Why an AI-machine learning combo is the best approach for multicloud
Security has become a data problem, explained an executive tasked with defending multicloud environments for large companies.
“The attack surface grows [using multiple clouds],” said David Hatfield (pictured), co-chief executive officer at Lacework Inc. “It’s different when you’re securing a data center or device where you have a very fixed asset and you kind of put things around it.”
What he is referring to is a broadening attack surface caused by the quintillions of datasets proliferating now rapidly across multiple, shared, cloud environments. “You can’t write rules and do security the way you used to do it,” he added.
Hatfield spoke with theCUBE industry analyst Dave Vellante at AWS re:Inforce, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed artificial intelligence and machine learning solutions for security compared with rules-based ones. (* Disclosure below.)
Data ingestion
The key to addressing the issue is to create machine learning and artificial intelligence models that ingest large quantities of theoretically insight-creating data, according to Hatfield.
“Anything we can get our hands on,” he said. “We look at all of the network data, configuration data, rules-based data and policies that customers might have.”
That fine-grain-resulting AI teaching is combined with an alert diet — stripping out the redundant alerts. Making sense of the threats via AI allows the company to prune the alerting.
“The amount of alerts that really are only the ones that need to go focus on,” Hatfield said. “Your alert volume [goes] from thousands per day to one or two high fidelity critical alerts per day.”
Polygraph detection is an element too. That’s where changes in characteristics are identified. Another key part incorporated is to create baselines and identify what normal is. That helps with unknown threats. “The really scary stuff when you’re in the cloud,” he added.
This kind of behavior-based security isn’t like traditional rules-based security. There’s an intrinsic disadvantage to that; in particular, if one is buying different companies and trying to stitch the rules-based engines together for compliance. “They don’t talk to each other,” he said.
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the AWS re:Inforce event:
(* Disclosure: Lacework sponsored this segment of theCUBE. Neither Lacework nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Photo: SiliconANGLE
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU