Organizations must process a daily deluge of data as their business-technology systems grow more complex. To detect and stop attack activity buried within the noise, one must be able to deploy solutions throughout the enterprise that are driven by artificial intelligence (AI) and machine learning (ML).
When deployed properly, AI/ML can help security teams manage complex hybrid environments more effectively. Advances in the technology are making it much easier for everyone to make sense of massive amounts of data and find suspicious activity.
But it’s important to understand the basics of AI/ML before choosing a security solution that incorporates it. What follows is a primer.
AI vs. ML
The main difference between AI and ML is that machine learning doesn’t engage with its environment. It passively collects data, then categorizes it or predicts possible events based on what it has observed.
Machine Learning does what its name suggests: observes, ingests, and predicts — largely based on statistic modeling and fuzzy logic.
Artificial Intelligence, however, actively engages with its environment to understand and make accurate decisions to achieve whatever objectives it is designed and programed to realize.
In addition to the broad differences between both ML and AI, there are also different types of learning, such as supervised and unsupervised learning:
- Supervised learning is machine learning where algorithms are created to consume data with designed inputs and hoped-for outputs.
- By feeding the system this data, you are essentially training it, and the algorithm will improve its accuracy over time as a result.
- When it comes to unsupervised learning, the data contains only inputs and it’s up to the AI/ML to find meaning in the data, such as groups of data points or trends, and unsupervised learning will adapt as the data changes over time.
Mastering the supervised and unsupervised
While it may be tempting to choose one AI/ML technique over another, both types of learning — supervised and unsupervised — are necessary for optimal performance.
While it’s true that today’s data centers are more complex than ever, some things are easy enough to predict within sets of known parameters that make a supervised AI/ML ideal to monitor. These include things such as:
- Autonomic self-healing tests, in which the AI/ML conducts an automated security review of a newly deployed infrastructure and finds flaws.
- The AI/ML could revert back to the last known good state if it couldn’t remediate the problem itself.
- Within DevOps organizations, the system could be given parameters of good application performance and it could learn how to adjust over time to varying stressors.
Today’s systems are so complex that we don’t understand everything about them, or how they will function. Here, unsupervised learning systems can watch and study for patterns and spot things that humans would never spot, hopefully long before trouble starts.
Continuous performance optimization
Continuous performance optimization is important to understand operating environments and instantly adapt to dynamically changing systems -- tuning and optimizing them without human intervention.
Here, machine learning techniques will help security teams monitor data and study performance to determine the next best actions based on what the system is always learning. As David Pham, a senior product marketing manager at VMware, wrote in the blog post, “Realize the AI/ML Fundamentals of the Self-Driving Datacenter with vRealize AI Cloud”, it’s a continuous self-improving loop.
What this means for operations teams:
With AI-powered automation, admins — not data scientists — can secure and deliver reliable infrastructure to their organizations. For instance, with AI/ML admins can more easily create and maintain clusters and streamline management, enhancements, and upgrades.
With AI-enhanced provisioning, workload state enforcement/orchestration and automation remediation, admins can bring a level of security and resilience to complex hybrid cloud environments that they didn’t think possible just a couple years ago.