Even as cyber attackers get smarter, and the number and impact of attacks go up, the cybersecurity tools available to data centers are getting better, smarter, and easier to deploy.
Data centers have to automate in order to keep up, according to Andrew Howard, CTO at Kudelski Security. "I haven't met a security department lately that isn't trying to do more with less."
And it's not just threat detection and mitigation that are being automated. Automation is used to ensure that containers and microservices are properly configured and secured when they are launched.
It's a totally different way of managing infrastructure, he said. "Professionals in the old-school mindset of traditional infrastructure management will likely have to modify their skill sets to be successful."
A lot of the core automation technologies, like PowerShell and Perl scripting, have been around for a while, but orchestration platforms are also starting to hit the market, and vendors are building more automation and orchestration features into their existing cybersecurity products.
The benefit is that managers responsible for securing data center networks can get more done with the same number of analysts or with fewer lower-level security analysts, moving them to higher-value jobs.
Automation is also important when data centers deploy micro-segmentation and very detailed security policies, said Dave Klein, senior director of engineering and architecture at GuardiCore.
"The increasing rate of change in IT infrastructure and applications make policy automation increasingly important," he said. With automation, newly deployed workloads can be automatically allocated to the appropriate microsegments and policies.
Machine learning, an AI technique, is already being widely used in cybersecurity to detect previously unknown threats and to spot suspicious traffic patterns and unusual user behaviors.
But AI is also getting better at understanding human intent – both the intent of attackers and of security professionals.
According to Pankaj Parekh, chief product and strategy officer at SecurityFirst, AI can also be used to figure out the intent of application developers as they build data flows and the intent of users looking to access data.
"Understanding of hackers’ intent then provides definitive guides to provide comprehensive intent maps," he said. "These advancements help a great deal in trusting and creating automated policy generation."
AI and machine learning can also help a data center create and manage more layers of protection than ever before – not just the network, hosts, and applications. "Data needs its own layer of protection," Parekh said. And not just data in a static location. "Data flows need to be understood."
Advancements in artificial intelligence are just starting to make this practical, but they are still in early development phases. "So, along with automation, an appropriate mix of operational oversight is needed to completely secure the data," he said.
Putting It All Together
Automation and artificial intelligence go hand-in-hand. Both are difficult technologies to adopt, but cloud deployment is making it easier.
That's particularly handy for data centers, since more and more of their deployments take advantage of cloud technologies.
Both on-premises and cloud-based data centers, for example, are increasingly adopting a container-based application infrastructure, said Franklyn Jones, chief marketing officer at Cequence Security, a Sunnyvale, California-based application security vendor.
When security tools are also cloud-based, they can co-exist with the applications they protect, no matter where those applications are deployed.
"AI-based security technologies are being integrated into these cybersecurity tools because they provide the intelligence and automation to accelerate the detection and defense of attacks against this new generation of applications," he said.
For example, AI-powered threat intelligence gateways managed as a service are one new option for securing an expanded perimeter, said Colin Little, senior threat analyst at Centripetal Networks. "Organizations are realizing the power of never having enough security analysts," he said.
But before deploying any of these new technologies in a live environment, Little recommends that data centers test them thoroughly. "Just like any other new tool!" he said.