Let's Chat About AI In Networking And Security By The Fireside

One thing we can’t get away from right now – even if we wanted to – is AI.

While there are specialist AI tech vendors, the reality is that it impacts on all aspects of IT, not least two of my key focus areas, networking and security. No surprise then, that the guys at Netevents recently hosted a “fireside chat” on the subject of “how AI is driving the convergence of networking and security” with as diverse a trio of pundits as Kevin Deierling, Senior Vice President – Networking, NVIDIA and Renuka Nadkarni, Chief Product Officer, Aryaka, chaired by Mauricio Sanchez, Senior Director, Networking & Security, Dell ’Oro Group.

Not long ago, even though – in the forms of machine learning and modelling – AI has been used for years in these areas, AI would never appear in the same sentence as networking or security. Now, of course, even as a “marketing necessity” it has to, but the reality is that it is fundamental in driving the next generation of hybrid networking/security solutions, some of which we’ve tested in Broadband-Testing over the past two to three years.

The fireside chat is available in its entirety here:

https://www.youtube.com/watch?v=P8QFSLSBggg&t=472s

To give you a taste of the conversations, here are some soundbites, starting with the classic scenario of “good guy” tech also equally becoming “bad guy” tech. AI is turning security on its head, believes Dell Oro’s Mauricio Sanchez, noting: “AI has been transforming the hacker community, enabling even mediocre players to become super hackers,” and that “The positive aspects of AI are being turned on their head and used for evil.”

But then that’s always been the way with technology and inventions – splitting the atom springs to mind… What is interesting here, from a UK perspective, is that the recent wave of ransomware attacks on the UK retail industry, and subsequent reporting on mainstream new channels, means that the general public are now not only aware of what ransomware is – and the dark web – but also that they, like anyone else, can go down the “rent a hacker” route and attack anything they feel like. Is that good or bad? Remember the old phrase “ignorance is bliss”…

Meantime, back to the fireside chat, where all three agreed that AI is changing cybersecurity in many different ways. “AI is using a ton of data, and that creates some opacity,” said NVIDIA’s Deierling, adding: “It’s hard to see what’s happening when AIs are talking to other AIs, and that creates new challenges.”

This kind of highlights a very real probability in that it is easy to envisage a world where the human is completely bypassed as machine talks to machine. Think about the kind of security and performance testing we’ve carried out over the past three decades; we test a product, such as a firewall, with other test equipment products – often built around a similar architecture – that are used to attack the device under test!

Deierling talked about agility and flexibility being essential responses in this scenario: “The amount of data that’s being created by AI is massive, and the networking performance needed is incredible,” adding: “We’re shipping 400Gbps networks today, moving to 800Gbps, with 1.6 terabits right around the corner. You can’t just statically create a set of rules and hope for the best. It’s about being dynamic and responsive in the face of all these new challenges.”

Meantime, Aryaka’s Nadkarni believes it all comes down to the age-old problem of reconciling performance with security: “Back in the day, you had separate networking and security teams making separate decisions – the security people were often getting in the way of the business, with frequent conflict between the two. Now our customers are migrating heavily towards a converged networking and security play. And it’s not easy, because the whole industry has been divided into networking vendors and security vendors. The whole unified SASE as a service that we are trying to bring to the table was architected from the start to bring things together.”

Now that is something I know all about and all too well! Nadkarni further noted that AI introduces a certain amount of ‘undeterministic’ behaviour, both on the networking and the security side:

“Customer network architecture and network design used to be about a point-to-point link -It was deterministic, because people would typically buy from service providers in increments of 10Mbps or 100Mbps, defined as between offices and data centres. But now users are everywhere. Applications are hosted in public clouds, accessed via SaaS. We’re seeing a lot of AI applications coming in as SaaS. Traffic patterns have changed drastically, but the need for security is something that hasn’t changed.”

The question is: where should that security sit? Anyway, I recommend that you all follow the link to the video and see these – and more – questions answered. The reality – as all too painfully observed recently by the likes of M&S and the Co-op in the UK – is that AI is simply making an already complex IT infrastructure, even more complex and harder to secure. Good luck you NetSecOps guys!