AIOps Taking Center Stage at the Enterprise Edge

essidsolutions

Recent advances in AI combined with big data network analytics and cloud computing promise to ensure the security and performance of IoT devices flooding enterprise access networks

As the ioT invasion grabs the attention of enterprises everywhere, IT pros are rushing to get a grip on how best to ensure the highest levels of security and performance of these non-standard client devices finding their way onto enterprise access networks.

For vendors and customers alike, IoT performance and security has remained an afterthought largely due to complexity, cost, ignorance and architectural lock-in.

Emerging vendor-agnostic AIOps platforms promise to provide much needed IoT “operational assurance” by delivering a more complete understanding of how these unique devices interact with other parts of the network, network services and applications. For IT, the fundamental tenants of IoT operational assurance include:

  • automating the discovery and classification of IoT devices,
  • baselining the behavior and performance of IoT devices with other parts of the network,
  • detecting anomalies from “normal” behavior, and
  • enforcing security polices when behavior deviates from acceptable behavior.

What is AIOps exactly?

AIOps is a relatively misunderstood Gartner-fashioned termOpens a new window used to describe the combination and use of artificial intelligence (AI) technology, big data network analytics and machine learning (ML) algorithms to enhance IT operations with predictive real-time and historic insights. Its application is very broad.

Popularized within the data center from companies like Splunk, new AIOps platforms are now being fashioned to address serious device performance and security issues at the enterprise edge with detailed analytics that makes the data meaningful and actionable.

This is achieved by consuming, analyzing and measuring every device transaction across the full network stack to answer complex questions that humans can’t or simply don’t have enough time to perform.

“Why are infusion pumps in building six constantly offline, associating with the guest SSID, or communicating with external systems they shouldn’t?”

Finding the answers to such questions with conventional infrastructure management tools often take days, weeks or months.

The big challenge with enterprise IoT

As organizations employ more and more non-traditional net­worked devices to meet specific business targets, they face new challenges of how to codify and control the behavior, perfor­mance and security of these things.

With the recent flood of new IoT devices finding their way onto enterprise infrastructure this is a particularly urgent issue that looks to dwarf the BYOD problem companies have experienced.

Many of these new IoT systems are purchased and deployed by the line of business unbeknownst to IT staff. This creates pain points for IT, network and security staff who effectively view these devices as black boxes sitting on their networks.

Unlike conventional laptops and newer smart phones, enterprise IoT is a collection of limited or sin­gle-function devices. The systems have embedded operat­ing systems and software that lack robust networking and security capabilities – often using arcane or proprietary protocols. Installing a software client or agent to secure their behavior is rarely possible.

What’s more, if IoT devices can’t even connect to, or operate properly with the network, securing these systems is meaningless. Still, big bucks are being paid for enterprise IoT devices so if they don’t work on the network or aren’t being properly utilized, real money is wasted and business is impacted.

Wi-Fi- connected infusion pumps, telemetry monitors, and smart temperature sensors in healthcare, connected tools and barcode scanners in manufacturing and even esoteric connected devices such as smart lights are creating unique threats that differ from other connected devices effectively ren­dering traditional security tools ineffective.

First things first

For IT staff, the first major hurdle, while seeming simple, is just identifying that these devices exist on the network and automatically classifying them. Seems easy enough.

It’s not.

Understanding what these devices are, where they are and how they are communicating on the network requires much deeper inspection into different types of data running across the network to answer questions such as:

o Who is the manufacturer?
o What is the make and model?
o How are they connected?
o On what VLANs are these devices communicating?
o What protocols are being used?
o What Wi-Fi SSIDs are IoT devices associating with?
o What destination hosts are being accessed?

This is where AIOps platforms begin to bring big value.

AIOps platforms at the network access edge are designed to ingest and analyze a wide variety of different data sources. This includes raw packet data spanned from network switches, device data, Wi-Fi metrics from SNMP queries to WLAN controllers, SYSLOG messages from network service elements, application response data well as flow data from WAN routers.

This information is constantly analyzed and correlated for every device transaction to establish normal behavior over time as well as to detect any deviation that could impact device performance or security.

For instance, if IoT environmental monitors are talking with a well-known destination host, that is fine. But if one or several of them are seen communicating to unknown or potentially malicious IP destinations, that could spell big trouble both from both the outside in and the inside out.

Accurately identifying such behavior using traditional IT tools is prohibitive, taking an inordinate amount of time and effort across different parts of the IT organization. At the end of the day, network engineers aren’t’ data scientists.

Fixing the problem and automating this process is where AIOps platforms help.

By constantly staring at every device transaction on the network and comparing (i.e. correlating) them all across the full network stack, IT staff can quickly determine where potential problems are hiding with all the requisite data detail, root cause analysis and remediation steps needed to take immediate action.

This requires AIOps platforms to have direct integration, typically through application programming interfaces (APIs) with established security solutions such as firewalls, network access control and authentication systems. Such integration allows IT staff to not only identify the culprits but also take action on how best to quarantine the devices.

This now gives IT leaders the operational assurance to:

  • easily quantify impact of network technologies on business outcomes
  • better prioritize IoT and network infrastructure investments
  • simply ensure IoT connectivity and usage by line of business
  • automatically inventory and classify devices
  • quickly identify risks and vulnerabilities
  • Proactively enforce IoT policy within cyber security strategy

Now what?

Ultimately IT staff needs to take a hard look at how best to address the growing enterprise IoT problem.

What’s needed is a holistic vendor-agnostic approach that addresses both device security and performance from one end of the network to the other with a view to provide a single source of truth to IT, network operations and security staff.

While AIOPs platforms represent a solid foundation to get in front of the problem in a hurry, the devil is always in the details and the politics.

Contact ESSID Solutions

    By clicking Send Message, you agree to our Terms of Use and Privacy Policy.

    Reach out to us for a free consultation on big data consultancy and development services.

    Contact

    Rua Alexandre de Sa Pinto 143
    1300-034 Lisbon
    Portugal

    [email protected] +351927159955
    Privacy Policy Terms of Service Refund and Returns Policy

    © 2024 ESSID SOLUTIONS LDA