One of the foundational elements of any organization is their network. While many organizations are adopting cloud computing in a public, private or hybrid cloud, the common denominator is that there is always a network present that contains critical assets and core business processes. Visibility across these networks and how they affect business processes, employees, services (e.g.,especially latency-sensitive services) is considered mandatory. Having network visibility is a crucial requirement for understanding the organization’s risk exposure and for such initiatives as setting operational metrics for Service Level Agreements (SLAs) within the organization. IT staff, especially those within the Network Operations or Security Operations teams require this visibility to be effective in ensuring the resiliency of the business and its operations.
Network management tools that generate “network telemetry” for monitoring can produce data in the form of SNMP polling, syslog, NetFlow and now telemetry data using API REST calls. A recent example of this is how Statseeker has leveraged API access connections to Cisco Software Defined Networks (SDN) technology known as Cisco Application Centric Infrastructure (ACI) and Cisco Digital Network Architecture (DNA). Through the use of network telemetry data, both legacy networks and the new SDN networks can be monitored and analyzed for anomalies and known faulty conditions. The network anomalies are also useful for security monitoring as network telemetry anomaly analysis can expose bitcoin mining, Eternal Blue exploits and SamSam encryption attacks.
I am seeing more NetOps and SecOps work together as a team, sharing network telemetry data across a common set of tools to provide visibility into the network. Along with these teams working in unison, CIOs and CISOs should collaborate to define their responsibilities on how they will work together to enable the network as a critical source of intelligence to reduce the dwell time of bad actors (insiders or outsiders) and to become more predictive at exposing potential outages caused by faulty critical assets.
I mentioned how increased efficiency was gained by having NetOps and SecOps teams work together in leveraging the greatest visibility out of network telemetry data. With Artificial Intelligence (AI) and Machine Learning (ML) capabilities now available, we can also focus on the machine-human boundaries which I name as “Cognitive AI”. To understand this concept, let’s look at how humans build houses or even tall buildings. A group of human specialists come together and collaborate, cooperate and reach consensus to construct a building. Architects, plumbers, electricians, framers, drywall workers, cabinetry experts, and the list goes on.
A set of learned processes of working together are assembled as best-practices and become part of the training of these experienced human specialists. The end result is the magic of constructing a building, even as wonderful as the new Salesforce building in downtown San Francisco. We want our self-learning AI software to become more intellgent that can observe the past, comprehend the present, and “see into the future” with a cognitive understanding to predict a problem or assist in the efficiency and accuracy of a joint machine-human mission.
We can look forward to a great set of new Cognitive AI tools that can be partnered with humans to efficiently gain intelligence into behaviors across a network. Good/Normal behaviors, bad behaviors, faulty behaviors. The main focus around this new Cognitive AI toolset is to recognize “Changes in Network Behaviors” and the run an automated validation and correlation using AI/ML technology to reduce false positives and pinpoint areas that require immediate attention.
With all the discussion of AI in today’s rapidly evolving business industry, AI is quickly being provenas a new source of IT automation that can help augment the jobs of both NetOps and SecOps staff. Look to emerging network telemetry solutions such as those from organizations such as Statseeker that leverage Cognitive AI to provide new IT capabilities to enhance business resiliency while lowering costs and IT system cycle times. This software can provide a unification and convergence in current IT tools that help visualize risky behaviors across corporate networks and enable NETOPS and SECOPS teams to make informed and accurate decisions.