App Infrastructure Protection Archives - AiThority

Using AI for IT Automation Security in 2024

Lori MacVittie — Wed, 15 Nov 2023 08:26:46 +0000

The history of poisoning wells in times of conflict is an established one. Whether by cutting off access to wells or using it as a force multiplier for spreading disease, the town well has always been a significant attack vector.

In modern times, we can draw the analogy of a well to a script or API endpoint that initiates automation that drives change into infrastructure, applications, and digital services. Most organizations—78% employ a rich set of automation across IT to do just that. That should be no surprise given the prevalence of automation to drive changes into complex, hyperscale systems operated by Facebook, Twitter, and Amazon, among others.

That’s because, like the shared well of olden days, a single script can affect thousands of systems in a matter of minutes. In the before times, manual changes affecting the same number of systems might have taken days or even weeks. Automation is a force multiplier, allowing operations of all kinds to scale in ways that human beings could never achieve. It is the cornerstone of scaling processes, practices, and the business. Indeed, one can argue that an organization cannot become a digital business without automation. It is one of the six key capabilities organizations need to build to successfully capitalize on data, adopt Site Reliability Engineering (SRE) operations, and infuse digital services with the ability to adapt through modern app delivery.

But the thing about automation is that, well, it’s automatic.

Once begun, it’s difficult to intercept the cascading changes driven across such systems. Speed of change is one of the drivers for automation, after all, and once begun those changes are difficult—if not impossible—to stop.

Acquia’s Annual Customer Experience (CX) Trends Survey Reveals Challenges for Marketers

You’d have to be living off-grid to not have heard about automation propagating unintended changes that, ultimately, impacted large swaths of the Internet. A bad parameter pushed into a script is nearly impossible to recall once the enter button is pushed, or the API endpoint invoked. Once executed, the well has been poisoned.

This is not the first time I’ve raised the alarm concerning the security of IT automation. It is an overlooked and underexplored attack vector that will, eventually, be exploited. And even if ‘eventually’ is decades away, the more immediate threat of human error remains extant.

According to the latest Uptime Institute research, “nearly 40% of organizations have suffered a major outage caused by human error over the past three years.”

This is where AI—more correctly, ML—enters the room.

The use of machine learning to protect IT automation

Machine learning is particularly adept at uncovering patterns and relationships between data points. Today, most of the market is focusing on the application of machine learning to solve security and operational challenges. This includes identifying whether a user is a bot or a human, recognizing attacks, and even predicting imminent outages.

An area often unexplored is app infrastructure protection (AIP). For example, machine learning can be used to understand how operators and admins interact with critical systems and immediately notice when an interaction deviates from the norm. This is useful for detecting attackers attempting to access directories they shouldn’t or invoke commands with parameters outside normal usage.

WhyLabs Announces Strategic Collaboration Agreement with AWS to Accelerate Responsible Generative AI Adoption

Read that last part again. Invoke commands with parameters outside normal usage.

Ah, there it is. There is nothing peculiar to security in the ability of AIP—and machine learning in general—to detect anomalous parameters or an attempt to execute an unusual command. This technology could just as easily be applied to IT automation to catch either human error or intentionally malicious commands.

Assuming the right level of access to target systems, such a machine learning solution could certainly offer a path to protecting systems against occasional bad parameters, lateral communication attempts, or any other attack. Ransomware, anyone?

Infrastructure—for apps, app delivery, and automation—is still an attractive attack vector. As organizations move to adopt more automation—and they are—they need to simultaneously consider the ramifications—accidental or intentional—of the use of that automation. From there, it’s necessary to consider how to protect it against the inevitable fat finger or malicious keystroke.

IT Automation is a force multiplier.

Full stop.

That means it’s useful for both intended and malicious use cases. Which implies a need to protect it. Machine learning may be one way to integrate AI with ops to protect the infrastructure that remains a vital component of a digital business.

[To share your insights with us, please write to sghosh@martechseries.com]

The post Using AI for IT Automation Security in 2024 appeared first on AiThority.

