AI in security management: The LARA case study
LARA is an innovative AI in the security management field. It was developed jointly by ONTEC AI and Schoeller Network Control and offers tailored security solutions for various customer requirements. ONTEC AI, specializing in artificial intelligence, played a central role in the development, while Schoeller led the project with their cybersecurity expertise.
The challenge: fighting intelligent security attacks
The use of artificial intelligence in IT security is part of a continuous arms race. While attackers increasingly use AI-supported tools, defenders rely on advanced AI mechanisms to effectively counter these threats and constantly improve security systems.
Traditional SIEM systems (Security Information and Event Management) are effective but often insufficient against advanced cyber threats. They rely heavily on predefined rules and signatures to detect incidents. These systems struggle with constantly changing log formats and intelligent threats.
The solution: LARA IT security
To counter this and address the evolving threats in cybersecurity, a more advanced and adaptable security solution was needed.
The LARA project was initiated: the IT security solution aimed to overcome these limitations through advanced AI capabilities that are insensitive to such changes.
The AI’s focus had to be on analyzing and detecting log file anomalies.
Unlike off-the-shelf AI solutions, LARA was developed to seamlessly integrate into Schoeller’s internal on-premise SIEM solution.
Development process
The development of LARA involved several phases, including intensive testing and adjustments. Led by Schoeller Network Control, the ONTEC AI team supported the project in part.
Needs analysis and concept
Initially, a detailed needs analysis was conducted to understand the specific requirements of the customers. Typical threat scenarios, reported vulnerabilities by customers, and existing security infrastructures were considered. Based on this analysis, the basic concept for LARA was developed.
Model development and training
LARA’s AI model was developed and trained using machine learning algorithms. Over a year, LARA was pre-trained with extensive datasets that included real security incidents and log data. This pre-training process enabled LARA to develop a deep understanding of normal and anomalous patterns in log data.
After pre-training, LARA was customized to the specific needs of each customer.
The key is that LARA can continuously learn at the customer’s site to better understand the customer’s IT environment.
This included fine-tuning the model based on the individual operating parameters and log data of the customer organizations.
Implementation and integration
The implementation of LARA was carried out in several steps, starting with pilot projects at selected customers.
LARA acts as a virtual SOC assistant (Security Operations Center), analyzing log files to identify and correlate anomalies. Although the AI significantly improves the speed and accuracy of threat detection, final decision-making remains with human SOC experts.
The human factor is one of the biggest weaknesses in IT security. At the same time, well-trained professionals are indispensable. AI can help minimize human errors and detect threats through social engineering.
This hybrid approach alleviates concerns about full automation, especially in sensitive industries like manufacturing.
These pilot projects helped test the practicality and effectiveness of LARA in real operational environments. After successful pilot phases, LARA was gradually implemented at additional customers and integrated into their existing SIEM systems.
Continuous improvement and maintenance
After implementation, LARA does not remain static. ONTEC AI provides continuous support and maintenance to ensure that LARA is always up-to-date and can respond to new threats. Regular updates and adjustments are made based on the latest insights and threat information.
Data protection and deployment
A central concern in the development of LARA was data protection. Given the sensitivity of security data, it was decided to implement LARA as an on-premises solution, so the data remains in the customer’s data center.
Although LARA is designed for on-premises deployment, the technology offers the flexibility to be operated in the cloud if necessary, giving customers options.
Results and outlook
The implementation of LARA has shown outstanding results and demonstrated its ability to significantly improve cybersecurity measures.
The approach ensures the explainability and traceability of AI decisions and complies with potential future standards within the EU.
Conclusion
Artificial intelligence can be excellently used in security management to counter particularly high-risk, AI-based attackers. ONTEC AI has developed such an advanced, adaptable security AI with LARA.
Thanks to the project management and security expertise of Schoeller and the AI consulting by the ONTEC AI team, highly specialized competencies were combined, which can strongly address the new challenges of cybersecurity in a business-critical environment.
The innovative solution in the IT security field can now confidently face the increasing challenges in cybersecurity.