Transcript
This transcript was autogenerated. To make changes, submit a PR.
Hey, good morning. Good afternoon everyone. My name is Prateek Dhantra Day.
I'm a principal software professional working
with one of the leading human capital management companies in the
US. And I'm active researcher
in the field of DevOps,
artificial intelligence, machine learning and security.
I'm excited to be here at CoN 42 observability
conference to discuss the important topic today of
forging secure and
observable DevOps using AI
ML. And as we know that DevOps
is growing exponentially and in
parallel it raises a concern to maintain the
security and the observability.
It's becoming a challenge today and but
the integration of artificial intelligence and machine learning
is a true game changer to help
in the DevOps. And today in my presentation I'm going
to talk about more into this detail.
So let's get dive into my presentation.
So let's start with the DevOps evolution.
DevOps has revolutionized how we deliver
the software, breaking down silos between the development and
operations. It's enabled us to deploy
much faster and more frequent with
this greater reliability. But as the system scale
and it becomes more distributed, the traditional
DevOps practices are being stretched to their limits.
Today, the DevOps environments are spread
ecosystem like microservices, serverless functions,
containers and cloud services all interacting
in the integrate way. And this complexity
makes it daunting to maintain the comprehensive
visibility and ensure the robust security.
So question should come like how do we monitor each and every component
and how we detect the threats
across this dynamic landscape.
This is where the power of artificial intelligence
and machine learning comes into picture. And this reshape
our approach to DevOps. So by harnessing
this AI ML, we can elevate our observability and
threat detection capabilities to match and scale
the dynamism of the modern software system.
Now let's talk about the observability.
So in today's DevOps world, we are generating
lot of data in terms of logs, matrices,
traces from the countless services.
All the significant amount of data are produced every second.
And this is the place where AI shines.
And machine learning models can identify these patterns and
go correlations that human analysts would miss.
And take a anomaly detection for instance,
like traditional rule based method often fails in
the dynamic environment. But machine learning models can
learn what's the normal across various metrics
and flag deviation in the real time. This is not
just about the cpu spike, it's about detecting
multidimensional anomalies like unusual API call
patterns that might indicate a data bridge
or a bad actor. Take your
data so AI can transform this root cause
analysis. When an incident occurs, it's often
a complex chain of event. The machine
learning techniques like casual interference and
the graph analysis can navigate this complexity,
tracing issues and back to the source.
Imagine quickly pinpointing this database. Slowdown is due
to the network misconfiguration are
like three hops away and that's the power of AI driven
observability.
Now let's talk about security.
So in DevOps,
speed cannot come at the cost of safety.
Yet in the traditional security models like with their fixed
rules and manual processes struggle to keep the
pace. But this is where the machine learning becomes DevOps
security multiplier. Consider a threat detection
ML model excel identifying
this subtle like evolving the attack patterns. By analyzing
vast data set of the network traffic systems,
logs and user behaviors, this model
can spot signs of intuition that
signature based tool might have missed and
they adopt this models adopt in the real time
and learn the new threat indicators as they
emerge. And AI also transform like vulnerability
management. In this world of continuous deployment,
your attack surface is always changing and machine
learning algorithms can continuously scan your infrastructure
assessing like new components predictive do.
They do predictive analysis to forecast like which part of your system
are most likely to be targeted.
And this is how help the organization to prioritize
their defenses. Another game changer
is AI driven threat modeling. Traditionally this
is a manual and time consuming task. But now
like we have a machine learning system that can automatically
map your application architecture, identify data flows and
pinpoint the potential attack vectors.
They even suggest mitigation based on the
pattern learned from the countless other systems.
Now let's talk about the two most important
practices like intelligent monitor and genetic psychops
research. So let me
start with the genetic algorithm.
So this is one of the most exciting innovation in
the application of genetic algorithm in secops like
genetic algorithm inspired by the natural selection
which are the powerful tool for the optimizing
problem. Like in our work. Like if we are using
them to enhance our automated security testing drastically.
First like we are using this genetic
algorithm to generate diverse and challenging test cases.
Just as a genetic variation in nature leads to the
adaptability our a genetic algorithm creates
a wide array of test scenarios and from unusual
API call which sequences to
complex race conditions and this
diversity helps to uncover vulnerabilities
that predefined the test suite might miss.
But this genetic algorithm truly shine
in the optimizing our vulnerability detection tools.
False positive and negatives are the major pain
points in security testing. A high false
positive rate overwhelmed teams while false
negative live system exposed. So each
algorithm parameter things like pattern
matching rules or anomaly threads are this
like genes. We run this algorithm against a data
set of known code or known backbone sample
and those that correctly
identify vulnerabilities while minimizing
the false alarm which are considered fit.