F5 Expands SaaS-Based Security Portfolio with Launch of F5 Distributed Cloud App Infrastructure Protection

AIT News Desk — Fri, 16 Dec 2022 11:16:43 +0000

F5 Distributed Cloud Services now enables customers to protect both applications and the infrastructure where they run

F5 announced the launch of F5 Distributed Cloud App Infrastructure Protection (AIP), a cloud workload protection solution that expands application observability and protection to cloud-native infrastructures. Powered by technology acquired with Threat Stack, AIP is the newest addition to the F5 Distributed Cloud Services portfolio of cloud-native SaaS-based application security and delivery services.

Natural Language Processing Capabilities : Finch Computing Accelerates its Natural Language Processing Capabilities

“The addition of AIP fills a critical need for customers as they look for ways to extend robust security controls to multiple cloud infrastructures where they run their modern applications.”

Organizations of all sizes across industries are in the midst of efforts aimed at simplifying, securing, and innovating application-driven digital experiences. However, many face the challenge of managing distributed and hybrid application infrastructures composed of workloads across on-premises, public cloud, and edge locations. This creates tremendous complexity and increases the security threat surface, and as a result customers are forced to deploy inconsistent security controls and lack necessary visibility, particularly for cloud-native deployments.

Attacks such as those exploiting Log4j and Spring4Shell can evade signature-based detection defense mechanisms and target vulnerabilities and misconfigurations within application infrastructure. Distributed Cloud AIP brings deep telemetry collection and high-efficacy intrusion detection for cloud-native workloads and—when combined with the in-line application and API security from F5 Distributed Cloud WAAP—delivers a defense-in-depth approach to security threats that span across applications, APIs, and the cloud-native infrastructures where they run.

Data Science News: Mosaic Data Science Develops Innovative AI-Text Generation Tool That Summarizes Content for Specific Audiences

“Organizations are managing a dauntingly complex mix of hybrid and multi-cloud application architectures that can slow the pace of digital innovation and create subsequent security risks,” said Kara Sprague, Executive Vice President and Chief Product Officer, F5. “The addition of AIP fills a critical need for customers as they look for ways to extend robust security controls to multiple cloud infrastructures where they run their modern applications.”

A large majority of organizations are now deploying microservices-based applications on cloud-native infrastructure and connecting them through APIs. This approach to application development can radically increase the pace of innovation while lowering total cost of ownership. However, vulnerabilities and misconfigurations at the infrastructure level leave these applications open to attack from both internal and external bad actors. These intruders leverage vulnerabilities in cloud services or stolen keys to get access to cloud-native resources, where they can move freely throughout the infrastructure, inject malware, run cryptominers, or access sensitive data.

F5 Distributed Cloud App Infrastructure Protection addresses these challenges through:

A combination of rules and machine learning to detect threats in real time across the entire infrastructure stack: cloud provider APIs, virtual machine instances, containers, and Kubernetes. With behavioral-based detection, AIP can identify insider threats, external threats, and data loss risk for modern applications.
Detection and alert of anomalous behavior impacting workloads to inform operations teams of potentially malicious activity that may require further action to block or remediate.
Complementing existing signature- and behavioral-based threat detection capabilities with actionable insights from advanced telemetry and detection of post-exploit activity at the app and cloud infrastructure level.
F5 Distributed Cloud AIP Managed Security Services, an “always-on” Security Operations Center team that detects, triages, and investigates threats and provides remediation recommendations on behalf of customers.
F5 Distributed Cloud AIP Insights, providing custom platform analytics and ongoing coaching from F5’s cloud security experts to help customers build a stronger cloud SecOps strategy and better achieve their goals.

AI Insights : XAPP AI Achieves AWS Conversational AI Competency Distinction

[To share your insights with us, please write to sghosh@martechseries.com]

The post F5 Expands SaaS-Based Security Portfolio with Launch of F5 Distributed Cloud App Infrastructure Protection appeared first on AiThority.