Cybersecurity and Analytics – Where AI Meets the Cloud
January 15, 2019 2:11 pm
3 min read
This content is provided by Leidos and Amazon Web Services.
Bake it in, or bolt it on? Anyone who has ever dealt with federal cybersecurity has had those two options presented to them. Everyone agrees that when designing a new system, considering cybersecurity at the onset―or “baking it in”―is a good idea. Adding solutions after the fact, or “bolting it on,” can help a system respond to new threats, but can also result in a complicated and messy cybersecurity strategy.
Is it really just a binary question? Are these the only two options?
“Cybersecurity is an evolving topic. You can’t rest on your laurels thinking that your system is secure because you baked it in to begin with. You always have to continue to evolve,” said Keith Johnson, chief technology officer of Leidos’ defense and intelligence business areas. “That’s primarily because the diversity of the environment, the users, and the adversaries who may be trying to get in and take that $100 billion worth of data is expansive.”
Meanwhile, Brett McMillen, director of Federal Government at Amazon Web Services (AWS), said he spends a great deal of time on cybersecurity. It starts with knowing what you have, and how to respond. And the cloud makes that much easier.
For example, what if an agency wants to know if it’s running an operating system with a known or new vulnerability? With multiple data centers, that’s a tough question, and the answer will take time and manpower. But in the cloud, getting that answer is as simple as a single query.
The next question is how to respond. Cloud providers like AWS offer tools to both monitor and respond to vulnerabilities, and can spin up or wind down an entire system with relative ease.
One cybersecurity tool that’s getting a lot of attention is artificial intelligence (AI). Everyone wants to automate to make it easier to keep up with the evolving threat landscape. But with federal cybersecurity, it’s not that easy, Johnson said.
“While we want to automate, we can’t rush too fast because of all the nuances involved. We have to make sure that we are secure, and that does require people right now. It requires a lot of people,” he said. “Over time though, it’s going to be a big effort from us, I know it is with AWS, and within the commercial world, to understand how we can really automate in a way that keeps us safe but takes away some of the burdens that humans are facing right now.”
One of the biggest obstacles is data architecture. Analytics can help an agency understand its own data, which is the first step towards applying AI.
“You can’t apply AI unless you have data, and data has to be unlocked,” Johnson said. “Right now, just because of the way legacy architectures have evolved, data is not in a good place to have AI applied to it. We need to open that up and re-architect it, expose the data, and then expose data that’s labeled because that’s when you can really apply AI.”
Agencies also need to think about how they intend to use AI. Everyone wants to apply it to cybersecurity, to keep data safe. But what about applying it to patterns and use cases around the data? Who is looking at it, and when? The key, McMillan said, is early detection.
“I like to think of AI and machine learning as giving agencies the ability to solve problems that they never could solve before,” he said.
TECH TIP: Put AI to work to find anomalies and boost your cybersecurity posture.
When data is in the cloud, you can get more robust logs and more fine-grained usage patterns and access controls. Once aggregation of those usage patterns and access controls is done, then AI can be used to find abnormalities, which may be indicative of questionable behavior to investigate from a cybersecurity perspective.