And through the process of mirroring, crossover and mutation,
we evolve this algorithm over thousands
of generations. And the results are
really remarkable. Like our genetic algorithm optimized
tool show a 30% reduction in false positive
and the 25% improvement in detecting
the noble vulnerabilities compared to
old solutions. This means our devsecops,
which is like a dev operations with security
spend less time on noise and have a greater confidence
in the security posture. Now let's
discuss about the intelligent monitor.
So while observability gives
us the visibility into the system behavior,
the future is intelligent monitoring, where AI
doesn't just watch, but understand and act.
This engine uses the deep learning techniques,
specifically like long short term memory,
which is LSTM networks, to understand the
narrative of your system operations. So this LSTM
are excellent at learning the sequences,
which makes them perfect for grasping the flow of the event
in the distributed systems. And we
use application tools like new relic app dynamics,
which have the stream of logs, metrics and traces.
But our LSTM models learn
the story, the events of those logs, and based
on the past incident. And now this new
telemetry comes in. This engine doesn't
just see the data points, it comprehends the
unfolding narrative. So understanding
is only the half battle. But cognitive
ops engine also uses the gen AI,
just like GPT-3 to,
you know, create the responses. So when it detect
an emerging issues, it just doesn't alert it.
It generates a tailored playbook, like a natural
language for a potential database deadlock.
It might say. I'm seeing a pattern similar to enrollment
search like last year, considering raising a connection limit and retrying
transaction. And here is the exact command, something like
that. It's like a generative AI
response. So moreover, like our engine
continuously refines its knowledge using a
technique called experience replay.
From reinforcement learning, it revisits the
past incidents, learning which
actions were most effective. And so it's not just monitoring,
it's. It's an AI operation expert that
grows wiser with every challenges that it faces.
So now let's talk about the
artificial intelligence in the devsecops lifecycle.
So as we embrace like AI in the DevOps,
we must navigate challenges thoroughly. Like ML models
are only as good as their training data,
but biased or incomplete data set can lead to
missed threats or false positive. So we
need diverse and well curated training data to represent the
full spectrum of this DevOps scenarios.
So there is also a black box problem.
Like many AI system, especially like deep learning models,
they are like OpEC in the decision making.
In the security critical Devsecov task,
the lack of explainability is concerning. We must
prioritize interpretable AI techniques that
show their reasoning or and that's how you're building the
trust with the DevOps teams. So ethical
consideration also loom large
here. So AI power to analyze
a system and user behavior raises a privacy concern.
So we must implement techniques like differential
privacy to ensure our observability
tools don't compromise personal data.
Furthermore, like AI makes autonomous decision
in our DevOps pipeline and we need
to robust governance to
ensure it aligns with our organization values
and it does not harm any reputation
of the organization. So now
let's talk about the DevOps devsecops best
practices. So now we stand at
this juncture. Like the fusion of AI ML with the
DevOps is not just promising, it's becoming essential.
Like in this era of cloud native
global distributed system, maintaining security
and observability is like too complex for a traditional methods.
But AI and ML provide this capability and
adaptability and it insights
that we need. But like this
journey also requires continuous learning and collaboration.
Like DevOps professional must upskills in the
AI ML concept and data scientists must understand
the DevOps workflows, security expert
must guide the ethical application for these technologies and cross
functional teamwork is also our
path to the DevOps future,
you know. So in conclusion,
I would say the integration of AI
and ML learning
into DevOps
is not a distinct version, it's like an evolution
of happening now. And this
genetic algorithm optimizing our security
tools to LSTM understand our
system narratives. So there are
some challenges that we need to navigate
like data quality, model interpretability
and ethical use. But potential rewards are immense.
Like DevOps environment are
self monitoring, self defending and it aligns
with the human values. So to
further extend this like maybe if I
would like to put like three
points, significantly expand expanding your
key research area. One should be like devsecops which
is like added concrete examples of your AI driven
devsecops platform showcasing how it uses NLP
and reinforcement learning to enhance the
security without slowing down the development.
The second is like genetic algorithm which is
like elaborated to your use of
GA like genetic algorithm in Sec Ops,
explaining how you use them to generate
diverse test cases and more importantly to evolve from accurate
vulnerability detection algorithms.
Lastly, like we need the intelligent monitor which
introduced our cognitive Ops engine which
uses long term short term memory network to understand
the system behavior, narratives and the generative AI
to provide the human readable responses.
So all of this additions not only just provide the
technical depth, but also highlight
applying this edge cutting AI to
DevOps technology and collaboratively
like we can shaping a secure digital future.
So that's all I have. Thank you.