As AIOps Diversifies, Will Integrated Security Play a Critical Role?

by Dennis Drogseth, VP of Research, Enterprise Management Associates

While many are seeking to define “AIOps” as a single market, in reality it is an enabling technology rich in diverse functionality and values—what I like to call a “landscape.” I have learned this through research done over the last eight years, and it became most emphatically evident in the process of developing the “EMA Radar Report: AIOps – A Guide for Investing in Innovation.” The research was non-trivial, with extensive vendor interactions stretching from February into September of this year, including 31 deployment interviews to look at AIOps platforms in real-world, IT environments. 

To better understand this diversity, let’s start by asking what makes AIOps, AIOps from EMA’s perspective. Our chief criteria from a design perspective included: 

  • Assimilation of critical data types like events, time series metrics, logs, flow, and configuration data across domains.
  • Self-learning capabilities with advanced heuristics to show anomalies or deliver predictive, or prescriptive, or if/then actionable insights.
  • Platforms that serve as strategic overlays for different data sources, including third-party toolset assimilation, with strong values in OpEx efficiencies and toolset consolidation.
  • Support for legacy, private, and public cloud environments.
  • Application-to-infrastructure dependency insights to provide added context for the AIOps machine learning capabilities in order to optimize their value.
  • Support for integrated automation, whether the automation comes directly from the AIOps platform or whether it’s through more third-party integrations or, as is often the case, a mixture of both. 

I should point out that we first cited these criteria back in 2012, with an early evaluation of a market that back then didn’t have a formal industry name. We called it “Advanced Performance Analytics.” Since then, solutions have become more dynamic, more versatile in their data collection, and more progressive in their machine learning algorithms, most notably through enhanced self-learning capabilities for predictive and prescriptive recommendations. Integrated automation has also risen to the fore—from workflow to IT process automation, to configuration automation, just for starters.  

The biggest single difference was a growing diversity of design, functionality, and use case across the 17 vendors we surveyed. In the Radar itself, we targeted three use cases:  

  • Incident, performance, and availability management focused on improving the resiliency of critical applications and business services.
  • Change impact and capacity optimization had requirements for understanding application infrastructure interdependencies as changes are made, volumes increase, and automated actions are required.
  • Business impact and IT-to-business alignment include user experience, customer experience, and business process changes, often with an eye to digital transformation.

We also looked at DevOps, SecOps, and the Internet of Things (IoT).

In a webinar on November 10th, we will explore our Radar findings. In working with Centerity, we will also put a spotlight on the need and value for bringing AIOps and SecOps together. Earlier EMA research indicated a growing requirement for security teams and operations to become more unified in how they work. Other recent research on AIOps adoptions underscored this.

 Some of the more compelling findings indicate:

  • Faster identification of advanced threats and internal security threats was among the top three benefits achieved from AIOps-related investments, along with faster time to repair problems and improved OpEx efficiencies within IT.
    • This was achieved in part by focusing on critical security-related metrics
      • Network detection of threats
      • Relative security risk
      • Fraud detection
      • Data loss detection
      • Vulnerability of patch managing
    • For technical change management issues more broadly, security-related issues were among the top three concerns for operations, ITSM, and security teams.
    • In the category of best practices for AIOps adoptions, ISO Security 27001/27002 also led along with regulatory compliance (SOX, FISMA, HIPAA, etc.) and the IT Balanced Scorecard.

These are just a few examples of what our research, past and present, has turned up. Given the inherent strengths of AIOps in working across silos and unifying IT teams, bringing security and operations together—and doing so more proactively—is clearly an area of strong potential.  

For a lot more insight on AIOps, its relevance to security, and its use case diversity in general, please listen in on November 10th to the AIOps Deployments in the Real World: Bringing Operations and Security Together webinar.