Machine learning and artificial intelligence are no longer just the subjects of Hollywood summer blockbusters; they’re becoming key weapons in the Defense Department’s cybersecurity strategy. As Deputy Defense Secretary Robert Work stated, when there is imminent risk, “a learning machine helps you solve that problem right away.”
Of course, machines themselves are just tools—dumb by their nature. The ability for these machines to collect raw data, process it, and use it to make informed decisions that can help prevent attacks and system failures is what makes them smart.
But preventing an attack as it’s happening is one thing; true intelligence lies in being able to predict things before they happen, like a potential threat or system failure. That’s where predictive analytics comes into play—collecting historical and recent data and applying that information to situations that may signal impending problems.
Learning from the past to protect the future
In effect, predictive analytics allows machines to become smart by “learning” from past incidents and behaviors. They can use the knowledge attained from past outcomes and make human-like decisions to automatically address issues before they become serious threats.
Predictive analytics involves collecting information from different data sets and comparing them side by side to gain a better perspective on where an anomaly may have taken place. These data sets can be collated from various points, including applications, virtual machines, storage appliances and more.
Like a science fiction film where characters jump between time periods, the data can be overlaid on timelines to trace the event in question from inception to eventual outcome. This helps establish the series of steps that took place to get from the initial start of the event to its eventual outcome. It lays the groundwork for the machine to be able to “see” and “understand” the process that took place so that it can react appropriately in case it detects a similar pattern in the future.
For instance, let’s say that a machine begins to detect some form of network anomaly. That anomaly appears similar to one that resulted from a different situation that occurred a few months ago. The machine “remembers” the previous situation and the events that led up to the ultimate outcome. It can then apply that knowledge to the present issue at hand and use that information to create a set of predictive rules or policies to ensure that the issue is not repeated. These rules could range from automatically patching all machines on the network to up-to-date software, to blocking IPs, disabling users, or other actions that might be appropriate depending on the situation.
With predictive analytics, machines become increasingly intelligent over time. They continue to build upon the knowledge that has been collected as a result of different incidents. As they become more intelligent, they are able to proactively address a number of different issues, from security threats to more mundane problems, such as network slowdowns. As a result, the network becomes much stronger.
It’s important to note that this can all be accomplished without the need for significant human intervention, which is undoubtedly good news for time pressed federal IT professionals. One of the things we learned in a recent IT Trends Report is that IT administrators are trying to adjust to the challenges of increasingly hybrid IT environments. The more time it takes to learn new skills, the less opportunity there is to proactively manage and respond to threats and network issues. By providing machines with a platform upon which to process and learn from collected data—and make that data actionable—predictive analytics can take at least some of the network security management onus off of these individuals.
Although all of this may sound like a sci-fi movie where AI becomes self-aware and starts to master humanity, the reality is that federal IT professionals should be very optimistic about the potential for intelligent machines. When paired with actionable data derived from predictive analytics, these tools have the ability to make administrators’ lives much easier, while automating and enhancing network security and availability.
Joe Kim is senior vice president and global CTO of SolarWinds.