Loading...

Follow Cisco Machine Learning Blog on Feedspot

Continue with Google
Continue with Facebook
or

Valid

Enterprise networks generate a lot of data. A lot. Imagine a network with 6000+ access points, 10 wireless controllers, a data center, dozens of branch offices, and over 10,000 roaming wireless devices covering an area the size of a small city. Every AP collects telemetry on its operating environment, radio performance, interference statistics, and the identities of devices that are connecting to them. The SD-WAN fabric connects distributed branch offices and remote workers to cloud applications and data center resources, managing thousands of connections and traffic flows over the course of a work day.

Trying to manually analyze and troubleshoot the traffic flowing through thousands of APs, switches, and routers is a near impossible task, even for the most sophisticated NetOps team. In a wireless environment, onboarding and interference errors can crop up randomly and intermittently, making it even more difficult to determine probable causes. How long does it take for devices to onboard as they are carried from segment to segment? Is taking 5 seconds to connect to an AP satisfactory or unacceptable performance? Is onboarding time consistent regardless of device density or does it vary unpredictably? How do you measure and compare application performance from SaaS providers to distributed branch offices and remote workers?

The irony of having mountains of telemetry and activity logs awaiting analysis by overworked IT teams is that there is too much noise from too much data for humans to deal with in a timely manner. Machine learning (ML) and applied artificial intelligence (AI) automates the analysis of trillions of bytes of telemetry, radio fingerprints, and network access points to uncover patterns in the chaos, and turn the findings into actionable insights or automated mitigation actions. Where is the nexus of AI/ML for enterprise network analytics? In the Cisco DNA Center and the Cloud.

Cisco AI Network Analytics in the Cloud

For years now, Cisco has been integrating AI/ML into many operational and security components, with Cisco DNA Center the focal point for insights and actions. Now we are adding new capabilities with Cisco AI Network Analytics in the Cloud. AI Network Analytics collects massive amounts of network data from Cisco DNA Centers at participating customer sites, encrypts and anonymizes the data to ensure privacy, and collates all of it into the Cisco Worldwide Data Platform. In this cloud, the aggregated data is analyzed with deep machine learning to reveal patterns and anomalies such as:

  • Highly personalized network baselines with multiple levels of granularity that define “normal” for a given network, site, building, and SSID
  • Sudden changes in onboarding times for Wi-Fi devices, by individual APs, floor, building, campus, and branch
  • Simultaneous connectivity failures with numerous clients at a specific location
  • Changes in SaaS and Cloud application performance via SD-WAN direct internet connections or Cloud OnRamps

The Worldwide Data Platform leverages a growing knowledgebase of over 35 years of Cisco engineering problem resolutions and AI-derived insights. As patterns are discovered and anomalies uncovered in the diverse ocean of data, alerts with correlated information—such as physical locations, histories, possible causes, and potential remedies—are sent to the corresponding Cisco DNA Centers for evaluation and action by NetOps.

AI Analytics Provides Visibility, Insight, and Action

The AI processes in the cloud perform the logical troubleshooting steps that a network engineer executes to resolve problems, but much faster and against a much larger data set than humans’ can handle. In large campus networks and remote branch offices, the number of alerts and false-positives for minor to major issues can come fast and furious at times, making triage the first step for NetOps teams. The AI processing helps triage issues by categorizing them according to severity, location, number of affected devices, and the ability to automatically remedy a subset of issues. As a result, NetOps can focus on high-priority alerts instead of hunting through a blizzard of data for disruptive problems. Cisco AI Network Analytics and DNA Assurance provides visibility, insight, and action for resolving network issues and improving performance.

Visibility into Personalized Baseline Behavior

Using machine learning to determine a baseline range for network activity—error rates, onboarding times, application performance, for example—helps spotlight relevant deviations in behavior that impact network availability. Once a personalized baseline is established, NetOps can measure performance over periods of time to determine the effects of network design changes, adding devices, changing segmentation, and adding SaaS application connections to distributed branches. A baseline enables NetOps to focus on significant anomalies rather than the noise of minute-to-minute deviations, saving time and resources for IT projects that add value.

Insights Gathered From Around the World

With a baseline of normal network operations established, Cisco AI Network Analytics examines abnormal behaviors to pinpoint specific issues and their root causes. A knowledgebase of engineering experience—accumulated by Cisco over decades of network monitoring and troubleshooting—works with the patterns and anomalies uncovered by ML in the Worldwide Data Platform to prescribe actions to fix issues. Workers in a remote branch office that are taking longer than the normal baseline to onboard, for example, trigger an alert in Cisco DNA Assurance, along with potential remedies, enabling NetOps to take proactive remediation steps before the delays impact productivity and customer experience.

