Artificial Intelligence and Cloud Security

Recently, the technology world turned its eyes to the Watson Supercomputer as it takes on two of the biggest Jeopardy champions ever.  If you don’t understand why this is such a big deal, take a moment to think about what Jeopardy questions look like: they include jokes, play-on-words, etc.  Things that computers are not designed to comprehend.  Watson’s capability to answer knowledge questions is inconsequential; what is really important is its ability to parse language naturally and quickly to understand what is really being said.

That aside, there are good reasons to consider what artificial intelligence (AI) means to you as a security professional or even simply as a user of cloud services.

AIs are able to do thing that humans brains can't.  In particular, human brains get tired.  Human brains also tend to parse data much slower.  When handling reams of data, an AI can do it much longer (literally, forever), and much faster than a human can.

Security Event and Information Management System (SEIM) can be viewed as a type of AI.  You can teach your SEIM to virtually do anything and everything you can do from a terminal.  SEIMs can also be viewed as a partner that provides capabilities you can’t to help you perform your job more efficiently.  If you don’t, you’ll be crippling it and preventing it from providing you the greatest value that it can.

Your SEIM should be able to learn what is normal for your network and be able to change its expectations on-the-fly as network conditions change.  It should be able to parse event logs and other data looking for anomalies that might indicate dangerous or malicious activities.  In addition, a SEIM should be able to correlate those anomalies against other data sources to validate an actual attack has occurred.  An effective SEIM should also be able to check on the host being attacked to verify if it is vulnerable.  Finally, it should be able to locate the authority for the attacking host, and then remediate the threat by making a firewall change, sending an abuse complaint, or alerting an analyst to further examine more complex issues.  A properly designed SEIM should be able to do all of this without the constant monitoring and shepherding of an IT professional.

If it isn’t, you’re wasting a beautiful piece of software.

cloud hostingcloud securitytechnical solutionWatson SupercomputerJeopardy

 

View posts by tag:

technical solution server redundancy marketing interesting stuff funny video events disaster recovery data center cloud security cloud hosting business opportunity Watson Supercomputer Jeopardy Cloud Computing Expo West 2011 #CloudExpo