Serverless computing, containers, IoT, DevOps, mobile workspaces and of course hybrid cloud are all technologies -and of course excellent buzzwords- with immediate impact on your organization’s security. Each one of these technologies increases the speed and agility of corporate IT, enabling your company to beat the competition. As enterprise IT complexity is exploding, this year’s RSA Conference attracted over 400 exhibitors and 45,000 attendees which makes it one of the largest IT events of the year, even bigger than the 2016 Amazon Re:Invent show.
How Machine Learning and Artificial Intelligence Enhance Security
Simply put, machine learning and artificial intelligence aim at enabling software to come to the same actionable conclusions as humans would. The big advantage of having software make and act upon situational parameters lies in the fact that computers can consider (process) a much larger number of these parameters and should therefore be able to come to much more reliable, consistent and business-driven conclusions.
Remember SkyNet? At some point, your data center might rightfully believe that when humans come in to work on their terminals, a lot more goes wrong compared to just having the IT infrastructure making decisions autonomously.
Today: Artificial Intelligence and Machine Learning Enhance Human Productivity
But let’s start small. Today AI and machine learning focus on detecting anomalies, based on the correlation of vast amounts of seemingly unrelated data. For example, a security breach could be manifested in a changed monthly bill for Amazon Web Services or in the periodic slow down of a specific batch job on your mainframe or in an additional 0.001 milliseconds of data base latency at 7:23pm every Tuesday afternoon. Humans would never be able to draw these connections as they simply do not have the parallel processing capabilities of modern CPU clusters. However, humans play a critical role in AI and machine learning, as their actions in response to the decision support delivered by the machine shapes the machine’s “value system.” The machine learns that a certain type of anomaly is irrelevant and not caused by a security violation. It will then draw conclusions and refine its decision process.
Tomorrow: Let’s Pull out the Stops and Give Us what We Really Want
Today, IT operations and security solutions are only able to leverage a fraction of what’s technically possible in AI and machine learning, simply as there are not enough software architects and developers who are able to plan and implement this type of solution. Therefore, AI and machine learning solutions are typically focused on very well-defined challenges, such as anomaly detection for IT operations related data streams.
What we really want, however is a “brain” for our software defined data center (SDDC). This brain will have access to data from all relevant business software -ERP, CRM, e-commerce, accounting, email, reporting, engineering- as well as from operations software, such as firewalls and other networking equipment, hypervisor, public and private clouds. The “brain” will constantly contextualize this internal data with a much larger body of external information obtained from publicly accessible sources that will inject additional knowledge into the mix.
Excellent Video Explaining the 3 Waves of Artificial Intelligence
Based on this knowledge and the continuous human feedback our “brain” of the SDDC will learn how to respond to requests and challenges like a (perfectly rational) human, who possesses full information regarding all decision-relevant domains. This ability to consider a sheer unlimited amount of situational context parameters to arrive at a fully informed decision, is our goal for tomorrow. Ideally, without creating a “brain” that comes to the conclusion that “killing all humans” is the most rational course of action.