It’s 3:00 on a Tuesday, and your AIops tool messages that the corporate network is reaching a saturation point. It seems that one of the virtual cloud servers is spinning off a massive number of packets, hijacked by a rogue piece of software placed by a hacker the night before.
You wish that the security operations tool would have picked up on this, but it was the general-purpose management and monitoring tool that saw the network traffic spiking out of threshold and sounded the alarm that drew attention to the breach. The offending server is quickly taken down; all is right with the world again. However, this could have gone much better.
What’s missing is direct integration between the AIops tool and the security tool. Although they have different missions, they need each other. The security tool needs visibility into the behavior of all applications and infrastructure, considering that behaviors that are out of line with normal operations can often be tracked to security issues, such as DDoS attacks.
No comments:
Post a Comment