Some large percentage of IT and security tasks and alerts require simple responses. On a small network, there aren’t many alerts, and so administrators can easily accommodate them: Fixing a connection here, approving external VPN access there, updating router firmware on that side, giving users the latest patches to Microsoft Office on that side, evaluating a security warning, dismissing a security warning, making sure that a newly spun-up virtual machine has the proper agents and firewall settings, reviewing log activity. That sort of thing.
On a large network, those tasks become tedious… and on a very large network, they can escalate unmanageably. As networks scale to hundreds, thousands, and hundreds of thousands of devices, thanks to mobility and the Internet of Things, the load expands exponentially – and so do routine IT tasks and alerts, especially when the network, its devices, users and applications are in constant flux.
Most tasks can be automated, yes, but it’s not easy to spell out in a standard policy-based system exactly what to do. Similarly, the proper way of handling alerts can be automated, but given the tremendous variety of situations, variables, combinations and permutations, that too can be challenging. Merely programming a large number of possible situations, and their responses, would be a tremendous task — and not even worth the effort, since the scripts would be brittle and would themselves require constant review and maintenance.
That’s why in many organizations, only responses to the very simplest of tasks and alert responses are programmed in rule-based systems. The rest are shunted over to IT and security professionals, whose highly trained brains can rapidly decide what to do and execute the proper response.
At the same time, those highly trained brains turn into mush because handling routine, easy-to-solve problems is mind-numbing and not intellectually challenging. Solving a problem once is exciting. Solving nearly the same problem a hundred times every day, five days a week, 52 weeks a year (not counting holidays) is inspiration for updating the C.V… and finding a more interesting job.
Enter Artificial Intelligence
AI has already proven itself in computer management and security. Consider the high-profile role that AI patter recognition plays in Cylance’s endpoint security software. The Cylance solution trains itself to recognize good files (like executables, images and documents) and malicious ones – and can spot the bad ones without using signatures. It can even spot those which have never been seen before, because it’s not training on specific viruses or trojans, but rather, on “good” vs. “bad.”
Torsten George is a believer, as he writes in “The Role of Artificial Intelligence in Cyber Security,”
Last year, the IT security community started to buzz about AI and machine learning as the Holy Grail for improving an organization’s detection and response capabilities. Leveraging algorithms that iteratively learn from data, promises to uncover threats without requiring headcounts or the need to know “what to look for”.
Enlisting machine learning to do the heavy lifting in first line security data assessment enables analysts to focus on more advanced investigations of threats rather than performing tactical data crunching. This meeting of the minds, whereby AI is applied using a human-interactive approach holds a lot of promise for fighting, detecting, and responding to cyber risks.
Menlo Security is one of many network-protection companies that uses artificial intelligence. The Menlo Security Isolation Platform uses AI to prevent Internet-based malware from ever reaching an endpoint, such as a desktop or mobile device, because email and websites are accessed inside the cloud – not on the client’s computer. Only safe, malware-free rendering information is sent to the user’s endpoint, eliminating the possibility of malware reaching the user’s device. An artificial intelligence engine constantly scans the Internet session to provide protection against spear-phishing and other email attacks.
What if a machine does become compromised? It’s unlikely, but it can happen – and the price of a single breech can be incredible, especially if a hacker can take full control of the compromised device and use it to attack other assets within the enterprise, such as servers, routers or executives’ computers.
If a breach does occur, that’s when the AI technology like that of Javelin Networks leaps into action. The AI detects that the attack is in progress, alerts security teams, and isolates the device from the network. Simultaneously, the AI tricks the attackers into believing they’ve succeeded in their attack, therefore keeping them “on the line” while real-time forensics tools gather information needed to identify the attacker and help shut them down for good.
Manage the Network, Hal
Of course, AI can serve a vital purpose in managing a key element of modern networks beyond security. As Ajay Malik recently wrote in “Artificial intelligence will revolutionize Wi-Fi,”
The problem is that the data source in a wireless network is huge. The data varies at every transmission level. There is a “data rate” of each message transmitted. There are “retries” for each message transmitted.
The reason for not being able to “construct” the received message is specific for each message. The manual classification and analysis of this data is infeasible and uneconomic. Hence, all data available by different vendors is plagued by averages. This is where I believe artificial intelligence has a role to play.
Deep neural nets can automate the analysis and make it possible to analyze every trend of wireless. Machine learning and algorithms can ensure the end user experience. Only the use of AI can change the center of focus from the evolution of wireless or adding value to wireless networks to automatically ensuring the experience.
We will see AI at every level of the network operations center. There are too many devices, too many users, and too many rapid changes, for human and normal rule-based automation systems to keep up. Self-learning systems that adapt and solve real problems quickly and correctly will be essential in every IT organization.