In IP networks, a problematic event is often preceded by a benign event or series of events. Using the Proactive Exploration features of AI Network Analytics, NetOps can, for example, be forewarned of increases in Wi-Fi interference, network congestion, and office traffic loads. By learning how a series of events are correlated to one another, system-generated insights can help foresee future events before they happen and alert IT staff with suggestions for corrective actions. These insights can recommend changes to Wi-Fi, switch, or application configurations that will improve system performance and user experience, improve issue relevancy, and accurately identify trends and root causes.

AI Network Analytics can also compare activity and patterns among, for example, branch offices, to determine “normal” activity and pinpoint performance issues pertaining to individual sites. Since all the data in Worldwide Data Platform is anonymized, Cisco AI Network Analytics can securely compare a campus network’s performance against other sites of similar size and configuration, helping to identify opportunities for network upgrades while optimizing IT spending.

Action and Guided Remediation from Expert Knowledgebase

Insights lead to action with guided remediation suggestions resulting from the fusion of machine pattern recognition and AI-derived workflows from the engineering knowledgebase. Events similar to those that have occurred in other enterprise sites provide possible solutions that have previously resolved analogous issues. This demonstrates the value of leveraging the Worldwide Data Platform and ML to capture issues that crop up sporadically in networks all over the world and resolve them quickly and efficiently.

Note that participating in the Worldwide Data Platform is optional when using Cisco DNA Center, but will result in more limited capabilities. Even though all data received from customer DNA Centers is anonymized, and each customer has a unique private key for decryption, not participating in the Worldwide Data Platform is an option for organizations that have privacy and compliance issues that limit data sharing.In

Intent-based Networking is Smarter and Simpler to Manage with AI Network Analytics

Cisco AI Network Analytics, within Cisco DNA Center, adds another layer of intelligence to Intent-Based Networking, making networks even smarter, simpler to manage, and more secure. Integrating decades of Cisco network engineering experience into the AI Network Analytics platform to continuously analyze network operations and deviations leads to faster problem resolution and thus greater IT efficiency. By identifying the most relevant optimization opportunities for each customer’s unique configuration and usage patterns, IT resources can be allocated to high priority projects providing the most benefit instead of chasing minor fluctuations in network performance.

Cisco will continue to add AI and machine learning to bring simplicity and security to enterprise networks of all sizes and shades of complexity. The more telemetry, operational statistics, and security threat indicators flow into the Cisco Worldwide Data Platform, the more value enterprises using Cisco DNA Center will gain.

Watch my presentations on AI, ML, and Reinventing Access in a Multi-Domain World, at Cisco Live US, June 10 -13.

For more an overview of AI/ML and multi-domain networking, read Cisco EVP/GM ENB Scott Harrell’s latest post Intelligent Next Step for Intent-Based Networking.

For an in-depth primer on AI/ML in Intent-Based Networking, read Cisco CTO John Apostolopoulos’ post Improving Networks with Artificial Intelligence.

For more information on Cisco AI Network Analytics, visit our web sites for Assurance and AI.

For more on our multi-domain access story, read a new post by Prashanth Shenoy, 3 Ways Intent-Based Networking Fulfills Business Intent with Multidomain Integration

Also, check out this video as Anand Oswal and John Apostolopoulos dive into how intent-based networking and AI come together!

The post Cisco AI Network Analytics: Making Networks Smarter and Simpler to Manage appeared first on Cisco Blog.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

We, and our customers, have long understood that networks are most valuable when they do more than support their own weight. They become assets only when they enable the growth of business strategies. To get networks to work at this level, we have to get a higher level of performance and agility from them.

That’s why we launched a series of products and services based on intent-based networking two years ago. Our goal was to reinvent access networking to serve business needs. Intent-based networking turns intent into network policy, and it lets businesses innovate faster than ever.

Since we started working on intent-based networking, we’ve been focused on making it simple. As the technicalities of networking are complex, this focus is not something we’ll ever be fully done with. Simplifying advanced IT requires continuous refinement.

One big leap we’re making now is using the power of artificial intelligence (AI). It lets us simplify the experience that IT teams have with networking tools, and provides personalized and targeted insights into their operational environments.

We are also simplifying what it takes to manage multiple networking domains – by linking them together to provide key outcomes that network managers care about, like end to end segmentation with application SLAs (service-level agreements).

