Last week the world learned that the hacks at Target hit more customers than originally thought – somewhere in the 100 million vicinity – and that Neiman Marcus also saw customer credit card information spirited away by data thieves. They’re not the first big-name outfits to suffer a security setback, could they be the last?
No one can ever say never, of course. But it’s possible that new tools that leverage machine learning predictive analytics could put a serious dent in the black hats’ handiwork, while also improving IT’s hand at application performance management.
A big problem in both the APM and security space today is that there’s just a ton of data coming at IT pros dealing with those issues, much of it just describing the normal state of affairs, and no one’s got time to spend reviewing that. What IT staffers want to know about are problems, which leads to a lot of rules-writing to identify thresholds that could point to issues, and to a lot of rewriting of those rules to account for the fact that things change fast in today’s world of system complexity – and to a lot of misses because of the impossibility of keeping up. Sixty percent of problems are still reported by users, not the tools IT is using, says Kevin Conklin, marketing vp at Prelert, whose machine learning predictive analytics technology is used in CA’s Application Behavior Analytics and available as Anomaly Detective for the Splunk IT apps ecosystem.
“While you think you know the ways that APM fails in reality it fails in new ways every week,” he says. Same thing is true when it comes to security failures. Think of it like the TSA not knowing to look for explosives in shoes until there was a shoe bomber. . “Security systems are designed to look for threats they know about but hackers circumvent that,” Conklin says. Hackers infiltrate systems by doing something that everyone else isn’t doing, he explains. “Once you have a system set up to identify different things, then the guy would have to figure out a way to steal from you without acting differently.” Maybe they can, he says, “but it’s hard for us to envision the use case because everyone who’s doing this now is doing something different” to achieve their ends.
Machine learning predictive analytics changes the equation of not being able to find something affecting application performance, IT security or even infrastructure because you don’t know to monitor for it, Conklin says. It lets IT put all the data they have to good use, learning from it to see what they couldn’t before and even more importantly, to stop having to write all the rules they do in an endless Catch22. Rules-writing was fine in the 1970s and ‘80s, he says, but things change too dynamically today for that to work, pointing to one customer that does 70 deployments a day of new code into its web environment. “They couldn’t keep up with writing rules,” he says.
“With machine learning predictive analytics and the state of computational mathematics today, there’s no need to throw all your data out,” he says. “If you can look at all your Big Data, with machine learning you can learn what’s a normal, behavioral mode and identify things that are changing and impacting the system with cross-correlation.” As the industry moves to embrace this approach, he thinks, it will get harder and harder for cybersecurity criminals to get their evil deeds done. Not, he cautions, that it’s all about the machine: “You still have to be vigilant,” says Conklin. “AI today has been a complement to humans. It doesn’t replace them. You still need someone to look at the results and see that something is different, something is new and jump on it and shut it down if necessary.”
And while APM and security are good starting point use cases, Conklin expects the applications around machine learning to expand significantly over the next few years, as the focus shifts from human-defined rules. And Prelert has designs on helping to fulfill those new opportunities, too. Conklin says to expect to see more APIs and integrations with large data aggregation systems coming from Prelert. “We believe in the democratization of this technology,” he says. “We want every person in the business world to be able to use this to solve IT-business problems, whether it’s marketing or retail or customer management, to see in the data they have what are normal patterns of behavior and abnormal ones and what things they can do with that information.”