AI
AI
AI
Why an AI-machine learning combo is the best approach for multicloud
Security has become a data problem, explained an executive tasked with defending multicloud environments for large companies.
“The attack surface grows [using multiple clouds],” said David Hatfield (pictured), co-chief executive officer at Lacework Inc. “It’s different when you’re securing a data center or device where you have a very fixed asset and you kind of put things around it.”
What he is referring to is a broadening attack surface caused by the quintillions of datasets proliferating now rapidly across multiple, shared, cloud environments. “You can’t write rules and do security the way you used to do it,” he added.
Hatfield spoke with theCUBE industry analyst Dave Vellante at AWS re:Inforce, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed artificial intelligence and machine learning solutions for security compared with rules-based ones. (* Disclosure below.)
Data ingestion
The key to addressing the issue is to create machine learning and artificial intelligence models that ingest large quantities of theoretically insight-creating data, according to Hatfield.
“Anything we can get our hands on,” he said. “We look at all of the network data, configuration data, rules-based data and policies that customers might have.”
That fine-grain-resulting AI teaching is combined with an alert diet — stripping out the redundant alerts. Making sense of the threats via AI allows the company to prune the alerting.
“The amount of alerts that really are only the ones that need to go focus on,” Hatfield said. “Your alert volume [goes] from thousands per day to one or two high fidelity critical alerts per day.”
Polygraph detection is an element too. That’s where changes in characteristics are identified. Another key part incorporated is to create baselines and identify what normal is. That helps with unknown threats. “The really scary stuff when you’re in the cloud,” he added.
This kind of behavior-based security isn’t like traditional rules-based security. There’s an intrinsic disadvantage to that; in particular, if one is buying different companies and trying to stitch the rules-based engines together for compliance. “They don’t talk to each other,” he said.
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the AWS re:Inforce event:
(* Disclosure: Lacework sponsored this segment of theCUBE. Neither Lacework nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Photo: SiliconANGLE
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