Artificial Intelligence Powers the Next Level of Intent-Based Networking

We can use the artificial intelligence  to make IT more efficient and proactive. With AI, we can deliver a network that operates at its peak performance. At the same time, we make it easier to manage.

For example, we address the fact that the number of devices attaching to networks is increasing quickly. From end-user devices to IoT equipment, many networks are seeing exponential growth. This increase in network complexity is leading to an increase in alerts from management consoles. But IT teams, with their limited resources, are only able to pay attention to the highest-priority incidents. They end up ignoring the less urgent, but still important, indicators of network under-performance.

Having networks send their operators only the right alerts, though, isn’t something that can be done just by setting coarse threshold bands. Every network is different.  Every building in campus network is different. Each floor within a building is different. And these networks are constantly changing. We need to apply AI to optimize network management, to surface the alerts that are truly important for each unique environment.  With AI, we can customize alerts for every building, every floor and every room – with actionable insights that allow teams to quickly and proactively mitigate problems.

In early field trials of Cisco AI Network Analytics, we have seen the number of flagged incidents reduced by up to 75%. One of our customers, with a three-person network management team, tells us they call Cisco AI technology the “fourth member of the team.”

Having an AI tool to prioritize — and increasingly, remediate — network alerts means IT staff can spend more of their time and resources on strategic projects that make their business better, more efficient, and more competitive.

AI can effectively filter and prioritize alerts.

The quality of the AI-driven improvement depends, of course, on the quality of the data. The more devices you collect data from – end user smartphones, switches, WAN routers, cloud servers, and everything connecting them – the better. That’s why we build telemetry into all the products we make. And we have 35 years of experience across all the domains of networking – experience that goes beyond raw data. We are combining that pattern-matching human knowledge of how networks work, with real-time telemetry, to move into a new field of AI, machine reasoning, to create even more intelligent network management.

Network teams can also use the network telemetry as a raw business resource. Networks are sensors, not just wires. A network can know how employees and customers use resources – increasingly, physical resources like buildings and equipment – and that data can be an invaluable resource in creating competitive advantage.

Integrating Network Policies

It’s also time to start unifying network management across domains. No network is an island, and yet they have been traditionally managed as if they were. Even inside a single enterprise, there are multiple networking domains, each supporting a unique role — from the campus and IoT networks that identify and onboard devices and authorize access, to the WAN network responsible for securely connecting to a hybrid cloud environment with a great application experience, to the data center and cloud networks where workloads are distributed and where protecting against data breaches is utterly critical.

Operating policies that govern network actions are defined in each of the domains. But the needs of a business are not fulfilled by one domain alone. All need to work together so that, for example, a doctor in a clinic can securely run a diagnostic application in the data center with adequate quality of experience over the WAN that connects them to it – a task that touches at least three traditionally separately-controlled networks.

To meet this business intent, domains must exchange relevant policies, so that the entire network works in concert.

In our example, the access network that onboards and authorizes the doctor must let the data center network know of their privileges to run the medical diagnostic application. Similarly, the data center network must tell the WAN of the critical nature of the application and how its traffic must be prioritized. When the doctor moves to a different clinic, the policies that govern their usage should follow.

Applying policies across domains can also be simplified.

Without such integrations, IT teams for each domain need to coordinate and then manually implement different policies. With the rapid pace of change, that may not even be possible.

Multidomain integration means that policy applied in one place (like the access network) will get applied to the other networks (like SD-WAN and data center) that are involved in delivering the desired result. Each domain continues to support its primary role, but as changes occur, it will dynamically update across other domains.

Improving the Human Element

AI tools and automation for multiple domains will get us closer to the IBN vision and will dramatically free up IT teams so skilled network operators can work on strategic projects – projects that may appear out of reach today due to the fire-fighting nature of network management. Based on talks I have with customers, I know that there is no end to the number of interesting and lucrative projects our users could be working on. And we want to help.

We recognize that network engineers and IT teams will need new skills and practices to take advantage of these tools. Our own Cisco DevNet can help lead the way: Resources are available now to help build network automation across domains with the new DevNet Automation Exchange. New DevNet certifications will help engineers build critical software skills and infrastructure expertise to keep on top of the latest IT developments.

Smart software will soon be able to do more for our networks than ever. But to keep a business ahead of the game, IT teams need to know how to use it to its best advantage. There’s so much still to do when it comes to leveraging the power of interconnected systems. We want to help networks get smarter, and we want to be sure they all have the best-informed people available to manage them.

