Andrea Danti - Fotolia
What is happening with AI in cybersecurity?
This week, bloggers focus on the growing role of AI in cybersecurity, achieving simple, stable networks and running EVPN in a single data center fabric.
Jon Oltsik, an analyst with Enterprise Strategy Group in Milford, Mass., wrote about the growing role of AI in cybersecurity. Two recent announcements sparked his interest.
The first was by Palo Alto Networks, which rolled out Magnifier, a behavioral analytics system. Second, Alphabet deployed Chronicle, a cybersecurity intelligence platform. Both rely on AI in cybersecurity and machine learning to sort through massive amounts of data. Vendors are innovating to bring AI in cybersecurity to the market, and ESG sees growing demand for these forms of advanced analytics.
Twelve percent of enterprises have already deployed AI in cybersecurity. ESG research found 29% of respondents want to accelerate incident detection, while similar numbers demand faster incident response or the ability to better identify and communicate risk to the business. An additional 22% want AI cybersecurity systems to improve situational awareness.
Some AI applications work on a stand-alone basis, often tightly coupled with security information and event management or endpoint detection and response; in other cases, machine learning is applied as a helper app. This is true of Bay Dynamics' partnership with Symantec, applying Bay's AI engine to Symantec data loss prevention.
Oltsik cautioned that most chief information security officers (CISO) don't understand AI algorithms and data science, so vendors will need to focus on what they can offer to enhance security. "In the future, AI could be a cybersecurity game-changer, and CISOs should be open to this possibility. In the meantime, don't expect many organizations to throw the cybersecurity baby out with the AI bath water," Oltsik said.
Read more of Oltsik's ideas about AI in cybersecurity.
Simplify networks for improved security and performance
Russ White, blogging in Rule 11 Tech, borrowed a quote from a fellow blogger. "The problem is that once you give a monkey a club, he is going to hit you with it if you try to take it away from him."
In this analogy, the club is software intended to simplify the work of a network engineer. But in reality, White said, making things easier can also create a new attack surface that cybercriminals can exploit.
To that end, White recommended removing unnecessary components and code to reduce the attack surface of a network. Routing protocols, quality-of-service controls and transport protocols can all be trimmed back, along with some virtual networks and overlays.
In addition to beefing up security, resilience is another key consideration, White said. When engineers think of network failure, their first thoughts include bugs in the code, failed connectors and faulty hardware. In reality, however, White said most failures stem from misconfiguration and user error.
"Giving the operator too many knobs to solve a single problem is the equivalent of giving the monkey a club. Simplicity in network design has many advantages -- including giving the monkey a smaller club," he said.
Explore more from White about network simplicity.
BGP in data centers using EVPN
Ivan Pepelnjak, writing in ipSpace, focused on running Ethernet VPN, or EVPN, in a single data center fabric with either EVPN or MPLS encapsulation. He contrasts this model with running EVPN between data center fabrics, where most implementations require domain isolation at the fabric edge.
EVPN is used as a Border Gateway Protocol address family that can be run on external BGP or internal BGP connections. For single data center fabrics, engineers can use either IBGP or EBGP to build EVPN infrastructure within a single data center fabric, Pepelnjak said.
He cautioned, however, that spine switches shouldn't be involved in intra-fabric customer traffic forwarding. The BGP next-hop in an EVPN update can't be changed on the path between ingress and egress switch, he said. Instead, the BGP next-hop must always point to the egress fabric edge switch.
To exchange EVPN updates across EBGP sessions within a data center fabric, the implementation needs to support functionality similar to MPLS VPN. Pepelnjak added many vendors have not boosted integration for EVPN, and users often run into issues that can result in numerous configuration changes.
Pepelnjak recommended avoiding vendors that market EBGP between leaf-and-spine switches or IBGP switches on top of intra-fabric EBGP. If engineers are stuck with an inflexible vendor, it may be best to use Interior Gateway Protocol as the routing protocol.
Dig deeper into Pepelnjak's ideas on EVPN.
