Andrea Danti - Fotolia
Art Coviello has seen the same script play out repeatedly in enterprise IT, but he spies a fresh opportunity to change that narrative as new technology trends take hold.
After more than 30 years in enterprise IT, the former chief executive of RSA has watched multiple computing innovation trends fail to fundamentally improve IT security. Now, as a venture partner of venture capitalist firm Rally Ventures in Menlo Park, Calif., Coviello focuses on machine learning in IT and Linux container security, which he said offer the industry its best chance in decades to build security into data center infrastructures.
SearchITOperations.com spoke with Coviello about his latest investment, in Linux container security startup Capsule8, as well as his predictions about the next wave of change in technology.
How do you see DevSecOps developing, and what are the challenges and risks enterprises will encounter there?
Art Coviello: Six years ago I gave a keynote at the RSA conference, and I said that we were probably making the same mistake with cloud and virtualization that we had made with the initial stages of the internet, client-server and so on, by not building security in. It's a shame because we could have used virtualization technology to help it secure itself. Lo and behold, time goes by and the world becomes much more agile in terms of development, containers take hold and people start thinking about building security in.
The historical, reactive model of security was a bunch of perimeter controls. With intelligence-driven security, the controls have to be much more agile and react to circumstances in real time. To create a defense in depth strategy, you need to anticipate attacks, to stop attacks before they start, and if you can't stop them, you have to detect an attack when it's in progress. If you can't detect an attack, then you need to be able to prevent a wholesale breach. If you can't prevent a breach, then you have to be able to detect that a breach has occurred, and respond quickly enough to prevent loss or disruption.
Art Covielloventure partner, Rally Ventures
If you're going to create a nice solid mesh, as opposed to a mess, with defense in depth, where controls are adding value to one another, having that capability built into the development infrastructure is going to ensure that all of the other controls are adding value. It will also make the security operations center [SOC] more efficient. There's a shortage of skilled personnel, and SOCs are being overwhelmed by false positives. With Capsule8's technology, you're reducing the number of false positives, reducing the number of alerts, and that puts you in a much better position to succeed.
What should enterprise IT know about Linux container security that they don't know yet, or will be new to them about machine learning in IT security?
Coviello: We're starting to see some organizations pull things back in-house that before they might have outsourced, because of their ability to do Agile development specific to their enterprise. That's a trend I expect to see accelerate. Companies are getting smarter, not only about development but about making sure that security is being addressed.
I'm actually more optimistic than I've been of late as I've seen these things. There's not a single company that's not being transformed by digital technology, and as they're transformed, naturally the more you rely on and depend on digital technology, the more your attack surface expands. We've gone far past awareness of the problem to a point where even boards and C-level management are coming to grips with the fact that they have to address security concerns, or they're not going to be able to take advantage of these innovative digital technologies. And if they can't take advantage of them, they won't be competitive.
It can be hard to define AI because it changes as technology evolves. How do you define AI and how does machine learning fit into that?
Coviello: Machine learning falls within one category of AI. I've heard lots of different definitions, but that's how I view it. What artificial intelligence enables you to do, especially with machine learning algorithms, is give you enough data fast enough that you can spot an anomaly. Fundamentally, at some point in an attack, an attacker has to do something anomalous. If you've got enough data and enough intelligence processing that data fast enough, then you're in a position to prevent something bad from happening. That's where we have to be.
Breaches used to be largely inevitable and to some extent still are. About five or six years ago the pendulum in security swung from trying to prevent things to trying to detect and respond to them quickly enough. Now, with artificial intelligence and machine learning, the pendulum has begun to swing back. If we build these capabilities into the core infrastructure, as well as the development infrastructure, we'll be able to stop things before they start.
Are there new challenges machine learning introduces that weren't there before with traditional security?
Coviello: With machine learning, we start to turn the tables on attackers because now we're spotting the anomaly before it has a chance to execute. So, then, what's the next progression of attacks? The attacker's going to try to figure out how the algorithm works. So you have to constantly update the machine learning, so that they're chasing us as opposed to us chasing them. That's a big difference. As long as the machine learning keeps learning and as long as the artificial intelligence keeps getting better and stronger, then we're staying one step ahead of the attackers as opposed to being one step behind.
AI boosts IT log management performance
Secure infrastructure for best container security results
Integrating AI into various tools improves Ops speed and strength
There's more to automation than just speed increases