Get the latest news from Cisco Live 2019, happening June 9 to 13 in San Diego, California. 

The post The Intelligent Next Step for Intent-Based Networking appeared first on Cisco Blog.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Here we are, almost four whole months into 2019 and machine learning and artificial intelligence are still hot topics in the security world. Or at least that was the impression I had. Our 2019 CISO Benchmark Report however, found that between 2018 and 2019, CISO interest in machine learning dropped from 77% to 67%. Similarly, interest in artificial intelligence also dropped from 74% to 66%.

Now there are a number of reasons why these values could have dropped over a year. Maybe there’s a greater lack of certainty or confidence when it comes to implanting ML. Or perhaps widespread adoption and integration into more organizations has made it less of a standout issue for CISOs. Or maybe the market for ML has finally matured to the point where we can start talking about the outcomes from ML and AI and not the tools themselves.

No matter where you stand on ML and AI, there’s still plenty to talk about when it comes to how we as an industry are currently making use of them. With that in mind, I’d like to share some thoughts on ways we need to view machine learning and artificial intelligence as well as how we need to shift the conversation around them.

More effective = less obvious

I’m still amazed by how machine learning is still a hot topic. That’s not to say it does not deserve to be an area of interest though. I am saying however, that what we should be talking about are the outcomes and capabilities it delivers. Some of you may remember when XML was such a big deal, and everyone could not stop talking about it. Fast forward to today and no one advertises that they use XML since that would just be obvious and users care more about the functionality it enables. Machine Learning will follow along the same path. In time, it will become an essential aspect of the way we approach security and become simply another background process. Once that happens, we can focus on talking about the analytical outcomes it enables.

An ensemble cast featuring machine learning

Anyone who has built an effective security analytics pipeline knows that job one is to ensure that it is resilient to active evasion. Threat actors know as much or more than you do about the detection methods within the environments they wish to penetrate and persist. The job of security analytics is to find the most stealthy and evasive threat actor activity in the network and to do this, you cannot just rely on a single technique. In order for that detection to happen, you need a diverse set of techniques all of which complement one another. While a threat actor will be able to evade one or two of them simultaneously, they don’t stand a chance against hundreds of them! Detection in diversity!

To explain this, I would like to use the analogy of a modern bank vault. Vaults employ a diverse set of detection techniques like motion, thermal, laser arrays, and on some physical dimension, an alarm will be tripped, and the appropriate response will ensue. We do the same in the digital world where machine learning helps us model timing or volumetric aspects of the behavior that are statistically normal and we can signal on outliers. This can be done all the way down at the protocol level where models are deterministic or all the way up to the application or users’ behavior which can sometimes be less deterministic. We have had years to refine these analytical techniques and have published well over 50 papers on the topic in the past 12 years.

The precision and scale of ML

So why then can’t we just keep using lists of bad things and lists of good things? Why do we need machine learning in security analytics and what unique value does it bring us? The first thing I want to say here is that we are not religious about machine learning or AI. To us, it is just another tool in the larger analytics pipeline. In fact, the most helpful analytics comes from using a bit of everything.

If you hand me a list and say, “If you ever see these patterns, let me know about it immediately!” I’m good with that. I can do that all day long and at very high speeds. But what if we are looking for something that cannot be known prior to the list making act? What if what we are looking for cannot be seen but only inferred? The shadows of the objects but never the objects if you will. What if we are not really sure what something is or the role it plays in the larger system (i.e., categorization and classification)? All these questions is where machine learning has contributed a great deal to security analytics. Let’s point to a few examples.

The essence of Encrypted Traffic Analytics

Encryption has made what was observable in the network impossible to observe. You can argue with me on this, but mathematics is not on your side, so let’s just accept the fact that deep packet inspection is a thing of the past. We need a new strategy and that strategy is the power of inference. Encrypted Traffic Analytics is an invention at Cisco whereby we leverage the fact that all encrypted sessions begin unencrypted and that the routers and switches can send us an “Observable Derivative.” This metadata coming from the network is a mathematical shadow of the payloads we cannot inspect directly because it is encrypted. Machine learning helps us train on these observable derivatives so that if its shape and size overtime is the same as some malicious behavior, we can bring this to your attention all without having to deal with decryption.

Why is this printer browsing Netflix?

