are like the rest of us, you likely need more than what you currently have.

From a business standpoint, build vs buy can be summarized in three general buckets – Productivity, Agility, and Cost.

  • Productivity – the largest factor is what your business does and what you do. For larger tech/defense/software/security and maybe modern financial firms, you have the development community to design, build, and support a critical business need like security with an OSS infrastructure. For the rest of us, lost productivity around the core business can be strategically dangerous. Time to market in the digital world, a quality digital product experience, and/or quality technical support are things that only technical staff can deliver. Putting time into building and maintaining a large OSS function can easily run into the millions. Delayed time to market can easily be tens to hundreds of millions. Consider the true cost of standing up and running OSS, and the consultants needed to stand this up.
  • Agility – what i have seen time and again are not the initial buy in of large OSS projects and the deployment of resource to build and launch them, it is the reassignment of teams a year or two in when something needs to be enhanced for new users/teams, a new app bolted on, or rearchitecting the platform. This lack of agility can be stifling or spell the end of the project in some cases.
  • Cost – Open Source is not free. While there are infrastructure costs – hardware, cloud, network costs and all the redundancy, training, support worth mentioning, it is the opportunity cost discussed above that ultimately affect your business.

The Large Platform Bolt-ons vs Best-of-breed Point Solution Decision

The other major direction is where large ISVs , likely providers of large components in your security stack, try to bolt on nice solutions they have acquired to satisfy certain use cases/requirements. Device security for education and IoT/IIoT/IoMT security are perfect examples of this.

Point solutions like WootCloud often have trouble getting sold internally with the “we already have that” and “do we need that” arguments. Emerging technologies like ours satisfying emerging threats like the confluence of IoT/5G/and work-from-anywhere take extra selling and context.

  • Land and Expand – For larger organizations you have some significant investment in a large, market leading platform vendor. In our world it is Palo Alto Networks, Juniper, Fortinet and friends. The sales motion on your organization to get your there were in play for quarters and years and what you are experiencing is likely land and expand. These can land you with products and/or processes that aren’t quite a fit for your team/dept/org, or you don’t need at all. But boy that was a great game wasn’t it?
  • Integration of product and process – We have integrated the products seamlessly… Integrating acquisitions into large company platforms is tough. Integrating products in ways that they truly work together is extremely tough. This is also a case that plays both for WootCloud and against it. In the case for point solutions, you can choose solutions that map to your processes and strategies more tightly. Bolt ons less so.
  • Artificial Intelligence & Predictive Analytics – Safe to say we can all be somewhat skeptical of vendors who integrate AI/ML into their solutions. In reality, many simply layer surface-level AI/ML capabilities for reporting. For most products, enabling an AI/ML engine to process any data is done on a model-by-model and sub-datasets within each model basis. Meaning, we can employ AI/ML – usually to run predictive algorithms – on an individual subject matter within a single model in isolation. Without tuned processes, on a platform that can map those processes to the results you need, your business can struggle. And that is before layering on an highly-sophisticated automated AI/ML program.


In any case, business risk is significant when choosing a product or vendor before planning out the process best for your business. This can be exacerbated when going with a vendor’s suggested process that may work best with their product. Ironically, this focus on covering existing functional silos (but not enabling a larger process across silos) risks hobbling process effectiveness to be not much better than the status quo. 

Working with a Trusted Partner

  • Work Towards 100% Visibility
    • WootCloud has developed a very high-fidelity signal to catch the hard-to-catch details and anomalies, ie where DHCP vendor signal may say Win10 while the url may say ios. We eliminate struggles caused by these minute but important errors. Contact us for an in-depth overview of this. 
    • We have gathered 4 years of production data with customers across several verticals to accurately train, fine tune, and support our platform and customers running on it.
    • AI/ML does the right prediction along vectors – over 4 years – everything is automated. 
    • We are agentless so can see IoMT, Devices , IoT and unmanaged devices.
  • Boosting Accuracy in Inspection and Analysis
    • Predictive and intelligent identification and categorization of devices is critical to device security 
      • Group Identity – All finance department devices, all cameras in subnet x, all smart TVs are grouped and analyzed together … then anomaly detection among these – to see what’s behaving weirdly – becomes highly accurate and effective.
      • Individual Identity  – we track all devices individually to catch anomalies against behavioral baselines and manage access to sensitive data appropriately.
      • Operational Identity – The presence or absence of a device, what does it do , super anomalies and surface true threats – i.e. a Smart TV in a meeting room needs access to the network, but not business applications, and certainly one device requesting access is an anomaly.

Generally where devices involve human behavior, it can be human controlled, conversely where run constantly we have automated. 

AI/ML-powered Remediation is the Greatest Opportunity

While visibility, inspection, and analysis is great, all of this cannot work at any significant scale without automated enforcement. 

Automatically identifying and eliminating rogue devices to protect your risk posture in moments of compromise while remaining user-friendly is critical in the era of demanding user bases, increasing compliance regulations, and IoT/5G/Work-from-anywhere megatrends.

Maintaining operational hygiene and intelligent asset management is also critical to modern IT in the age of BYOD and remote procurement.

Our agentless, AI/ML-driven platform identifies, analyzes, and manages device and infrastructure assets automatically to help you close security gaps like those – all in real time – all critical with today’s IoT, 5G, and work-from-anywhere megatrends in full swing.

Leading organizations deploy us, global tech leaders partner with us, and top investors back our vision.

Request a 20-minute demo, specific to your environment today. 

Share this post with your network.

Share on linkedin
Share on twitter
Share on facebook
Contributing Authors:

Andreas Stenzel

Share this post with your network.

Share on linkedin
Share on twitter
Share on facebook

This website uses cookies to ensure you get the best experience on our website.