Jun 8, 2021. By S V Aditya
As Big data and AI technologies grew in 2010-2020, data is increasingly seen as a currency - almost like the new oil. Every enterprise sees its data as one of its prize assets. So it is natural that Cybersecurity is one of the key concerns of any enterprise. At the same time, cybercrime is also growing every year. The average number of security breaches is growing year by year and grew 11% in 2020. The cost of these breaches has also grown higher. In the US, for example, the average cost of a single data breach is over $8 million. More critically, the average time to detect and contain a breach is around 280 days. Thats three-quarters of a year that a malicious program has access to a companys data. The potential fallout of such a long term of exposure could be catastrophic at the very least. There are several such examples of that. Particularly, in 2019, a large social media network was targeted and the data of 540 million users was compromised. This was due to the enterprise leaving several databases unprotected which were easily queried by malicious agents. In another case, a US-based multinational credit rating agency lost critical information like Social Security numbers, addresses, birth dates, etc. which were used for identity theft. This led to fines and a class action lawsuit and total damages of $700 million. The hackers gained widespread access due to poor segmentation between systems and slowly sent themselves highly confidential data. These are some of the largest companies in the world with access to a high level of funds and state-of-the-art security teams.
Security challenges in modern IT
Security challenges like these keep growing as enterprises adopt new technologies faster than they can secure them. With the growth of adoption of container technologies. virtualization, and microservices, the attack surface for potential intruders has only grown larger. Take Kubernetes, for example. Surveys of adopters across the ITOps industry show that security is consistently cited as their primary concern. The depth and complexity of configurations as well as the ease with which potential malware can replicate across container images is a monitoring nightmare for ITSecOps. As organizations scale up their deployments based on needs and adopt new software engineering technologies, these security concerns are frequently left unaddressed. At the same time, hackers and infiltrators are incorporating new technology - including AI - into their attacks to make them more effective. Most critically, humans remain the weakest link in security despite the best security infrastructure. An insecure installation of software or accidentally falling for phishing scams can result in malware being installed. This malware can then siphon off data pretending to be normal queries or traffic. This is a greater risk now that remote work has become increasingly common. The ability of ITOps teams to monitor all user-end devices effectively is low given the flood of alert noise, the sheer scale of monitoring and the many other responsibilities of their jobs.
AIOps Incident Recognition
Instead, they can let AIOps help them out in their objective. AIOps created Incident Recognition by applying AI technology to one of the core problems in ITOps - finding meaningful alerts. Incident Recognition works by tracking KPIs from each CI, correlating it with Iog data and traces, and finally analyzing them in the context of their dependencies. This way it can find the root cause of errors of incidents and find the source of erroneous behaviour. For e.g., if a malware is causing a node VM to behave differently and create unusual requests in network traffic, Incident Recognition will be able to spot the effect of the requests in KPIs and the requests in its log and identify the problematic node VM. This alerts the ITOps team which can then jump into action immediately and work on remedial action.
Better Security with AIOps
Incident Recognition cuts down on the alert noise immensely so that ITOps teams don't waste their time on false positives but instead look at serious issues. Moreover, coupled with Anomaly Detection, it can find and detect the root cause of new unknown errors that were previously missed by cyber security teams. This greatly increases the chances of identifying unknown breaches. Simply put, ITOps teams are able to guard against the unknown better. Moreover, it allows ITOps teams to match the enterprise in the speed of technological innovation. As the enterprise increasingly invests in new technologies, the same ITOps team has to catch up to the growing scale of monitoring requirements and associated new complexities. With the power of AIOps, this becomes an automated, simplified process, paving the way for a more secure enterprise.
To learn more about AIOps and Incident Recognition, please visit Incident Recognition Solution Page.