My Affection for AI
October 24, 2018
Networks
In my last post, I mentioned one of the basic use cases for Artificial Intelligence (AI) in a modern network. AI can be utilized to not only bridge the informational gaps between functional teams, but can crunch that data down and provide predictions of growth or even failures for proactive management. Digesting large historical data sets and spitting out basic correlations is only scratching the surface of what AI can bring to your operations teams. AI can be applied to bring more efficiency and better user experience to your network and applications. Performance and security monitoring are two of my many favorites.
When it comes to running a large network, you can’t be everywhere and experience what the user sees at all times. Tracking down transient or isolated issues is hard enough, but when those issues could be a cascade of small failures, it could be nearly impossible to find. For example, in the case of wireless, a minor delay from the RADIUS server adds a second or two and then a hiccup in DHCP adds a couple more, and finally the captive portal adds yet another 3-5 seconds… eventually causing a timeout failure on the client. You may be able to review the logs on a single service and see somewhat normal behavior, but to track it all down takes a lot more insight into the network.
Now if we have that insight, it may still be difficult to find, but handing that data over to AI allows it to see anomalous events on the network. Most AI systems take feeds in from as many points within the network infrastructure and applications as you’ll give them; ingesting server logs, packets captures, and so much more. They build all the relationships and baselines automatically and they understand what it healthy on your network and what isn’t. An AI-monitored network may be able to warn you beforehand that this wireless issue is going to occur. By seeing into all the parts of a network and actually understanding “normal,” AI can start alerting before your users even have an idea there may be a problem. In the same way systems have monitored applications in the past, from web server to database to client, we can have AI trained to see the entire transaction in context and learn about it.
Securing networks and applications is a tough job. There are constant new threats coming out. Some are persistent threats from all areas of the world that could cause utter chaos for any company. The complexity and vectors are so advanced that a simple firewall and anti-virus application from the good ole days simply won’t cut it. Layer 7 deep-packet inspection and application filtering aren’t even good enough anymore. These days it takes an intelligent system to truly protect a company’s assets; ideally, a system with human-like intelligence that can look at the information in context and make the same decision you would, just faster. Taking the same approach as the performance example, AI can learn your network and the behavior of all the components: servers, clients, and applications. With the right products, over time it will build out “normal” behaviors and start alerting to things outside the defined norm. Hopefully you can train it up to the point to act automatically and quarantine or completely block a threat. We’ve heard of self-healing and self-defending networks. But now it’s not just marketing--we’re finally seeing it.
These are just a couple of high-level examples I use when talking about why I love AI for IT infrastructure. A good product can take a powerful tool like we’ve used for years and turn it into a highly customized system meant to monitor your infrastructure knowing all the ins and outs. All you have to do is add a little data.
P.S. You may or may not have noticed I’ve used the word “context” a few times. That’s because it’s an important part of running a company’s infrastructure; knowing when and when not to react based on corporate policies, politics, or even culture. How do you teach an AI system that sort of advanced context? That’s coming in a later post…