Security operations teams and IT operations teams share a lot in common. They have both spent the past decade grappling with systems that grow more complex every year and figuring out ways to handle ever-larger volumes of data. They also both face pressure to identify and remediate problems as quickly as possible – ideally, in real time. And they are supposed to do it all without breaking the bank.
Yet, despite these extensive similarities, there is one area where security and IT ops teams sharply diverge: their adoption of AI. While 93% of security teams now leverage AI and machine learning to detect threats, a mere 25% of IT operations teams have adopted AI-powered solutions to assist in their work.
This gap in AI adoption not only leaves IT teams with less efficient tools and more manual tasks than their SecOps counterparts, but also contributes to disconnect between security teams and IT teams, which hinders their ability to work collaboratively toward shared goals. When security teams have different tools and are able to find and remediate threats faster than their counterparts in the IT operations department, it becomes more difficult to ensure that these teams support each other rather than step on each others’ toes.
All of the above is one reason why it’s high time for IT ops teams to increase their adoption of AIOps, a category of tools that will place IT on a parity with security when it comes to operational efficiency and MTTR. To prove the point, here’s a look at the role that AI plays in the work performed by both types of teams, along with tips on how businesses can leverage AIOps to close the gap between security and IT ops.
It’s unsurprising that the vast majority of security teams have already adopted AI-driven solutions to help manage the increasingly large and complex set of cyber security threats that businesses now face.
Over the course of the 2010s, the number of cyberattacks that caused losses of at least one million dollars increased by a factor of five. At the same time, the stakes of weak security and compliance grew higher as newer regulatory laws, such as the GDPR and LGPD, went into effect, bringing with them mandates like implementing “reasonable security” protections.
Faced with a steep increase in the volume and complexity of security operations, SecOps teams have turned to AI to enable scalable management of threats. AI lets security engineers and analysts make maximum use of all of the threat-related data that they have to assess – application logs, network logs, infrastructure metrics, threat databases, and so on. Without AI, it would be much harder for security teams to identify anomalies that could signal a breach or attempted breach.
What’s more, AI helps security teams take a proactive stance against threats. Rather than merely detecting threats and then responding manually, teams can leverage AI tools to remediate threats automatically. For example, an unknown host that is performing port scans could be blacklisted, or a user whose account appears to have been hijacked could have access privileges revoked.
The reduction of false positives and the smart management of alerts are other advantages of AI-driven security operations. By sorting through complex data sets to identify patterns, AI can help teams determine whether alerts generated from conventional monitoring tools, such as SIEM platforms, are actually signs of trouble before they invest time in responding to them. Likewise, AI can help to sort and categorize alerts so that security teams know which ones to prioritize.
IT operations teams can benefit from AI in similar ways, even though fewer are leveraging AI tools at present.
Like security teams, IT teams face ever-increasing volumes of data and complexity. The pivot over the past decade from monolithic application architectures to distributed systems that include dozens or hundreds of servers and multiple layers of software-defined infrastructure and orchestration tooling means that there are simply many more logs – and many log locations – for IT teams to collect and analyze.
Relatedly, the monitoring tools that IT teams have to work with have increased in number in many cases. Instead of deploying a single monitoring solution to collect data from on-prem servers, as engineers might have done in the past, teams today often have to leverage multiple tools. They may rely on a cloud vendor’s native metric collections service to collect data from cloud services, for example, while using separate tools for workloads that reside on-prem.
Adding to this complexity is the fact that the types of metrics that teams have to manage can vary tremendously. A typical monitoring and observability workflow may involve collecting metrics from disparate sources – bare-metal infrastructure, hypervisors, orchestrators, applications, and cloud services, for instance – which expose different types of data and structure it in different ways. Teams need an efficient means of aggregating and consolidating this data to prepare it for analysis.
Despite all of these challenges, IT teams face bars that are set ever-higher when it comes to MTTD and MTTR. They have more alarms to manage and a higher risk of false positives, yet they are expected to work faster and more efficiently than ever before in order to support business objectives in a world where many customers will tolerate delays of no longer than three seconds, and SLA uptime guarantees stretch into the range of 99.9% or higher.
AI can significantly reduce the difficulty of responding to all of these IT operations challenges. AI tools can automatically parse large volumes of data and find relevant behavioral patterns within complex, multi-layered environments in which it is hard for engineers to decipher relationships manually. AI also enables the possibility of automated response to performance or availability issues, which goes a long way toward helping IT teams achieve steep customer experience expectations and minimizing MTTR.
Yet despite the value that AI offers to IT teams, many have failed to adopt AI-powered solutions at the same rate as their counterparts in the world of security. The big question is why.
There are several likely explanations for the gap. One is that security operations as it exists today is a relatively recent phenomenon. It has only been in the course of the past decade that most organizations have invested in dedicated cybersecurity teams rather than treating security as a subset of IT operations. Because security is newer, it has benefitted from more modern tooling. Security teams have enjoyed the luxury of building their solution sets from scratch rather than having to adapt systems that have been in place for years, as is the case for most IT operations teams.
A second factor is cultural. Generally speaking, IT operations teams tend to have a “if it ain’t broke, don’t fix it” mindset. After all, the top concern of IT is usually to keep things running. Improving and optimizing may be goals as well, but they take a backseat to ensuring continuity and stability. In this sense, IT teams have probably been less likely to want to experiment with new, AI-based systems.
The exhaustive focus of IT architects and operations teams on shifting to cloud-native architectures over the past decade is probably another reason why these teams have been slower to adopt AI-based management tools. They face pressure from the C-suite to enable “digital transformation” by demonstrating that they’ve moved to the cloud, refactored apps into microservices, containerized their VMs, and so on. Amidst all of this change, there has been less time to invest in next-generation management tools to accompany next-generation infrastructure.
There have also been fewer career incentives for IT engineers to update management tools. The typical CTO is more likely to be impressed by a team that can report having achieved something flashy and buzz-worthy, like moving a legacy app into Kubernetes, than by one that says “we’ve updated our operations management tooling.”
Finally, IT operations teams have been limited by the fact that there just weren’t many IT management tools that offered native, easy-to-deploy AI features. That meant that, if you wanted to use AI to support IT operations, you had to build bespoke solutions yourself. You had to set up and manage data aggregation and analysis solutions that could support IT operations – a tall order, especially for organizations with limited development resources and in-house AI expertise.
Thanks to AIOps, however, that’s no longer the case. AIOps platforms provide IT teams with tools that leverage AI and machine learning to automate key components of IT operations out-of-the-box.
For example, rather than having to build their own AI systems to analyze monitoring data from distributed environments, IT teams can adopt AIOps platforms, such as AIOps from Broadcom, that are designed to support observability use cases without any special configurations or customizations required on the part of the IT team.
At the same time, AIOps platforms also offer features like smart alarm management and intelligent remediation of problems – again, without requiring teams to set up or maintain complex AI or machine learning services on their own.
In short, with AIOps, IT operations teams can close the gap that separates them from security teams when it comes to AI adoption. They can modernize their management tooling and make AI a native feature of management platforms without having to build complex data analytics systems from scratch.
By extension, IT teams can work as efficiently and proactively as security teams. And they can future-proof their operations for a world where the volume of data they need to analyze and the complexity of the systems they need to manage will only grow more intense over the coming decade.