Sometimes we are lucky enough to know the identity and role of a user, application, or device as it interacts with systems across the network. The reality is, most days we are far from 100% on this, so machine learning can help us cluster network activity to make an assertion like, “based on the behavior and interactions of this thing, we can call it a printer!”. When you are dealing with thousands upon thousands of computers interacting with one another across your digital business, even if you had a list at some point in time – it is likely not up to date. The value to this labeling is not just so that you have objects with the most accurate labels, but so you can infer suspicious behavior based on its trusted role. For example, if a network device is labeled a printer, it is expected to act like a printer – future behavior can be expected from this device. If one day it starts to browse Netflix or checks out some code from a repository, our software Stealthwatch generates an alert to your attention. With machine learning, you can infer from behavior what something is or if you already know what something is, you can predict its “normal” behavior and flag any behavior “not normal.”

Pattern matching versus behavioral analytics

Lists are great! Hand me a high-fidelity list and I will hand you back high-fidelity alerts generated from that list. Hand me a noisy or low fidelity list and I will hand you back noise. The definition of machine learning by Arthur Samuels in 1959 is “Field of study that gives computers the ability to learn without being explicitly programmed.” In security analytics, we can use it for just this and have analytical processes that implicitly program a list for you given the activity it observes (the telemetry it is presented). Machine learning helps us implicitly put together a list that could not have been known a priori. In security, we complement what we know with what we can infer through negation. A simple example would be “if these are my sanctioned DNS servers and activities, then what is this other thing here?!” Logically, instead of saying something is A (or a member of set A), we are saying not-A but that only is practical if we have already closed off the world to {A, B} – not-A is B if the set is closed. If, however we did not close off the world to a fixed set of members, not-A could be anything in the universe which is not helpful.

Useful info for your day-to-day tasks

I had gone my entire career measuring humans as if they were machines, and not I am measuring humans as humans. We cannot forget that no matter how fancy we get with the data science, if a human in the end will need to understand and possibly act on this information, they ultimately need to understand it. I had gone my entire career thinking that the data science could explain the results and while this is academically accurate, it is not helpful to the person who needs to understand the analytical outcome. The sense-making of the data is square in the domain of human understanding and this is why the only question we want to ask is “Was this alert helpful?” Yes or no. And that’s exactly what we do with Stealthwatch. At the end of the day, we want to make sure that the person behind the console understands why an alert was triggered and if that helped them. If the “yeses” we’ve received scoring in the mid 90%’s quarter after quarter is any indication, then we’ve been able to help a lot of users make sense of the alerts they’re receiving and use their time more efficiently.

Conclusion

We owe a big round of applause to artificial intelligence for birthing the child we know, and love named machine learning and all that it has contributed to security analytics over the past year. We remain pragmatic in its application as we know that, just because it is the new kid on the block, we cannot turn our backs on simple or complex lists of rules, simple statistical analysis, and any other method that has got us to where we are today.

Lucky for us, machine learning has already shown signs of playing well with its peers as we continue to find ways to improve existing security processes through pairing them with ML. It can’t solve every single problem on its own, but when it works together with the people and processes that have come before it, we get that much closer to a more secure future. And if Machine Learning is the child of AI, who then are its brothers and sisters that we have yet to explore in Security Analytics? We have some big ideas and some already in prototype state, but remember, in the end, we will ask you if it is helpful or not helpful, not all the data science mumbo jumbo!

As always, we welcome your comments below. Readers who enjoyed this blog would also benefit from viewing our library of recent Cybersecurity Reports or checking out our new Threat of the Month blog series.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

The Kubeflow project has made a tremendous progress, and it is awesome to be recognized as Google Cloud Technology Partner of the Year in the Container category for a second year.
Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

The Kubeflow project has made a tremendous progress, and it is awesome to be recognized as Google Cloud Technology Partner of the Year in the Container category for a second year.
Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Cisco brings the power of foresight using machine learning and the power of Business Critical Services. (No superpowers required)
Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
Data pipelines constantly change to accommodate new data sources. Unclear requirements and a dynamic environment are actually essential to development of artificial intelligence and machine learning for a competitive advantage.
Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

There is much excitement about the disruptive potential of blockchain technology, but there is also much confusion. This article helps put things into perspective, separating blockchain fact from fiction.
Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

There is much excitement about the disruptive potential of blockchain technology but there is also much confusion. This article helps businesses put things into perspective, separating blockchain fact from fiction.
Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Cisco brings the power of foresight using machine learning and the power of Business Critical Services. (No superpowers required)
Read Full Article

Read for later

Articles marked as Favorite are saved for later viewing.
close
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Separate tags by commas
To access this feature, please upgrade your account.
Start your free month
Free Preview