Preventing Disastrous Events Through the Power of Anomaly Detection in Machine Data
In August, a single server failed and the NASDAQ went down for three hours. In January, GlobalPayments reported that a hack compromising millions of credit card accounts cost them $93 million to recover from. In both cases, nobody took action until the damage was done because quite simply, nobody could. IT planners could not proactively head off the failure or breach because they had no suspicious behavior or early warning system to alert them that something was going amiss; all they had were mountains of event logs that needed to be pored through after the damage was already said and done.
(Image Source: Shutterstock)
To prevent such catastrophes in the future, three things are required:
- A machine learning engine that can analyze and learn from data – as well as human interaction and feedback – in order to get smarter over time;
- Big Data technologies;
- And of course, a cloud platform for ease of management.
Machine logs are the output of every application, website, server and supporting IT infrastructure component in the enterprise. This means that IT teams are inundated by massive amounts of machine log data. Digging through all of this data for something meaningful is not only unwieldy and unappealing, but also ultimately drives down productivity and increases costs. IT teams need to be able to not only visualize, but also analyze machine data in a way that can provide clear insight into what events in that stream of data are benign and what events are malicious that would require immediate attention. By being able to make sense of machine data from an “event” perspective, IT teams can create optimal functionality around any environment and also bring a true, proactive approach to IT management.
The goal of combining Big Data and a machine learning engine all within a cloud platform is to make events easily known and to procure insight on such events prior to their occurrences, which would result in significantly fewer headaches for IT managers and CIOs. Big Data technologies enable a holistic approach to analysis of data without binding to schemas, volumes or batch analytics. A machine learning engine provides advanced algorithms that learn and analyze from data as well as humans to increase intelligence over time. And lastly, the combination of these components in a cloud-based management platform enables an elastic compute at the massive scale that’s needed to analyze this amount of data in real-time across all vectors. By having this capability, IT managers can then create playbooks and remediation steps to prevent certain events and anticipate the impact to their organization.
Event detection can play a big role in optimizing system availability and performance; when a process, application or infrastructure component fails or slows down, it’s typically presaged by multiple events occurring simultaneously or in rapid succession. Out-of-the-ordinary or “anomaly” event detection can decipher how this series of events and their patterns vary from the norm, and what the variation means to the business. The power behind anomaly detection is neither a single technology nor a single technique. It’s typically a set of algorithms that work synergistically, leveraging machine learning techniques as well as mathematical and statistical analysis.
The benefits are clear, but there are many solutions out there that claim to do this, but do not leverage the three critical components for successful anomaly detection: machine learning engine, big data analytics and a cloud management platform. Without these three things working harmoniously together, it is that much more difficult to proactively manage the IT environment. Coming full circle, disastrous events such as the NASDAQ going down or a company losing millions of dollars could have been prevented through the power of machine data and anomaly detection.
By Sanjay Sarathy, CMO of Sumo Logic
Sanjay joins Sumo Logic with over seventeen years of marketing, business development and community building experience in both SaaS and enterprise software environments. Prior to Sumo Logic, he was at Vindicia, a SaaS company that provides online billing and marketing solutions for for companies selling digital content and services. He also spent time at Above All Software, Qualys, Sun Microsystems and NetDynamics. Sanjay has a BA in Quantitative Economics from Stanford University and a MBA from the Haas School of Business at UC Berkeley.
Latest posts by CloudTweaks (see all)
- Bridging The Chasm Between Business And IT – GRC Way - July 1, 2015
- Cisco Expands Portfolio By Acquiring Threat Protection Firm OpenDNS - June 30, 2015
- What Don’t You Know About Your Cloud? - June 30, 2015